[Federal Register Volume 71, Number 128 (Wednesday, July 5, 2006)]
[Rules and Regulations]
[Pages 38091-38111]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 06-5954]


=======================================================================
-----------------------------------------------------------------------

FEDERAL COMMUNICATIONS COMMISSION

47 CFR Parts 1, 22, 24, and 64

[ET Docket No. 04-295; RM-10865; FCC 06-56]


Communications Assistance for Law Enforcement Act and Broadband 
Access and Services

AGENCY: Federal Communications Commission.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: This document addresses the assistance capabilities required, 
pursuant to section 103 of the Communications Assistance for Law 
Enforcement Act (CALEA) for facilities-based broadband Internet access 
providers and providers of interconnected Voice over Internet Protocol 
(VoIP). More generally, the Second Report and Order and Memorandum 
Opinion and Order (Second R&O and MO&O) specifies mechanisms to ensure 
that telecommunications carriers comply with CALEA. The MO&O denies in 
part and grants in part a petition for reconsideration and 
clarification filed by the United States Telecom Association 
(USTelecom) relating to the compliance date for broadband Internet 
access providers and providers of interconnected VoIP.

DATES: Effective August 4, 2006, except for Sec. Sec.  1.20004 and 
1.20005, which contain information collection requirements that have 
not been approved by the Office of Management and Budget. The Federal 
Communications Commission will publish a document in the Federal 
Register announcing the effective date of these sections.

FOR FURTHER INFORMATION CONTACT: Rodney Small, Office of Engineering 
and Technology, (202) 418-2452, e-mail: [email protected].

SUPPLEMENTARY INFORMATION: This is a summary of the Commission's Second 
Report and Order and Memorandum Opinion and Order, ET Docket No. 04-
295, FCC 06-56, adopted May 3, 2006, and released May 12, 2006. The 
full text of this document is available for inspection and copying 
during normal business hours in the FCC Reference Center (Room CY-
A257), 445 12th Street, SW., Washington, DC 20554. The full text of 
this document also may be purchased from the Commission's copy 
contractor, Best Copy and Printing, Inc., Portals II, 445 12th Street, 
SW., Room CY-B402, Washington, DC 20554, telephone (202) 488-5300; fax 
(202) 488-5563; e-mail at [email protected].

Summary of the Second Report and Order and Memorandum Opinion and Order

Overview

    1. Telecommunications industry standard-setting bodies, working in 
concert with law enforcement agencies (LEAs) and other interested 
parties, are developing technical requirements and solutions for 
facilities-based broadband Internet access providers and providers of 
interconnected VoIP. We conclude that, absent the filing of a 
deficiency petition under CALEA section 107(b), it would be premature 
for the FCC to intervene in the standards development process. 
Additionally, we permit all carriers providing facilities-based 
broadband Internet access and interconnected VoIP services until May 
14, 2007 to come into compliance with CALEA. Further, we require that 
all carriers providing facilities-based broadband Internet access and 
interconnected VoIP service to submit interim reports to the Commission 
to ensure that they will be CALEA-compliant by May 14, 2007. We also 
require that all facilities-based broadband Internet access and 
interconnected VoIP providers to whom CALEA obligations were extended 
in the First Report and Order (First R&O) in this proceeding come into 
compliance with the system security requirements in our rules within 90 
days of the effective date of this Second R&O.
    2. More generally, we specify mechanisms to ensure that 
telecommunications carriers comply with CALEA. Specifically, under the 
express terms of the statute, all carriers subject to CALEA are obliged 
to become CALEA-compliant. We find that sections 107(c) and 109(b) of 
CALEA provide only limited and temporary relief from compliance 
requirements, and that they are complementary provisions that serve 
different purposes, which are, respectively: (1) Extension of the CALEA 
section 103 compliance deadline for equipment, facility, or service 
deployed before October 25, 1998; and (2) recovery of CALEA-imposed 
costs. We also conclude that, in addition to the enforcement remedies 
through the courts available to LEAs under CALEA section 108, we may 
take separate enforcement action against carriers that fail to comply 
with CALEA. Moreover, we conclude that carriers are generally 
responsible for CALEA development and implementation costs for post-
January 1, 1995 equipment and facilities.

Background

    3. In March 2004, the Department of Justice (DOJ), the Federal 
Bureau of Investigation (FBI), and the Drug Enforcement Administration 
(DEA) (collectively, Law Enforcement) filed with the Commission a 
petition for expedited rulemaking, requesting that we initiate a 
proceeding to resolve various outstanding issues associated with the 
implementation of CALEA. We responded in August 2004 by issuing a 
Notice of Proposed Rulemaking (NPRM) (69 FR 56976, September 23, 2004) 
and Declaratory Ruling in this proceeding. The NPRM examined issues 
relating to the scope of CALEA's applicability to packet-mode services, 
such as broadband Internet access, and implementation and enforcement 
issues.
    4. In September 2005, the First R&O (70 FR 59664, October 13, 2005) 
concluded that CALEA applies to facilities-based broadband Internet 
access providers and providers of interconnected VoIP service, and the 
concurrent Further Notice of Proposed Rulemaking (70 FR 59704, October 
13, 2005) sought comment on whether CALEA obligations should be 
extended to providers of other types of VoIP services and on whether 
something less than full CALEA compliance should be required of certain 
classes or categories of facilities-based broadband Internet access 
providers. The First R&O stated: ``In the coming months, we will 
release another order that will address separate questions regarding 
the assistance capabilities required of the providers covered by 
today's Order pursuant to section 103 of CALEA. This subsequent order 
will include other important issues under CALEA, such as compliance 
extensions and exemptions, cost recovery, identification of future 
services and entities subject to CALEA, and enforcement.'' The Second 
R&O addresses these questions and issues and specifies what 
telecommunications providers must do to facilitate electronic 
surveillance of their equipment, facilities, and services by LEAs, 
pursuant to court orders or other lawful authorization.
    5. In this Second R&O, we first examine the obligations of 
facilities-based broadband Internet access and interconnected VoIP 
providers to

[[Page 38092]]

implement CALEA compliance solutions under section 103 of the statute, 
including solutions based on either CALEA ``safe harbor'' standards or 
the use of trusted third parties (TTPs). We next examine the scope of 
relief available to telecommunications carriers pursuant to CALEA 
sections 107(c) and 109(b), issue new guidelines to govern the filing 
and evaluation of petitions associated with those rule sections, and 
dispose of pending section 107(c) petitions. Third, we address CALEA 
enforcement issues, both generally and with specific regard to 
facilities-based broadband Internet access and interconnected VoIP 
providers, including the filing of reports by these providers to ensure 
their timely compliance with the assistance capability requirements of 
CALEA section 103. Fourth, we examine CALEA cost issues and specify 
cost recovery mechanisms for wireline, wireless, and other 
telecommunications carriers. Fifth, we specify a date for facilities-
based broadband Internet access and interconnected VoIP providers to 
comply with CALEA system security requirements. Finally, we address the 
CALEA compliance obligations of providers of future telecommunications 
services and technologies.

A. Requirements and Solutions

    6. In this proceeding, we have explored the complexity of the 
technical issues regarding packet technologies to ensure that broadband 
Internet access and VoIP providers can comply with CALEA and not 
compromise the ability of LEAs to receive the information to which they 
are entitled under the statute. Specifically, as discussed in detail, 
we probed the capabilities of broadband Internet access and VoIP 
providers to extract CII and provide it to LEAs under CALEA, and 
inquired about compliance solutions for these providers based upon 
either CALEA ``safe harbor'' standards or the use of TTPs. The record 
demonstrates that Law Enforcement and industry have made progress 
toward the goal of achieving successful implementation of CALEA with 
regard to the deployment of packet technologies by broadband Internet 
access and VoIP providers, but this is an ongoing process. Although 
section 107(b) of CALEA allows the Commission, upon petition, to 
establish rules, technical requirements or standards necessary for 
implementing section 103 if any entity believes that industry-created 
requirements or standards are deficient, CALEA clearly provides that 
LEAs and industry work together in the first instance to formulate 
CALEA compliance standards. Accordingly, we will continue to monitor 
developments in this area as Law Enforcement and industry continue 
working together, primarily through various standards organizations, to 
develop long-term solutions to these complex technical issues. We also 
determine that all carriers providing facilities-based broadband 
Internet access and interconnected VoIP services must be in compliance 
with section 103 of CALEA by May 14, 2007.
1. CALEA Obligations Under Section 103
    7. Background. Section 103(a)(1) of CALEA requires 
telecommunications carriers to establish the capability of providing to 
LEAs call content information, pursuant to a court order or other 
lawful authorization; and section 103(a)(2) of CALEA requires 
telecommunications carriers to establish the capability of providing to 
LEAs reasonably available CII, pursuant to a court order or other 
lawful authorization. In the Second R&O, we discuss a carrier's 
obligations under section 103 and compliance solutions as they relate 
to broadband Internet access and interconnected VoIP services.
    8. CALEA defines CII as ``dialing or signaling information that 
identifies the origin, direction, destination, or termination of each 
communication generated or received by a subscriber by means of any 
equipment, facility, or service of a telecommunications carrier,'' but 
CALEA does not define ``origin,'' ``direction,'' ``destination,'' or 
``termination.'' The Commission has adopted definitions of the 
component terms (origin, direction, destination, and termination) in 
the statutory definition of CII in addressing petitions regarding 
standards for circuit switched networks in J-STD-025. However, as noted 
above, packet technologies are substantially different from the circuit 
switched technologies that were the primary focus of the Commission's 
earlier decisions on CALEA. Accordingly, in the NPRM, we sought comment 
on whether the Commission should clarify the statutory term ``call-
identifying information'' for broadband Internet access and VoIP 
services. We asked commenters to provide specific suggestions for these 
definitional issues.
    9. We also invited comment as to how the Commission should apply 
the term ``reasonably available'' to broadband Internet access. We 
observed that the Commission has previously determined that information 
may not be ``reasonably'' available in circuit switched networks if the 
information is accessible only by significantly modifying a network, 
and further observed that cost concerns are best addressed as part of a 
section 107(c) analysis. We tentatively concluded that we should apply 
the same ``reasonably'' available criteria to broadband Internet access 
and VoIP providers; i.e., information may not be reasonably available 
to those providers if it is accessible only by significantly modifying 
their networks. However, we recognized that, when looking at those 
providers' service architectures, it is not always readily apparent 
where CII is available. Accordingly we sought comment on these related 
issues, such as instances in which CII may be reasonably available from 
either a broadband Internet access provider or a VoIP provider, but not 
from both. We stated that, if the information is reasonably available 
from both, we would expect that both would have a CALEA obligation with 
respect to that information and would work cooperatively with each 
other and with the LEA to provide the LEA with all required 
information.
    10. Discussion. A number of parties commented generally on the 
Commission's authority to intervene in the development of CALEA 
technical standards. Cingular notes that the U.S. Court of Appeals for 
the District of Columbia Circuit (D.C. Circuit) stated: ``* * * 
Congress gave the telecommunications industry the first crack at 
developing standards, authorizing the Commission to alter those 
standards only if it found them `deficient.' '' Cingular and many other 
parties conclude that the Commission must defer to the efforts of 
industry standards bodies to formulate standards, absent the filing of 
a petition under section 107(b) with the Commission.
    11. With regard to the availability of CII in broadband access and 
VoIP networks, commenters generally agree that different information is 
available to different service providers, and that different parts of 
that information are ``reasonably available'' to different service 
providers. However, several parties identify situations in which, they 
contend, a broadband Internet access provider would not reasonably be 
able to extract CII used by non-affiliated VoIP providers. With regard 
to the Commission's tentative conclusion that CII may be reasonably 
available to a broadband access or VoIP provider as long as that 
provider's network does not have to be significantly modified, some 
parties argue that this standard is inappropriate for Internet 
applications. DOJ expresses particular concern about the Commission 
using cost considerations to decide what is

[[Page 38093]]

``reasonably available'' because, DOJ asserts, the Commission could 
mistakenly excuse an entire class of carriers from delivering a 
capability, even though only one or two carriers qualify for such 
relief based on non-technical considerations. However, industry 
commenters strongly disagree with DOJ regarding the exclusion of cost 
considerations from a ``reasonably available'' inquiry.
    12. We note the D.C. Circuit's opinion referenced by Cingular, as 
well as the comments of both DOJ and the telecommunications industry 
that express concern about Commission intervention in the continuing 
work by Law Enforcement and industry to develop CALEA technical 
standards for broadband Internet access and VoIP services. Addressing 
analogous circumstances, the Court explained that such intervention 
``would weaken the major role Congress obviously expected industry to 
play in formulating CALEA standards.'' In the course of developing 
standards for CALEA compliance by broadband Internet access and VoIP 
providers, we expect that industry standard-setting bodies, working in 
concert with Law Enforcement and other interested parties, will develop 
an appropriate definition of ``call-identifying information'' in the 
context of broadband Internet access and VoIP networks as well as an 
appropriate definition of what constitutes either ``reasonable 
availability'' of CII in such networks or a ``significant 
modification'' of such networks. If this process proves unsatisfactory, 
any interested party may submit to the Commission a deficiency petition 
under CALEA section 107(b). We thus take no action on these issues at 
this time.
    13. The First R&O in this proceeding established a CALEA compliance 
date of May 14, 2007 for newly covered entities and providers of newly 
covered services. USTelecom asked that this date be extended until 18 
months from the effective date of this Second R&O, and also asked the 
Commission to identify specifically all broadband Internet access 
services subject to the compliance date. To eliminate any possible 
confusion, we conclude that the public interest will be best served by 
applying the May 14, 2007 compliance date to all facilities-based 
broadband Internet access and interconnected VoIP services. We agree 
with USTelecom that applying the compliance date uniformly to these 
services is consistent with the policy objectives identified in the 
First R&O. We find that applying the same compliance dates to all 
providers of facilities-based broadband Internet access and 
interconnected VoIP services will avoid any skewing effect on 
competition and will prevent migration of criminal activity onto 
networks with delayed compliance dates.
    14. One firm date establishes a clear goal for all carriers, 
equipment manufacturers, and law enforcement that must cooperate in the 
process of identifying, implementing and deploying solutions. One firm 
date also should encourage all interested parties to move quickly to 
develop solutions which, in turn, will benefit smaller carriers who 
face greater challenges in complying with CALEA in the absence of 
standards and the availability of compliant equipment in the 
marketplace. Thus, we reject suggestions for different compliance 
deadlines for VoIP and broadband Internet access services, or linking 
compliance deadlines to certain events or criteria, such as the 
development of standards, a Commission decision that a service provider 
is subject to CALEA, or carrier size.
    15. We also find that May 14, 2007 is a reasonable time period for 
compliance with the section 103 requirements. We note, at the outset, 
that VoIP standards for CALEA are nearing or are at completion for 
various technologies. Thus, manufacturers and carriers are in a good 
position to implement and deploy solutions for VoIP by that date, even 
though we recognize that VoIP providers who plan a nationwide 
deployment will need to incorporate a CALEA solution into numerous 
routers or servers or negotiate arrangements with numerous 
interconnecting carriers. We similarly conclude that providers of 
broadband Internet access services should be able to comply with 
section 103 by May 14, 2007. Although standards for newer broadband 
Internet access technologies are yet to be developed, especially 
regarding the delivery of CII, we note that full content surveillance 
has already been addressed by standards groups for certain older 
technologies and some carriers may be able to rely on ``passive'' 
techniques (e.g., using probes at certain points throughout their 
network) to implement surveillance. Other factors should facilitate 
carrier compliance by that date. For example, some solutions will be 
software based, and thus carriers will not necessarily have the burden 
of deploying new equipment to come into compliance. Further, 
facilities-based broadband Internet access and VoIP services 
interconnect with the public Internet and public switched telephone 
network (PSTN), respectively. Thus, broadband access architectures and 
protocols are compatible with standards used for the Internet and VoIP 
architectures and protocols are compatible with standards used for the 
PSTN, providing a foundation upon which CALEA solutions for broadband 
access and VoIP services can be developed.
2. Compliance Solutions Based on CALEA ``Safe Harbor'' Standards
    16. Background. In the NPRM, the Commission invited comment on a 
variety of industry standards for packet-mode technologies to determine 
whether any of these standards are deficient and thus preclude 
carriers, manufacturers, and others from relying on them as ``safe 
harbors'' in complying with section 103 of CALEA. We noted that, over 
the past several years, various organizations have been developing 
standards for various types of packet technologies that support a 
variety of applications used in both wireline and wireless networks. We 
stated that these standards could serve, pursuant to section 107(a) of 
CALEA, as safe harbors for section 103 compliance by telecommunications 
carriers. Section 107(a) is titled ``Safe Harbor'' and subsection 
107(a)(2) provides: ``A telecommunications carrier shall be found to be 
in compliance with the assistance capability requirements under section 
103, and a manufacturer of telecommunications transmission or switching 
equipment or a provider of telecommunications support services shall be 
found to be in compliance with section 106, if the carrier, 
manufacturer, or support service provider is in compliance with 
publicly available technical requirements or standards adopted by an 
industry association or standard-setting organization, or by the 
Commission under subsection (b), to meet the requirements of section 
103.'' We noted that the standards process is ongoing in several 
different venues, with some standards already having undergone 
modification and new ones under development, and that compliance with a 
safe harbor standard is not required by CALEA.
    17. In the NPRM, we also noted Law Enforcement's assessment that 
packet-mode standards that have been published are deficient. We stated 
our belief that underlying this assessment are Law Enforcement's 
assumptions that the definition of CII can be clearly applied to packet 
networks, that information so identified is ``reasonably available'' to 
the carrier, and that the provision of the information to LEAs by the 
carrier is ``reasonably achievable.'' We further noted that the 
Telecommunication Industry Association disagrees with Law Enforcement's 
assessment. We asked

[[Page 38094]]

parties to comment on industry standards for packet-mode technologies 
in an attempt to determine whether any of these standards are deficient 
and thus preclude carriers, manufacturers, and others from relying on 
them as safe harbors in complying with section 103. We made clear, 
however, that we did not intend to inhibit the ongoing work by 
standards organizations, carriers, and manufacturers to develop and 
deploy CALEA-compliant facilities and services. We recognized that 
CALEA provides that carriers and others may rely on publicly available 
technical requirements or standards adopted by an industry association 
or standard-setting organization to meet the requirements of section 
103, unless the Commission takes specific action in response to a 
petition.
    18. In the NPRM, therefore, we invited comment as to whether there 
is any need to define what constitutes publicly available technical 
requirements or standards adopted by an industry association or 
standard-setting organization, and sought comment regarding the 
appropriateness of available standards and specifications to be used as 
safe harbors for packet-mode technologies for purposes of CALEA. We 
observed that it appears that any group or organization could publish a 
set of technical requirements or standards and claim it to be a safe 
harbor, and we requested comment on whether we should define what 
constitutes publicly available technical requirements or standards 
adopted by an industry association or standard setting organization. We 
also sought comment on the appropriate format to be used for the 
transmission of CII data to LEAs. We noted that, when broadband 
telephony (including VoIP) CII is provided to LEAs, they may have 
concerns with the format of the electronic interface used to provide 
the CII. We requested comment on whether the CII should be converted 
into a format preferred by LEAs.
    19. Discussion. No specific deficiencies in any packet-mode 
standard were cited by any commenter. Rather, there was a consensus to 
allow the standards process to proceed and to resolve issues with 
deficiency petitions. In fact, both industry commenters and DOJ note 
the appropriateness of this process. Further, industry commenters 
observe that Law Enforcement has not filed a deficiency petition with 
respect to any packet-mode standard. Similarly, with regard to whether 
the Commission should seek to determine the industry bodies that are 
appropriate to generate safe harbor standards, there is broad consensus 
in the record that we should not. Finally, with regard to the issue of 
the format of CII to be provided to LEAs, there was a difference of 
opinion among commenters as to whether a single format is appropriate, 
but no one recommended that the Commission determine this issue in 
advance of industry.
    20. We found that it would be premature for the Commission to pre-
empt the ongoing industry process to develop additional standards for 
packet-mode technologies. We believe that industry organizations, whose 
meetings are generally open to all interested parties--including LEAs--
can best develop those standards, just as they previously developed 
circuit switched standards. Further, given the diversity of 
technologies supporting communications services and the breadth of 
organizations involved both domestically and internationally in 
developing packet-mode standards, we find it both infeasible and 
inappropriate to specify the organizations qualified to develop 
standards that may be used as ``safe harbors.'' Finally, we find no 
reason to become involved at this time in the technically complex issue 
of determining the appropriate format to be used for the transmission 
of broadband CII data to LEAs. Rather, for all of these technical 
issues, we find that the industry standards process remains the 
preferred forum. We note again, however, to the extent that any party 
perceives a problem with an industry developed packet-mode standard, it 
may file with the Commission a deficiency petition under section 107(b) 
of CALEA.
3. Compliance Solutions Based on a Trusted Third Party
    21. Background. In the NPRM, we sought comment on the feasibility 
of using a TTP approach to extract CII and content from packets. Under 
this approach, a TTP would operate a service bureau with a system that 
has access to a carrier's network equipment and remotely manage the 
intercept process for the carrier. We noted that the TTP could either 
rely on a mediation device to collect separated call content and CII 
from various points in the carrier's network and deliver the 
appropriate information to a LEA, or could rely on an external system 
to collect combined call content and CII and deliver appropriate 
information to the LEA. In the NPRM, we focused on the external system 
approach which, we noted, could analyze the combined information and 
provide the LEA only that information to which it is entitled. We 
sought comment on whether an external system would be an efficient 
method to extract information from packets. We stated that external 
systems might provide economies of scale for small carriers, and asked 
about the approximate relative costs of internal versus external 
systems for packet extraction.
    22. The record indicates that TTPs are available to provide a 
variety of services for CALEA compliance to carriers, including 
processing requests for intercepts, conducting electronic surveillance, 
and delivering relevant information to LEAs. Given the effectively 
unanimous view of commenters that the use of TTPs should be permitted 
but not required, we conclude that TTPs may provide a reasonable means 
for carriers to comply with CALEA, especially broadband access and VoIP 
providers and smaller carriers. We emphasize, however, that if a 
carrier chooses to use a TTP, that carrier remains responsible for 
ensuring the timely delivery of CII and call content information to a 
LEA and for protecting subscriber privacy, as required by CALEA. Thus, 
a carrier must be satisfied that the TTP's processes allow the carrier 
to meet its obligations without compromising the integrity of the 
intercept. Carriers will not be relieved of their CALEA obligations by 
asserting that a TTP's processes prevented them from complying with 
CALEA. We note DOJ's concern about carriers attempting to use TTPs to 
shift costs to LEAs, but we make no decision here that would allow 
carriers who choose to use a TTP to shift the financial responsibility 
for CALEA compliance to the Attorney General under section 109 (see 
discussion on cost recovery, in the Second Report and Order). We will 
evaluate whether the availability of a TTP makes call-identifying 
information ``reasonably'' available to a carrier within the context of 
section 103 in acting on a section 109 petition that a carrier may file 
(see discussion on section 109 petitions, in the Second Report and 
Order). As noted by several commenters, telecommunications carriers and 
manufacturers have legally-mandated privacy obligations, and we take no 
action herein to modify those obligations based on potential broadband 
access and VoIP provider use of TTPs. Finally, in accord with the 
consensus of comments, we will defer to standards organizations and 
industry associations and allow them to determine the degree to which 
the ability of a TTP external system to extract and isolate CII makes 
that information reasonably available for purposes of defining CALEA 
standards and safe harbors.

[[Page 38095]]

B. Sections 107(c) and 109(b) Petitions

    23. In the Second Report and Order, we address the scope of relief 
available to telecommunications carriers pursuant to CALEA sections 
107(c)(2) and 109(b); clarify guidelines to govern the filing and 
evaluation of petitions filed under these two sections; and dispose of 
pending section 107(c)(2) petitions. Under the express terms of the 
statute, all telecommunications carriers subject to CALEA must comply 
with its mandate. Sections 107(c) and 109(b) provide only limited and 
temporary relief from CALEA compliance requirements; they are 
``complementary provisions that serve different purposes.''
    24. Due to the time limitations set forth in the CALEA statute, 
telecommunications carriers may not use section 107(c)(1) to obtain 
extensions of the compliance deadline in connection with most packet 
services. We find that it would be inconsistent with the express time 
limitations of section 107(c) for the Commission to grant 107(c) 
extension relief to equipment, facilities or services deployed after 
the effective date of CALEA pursuant to other CALEA provisions, section 
229 of the Communications Act, or section 706 of the Telecommunications 
Act of 1996. We also find that, to obtain section 109(b)(1) relief, in 
connection with a given assistance capability requirement under section 
103, a telecommunications carrier must demonstrate that it undertook 
active and sustained efforts to come into compliance with that 
requirement, and that compliance could not reasonably be achieved 
without ``significant difficulty or expense.'' As a result, 
telecommunications carriers filing section 109(b) petitions face a high 
burden to obtain relief.
    25. In the case of packet-mode compliance requirements addressed in 
this Second R&O, we expect that telecommunications carriers will work 
diligently until the end of the 18-month compliance period, established 
in the First R&O, to implement an appropriate packet-mode CALEA 
solution. Once the compliance period expires, telecommunications 
carriers seeking relief pursuant to section 109(b) will be expected to 
document the efforts they undertook throughout the 18-month compliance 
period to achieve CALEA compliance and to demonstrate how the solution 
for which they wish to receive cost recovery relief constitutes a 
``significant difficulty or expense.'' Because section 109(b) is not a 
compliance extension device, however, the filing of a section 109(b) 
petition will not, by itself, toll the compliance date.
    26. Specifically, in this section, we find that:
     Section 107(c)(1) may not be used by telecommunications 
carriers seeking extensions for equipment, facilities, and services 
(hereinafter ``facilities'') deployed on or after October 25, 1998 (the 
effective date of the CALEA section 103 and 105 requirements).
     Section 109(b)(1) does not itself authorize the Commission 
to grant a telecommunications carrier an extension of the CALEA 
compliance deadlines.
     Section 109(b)(1) imposes a high burden of proof for 
telecommunications carriers to demonstrate that they made reasonable 
efforts to develop CALEA solutions and that none of them are reasonably 
achievable. In the absence of CALEA compliance standards or industry 
solutions, a petitioner must demonstrate that it exercised a high 
degree of due diligence in order to develop its own solution, but was 
unable to implement this solution because of a ``significant difficulty 
or expense.''
     Office of Management and Budget (OMB) approval of the 
paperwork collection requirements of this Second Report and Order is 
required. Once approval is received, we will issue a public notice 
setting forth a deadline that will require all telecommunications 
carriers who have pending section 107(c)(1) petitions currently on file 
with the Commission to inform the Commission whether, pursuant to our 
actions taken here, such petitions concern ``equipment, facilities, or 
services'' deployed prior to October 25, 1998.
     Once OMB approval is received, we will issue a public 
notice setting forth a deadline that will require all 
telecommunications carriers providing facilities-based broadband 
Internet access or interconnected VoIP services to file monitoring 
reports with the Commission that briefly describe steps that they are 
taking to come into compliance with CALEA section 103. We also will 
issue a public notice to notify carriers of OMB approval of paperwork 
collection requirements for filing petitions under sections 107(c) and 
109(b).
1. Section 107(c)(1) Relief
a. Section 107(c)(1) Does Not Apply to Any Equipment, Facility, or 
Service Deployed On or After October 25, 1998
    27. We adopt our tentative conclusion that section 107(c)(1)'s 
unambiguous language expressly limits extensions to cases where the 
petitioning telecommunications carrier proposes to install or deploy, 
or has installed or deployed, its `` `equipment, facility, or service 
prior to the effective date of section 103 * * *,' i.e., prior to 
October 25, 1998.'' Given this limitation, a section 107(c) extension 
is not available to cover equipment, facilities, or services installed 
or deployed on or after October 25, 1998. Commenters failed to present 
any other reasonable way to read this section, and we reject arguments 
by commenters that the Commission should nonetheless ignore Congress's 
limited grant of authority to entertain CALEA extension petitions and 
look to other statutes for authority to grant extensions for facilities 
deployed after Congress's cut-off date.
    28. We reject commenters' argument that the Commission could 
entertain extension petitions pursuant to statutes other than section 
107(c), including CALEA section 109(b)(1) and section 706 of the 
Telecommunications Act of 1996. While we agree that section 107(c)(1) 
does not appear to prohibit the Commission from exercising authority 
under another statute, we find it unlikely that Congress intended the 
Commission to do so. The language of section 107(c)(1) is very specific 
as to what equipment, facilities, and services are covered. Congress 
determined that, effective October 25, 1998, telecommunications 
carriers should incorporate a CALEA compliance plan into the design of 
any new facilities deployments in so far as they are not exempt from 
CALEA. To the extent that, in hindsight, after exercising due 
diligence, a specific CALEA compliance plan was not reasonably 
achievable due to a ``significant expense'' or ``significant harm,'' 
telecommunications carriers could then seek relief pursuant to section 
109(b)(1). Therefore, in designing sections 107(c)(1) and 109(b)(1), 
Congress appears to have balanced carefully what it found to be a 
reasonable compliance period against a firm deadline for CALEA 
compliance. If Congress had intended for the Commission to continue 
granting extension petitions after October 25, 1998, we find it 
unlikely that Congress would have placed the time limitations in 
section 107(c)(1).
    29. To interpret other statutes to grant the Commission CALEA 
extension authority would undermine Congress's intent that, after a 
reasonable compliance period, all telecommunications carriers would 
comply with their lawful CALEA obligations. Thus, we reject commenters' 
arguments that CALEA

[[Page 38096]]

section 109(b)(1), section 706 of the Telecommunications Act of 1996, 
and section 229(a) of the Communications Act provide the Commission 
with authority to grant extension petitions for facilities deployed on 
or after October 25, 1998. First, although we believe that the 
Commission has broad discretion under CALEA section 109(b)(1)(K) to 
impose conditions on relief granted by that section, we disagree with 
Global Crossing that the Commission should use that section to grant 
extension relief given the express limitation in section 107(c)(1). 
Second, we disagree with OPASTCO that the Commission should employ 
section 706 as overriding statutory authority, because we find that 
section 706's directive that the Commission encourage the deployment of 
``advanced telecommunications capability'' is consistent with a 
criterion that the Commission must examine in a section 109(b)(1) 
petition. Because section 109(b)(1) directs the Commission to balance 
this one policy objective against 10 other factors, we decline to rely 
solely on one factor to the exclusion of all others. Third, we disagree 
with commenters who argue that the Commission has broad authority to 
entertain extension petitions under section 229(a) of the 
Communications Act, which is the provision that grants the Commission 
authority to implement CALEA. We believe that, where Congress has 
specifically limited Commission extension authority in the CALEA 
statute itself, it would be inappropriate to employ section 229(a) to 
nevertheless find this authority.

b. Contents of Section 107(c)(1) Petitions

    30. We note that participation in the FBI's Flexible Deployment 
Program has permitted even small and rural telecommunications carriers 
to work with LEAs to develop circuit-mode CALEA compliance solutions. 
Packet-mode telecommunications carriers, however, are still in a much 
earlier stage of CALEA deployment. Our finding today that section 
107(c)(1) is not available for facilities deployed on or after October 
25, 1998 will compel most of these telecommunications carriers to 
implement CALEA compliant solutions. To the extent that 
telecommunications carriers deployed packet-mode facilities prior to 
this date, we expect those telecommunications carriers to follow the 
guidelines set forth below for section 107(c)(1) petitions.
    31. Telecommunications carriers that deployed circuit-mode 
facilities prior to October 25, 1998. For this class of 
telecommunications carriers, we adopt the NPRM's proposal that 
petitions contain (1) an explanation for why an extension is necessary, 
(2) a compliance plan setting forth specific dates for compliance no 
later than two years after the petition's filing date, (3) a 
description of petitioner's ``due diligence'' attempts to become CALEA 
compliant since June 30, 2002, and (4) information satisfying the 
information requests attached in Attachment F of the Second Report and 
Order. Such information will enable us to better evaluate whether a 
telecommunications carrier merits an extension. We decline to adopt our 
tentative proposal that a circuit-mode telecommunications carrier that 
participates in the FBI's Flexible Deployment Program should be deemed 
de jure to meet the section 107(c)(1) standard. Upon consideration of 
its comments, we agree with DOJ that section 107(c) requires more than 
enrollment in Flex Deployment. We will consider enrollment plus the 
other items included in our instructions in determining whether section 
107(c) relief is appropriate. As in the past, upon the filing of a 
section 107(c)(1) petition, we will continue to grant a provisional 
extension for a period of two years unless or until we issue an order 
that states otherwise.
    32. We reject assertions that our section 107(c)(1) approach is 
overly burdensome. We interpret section 107(c)(1) so that 
telecommunications carriers may minimize the statutory burden 
themselves if they proactively seek CALEA solutions. Commenters argue 
that telecommunications carriers, especially small ones, face 
particular challenges, including, for example, lack of clout to 
negotiate with manufacturers and lack of resources. We find that 
section 107(c) allows us to take into account the particular situation 
of a telecommunications carrier, including its bargaining power and 
financial resources, when analyzing whether CALEA compliance is ``not 
reasonably achievable through application of technology available 
within the compliance period.''
    33. Telecommunications carriers that deployed packet-mode 
facilities prior to October 25, 1998. We adopt the NPRM's proposal 
that, to obtain an extension of time, a packet mode telecommunications 
carrier must provide documentation setting forth (1) an explanation why 
an extension of time is necessary, (2) a compliance plan including 
specific dates for compliance no later than two years after the 
petition's filing date, (3) a description of petitioner's ``due 
diligence'' attempts to become CALEA compliant since November 19, 2001, 
i.e., the date mandated for packet-mode CALEA compliance by the 
Commission's September 28, 2001 Public Notice, and (4) information 
satisfying the information requests in Attachment F of the Second 
Report and Order. Other than arguments of burden, commenters failed to 
provide convincing evidence or arguments to show why the Commission 
should depart from its proposal in the NPRM.
2. Section 109(b)(1) Relief
    34. We affirm the NPRM's tentative conclusions that ``Congress 
anticipated that section 109(b)(1) would be used in extraordinary cases 
by telecommunications carriers facing particularly high CALEA-related 
costs and difficulties.'' We first describe the scope of relief granted 
under section 109(b)(1) and its relationship to other CALEA provisions. 
Second, we find that a petitioner must meet a high burden of proof to 
satisfy section 109(b)(1) and may not use the absence of available 
solutions as the sole basis for section 109(b)(1) relief. Third, we 
find that a petitioner must exercise due diligence to present a 
specific solution or a pathway designed to reach a specific solution. 
Finally, we explain how we will weigh section 109(b)(1)'s eleven 
factors in evaluating a petition.
a. Scope of Section 109(b)(1) Relief and Its Relationship to Other 
CALEA Sections
    35. Section 109(b)(1) relief shifts the burden of paying for a 
specific CALEA solution to DOJ. Section 109(b)(1) is a mechanism for a 
telecommunications carrier to recover CALEA compliance costs from DOJ 
if the telecommunications carrier can demonstrate that compliance with 
CALEA capability requirements is not ``reasonably achievable.'' Section 
109(b)(1) defines ``reasonably achievable'' to mean that compliance 
would impose a ``significant difficulty or expense'' on the 
telecommunications carrier. If the Commission grants a section 
109(b)(1) petition, the only relief that a telecommunications carrier 
receives is the following: the telecommunications carrier may, pursuant 
to section 109(b)(2)(A), request DOJ to pay for the additional 
reasonable costs for making CALEA compliance reasonably achievable. DOJ 
may then agree to pay for these costs. If DOJ declines to pay for these 
costs, then the telecommunications carrier ``shall be deemed to be in 
compliance'' with the capability requirements for the equipment, 
facilities, and/or services that were the subject of the section 
109(b)(1) petition.

[[Page 38097]]

    36. Section 109(b)(1) neither compels a telecommunications carrier 
to adopt a specific CALEA solution nor requires DOJ to pay for the 
telecommunications carrier's preferred solution. As discussed above, 
under section 103, a telecommunications carrier is entitled to 
implement whatever solution it believes best suits its network needs. 
However, to recover costs from DOJ, a telecommunications carrier must 
satisfy the obligations set forth in section 109(b)(1). This means that 
the telecommunications carrier must demonstrate that compliance would 
impose a significant difficulty or expense. If there is a reasonable 
means of compliance available, even if it is not the telecommunications 
carrier's preferred solution, then the Commission may find that a less 
expensive, alternative solution would not impose a significant 
difficulty or expense and deny the petition. Section 109(b)(1) makes no 
reference to the solution preferences of a telecommunications carrier--
rather it focuses on whether compliance with section 103 would impose a 
``significant difficulty or expense.'' A telecommunications carrier 
that fails to make this showing may not request payment from DOJ. If, 
on the other hand, the Commission finds that compliance is not 
reasonably achievable within the meaning of section 109(b), DOJ has the 
option to pay the appropriate costs of whatever compliance solutions 
DOJ deems appropriate.
    37. Section 109(b)(1) relief terminates when the equipment, 
facilities or services undergo a substantial replacement, modification 
or upgrade. A section 109(b)(1) petition must explain with specificity 
the equipment, facility, or service for which the petitioner seeks 
relief. The Commission's order granting section 109(b)(1) relief will 
specify what equipment, facility, and/or service is covered by the 
order. Once that equipment, facility, or service is replaced, 
significantly upgraded or otherwise undergoes major modification, the 
carrier is no longer relieved of its CALEA obligations and the 
replacement must comply with section 103. To obtain section 109(b)(1) 
relief for the modified equipment, the telecommunications carrier would 
have to file a new section 109(b)(1) petition.
    38. Section 109(b)(1) relief does not include extensions of time. 
Section 109(b)(1) is a cost recovery vehicle. Section 107(c)(1) is the 
CALEA provision that addresses extensions of time. Congress determined 
that telecommunications carriers cannot seek extension relief for 
facilities deployed on or after October 25, 1998.
b. The Section 109(b)(1) Burden of Proof
    39. We affirm the NPRM's tentative conclusion that a 
telecommunications carrier faces a high burden of proof in order to be 
relieved of its obligations to pay for CALEA compliance. Specifically, 
section 109(b)(1) requires a petitioner to demonstrate, with respect to 
each section 103 assistance capability requirement for which it seeks 
relief, that it has examined all possible solutions and that all of 
these solutions would impose a significant difficulty or expense on the 
petitioner. This means that if the Commission is aware of a CALEA 
solution that the telecommunications carrier has not explored and 
covered in its petition, the Commission will likely dismiss the section 
109(b)(1) petition as prima facie insufficient. In its petition, the 
telecommunications carrier must explain with specificity the possible 
CALEA solution and the significant difficulty or expense that that 
solution would impose on the telecommunications carrier so that the 
Commission and later DOJ may render their respective determinations, 
under sections 109(b)(1) and 109(b)(2)(A). We adopt the tentative 
conclusion in the NPRM that telecommunications carriers may not rely 
solely on the absence of industry standards and solutions under section 
109(b)(1)(K) as a basis for section 109(b)(1) relief.
    40. We further adopt our tentative conclusion that a section 
109(b)(1) petition must seek relief for ``precisely identified 
`equipment facilities, or services.' '' In this regard, a petitioner 
must describe with specificity how, in its due diligence, the 
telecommunications carrier made reasonable efforts to identify a 
specific solution or a pathway to a specific solution. Without this 
showing, the Commission will have no factual basis to evaluate whether 
a telecommunications carrier has satisfied the requirements of section 
109(b).
    41. In addition, to the extent that multiple solutions to a 
particular CALEA capability requirement exist, the petitioner must 
demonstrate that it would suffer significant difficulty or expense if 
it were to implement any of them. We believe that the statute requires 
this showing for at least two reasons. First, the inquiry under section 
109(b)(1) is whether CALEA compliance imposes a specific harm, not 
whether a telecommunications carrier is unable to institute its 
solution of choice. If alternative, less expensive solutions exist that 
are reasonably achievable, then the telecommunications carrier is not 
entitled to a section 109(b)(1) determination that CALEA compliance 
would impose a significant difficulty or expense. Second, it would be 
unreasonable to read the statute to require DOJ to pay the costs for a 
more expensive solution if a less expensive solution exists. If 
multiple solutions exist, DOJ should have the option to pay for the 
least expensive one available.
c. Petitioner Due Diligence Requirement
    42. In the NPRM, the Commission tentatively concluded that section 
109(b)(1) petitioners will be expected to demonstrate active and 
sustained efforts at developing and implementing CALEA solutions for 
their operations, i.e., regardless of whether CALEA solutions for 
packet-mode are generally available. We explained this ``due 
diligence'' showing as requiring petitioners to submit detailed 
information about discussions and negotiations with switch 
manufacturers, other equipment manufacturers, and TTPs, both before and 
after the FBI announced the termination of the Flexible Deployment 
Program in connection with packet-mode technology. We tentatively 
concluded that unless we are persuaded that petitioners have engaged in 
sustained and systematic negotiations with manufacturers and third-
party providers to design, develop, and implement CALEA solutions, we 
should reject submitted petitions.
    43. Many commenters disagreed with our analysis and conclusions, 
but none persuasively demonstrated that section 109(b)(1) excludes 
consideration of due diligence and none persuaded us that consideration 
of due diligence is unnecessary for a proper interpretation and 
application of section 109(b)(1). Basically, the due diligence 
requirement is necessary to ensure that telecommunications carriers 
demonstrate the showing required by section 109(b)(1). Section 
109(b)(1) requires the Commission to determine, upon petition, whether 
compliance with section 103 is reasonably achievable for ``any 
equipment, facility, or service installed or deployed after January 1, 
1995.'' Unless the evidence demonstrates that the petitioner has 
comprehensively considered how to become compliant with CALEA section 
103, it would be difficult for the Commission to conclude that section 
103 compliance is not reasonably achievable. Simply put, the evidence 
must demonstrate that alternative solutions were not reasonably 
achievable.
    44. To meet this requirement, the petitioner may need to compare, 
for

[[Page 38098]]

example, the cost of making annual payments to a TTP for a CALEA 
service for a number of years to the cost of purchasing equipment and/
or systems up front that enable the petitioner to meet CALEA capability 
requirements themselves. Some solutions may include both elements: 
leasing capabilities and buying equipment. In addition, the petitioner 
may also seek to include recurring CALEA-specific operations costs in 
the cost calculation. Thus, it is necessary to capture the impact of 
delayed vs. immediate expenditures in calculating the total cost of any 
solution, and to express the cost of alternative solutions in 
comparable dollars. A calculation of the (net) present value or present 
worth of expenditures of the solution is a recognized way to accomplish 
this dual purpose.
    45. Our analysis and conclusions here do not compel 
telecommunications carriers to adopt any particular ``equipment, 
facility, service, or feature'' or ``any specific design of equipment, 
facilities, services, features, or system configurations.'' Service 
providers are free to configure and build their systems any way they 
choose. But a service provider that seeks cost recovery relief pursuant 
to section 109(b)(1) must demonstrate that CALEA compliance per se is 
not reasonably achievable. A petition must include persuasive evidence 
that the petitioner cannot afford to achieve compliance through network 
upgrades or equipment retrofits. It must include a demonstration that 
the petitioner's preferred CALEA solution is not reasonably achievable 
and that no alternative CALEA solution is reasonably achievable, 
including alternative manufacturer-provided service packages, services 
provided by TTPs, and sharing arrangements with other service 
providers.
    46. A due diligence showing is particularly necessary to enable us 
to consider whether section 109(b)(1) relief is appropriate in cases 
where CALEA standards have not been developed and/or CALEA solutions 
are not generally available. We reject the idea that we may grant 
section 109(b)(1) relief merely because standards have not been 
developed or solutions are not generally available. We therefore adopt 
our tentative conclusion that the requirements of section 109(b)(1) 
would not be met by a petitioning telecommunications carrier that 
merely asserted that CALEA standards had not been developed, or that 
solutions were not readily available from manufacturers.
    47. Nevertheless, we emphasize that section 109(b)(1)'s due 
diligence analysis is fact-specific and will take into account, for 
example, the resources of the petitioner. We recognize that some 
telecommunications carriers, particularly small telecommunications 
carriers, may conclude that they cannot afford the efforts required to 
develop their own solutions. Thus, for example, a small rural 
telecommunications carrier might provide evidence that the lack of 
industry standards and solutions, coupled with its lack of financial 
resources, would justify a finding that the small telecommunications 
carrier had met its due diligence requirements by proffering only one 
solution, so long as it is a bona fide solution.
    48. We expect that significant progress in developing CALEA 
standards and solutions for broadband Internet access and 
interconnected VoIP services will be achieved during the 18-month 
compliance period. We expect that few if any petitioners could 
successfully demonstrate the due diligence necessary to support a 
section 109(b)(1) petition until the close of the transition. We in 
fact expect broadband Internet access and interconnected VoIP providers 
to utilize that transition period as an opportunity to promote the 
development of CALEA standards and solutions. Failure to utilize this 
opportunity, or to document steps taken to promote CALEA compliance 
throughout the transition period, will seriously damage a petitioner's 
chances of obtaining section 109(b)(1) relief.
d. Section 109(b)(1)'s Eleven Criteria
    49. In determining whether a telecommunications carrier has 
successfully demonstrated that compliance with a CALEA section 103 
assistance capability requirement is not reasonably achievable pursuant 
to section 109(b)(1), the Commission must examine the 11 statutory 
criteria set out in section 109(b)(1). We affirm the Commission's 
tentative conclusion in the NPRM that the Commission need not weigh 
equally all 11 criteria, and its tentative conclusion that we should 
assign greater weight to national security and public safety-related 
concerns. We also conclude that we should require petitioners to 
include in their showing precisely identified CALEA section 103 
capability requirements and ``equipment, facilities, or services'' for 
which relief is sought. We affirm our finding in the NPRM that under 
the requirements of section 109(b)(1)(B) and 109(b)(1)(D), petitioners 
must include a thorough analysis of precisely identified costs to 
satisfy CALEA obligations, as well as their effects on local service 
ratepayers, where relevant; general allegations that projected costs 
were ``too high'' or unreasonably burdensome will not suffice. We 
direct parties' attention to the cost discussion in the previous CALEA 
Second Report and Order in CC Docket No. 97-213 and we reaffirm our 
determination there that costs not directly related to CALEA compliance 
may not be included in section 109(b) petitions.
    50. To provide further guidance as to how the Commission will apply 
consideration of the eleven section 109(b)(1) evaluative criteria in 
particular cases, we provide the discussion set out below. We 
nevertheless caution interested persons that these guidelines are 
intended to provide general guidance only. The Commission will examine 
each section 109(b) petition based on the facts contained therein and 
in the context of a specific analysis of national security factors and 
other factors that exist at that time. Section 109(b(1) directs the 
Commission to examine the following criteria:
    (A) ``The effect on public safety and national security.'' Because 
the purpose of the CALEA statute is to ensure public safety and 
national security, this criterion is critically important. In a 
particular case, the Commission will consider all relevant evidence 
submitted by LEAs per this criterion, as well as recommendations about 
how this criterion should be applied to submitted evidence and what 
weight should be assigned to such evidence in our particular 
deliberations. We will also consider all relevant evidence submitted by 
a petitioner, including evidence about the number of electronic 
surveillance requests it has received from LEAs for the five (5) year 
period prior to submission of its section 109(b) petition. We will 
consider this latter evidence in connection with evaluating application 
of the instant criterion as well as evaluating other, cost-related 
criteria set out in section 109(b)(1)(A) through (K).
    (B) ``The effect on rates for basic residential telephone 
service.'' Application of this factor affects only evaluation of 
section 109(b) petitions submitted by residential telephone service 
providers subject to the Commission's Part 36 regulation. Its relevance 
will be decisively affected by how the Commission decides to implement 
jurisdictional separations policy pursuant to the directive set out in 
47 U.S.C. 229(e)(3).
    (C) ``The need to protect the privacy and security of 
communications not authorized to be intercepted.'' A petitioner must 
submit persuasive

[[Page 38099]]

evidence why solution(s) described in its petition could not protect 
the privacy and security of customer communications. In instances where 
the petition presents evidence about TTP services, the petitioner must 
present persuasive evidence that the TTP(s) cannot or will not provide 
privacy and security protection.
    (D) ``The need to achieve the capability assistance requirements of 
section 103 by cost-effective methods.'' A petitioner must submit 
persuasive evidence showing that all identified solutions, including 
those provided by equipment vendors and other manufacturers, TTPs, or 
solutions that the petitioner proposes to develop for itself, would 
impose a significant ``difficulty or expense'' within the meaning of 
the statute. In the event that there is no industry standard or 
available market solution at the time that a telecommunications carrier 
files its petition, the telecommunications carrier would need to 
demonstrate that implementation of its own proposed solution would 
impose a significant expense.
    (E) ``The effect on the nature and cost of the equipment, facility, 
or service at issue.'' In addition to the cost showing described in 
paragraph (D), the petitioner must submit persuasive evidence 
demonstrating some adverse effect on its facilities.
    (F) ``The effect on the operation of the equipment, facility, or 
service at issue.'' In addition to the cost showing in paragraph (D), 
the petitioner would need to demonstrate a specific adverse effect on 
its operations.
    (G) ``The policy of the United States to encourage the provision of 
new technologies and services to the public.'' The petitioner must 
submit persuasive evidence demonstrating that CALEA requirements were 
preventing it from deploying a specifically identified new technology 
or service, and/or persuasive evidence that imposing CALEA requirements 
would require it to take a technology or service off the market.
    (H) ``The financial resources of the telecommunications carrier.'' 
A showing under this factor would be similar to the showing under 
factor (D). The petitioner must present financial resource 
documentation, including current balance sheets and a complete analysis 
of debt and equity financing resources that are available. If the 
particular petitioner is a small and rural telecommunications carrier, 
this must include a description and analysis of all funding and loan 
guarantee sources available from state and federal assistance programs. 
Where relevant, all telecommunications carriers must provide evidence 
showing how state and local regulation affects the availability or use 
of its financial resources. For example, telecommunications carriers 
regulated by state Public Utility Commissions should describe in detail 
how Commission-approved depreciation schedules can be modified to 
provide for capital equipment acquisition on terms more favorable than 
currently negotiated and approved terms, or provide evidence that such 
schedules cannot be modified. Per this criterion, the petitioner must 
submit persuasive evidence that demonstrates that its current financial 
resources and financial resources generally available to it are not or 
would not be sufficient to prevent the imposition of ``significant 
difficulty or expense'' as defined by CALEA section 109(b)(1).
    (I) ``The effect on competition in the provision of 
telecommunications services.'' Under this factor, the petitioner would 
need to submit persuasive evidence that demonstrate a specific and 
quantifiable harm.
    (J) ``The extent to which the design and development of the 
equipment, facility, or service was initiated before January 1, 1995.'' 
This factor is self-explanatory. In most if not all cases, it will not 
apply to facilities-based broadband Internet access and interconnected 
VoIP.
    (K) ``Such other factors as the Commission determines are 
appropriate.'' This provision enables the Commission to evaluate 
factors that may arise on a case by case basis, that were difficult for 
Congress to predict when enacting the statute, and are difficult for 
the Commission to predict during a rulemaking.
    51. Attachment E of the Second Report and Order sets forth filing 
instructions explaining the specific information telecommunications 
carriers should include in their section 109(b) petitions. Attachment E 
of the Second Report and Order reflects the proposal in the NPRM, 
consideration of the record in this proceeding, and our further 
analysis herein of the statute's requirements.
    52. Some small telecommunications carriers have urged us to allow 
telecommunications carriers filing section 109(b)(1) petitions to pool 
their applications under one general application petition and, as a 
result, more efficiently present common arguments and save the costs of 
submitting individual petitions, each of which would be assessed the 
$5200 filing fee. We conclude that this is inappropriate given the 
requirements imposed by section 109(b)(1). Section 109(b)(1) requires a 
detailed presentation of evidence that section 103 compliance is not 
reasonably achievable. Petitioners are required to submit evidence that 
demonstrates this in connection with precisely identified services, 
equipment, and facilities. These will differ from carrier to carrier. 
Additionally, petitioners are required to identify cost and financial 
resources information that is detailed and highly telecommunications 
carrier-specific. Even if we were to accept jointly pooled section 
109(b)(1) petitions, we would, by operation of the statute, need to 
separate each separate telecommunications carrier petition for 
individual assessment. This individual assessment will impose 
predictable costs.
3. Confidential Treatment of Section 107(c)(1) and Section 109(b)(1) 
Petitions
    53. In addition to highly sensitive cost and financial resources 
information, section 107(c)(1) and section 109(b)(1) petitions are 
likely to contain specific information regarding the inability of 
telecommunications equipment, facilities, and services to comply with 
CALEA standards. The facts underlying discrete section 107(c) and 
section 109(b) adjudicatory proceedings could also involve highly 
sensitive information about LEA activities. We therefore believe that 
section 107(c) and section 109(b) filings would be entitled to 
confidential treatment under the Freedom of Information Act (FOIA) and 
the Commission's rules. Accordingly, we direct petitioners to file 
their petitions under a general claim of confidential or proprietary 
protection, subject only to scrutiny by the Commission and the Attorney 
General who is consulted in section 107(c) adjudications and is a party 
to all section 109(b) adjudications. Petitioning telecommunications 
carriers are not required to request separately confidential treatment 
for the information submitted in their petitions. However, petitioners 
must mark the top of each page of their petitions: ``Confidential--Not 
for Public Inspection.'' We further conclude that, pursuant to section 
0.457(g) of the Commission's rules, the information provided by 
telecommunications carriers in these CALEA proceedings will not be made 
routinely available for public inspection. No commenter disagrees with 
this approach.
4. Monitoring Reports
    54. In its Petition, Law Enforcement requested that the Commission 
impose a new compliance regime consisting of standardized CALEA 
compliance

[[Page 38100]]

benchmarks for packet technologies. Under this proposal, limited 
compliance extensions generally would be granted only if providers of 
services that use packet technologies agreed to meet the proposed 
benchmarks. Most LEAs supported this proposal; nearly everyone else 
opposed it as exceeding or contravening the explicit terms of the 
statute. We decline at this time to adopt the Law Enforcement benchmark 
proposal. As we stated in the NPRM, we conclude that the interpretation 
of CALEA that we adopt in this Second R&O, particularly of CALEA 
sections 107(c) and 109(b), will better promote law enforcement's 
stated objective that all telecommunications carriers should become 
compliant with CALEA requirements as soon as possible.
    55. Nevertheless, we share Law Enforcement's general concern that 
telecommunications carriers timely comply with CALEA for packet 
technologies. In the past, telecommunications carriers' progress in 
complying with CALEA for packet technologies was effectively monitored 
in two ways: by the FBI when it administered a Flexible Deployment 
program for packet technology, and by the Commission in administering 
section 107(c) extension petitions. The FBI's Flexible Deployment 
program no longer applies to packet technology and, as a consequence of 
our decision here, few telecommunications carriers will be able to seek 
extensions under section 107(c). With information from these programs 
no longer available, the Commission will have difficulty identifying, 
with sufficient forewarning, impediments to timely compliance and will 
have little opportunity to assist the industry, as appropriate, in 
achieving timely compliance. We thus conclude that all 
telecommunications carriers providing facilities-based broadband 
Internet access or interconnected VoIP services shall file a monitoring 
report with the Commission which will help the Commission ensure that 
providers of services that use packet technologies become CALEA 
compliant expeditiously. Specifically, with respect to facilities-based 
broadband Internet access providers and interconnected VoIP providers, 
we believe that a monitoring report will better ensure that they are 
able to meet the May 14, 2007 CALEA compliance deadline. A sample 
monitoring report (Form XXX) is provided in Attachment G of the Second 
Report and Order. These monitoring reports are separate and distinct 
from any section 107(c) or section 109 filings that a 
telecommunications carrier may choose to make, and will not be 
considered substitutes for seeking relief under those provisions.
    56. Accordingly, we specify the following procedure for these 
monitoring reports. Once OMB approves the new paperwork collection 
requirements of this Second R&O, we will issue a public notice setting 
forth a deadline that will require that providers of all such services 
to submit to the Commission a completed Form XXX, briefly describing 
the status of its compliance for each service based on packet 
technology, e.g., whether the service already complies, whether the 
telecommunications carrier will comply with an identified industry 
standard or develop an ad hoc solution, the steps the 
telecommunications carrier is undertaking to achieve CALEA compliance, 
any problems with manufacturer support or network installation, and the 
date compliance is anticipated. Completed Forms XXX will not be made 
available to the public. We will, however, share completed Forms XXX 
with DOJ/FBI so that they may evaluate the progress each provider of a 
service that uses packet technology is making to achieve CALEA 
compliance. Where necessary, we may request additional information from 
a provider regarding its efforts to become CALEA compliant by the May 
14, 2007 deadline.
    57. We find that the above procedure will promote expeditious CALEA 
compliance by providers of services that use packet technologies, but 
whose services are not yet CALEA compliant. We recognize that this 
procedure will impose an increased administrative burden on such 
providers, but anticipate that this burden will be minimal. To minimize 
the burden, we have developed a relatively short reporting form.
5. Disposition of Pending Section 107(c)(1) Petitions
    58. We conclude that section 107(c) extension relief is not 
available for applications that include equipment, facilities and 
services installed or deployed on or after October 25, 1998. 
Accordingly, once OMB approves the new paperwork collection 
requirements of this Second R&O, we will issue a public notice setting 
forth a deadline by which any telecommunications carrier that has a 
section 107(c) petition on file with us shall file a letter that 
attests that its pending petition exclusively concerns equipment, 
facilities and services installed or deployed before October 25, 1998. 
The Commission will thereafter dismiss all non-conforming petitions and 
petitions for which clarifying letters have not been received.

C. Enforcement of CALEA

    59. In the NPRM, we considered whether, in addition to the 
enforcement remedies through the courts available to LEAs under section 
108 of CALEA, we may take separate enforcement action against 
telecommunications carriers, manufacturers and providers of 
telecommunications support services that fail to comply with CALEA. We 
stated that we appear to have broad authority under section 229(a) of 
the Communications Act to promulgate and enforce CALEA rules against 
both common carriers and non-common carriers, and sought comment on 
this analysis. We also sought comment on whether sections 108 and/or 
201 of CALEA impose any limitations on the nature of the remedy that we 
may impose (e.g. injunctive relief) and whether section 106 of CALEA 
imposes any limitations on our enforcement authority over manufacturers 
and support service providers.
    60. Additionally, we sought comment in the NPRM on how we would 
enforce the assistance capability requirements under section 103 of 
CALEA. To facilitate enforcement, we tentatively concluded that, at a 
minimum, we should adopt the requirements of section 103 as Commission 
rules. We asked whether, given this tentative conclusion, the lack of 
Commission-established technical requirements or standards under CALEA 
section 107(b) for a particular technology would affect our authority 
to enforce section 103. Further, we asked whether there are other 
provisions of CALEA, such as section 107(a)'s safe harbor provisions, 
that the Commission should adopt as rules in order to effectively 
enforce the statute. Moreover, we stated in the NPRM that we believed 
it to be in the public interest for covered carriers to become CALEA 
compliant as expeditiously as possible and recognized the importance of 
effective enforcement of our rules affecting such compliance. We sought 
comment on whether our general enforcement procedures are sufficient 
for purposes of CALEA enforcement or whether we should implement some 
special procedures for purposes of CALEA enforcement. We also sought 
comment on any other measures we should take into consideration in 
deciding how best to enforce CALEA requirements.
    61. Discussion. DOJ strongly supports the Commission enforcing the 
CALEA rules under section 229(a) of the Communications Act. DOJ 
contends that the telecommunications industry has in many instances 
failed to cooperate with LEAs and has delayed establishing

[[Page 38101]]

CALEA standards and implementing new wiretapping technologies. However, 
industry commenters contend that CALEA enforcement authority lies 
exclusively with the courts under CALEA section 108.
    62. We find that we have the authority under section 229(a) to 
enforce CALEA, as that section gives us authority to ``prescribe such 
rules as are necessary to implement the requirements of the 
Communications Assistance for Law Enforcement Act.'' As we observed in 
the NPRM, section 229(a) provides broad authority for the Commission to 
adopt rules to implement CALEA and, unlike section 229(b) does not 
limit our rulemaking authority to common carriers. While the 
``penalties'' provision of section 229(d) refers to CALEA violations 
``by the carrier,'' section 229(d) does not limit the Commission's 
general enforcement authority under the Communications Act. We thus 
conclude that the Commission has general authority under the 
Communications Act to promulgate and enforce CALEA rules against 
carriers as well as non-common carriers. We also conclude that section 
106 of CALEA does not limit our authority to promulgate and enforce 
CALEA rules against manufacturers and support service providers. 
Accordingly, we find that, contrary to commenters who argued that 
authority to enforce CALEA lies exclusively with the courts under CALEA 
section 108, we have the authority to prescribe CALEA rules and 
investigate the compliance of those carriers and providers subject to 
such rules. Additionally, under the Communications Act, the Commission 
has broad authority to enforce its rules. It can, for example, issue 
monetary forfeitures and cease and desist orders against common 
carriers and non-common carriers alike for violations of Commission 
rules.
    63. We also conclude that sections 108 and 201 of CALEA do not 
limit the nature of the remedy that the Commission may impose. Whereas 
court actions under sections 108 and 201 would typically follow a 
failed attempt by a carrier to comply with an electronic surveillance 
order, the Commission may pursue enforcement actions against any 
carrier for failure to ensure that its equipment, facilities or 
services are capable of providing the assistance capability 
requirements prior to receiving an electronic surveillance request. 
Thus, the Commission's enforcement authority is complementary to, not 
duplicative of, the authority granted LEAs under sections 108 and 201.
    64. We observe that the Commission's rules already include various 
CALEA requirements that we may enforce, including system security and 
records management requirements for all carriers subject to CALEA and 
assistance capability requirements for wireline, cellular and PCS 
carriers. Our existing rules for wireline, cellular and PCS carriers 
already state that these carriers are to comply with the assistance 
capability requirements in section 103; however, we have not previously 
codified this requirement for other carriers subject to CALEA. We thus 
adopt our tentative conclusion to codify this statutory requirement and 
thereby clarify that all carriers subject to CALEA are to comply, at a 
minimum, with the assistance capability requirements of section 103. 
This action will facilitate the Commission's enforcement of CALEA. We 
recognize that, in the absence of Commission action to specify more 
precise requirements in response to a section 107 (b) deficiency 
petition, as we did previously regarding J-STD-025, our rule sets forth 
a minimum requirement that carriers, manufacturers and support service 
providers may satisfy in various ways (e.g., implementing an industry 
standard, ad hoc or interim solution). Nonetheless, this does not 
diminish our resolve to consider carefully a bona fide complaint that a 
carrier, manufacturers or support service provider has not provided the 
necessary assistance capabilities and to take appropriate enforcement 
action.

D. Cost Recovery Issues

    65. In the NPRM, the Commission sought comment on a number of 
issues related to the recovery of CALEA compliance costs, including the 
nature of such costs and from which parties the costs could be 
recovered. The Commission also inquired into CALEA cost recovery 
pursuant to intercept statutes. The Commission further sought comment 
on whether specific cost recovery rules should be adopted to help 
ensure that small and rural carriers can become CALEA-compliant. Acting 
pursuant to section 229(e)(3) of the Communications Act, the Commission 
also referred to the Federal-State Joint Board on Jurisdictional 
Separations (Joint Board) the following question: whether CALEA 
compliance costs should be separated between intrastate and interstate 
jurisdictions, and, if so, how the associated costs and revenues should 
be allocated. Because of the importance of the issues, the Commission 
asked the Joint Board to issue recommendations within a year of the 
release of the NPRM, by August 9, 2005. The Joint Board, however, has 
not yet issued its recommendation.
    66. In the NPRM, the Commission tentatively concluded that carriers 
bear responsibility for CALEA development and implementation costs for 
post-January 1, 1995 equipment and facilities. We affirm this tentative 
conclusion. Cost recovery from the federal government under CALEA 
section 109 turns on whether equipment and facilities were deployed 
before or after January 1, 1995. CALEA section 109 placed financial 
responsibility on the federal government for CALEA implementation costs 
related to equipment deployed on or before January 1, 1995. If the 
federal government refused to pay for such modifications, a carrier's 
pre-1995 deployed equipment and facilities are considered CALEA 
compliant until such equipment or facility ``is replaced or 
significantly upgraded or otherwise undergoes major modification'' for 
purposes of normal business operations. On the other hand, for CALEA 
implementation costs associated with equipment deployed after January 
1, 1995, CALEA section 109 places financial responsibility on the 
telecommunications carriers unless the Commission determines compliance 
is not ``reasonably achievable.'' Only in that event may the Attorney 
General agree to pay carriers the ``additional reasonable costs of 
making compliance * * * reasonably achievable.'' Based on CALEA's clear 
delineation of responsibility for compliance costs, we conclude that 
carriers bear responsibility for CALEA development and implementation 
costs for post-January 1, 1995 equipment and facilities, absent a 
finding that compliance is not reasonably achievable pursuant to CALEA 
section 109(b).
    67. In the NPRM, the Commission acknowledged its prior statement 
regarding the ability of carriers to recover a portion of their CALEA 
capital costs through electronic surveillance order charges imposed on 
LEAs, and that this statement was made without the benefit of a 
complete and full record on the issue. The Commission made this 
observation as one of several aspects that mitigated the cost burden on 
carriers of implementing four CALEA punch list items. However, because 
we now conclude that CALEA section 109 provides the exclusive mechanism 
by which carriers may recover from law enforcement capital costs 
associated with meeting the capability requirements of CALEA section 
103, the Commission's prior statement was incorrect to the extent it 
suggested that carriers may recover CALEA capital

[[Page 38102]]

costs through intercept charges. As discussed, CALEA specifically 
addresses the allocation of responsibility for compliance costs. CALEA 
section 109 makes the federal government responsible for compliance 
costs for the period on or before January 1, 1995, and places the 
responsibility for compliance costs after January 1, 1995 on carriers, 
absent a finding that compliance is not reasonably achievable pursuant 
to CALEA section 109(b). Allowing carriers to recover CALEA compliance 
costs from the government through other means, such as through 
intercept charges, would be inconsistent with the cost recovery 
methodology set forth in CALEA section 109 because it would disrupt the 
cost burden balance between law enforcement and carriers carefully 
crafted by Congress in enacting CALEA. In short, as DOJ notes, it 
``would essentially allow carriers to do an `end-run' around the 
provisions of section 109(b) and Congressional intent.'' We therefore 
conclude that, while carriers possess the authority to recover through 
intercept charges the costs associated with carrying out an intercept 
that is accomplished using a CALEA-based intercept solution, they are 
prohibited by CALEA from recovering through intercept charges the costs 
of making modifications to equipment, facilities, or services pursuant 
to the assistance capability requirements of CALEA section 103 and the 
costs of developing, installing, and deploying CALEA-based intercept 
solutions that comply with the assistance capability requirements of 
CALEA section 103.
    68. To the extent carriers do not meet the necessary criteria for 
obtaining cost recovery pursuant to section 109(b) of CALEA, carriers 
may absorb the costs of CALEA compliance as a necessary cost of doing 
business, or, where appropriate, recover some portion of their CALEA 
section 103 implementation costs from their subscribers. The specific 
provision allowing carriers to recover some portion of their CALEA 
capital costs from their subscribers also reinforces our conclusion 
that carriers may not recover such costs from law enforcement through 
intercept charges. To the extent that carriers are not able to recover 
their CALEA capital costs from the federal government through section 
109, Congress provided only one other avenue for carriers to recover 
such costs, and that is from subscribers, not law enforcement. Such 
recovery from consumers, of course, will vary among telecommunications 
carriers subject to CALEA depending on certain factors. Rate-regulated 
carriers (e.g., incumbent local exchange carriers) cannot raise rates 
without first obtaining authorization to do so. Other carriers (e.g., 
Commercial Mobile Radio Services (CMRS) providers) can recover their 
costs from subscribers on a competitive market basis. Given this 
backdrop, in the NPRM, we invited comment on whether a national 
surcharge scheme is feasible for carriers in their efforts to meet 
CALEA requirements. We also sought comment on whether the Commission 
would need to undertake a specific forbearance analysis under section 
10 of the Communications Act, and whether states may expressly provide 
for or preclude the recovery of CALEA compliance costs.
    69. We decline to adopt a national surcharge to recover CALEA 
costs. We find that it would not serve the public interest to use a 
national surcharge scheme or to implement some form of cost pooling 
system, as some commenters suggest, because such a scheme would 
increase the administrative burden placed upon the carriers and provide 
little incentive for carriers to minimize their costs. We therefore 
decline to mandate a surcharge or other specific method of CALEA cost 
recovery. We find that carriers that are not subject to rate regulation 
may choose to recover their CALEA-related costs from their subscribers 
through any lawful manner consistent with their obligations under the 
Communications Act. Section 229(e) of the Communications Act allows 
rate-regulated common carriers to seek to recover their federally-
allocated CALEA section 103 costs from subscribers. As noted, the Joint 
Board has not yet provided its recommendation as to the allocation of 
CALEA costs between the federal and state jurisdictions. After the 
Joint Board issues its recommendation, and to the extent that CALEA 
costs ultimately are allocated to the federal jurisdiction, rate-
regulated carriers subject to the Commission's price cap rules have the 
ability to seek exogenous treatment of the federally-allocated CALEA 
costs. Carriers subject to the Commission's rate-of-return rules have 
the ability to propose rate changes that would seek recovery of any 
federally-allocated CALEA costs not already recovered in rates.
    70. Commenters to the NPRM also argue that carriers with smaller 
subscriber bases are less able to bear the costs of CALEA 
implementation. To the extent CALEA costs prohibit these carriers from 
reasonably achieving CALEA compliance, CALEA section 109(b) provides a 
remedy. The carriers can seek a determination from the Commission that 
CALEA compliance is not reasonably achievable, and, upon such a 
determination, the Attorney General may agree to pay the costs of 
compliance for these carriers, or the carriers will be deemed to be in 
compliance.

E. System Security Requirements

    71. In the First R&O, we concluded that providers of facilities-
based broadband Internet access service and interconnected VoIP service 
newly identified as subject to CALEA under the Substantial Replacement 
Provision are to comply with the assistance capability requirements in 
section 103 of CALEA within 18 months of the effective date of the 
First R&O. In the Second R&O, we determine that these newly identified 
carriers must comply with the system security requirements in section 
105 of CALEA and section 229(b) of the Communications Act, as codified 
in the Commission's rules, within 90 days of the effective date of this 
Second R&O.
    72. We find that, based on the record, 90 days is a reasonable time 
period to expect providers of facilities-based broadband Internet 
access service and interconnected VoIP service to comply with sections 
105 and 229(b) system security requirements, as codified in the 
Commission's rules. Thus, we require these carriers to file with the 
Commission within 90 days of the effective date of this Second R&O the 
policies and procedures they use to comply with the system security 
requirements as codified in our rules. Ninety days is the same amount 
of time provided by the Commission when it initially adopted these 
requirements. Timely compliance with these requirements will assist 
LEAs and the Commission in identifying those entities now subject to 
CALEA, provide important contact information for Commission follow-up 
on CALEA compliance, and, more importantly for LEAs, ensure that 
providers of facilities-based broadband Internet access service and 
interconnected VoIP service are adequately prepared for assisting LEAs 
in conducting lawful electronic surveillance.

F. Future Services and Technologies

    73. In the NPRM, the Commission tentatively concluded that it is 
unnecessary to adopt Law Enforcement's proposal regarding the 
Commission identifying future services and entities subject to CALEA. 
We recognized Law Enforcement's need for more certainty regarding the 
applicability of CALEA to new services and technologies, but expressed

[[Page 38103]]

concerned that Law Enforcement's proposed approach could be 
inconsistent with CALEA's statutory intent and could create an obstacle 
to innovation. We noted that the requirements of the statute and its 
legislative history seem to support opponents' arguments that Congress 
did not intend that manufacturers or service providers would be 
required to obtain advance clearance from the government before 
deploying a technology or service that is not subject to CALEA. We also 
expressed concern that, as a practical matter, providers will be 
reluctant to develop and deploy innovative services and technologies if 
they must build in CALEA capabilities to equipment that ultimately may 
not be subject to CALEA or wait for a ruling on the statute's 
application to the new service or technology.
    74. Discussion. In its comments to the NPRM, DOJ argues that the 
Commission should adopt procedures to determine whether future services 
and entities are subject to CALEA. DOJ contends that it would be 
helpful for industry and LEAs to be able to seek rulings from the 
Commission regarding CALEA's applicability to a new service in advance 
of that service's introduction into the marketplace. DOJ concludes that 
the Commission should require or strongly encourage all providers of 
interstate wire or electronic communications services that have any 
question about whether they are subject to CALEA to seek Commission 
guidance at the earliest possible date, well before deployment of the 
service in question.
    75. Other commenters support the tentative conclusion set forth in 
the NPRM, contending that the public interest in innovation is not 
served by government design mandates imposed upon manufacturers and 
telecommunications carriers. Verizon states that, while it supports the 
availability of an optional expedited declaratory ruling procedure for 
carriers that are unsure of their CALEA obligations, DOJ's proposed 
procedures and related requirements would effectively force carriers to 
obtain pre-authorization of new services and would contradict 
Congress's intent expressed in CALEA's legislative history, which makes 
clear that CALEA should be implemented in a way that does not impede 
the introduction of new technologies, features, and services.
    76. We agree with Verizon and other commenters that it would be 
inconsistent with the legislative history of CALEA and inappropriate as 
a matter of policy for the Commission to identify future services and 
entities that may be subject to CALEA. While we are sympathetic to 
DOJ's goal of establishing greater certainty regarding the 
applicability of CALEA to new services and technologies, we find that 
implementing DOJ's proposal would have a chilling effect on innovation. 
We believe that we can best determine the future services and entities 
that are subject to CALEA on a case-by-case basis. However, we concur 
with Verizon that an optional expedited declaratory ruling procedure 
for entities that are unsure of their CALEA obligations with regard to 
new services would be useful. Accordingly, telecommunications carriers 
and manufacturers, as well as LEAs, may petition the Commission for a 
declaratory ruling as to CALEA obligations with regard to new 
equipment, facilities and services.

G. Consolidation of CALEA Rules

    77. We are taking this opportunity to consolidate our CALEA rules 
into part 1. Currently, those rules are contained in three different 
Parts of the Commission's rules: part 22, titled ``Public Mobile 
Services;'' part 24, titled ``Personal Communications Services;'' and 
part 64, titled ``Miscellaneous Rules Related to Common Carriers.'' 
CALEA rules for parts 22 and 24 are each contained in a subpart J, 
titled ``Required New Capabilities Pursuant to the Communications 
Assistance for Law Enforcement Act (CALEA).'' Each respective subpart 
sets forth the CALEA capabilities that must be provided by cellular and 
Personal Communications Services (PCS) telecommunications carriers. 
CALEA rules for part 64 are contained both in subpart V, titled 
``Telecommunication Carrier System Security and Integrity Pursuant to 
the Communications Assistance for Law Enforcement Act (CALEA);'' and in 
subpart W, titled ``Required New Capabilities Pursuant to the 
Communications Assistance for Law Enforcement Act (CALEA).'' subpart V 
of part 64 sets forth the CALEA systems security and integrity rules 
for all telecommunications carriers, while subpart W of part 64 sets 
forth the CALEA capabilities that must be provided by wireline 
telecommunications carriers.
    78. Our current CALEA rules structure is somewhat confusing because 
capability requirements are contained in three different parts, while 
systems security and integrity requirements are contained in only one 
part. Further, the capability requirements for cellular, PCS, and 
wireline telecommunications carriers specified in different parts are 
identical, with the only differences in language being the specific 
references to the three different types of carriers. Moreover, as 
discussed, we are herein codifying the statutory requirement that all 
carriers subject to CALEA must comply with the assistance capability 
requirements of section 103. While we could codify this requirement in 
part 64, that part pertains to ``telecommunications carriers'' under 
the Communications Act, rather than the broader application of that 
term under CALEA. We therefore find it more logical to codify this 
requirement and consolidate our existing CALEA rules in part 1, which 
is titled ``Practice and Procedure,'' and contains rules that apply 
more broadly to various services within the Commission's jurisdiction. 
Accordingly, we are establishing new subpart Z of part 1, titling it 
``Communications Assistance for Law Enforcement Act,'' and are deleting 
part 22, subpart J; part 24, subpart J; part 64, subpart V; and part 
64, subpart W. Part 1, subpart Z specifies that all carriers subject to 
CALEA must comply with both the assistance capability requirements of 
CALEA section 103 and the systems security and integrity requirements 
of CALEA section 105, and also lists the specific capability 
requirements pertaining to cellular, PCS, and wireline carriers that 
are currently set forth in parts 22, 24, and 64. These rule changes are 
specified in the rules section.

H. Miscellaneous

    79. We recognize that certain questions raised by the outstanding 
Further Notice of Proposed Rulemaking in this docket remain unresolved. 
We intend to address these matters expeditiously in a future order. In 
addition, we recognize that parties may also seek clarification of our 
rules and regulations. Our rules and precedent provide us with 
authority to issue such clarifications, amendments, suspensions, or 
waivers both in response to petitions or on our own motion.

Final Regulatory Flexibility Analysis

    80. As required by the Regulatory Flexibility Act of 1980, as 
amended (RFA), an Initial Regulatory Flexibility Analysis (IRFA) was 
incorporated in the NPRM in this proceeding. The Commission sought 
written public comment on the proposals in the NPRM, including comment 
on the IRFA. The comments received are discussed below, except to the 
extent that they were previously addressed in the Final Regulatory 
Flexibility Analysis (FRFA) attached to the First R&O in this 
proceeding. The current FRFA, which conforms to the RFA, pertains only 
to the Second R&O in this proceeding. The

[[Page 38104]]

companion MO&O does not adopt rules, but rather, inter alia, denies a 
petition to change a Commission rule.

A. Need for, and Objectives of, the Rules

    81. Advances in technology, most notably the introduction of 
digital transmission and processing techniques, and the proliferation 
of Internet services such as broadband access and VoIP, have challenged 
the ability of LEAs to conduct lawful electronic surveillance. In light 
of these difficulties and other outstanding issues associated with the 
implementation of the CALEA, DOJ, FBI, and DEA filed a joint petition 
for expedited rulemaking in March 2004, asking the Commission to 
address and resolve these issues. The First R&O concluded that CALEA 
applies to facilities-based broadband Internet access providers and 
providers of interconnected VoIP service, and established a compliance 
deadline of May 14, 2007 for these providers.
    82. In the Second R&O, we require that facilities-based broadband 
Internet access providers and providers of interconnected VoIP submit 
monitoring reports to ensure their CALEA compliance by the May 14, 2007 
deadline established by the First R&O. More generally, we require that 
telecommunications carriers comply with CALEA by finding that sections 
107(c) and 109(b) of CALEA provide only limited and temporary relief 
from compliance requirements, and by finding that extension of the 
compliance deadline for capabilities required by CALEA section 103 is 
available only for facilities and services deployed prior to October 
25, 1998 under the express terms of the statute. We also conclude that, 
in addition to the enforcement remedies through the courts available to 
LEAs under CALEA section 108, we may take separate enforcement action 
under section 229(a) of the Communications Act against carriers that 
fail to comply with CALEA. Moreover, we conclude that carriers must 
generally pay for CALEA development and implementation costs incurred 
after January 1, 1995 (unless their costs are reimbursed in response to 
a CALEA section 109(b) petition), but we acknowledge that they may 
recover costs from other sources, such as from their subscribers.

B. Summary of Significant Issues Raised by Public Comments in Response 
to the IRFA

    83. In this section, we respond to commenters who filed directly in 
response to the IRFA. To the extent we received comments raising 
general small business concerns during this proceeding, those comments 
are discussed throughout the Second R&O.
    84. The National Telecommunications Cooperative Association (NTCA) 
and the Office of Advocacy, U.S. Small Business Administration 
(Advocacy) filed comments directly in response to the IRFA. NTCA and 
Advocacy both generally contend that the RFA requires that the 
Commission consider less burdensome alternatives appropriate to the 
size of the covered entities. These comments were partially addressed 
in our previous First R&O in this proceeding; therefore, in this FRFA, 
we respond only to those arguments that are relevant to the Second R&O. 
In particular, we respond to NTCA's argument that we failed to include 
the availability of CALEA section 107(c) extension petitions as part of 
the IRFA and to Advocacy's arguments that the IRFA did not discuss all 
the alternatives available to small entities, including petitions for 
extensions under CALEA sections 107(c) and 109(b) and use of TTPs.
    85. We reject NTCA's and Advocacy's arguments that the Commission 
failed to adequately consider these issues. While we recognize that we 
did not specifically list them in the IRFA, the IRFA combined with the 
NPRM appropriately identified the ways in which the Commission could 
lessen the regulatory burdens on small businesses in compliance with 
our RFA obligations. First, we generally discussed in the NPRM the 
possibility of an exemption from CALEA compliance for small businesses 
that provide wireless broadband Internet access to rural areas. Second, 
with regard to CALEA sections 107(c) and 109(b) compliance extension 
petitions, we devoted an entire section of the NPRM, spanning 24 
paragraphs, to these issues. Although we proposed to restrict the 
availability of compliance extensions under section 107(c) and noted 
that there is a significant burden on section 109(b) petitioners, we 
thoroughly considered the potential impact of those proposals on small 
businesses, but concluded that it would be inconsistent with the CALEA 
statute to make exceptions for small businesses with respect to section 
107(c) and section 109(b) petitions. Third, with respect to TTPs, we 
devoted a subsection of the NPRM, spanning eight paragraphs, to that 
issue. We noted therein that there may be some tension between relying 
on a TTP model and ``safe harbor'' standards, but that TTPs had the 
potential to simplify or ease the burden on carriers and manufacturers 
in providing packet content and call-identifying information to LEAs. 
Further, we noted that external TTP systems ``might provide economies 
of scale for small carriers.'' Therefore, we believe that a revised 
IRFA is not necessary on any of these issues.

C. Description and Estimate of the Number of Small Entities To Which 
Rules Will Apply

    86. The RFA directs agencies to provide a description of and, where 
feasible, an estimate of the number of small entities that may be 
affected by the proposed rules. The RFA generally defines the term 
``small entity'' as having the same meaning as the terms ``small 
business,'' ``small organization,'' and ``small governmental 
jurisdiction.'' In addition, the term ``small business'' has the same 
meaning as the term ``small business concern'' under the Small Business 
Act. A small business concern is one which: (1) Is independently owned 
and operated; (2) is not dominant in its field of operation; and (3) 
satisfies any additional criteria established by the Small Business 
Administration (SBA).
1. Telecommunications Service Entities
a. Wireline Carriers and Service Providers
    87. Small Incumbent Local Exchange Carriers (LECs). We have 
included small incumbent LECs present RFA analysis. As noted above, a 
``small business'' under the RFA is one that, inter alia, meets the 
pertinent small business size standard (e.g., a telephone 
communications business having 1,500 or fewer employees), and ``is not 
dominant in its field of operation.'' Advocacy contends that, for RFA 
purposes, small incumbent LECs are not dominant in their field of 
operation because any such dominance is not ``national'' in scope. We 
have therefore included small incumbent LECs in this RFA analysis, 
although we emphasize that this RFA action has no effect on Commission 
analyses and determinations in other, non-RFA contexts.
    88. Incumbent Local Exchange Carriers. Neither the Commission nor 
the SBA has developed a small business size standard specifically for 
incumbent local exchange services. The appropriate size standard under 
SBA rules is for the category Wired Telecommunications Carriers. Under 
that size standard, such a business is small if it has 1,500 or fewer 
employees. According to Commission data, 1,303 carriers have reported 
that they are engaged in the provision of incumbent local exchange 
services. Of these 1,303 carriers, an estimated 1,020 have 1,500 or 
fewer

[[Page 38105]]

employees and 283 have more than 1,500 employees. Consequently, the 
Commission estimates that most providers of incumbent local exchange 
service are small businesses that may be affected by our action. In 
addition, limited preliminary census data for 2002 indicate that the 
total number of wired communications carriers increased approximately 
34 percent from 1997 to 2002.
    89. Competitive Local Exchange Carriers, Competitive Access 
Providers (CAPs), ``Shared-Tenant Service Providers,'' and ``Other 
Local Service Providers.'' Neither the Commission nor the SBA has 
developed a small business size standard specifically for these service 
providers. The appropriate size standard under SBA rules is for the 
category Wired Telecommunications Carriers. Under that size standard, 
such a business is small if it has 1,500 or fewer employees. According 
to Commission data, 769 carriers have reported that they are engaged in 
the provision of either competitive access provider services or 
competitive local exchange carrier services. Of these 769 carriers, an 
estimated 676 have 1,500 or fewer employees and 93 have more than 1,500 
employees. In addition, 12 carriers have reported that they are 
``Shared-Tenant Service Providers,'' and all 12 are estimated to have 
1,500 or fewer employees. In addition, 39 carriers have reported that 
they are ``Other Local Service Providers.'' Of the 39, an estimated 38 
have 1,500 or fewer employees and one has more than 1,500 employees. 
Consequently, the Commission estimates that most providers of 
competitive local exchange service, competitive access providers, 
``Shared-Tenant Service Providers,'' and ``Other Local Service 
Providers'' are small entities that may be affected by our action. In 
addition, limited preliminary census data for 2002 indicate that the 
total number of wired communications carriers increased approximately 
34 percent from 1997 to 2002.
    90. Payphone Service Providers (PSPs). Neither the Commission nor 
the SBA has developed a small business size standard specifically for 
payphone services providers. The appropriate size standard under SBA 
rules is for the category Wired Telecommunications Carriers. Under that 
size standard, such a business is small if it has 1,500 or fewer 
employees. According to Commission data, 654 carriers have reported 
that they are engaged in the provision of payphone services. Of these, 
an estimated 652 have 1,500 or fewer employees and two have more than 
1,500 employees. Consequently, the Commission estimates that the 
majority of payphone service providers are small entities that may be 
affected by our action. In addition, limited preliminary census data 
for 2002 indicate that the total number of wired communications 
carriers increased approximately 34 percent from 1997 to 2002.
    91. Interexchange Carriers (IXCs). Neither the Commission nor the 
SBA has developed a small business size standard specifically for 
providers of interexchange services. The appropriate size standard 
under SBA rules is for the category Wired Telecommunications Carriers. 
Under that size standard, such a business is small if it has 1,500 or 
fewer employees. According to Commission data, 316 carriers have 
reported that they are engaged in the provision of interexchange 
service. Of these, an estimated 292 have 1,500 or fewer employees and 
24 have more than 1,500 employees. Consequently, the Commission 
estimates that the majority of IXCs are small entities that may be 
affected by our action. In addition, limited preliminary census data 
for 2002 indicate that the total number of wired communications 
carriers increased approximately 34 percent from 1997 to 2002.
    92. Operator Service Providers (OSPs). Neither the Commission nor 
the SBA has developed a small business size standard specifically for 
operator service providers. The appropriate size standard under SBA 
rules is for the category Wired Telecommunications Carriers. Under that 
size standard, such a business is small if it has 1,500 or fewer 
employees. According to Commission data, 23 carriers have reported that 
they are engaged in the provision of operator services. Of these, an 
estimated 20 have 1,500 or fewer employees and three have more than 
1,500 employees. Consequently, the Commission estimates that the 
majority of OSPs are small entities that may be affected by our action. 
In addition, limited preliminary census data for 2002 indicate that the 
total number of wired communications carriers increased approximately 
34 percent from 1997 to 2002.
    93. Prepaid Calling Card Providers. Neither the Commission nor the 
SBA has developed a small business size standard specifically for 
prepaid calling card providers. The appropriate size standard under SBA 
rules is for the category Telecommunications Resellers. Under that size 
standard, such a business is small if it has 1,500 or fewer employees. 
According to Commission data, 89 carriers have reported that they are 
engaged in the provision of prepaid calling cards. Of these, 88 are 
estimated to have 1,500 or fewer employees and one has more than 1,500 
employees. Consequently, the Commission estimates that all or the 
majority of prepaid calling card providers are small entities that may 
be affected by our action.
b. Wireless Telecommunications Service Providers
    94. For those services subject to auctions, we note that, as a 
general matter, the number of winning bidders that qualify as small 
businesses at the close of an auction does not necessarily represent 
the number of small businesses currently in service. Also, the 
Commission does not generally track subsequent business size unless, in 
the context of assignments or transfers, unjust enrichment issues are 
implicated.
    95. Wireless Service Providers. The SBA has developed a small 
business size standard for wireless firms within the two broad economic 
census categories of ``Paging'' and ``Cellular and Other Wireless 
Telecommunications.'' Under both SBA categories, a wireless business is 
small if it has 1,500 or fewer employees. For the census category of 
Paging, Census Bureau data for 1997 show that there were 1,320 firms in 
this category, total, that operated for the entire year. Of this total, 
1,303 firms had employment of 999 or fewer employees, and an additional 
17 firms had employment of 1,000 employees or more. Thus, under this 
category and associated small business size standard, the majority of 
firms can be considered small. For the census category Cellular and 
Other Wireless Telecommunications, Census Bureau data for 1997 show 
that there were 977 firms in this category, total, that operated for 
the entire year. Of this total, 965 firms had employment of 999 or 
fewer employees, and an additional 12 firms had employment of 1,000 
employees or more. Thus, under this second category and size standard, 
the majority of firms can, again, be considered small. In addition, 
limited preliminary census data for 2002 indicate that the total number 
of paging providers decreased approximately 51 percent from 1997 to 
2002. In addition, limited preliminary census data for 2002 indicate 
that the total number of cellular and other wireless telecommunications 
carriers increased approximately 321 percent from 1997 to 2002.
    96. Cellular Licensees. The SBA has developed a small business size 
standard for wireless firms within the broad economic census category 
``Cellular and Other Wireless

[[Page 38106]]

Telecommunications.'' Under this SBA category, a wireless business is 
small if it has 1,500 or fewer employees. For the census category 
Cellular and Other Wireless Telecommunications firms, Census Bureau 
data for 1997 show that there were 977 firms in this category, total, 
that operated for the entire year. Of this total, 965 firms had 
employment of 999 or fewer employees, and an additional 12 firms had 
employment of 1,000 employees or more. Thus, under this category and 
size standard, the great majority of firms can be considered small. 
Also, according to Commission data, 437 carriers reported that they 
were engaged in the provision of cellular service, Personal 
Communications Service (PCS), or Specialized Mobile Radio (SMR) 
Telephony services, which are placed together in the data. We have 
estimated that 260 of these are small, under the SBA small business 
size standard.
    97. Common Carrier Paging. The SBA has developed a small business 
size standard for wireless firms within the broad economic census 
category, ``Cellular and Other Wireless Telecommunications.'' Under 
this SBA category, a wireless business is small if it has 1,500 or 
fewer employees. For the census category of Paging, Census Bureau data 
for 1997 show that there were 1,320 firms in this category, total, that 
operated for the entire year. Of this total, 1,303 firms had employment 
of 999 or fewer employees, and an additional 17 firms had employment of 
1,000 employees or more. Thus, under this category and associated small 
business size standard, the majority of firms can be considered small.
    98. In the Paging Third Report and Order, we developed a small 
business size standard for ``small businesses'' and ``very small 
businesses'' for purposes of determining their eligibility for special 
provisions such as bidding credits and installment payments. A ``small 
business'' is an entity that, together with its affiliates and 
controlling principals, has average gross revenues not exceeding $15 
million for the preceding three years. Additionally, a ``very small 
business'' is an entity that, together with its affiliates and 
controlling principals, has average gross revenues that are not more 
than $3 million for the preceding three years. The SBA has approved 
these small business size standards. An auction of Metropolitan 
Economic Area licenses closed on March 2, 2000. Of the 985 licenses 
auctioned, 440 were sold. Fifty-seven companies claiming small business 
status won. Also, according to Commission data, 375 carriers reported 
that they were engaged in the provision of paging and messaging 
services. Of those, we estimate that 370 are small, under the SBA-
approved small business size standard.
    99. Wireless Communications Services. This service can be used for 
fixed, mobile, radiolocation, and digital audio broadcasting satellite 
uses. The Commission established small business size standards for the 
wireless communications services (WCS) auction. A ``small business'' is 
an entity with average gross revenues of $40 million for each of the 
three preceding years, and a ``very small business'' is an entity with 
average gross revenues of $15 million for each of the three preceding 
years. The SBA has approved these small business size standards. The 
Commission auctioned geographic area licenses in the WCS service. In 
the auction, there were seven winning bidders that qualified as ``very 
small business'' entities, and one that qualified as a ``small 
business'' entity.
    100. Wireless Telephony. Wireless telephony includes cellular, 
personal communications services (PCS), and specialized mobile radio 
(SMR) telephony carriers. As noted earlier, the SBA has developed a 
small business size standard for ``Cellular and Other Wireless 
Telecommunications'' services. Under that SBA small business size 
standard, a business is small if it has 1,500 or fewer employees. 
According to Commission data, 437 carriers reported that they were 
engaged in the provision of wireless telephony. We have estimated that 
260 of these are small under the SBA small business size standard.
    101. Broadband Personal Communications Service. The broadband 
Personal Communications Service (PCS) spectrum is divided into six 
frequency blocks designated A through F, and the Commission has held 
auctions for each block. The Commission defined ``small entity'' for 
Blocks C and F as an entity that has average gross revenues of $40 
million or less in the three previous calendar years. For Block F, an 
additional classification for ``very small business'' was added and is 
defined as an entity that, together with its affiliates, has average 
gross revenues of not more than $15 million for the preceding three 
calendar years.'' These standards defining ``small entity'' in the 
context of broadband PCS auctions have been approved by the SBA. No 
small businesses, within the SBA-approved small business size standards 
bid successfully for licenses in Blocks A and B. There were 90 winning 
bidders that qualified as small entities in the Block C auctions. A 
total of 93 small and very small business bidders won approximately 40 
percent of the 1,479 licenses for Blocks D, E, and F. On March 23, 
1999, the Commission re-auctioned 347 C, D, E, and F Block licenses. 
There were 48 small business winning bidders. On January 26, 2001, the 
Commission completed the auction of 422 C and F Broadband PCS licenses 
in Auction No. 35. Of the 35 winning bidders in this auction, 29 
qualified as ``small'' or ``very small'' businesses. Subsequent events, 
concerning Auction 35, including judicial and agency determinations, 
resulted in a total of 163 C and F Block licenses being available for 
grant.
c. Satellite Telecommunications Service Providers
    102. Satellite telecommunications service providers include 
satellite operators and earth station operators. The Commission has not 
developed a definition of small entities applicable to such operators. 
Therefore, the applicable definition of small entity is generally the 
definition under the SBA rules applicable to Satellite 
Telecommunications. This definition provides that a small entity is 
expressed as one with $13.5 million or less in annual receipts. 1997 
Census Bureau data indicate that, for 1997, 273 satellite communication 
firms had annual receipts of under $10 million. In addition, 24 firms 
had receipts for that year of $10 million to $24,999,990.
2. Cable and OVS Operators
    103. Cable and Other Program Distribution. The Census Bureau 
defines this category as follows: ``This industry comprises 
establishments primarily engaged as third-party distribution systems 
for broadcast programming. The establishments of this industry deliver 
visual, aural, or textual programming received from cable networks, 
local television stations, or radio networks to consumers via cable or 
direct-to-home satellite systems on a subscription or fee basis. These 
establishments do not generally originate programming material.'' The 
SBA has developed a small business size standard for Cable and Other 
Program Distribution, which is: all such firms having $13.5 million or 
less in annual receipts. According to Census Bureau data for 2002, 
there were a total of 1,191 firms in this category that operated for 
the entire year. Of this total, 1,087 firms had annual receipts of 
under $10 million, and 43 firms had receipts of $10 million or more but 
less than $25 million. Thus, under this size standard, the majority of 
firms can be considered small.
    104. Cable Companies and Systems. The Commission has also developed 
its

[[Page 38107]]

own small business size standards, for the purpose of cable rate 
regulation. Under the Commission's rules, a ``small cable company'' is 
one serving 400,000 or fewer subscribers, nationwide. Industry data 
indicate that, of 1,076 cable operators nationwide, all but eleven are 
small under this size standard. In addition, under the Commission's 
rules, a ``small system'' is a cable system serving 15,000 or fewer 
subscribers. Industry data indicate that, of 7,208 systems nationwide, 
6,139 systems have under 10,000 subscribers, and an additional 379 
systems have 10,000-19,999 subscribers. Thus, under this second size 
standard, most cable systems are small.
    105. Cable System Operators. The Communications Act of 1934, as 
amended, also contains a size standard for small cable system 
operators, which is ``a cable operator that, directly or through an 
affiliate, serves in the aggregate fewer than 1 percent of all 
subscribers in the United States and is not affiliated with any entity 
or entities whose gross annual revenues in the aggregate exceed 
$250,000,000.'' The Commission has determined that an operator serving 
fewer than 677,000 subscribers shall be deemed a small operator, if its 
annual revenues, when combined with the total annual revenues of all 
its affiliates, do not exceed $250 million in the aggregate. Industry 
data indicate that, of 1,076 cable operators nationwide, all but ten 
are small under this size standard. We note that the Commission neither 
requests nor collects information on whether cable system operators are 
affiliated with entities whose gross annual revenues exceed $250 
million, and therefore we are unable to estimate more accurately the 
number of cable system operators that would qualify as small under the 
size standard contained in the Communications Act of 1934.
    106. Open Video Services. Open Video Service (OVS) systems provide 
subscription services. The SBA has created a small business size 
standard for Cable and Other Program Distribution. This standard 
provides that a small entity is one with $12.5 million or less in 
annual receipts. The Commission has certified a large number of OVS 
operators, and some of these are currently providing service. 
Affiliates of Residential Communications Network, Inc. (RCN) received 
approval to operate OVS systems in New York City, Boston, Washington, 
D.C., and other areas. RCN has sufficient revenues to assure that it 
does not qualify as a small business entity. Little financial 
information is available for the other entities that are authorized to 
provide OVS. Given this fact, the Commission concludes that those 
entities might qualify as small businesses, and therefore may be 
affected by the rules and policies adopted herein.
3. Internet and Other Information Service Providers
    107. Internet Service Providers. The SBA has developed a small 
business size standard for Internet Service Providers (ISPs). ISPs 
``provide clients access to the Internet and generally provide related 
services such as web hosting, web page designing, and hardware or 
software consulting related to Internet connectivity.'' Under the SBA 
size standard, such a business is small if it has average annual 
receipts of $23 million or less. According to Census Bureau data for 
2002, there were 2,529 firms in this category that operated for the 
entire year. Of these, 2,437 firms had annual receipts of under $10 
million, and 47 firms had receipts of $10 million or more but less then 
$25 million. Consequently, we estimate that the majority of these firms 
are small entities that may be affected by our action.
    108. All Other Information Services. ``This industry comprises 
establishments primarily engaged in providing other information 
services (except new syndicates and libraries and archives).'' Our 
action pertains to VoIP services, which could be provided by entities 
that provide other services such as e-mail, online gaming, web 
browsing, video conferencing, instant messaging, and other, similar IP-
enabled services. The SBA has developed a small business size standard 
for this category; that size standard is $6.5 million or less in 
average annual receipts. According to Census Bureau data for 1997, 
there were 195 firms in this category that operated for the entire 
year. Of these, 172 had annual receipts of under $5 million, and an 
additional nine firms had receipts of between $5 million and 
$9,999,999. Consequently, we estimate that the majority of these firms 
are small entities that may be affected by our action.

D. Description of Projected Reporting, Recordkeeping and Other 
Compliance Requirements

    109. The Second R&O requires that facilities-based broadband 
Internet access providers and providers of interconnected VoIP submit 
monitoring reports to the Commission to ensure their CALEA compliance 
by the May 14, 2007 deadline established by the First R&O. The Second 
R&O also requires that, within 90 days of its effective date, 
facilities-based broadband Internet access providers and providers of 
interconnected VoIP who were newly-identified in the First R&O as 
subject to CALEA submit system security statements to the Commission. 
Additionally, the Second R&O requires that each carrier that has a 
CALEA section 107(c) petition on file with the Commission submit to us 
a letter documenting that the carrier's equipment, facility, or service 
qualifies for section 107(c) relief under the October 25, 1998 cutoff 
for such relief. The Second R&O contains new information collection 
requirements subject to the Paperwork Reduction Act of 1995 (PRA), 
Public Law 104-13. They will be submitted to OMB for review under 
Section 3507(d) of the PRA. OMB, the general public, and other Federal 
agencies are invited to comment on the new or modified information 
collection requirements contained in this proceeding.

E. Steps Taken To Minimize Significant Economic Impact on Small 
Entities, and Significant Alternatives Considered

    110. The RFA requires an agency to describe any significant 
alternatives that it has considered in reaching its proposed approach, 
which may include (among others) the following four alternatives: (1) 
The establishment of differing compliance or reporting requirements or 
timetables that take into account the resources available to small 
entities; (2) the clarification, consolidation, or simplification of 
compliance or reporting requirements under the rule for small entities; 
(3) the use of performance, rather than design, standards; and (4) an 
exemption from coverage of the rule, or any part thereof, for small 
entities.
    111. The need for the regulations adopted herein is mandated by 
Federal legislation. In the Second R&O, we find that, under the express 
terms of the CALEA statute, all carriers subject to CALEA are obliged 
to become CALEA-compliant without exception. However, in the 
previously-issued Further Notice of Proposed Rulemaking in this 
proceeding (a companion document to the First R&O), we are considering 
two alternatives: (1) Exempting from CALEA certain classes or 
categories of facilities-based broadband Internet access providers--
notably small and rural providers and providers of broadband networks 
for educational and research institutions, and (2) requiring something 
less than full CALEA compliance for certain classes or categories of 
providers, including smaller providers.
    112. In the Second R&O, we find that, within 90 days of the 
effective date of the Second R&O, facilities-based

[[Page 38108]]

broadband Internet access providers and providers of interconnected 
VoIP who were newly-identified in the First R&O as subject to CALEA 
must submit system security statements to the Commission. Ensuring that 
any interception of a carrier's communications or access to call-
identifying information can be activated only in accordance with a 
court order or other lawful authorization and with the affirmative 
intervention of an employee of the carrier acting in accordance with 
regulations prescribed by the Commission is required by section 105 of 
CALEA and section 229(b) of the Communications Act. Further, system 
security compliance within 90 days is specified for telecommunications 
carriers in section 64.2105 of the Commission's rules. While we 
considered the alternative of modifying this 90-day compliance period 
for facilities-based broadband Internet access providers and providers 
of interconnected VoIP who were newly-identified in the First R&O as 
subject to CALEA, we concluded that would result in disparate treatment 
of these newly-identified providers.
    113. In the Second R&O, we also find that sections 107(c) and 
109(b) of CALEA provide only limited and temporary relief from 
compliance requirements, and that they are complementary provisions 
that serve different purposes, which are, respectively: (1) Extension 
of the CALEA section 103 compliance deadline; and, (2) recovery of 
CALEA-imposed costs. We considered the alternative of a less stringent 
interpretation of these two sections, but concluded that, in designing 
them, Congress carefully balanced a reasonable compliance period 
against a firm deadline. Accordingly, we conclude that the statutory 
language does not permit us to adopt a less stringent interpretation. 
However, we note that section 109(b) lists 11 criteria for determining 
whether CALEA compliance is ``reasonably achievable'' by a particular 
telecommunications carrier, and one of these criteria is ``[t]he 
financial resources of the telecommunications carrier.'' Accordingly, 
small carriers may petition for relief under this CALEA section, thus 
possibly mitigating, in some cases, the economic burden of compliance 
with rules adopted herein.
    114. In the Second R&O, we also find that, in addition to the 
enforcement remedies through the courts available to LEAs under CALEA 
section 108, we may take separate enforcement action under section 
229(a) of the Communications Act against carriers that fail to comply 
with the CALEA statute. We considered an alternative, recommended by 
some commenters, that authority to enforce CALEA lies exclusively with 
the courts, but we conclude that we have the authority to prescribe 
CALEA rules and investigate the compliance of those carriers and 
providers subject to such rules. We also conclude that there should be 
no disparate treatment of small entities with regard to CALEA 
enforcement because this would be inconsistent with the statute.
    115. Finally, in the Second R&O, we find that carriers must 
generally pay for CALEA development and implementation costs incurred 
after January 1, 1995, but we acknowledge that they may recover costs 
from other sources, such as from their subscribers. Some commenters 
argue that carriers with small subscriber bases are less able to bear 
the costs of CALEA implementation; however, to the extent CALEA costs 
prohibit these carriers from reasonably achieving CALEA compliance, we 
again note that CALEA section 109(b) provides a remedy. The carriers 
can seek a determination from the Commission that CALEA compliance is 
not reasonably achievable, and, upon such a determination, the Attorney 
General may agree to pay the costs of compliance for these carriers, or 
the carriers will be deemed to be in compliance. We believe our 
approach represents a reasonable accommodation for small carriers.

F. Report to Congress

    116. The Commission will send a copy of the Second R&O and MO&O, 
including this FRFA, in a report to be sent to Congress and the 
Government Accountability Office pursuant to the Congressional Review 
Act. In addition, the Commission will send a copy of the Second R&O and 
MO&O and FRFA to the Chief Counsel for Advocacy of the SBA.

Ordering Clauses

    117. Pursuant to sections 1, 4(i), 7(a), 229, 301, 303, 332, and 
410 of the Communications Act of 1934, as amended, and section 102 of 
the Communications Assistance for Law Enforcement Act, 18 U.S.C. 1001, 
the Second Report and Order and Memorandum Opinion and Order in ET 
Docket No. 04-295 is adopted.
    118. Parts 1, 22, 24, and 64 of the Commission's rules, 47 CFR 
parts 1, 22, 24, and 64, are amended as set forth below. The 
requirements of the Second Report and Order shall become effective 
August 4, 2006. The Second Report and Order contains information 
collection requirements subject to the Paperwork Reduction Act of 1995 
(PRA), Public Law 104-13, that are not effective until approved by the 
Office of Management and Budget. The Federal Communications Commission 
will publish a document in the Federal Register announcing the 
effective date of those rules.
    119. The ``Petition for Reconsideration and for Clarification of 
the CALEA Applicability Order'' filed by the United States Telecom 
Association is granted to the extent indicated herein and is denied in 
all other respects.
    120. The Commission's Consumer and Governmental Affairs Bureau, 
Reference Information Center, shall send a copy of the Second Report 
and Order and Memorandum Opinion and Order, including the Final 
Regulatory Flexibility Analysis, to the Chief Counsel for Advocacy of 
the Small Business Administration.

List of Subjects

47 CFR Part 1

    Communications common carriers, Reporting and recordkeeping 
requirements, Telecommunications.

47 CFR Part 22

    Communications common carriers.

47 CFR Part 24

    Communications common carriers, Personal communications services, 
Telecommunications.

47 CFR Part 64

    Communications common carriers, Telecommunications, Telephone.

Federal Communications Commission.
Marlene H. Dortch,
Secretary.

Rule Changes

0
For the reasons discussed in the preamble, the Federal Communications 
Commission amends 47 CFR parts 1, 22, 24, and 64 as follows:

PART 1--PRACTICE AND PROCEDURE

0
1. The authority citation for part 1 continues to read as follows:

    Authority: 15 U.S.C. 79 et seq.; 47 U.S.C. 151, 154(i), 154(j), 
155, 157, 225, and 303(r).


0
2. Subpart Z is added to read as follows:

Subpart Z--Communications Assistance for Law Enforcement Act

Sec.
1.20000 Purpose.

[[Page 38109]]

1.20001 Scope.
1.20002 Definitions.
1.20003 Policies and procedures for employee supervision and 
control.
1.20004 Maintaining secure and accurate records.
1.20005 Submission of policies and procedures and Commission review.
1.20006 Assistance capability requirements.
1.20007 Additional assistance capability requirements for wireline, 
cellular, and PCS telecommunications carriers.
1.20008 Penalties.

Subpart Z--Communications Assistance for Law Enforcement Act


Sec.  1.20000  Purpose.

    Pursuant to the Communications Assistance for Law Enforcement Act 
(CALEA), Public Law 103-414, 108 Stat. 4279 (1994) (codified as amended 
in sections of 18 U.S.C. and 47 U.S.C.), this subpart contains rules 
that require a telecommunications carrier to:
    (a) Ensure that any interception of communications or access to 
call-identifying information effected within its switching premises can 
be activated only in accordance with appropriate legal authorization, 
appropriate carrier authorization, and with the affirmative 
intervention of an individual officer or employee of the carrier acting 
in accordance with regulations prescribed by the Commission; and
    (b) Implement the assistance capability requirements of CALEA 
section 103, 47 U.S.C. 1002, to ensure law enforcement access to 
authorized wire and electronic communications or call-identifying 
information.


Sec.  1.20001  Scope.

    The definitions included in 47 CFR 1.20002 shall be used solely for 
the purpose of implementing CALEA requirements.


Sec.  1.20002  Definitions.

    For purposes of this subpart:
    (a) Appropriate legal authorization. The term appropriate legal 
authorization means:
    (1) A court order signed by a judge or magistrate authorizing or 
approving interception of wire or electronic communications; or
    (2) Other authorization, pursuant to 18 U.S.C. 2518(7), or any 
other relevant federal or state statute.
    (b) Appropriate carrier authorization. The term appropriate carrier 
authorization means the policies and procedures adopted by 
telecommunications carriers to supervise and control officers and 
employees authorized to assist law enforcement in conducting any 
interception of communications or access to call-identifying 
information.
    (c) Appropriate authorization. The term appropriate authorization 
means both appropriate legal authorization and appropriate carrier 
authorization.
    (d) LEA. The term LEA means law enforcement agency; e.g., the 
Federal Bureau of Investigation or a local police department.
    (e) Telecommunications carrier. The term telecommunications carrier 
includes:
    (1) A person or entity engaged in the transmission or switching of 
wire or electronic communications as a common carrier for hire;
    (2) A person or entity engaged in providing commercial mobile 
service (as defined in sec. 332(d) of the Communications Act of 1934 
(47 U.S.C. 332(d))); or
    (3) A person or entity that the Commission has found is engaged in 
providing wire or electronic communication switching or transmission 
service such that the service is a replacement for a substantial 
portion of the local telephone exchange service and that it is in the 
public interest to deem such a person or entity to be a 
telecommunications carrier for purposes of CALEA.


Sec.  1.20003  Policies and procedures for employee supervision and 
control.

    A telecommunications carrier shall:
    (a) Appoint a senior officer or employee responsible for ensuring 
that any interception of communications or access to call-identifying 
information effected within its switching premises can be activated 
only in accordance with a court order or other lawful authorization and 
with the affirmative intervention of an individual officer or employee 
of the carrier.
    (b) Establish policies and procedures to implement paragraph (a) of 
this section, to include:
    (1) A statement that carrier personnel must receive appropriate 
legal authorization and appropriate carrier authorization before 
enabling law enforcement officials and carrier personnel to implement 
the interception of communications or access to call-identifying 
information;
    (2) An interpretation of the phrase ``appropriate authorization'' 
that encompasses the definitions of appropriate legal authorization and 
appropriate carrier authorization, as used in paragraph (b)(1) of this 
section;
    (3) A detailed description of how long it will maintain its records 
of each interception of communications or access to call-identifying 
information pursuant to Sec.  1.20004;
    (4) In a separate appendix to the policies and procedures document:
    (i) The name and a description of the job function of the senior 
officer or employee appointed pursuant to paragraph (a) of this 
section; and
    (ii) Information necessary for law enforcement agencies to contact 
the senior officer or employee appointed pursuant to paragraph (a) of 
this section or other CALEA points of contact on a seven days a week, 
24 hours a day basis.
    (c) Report to the affected law enforcement agencies, within a 
reasonable time upon discovery:
    (1) Any act of compromise of a lawful interception of 
communications or access to call-identifying information to 
unauthorized persons or entities; and
    (2) Any act of unlawful electronic surveillance that occurred on 
its premises.


Sec.  1.20004  Maintaining secure and accurate records.

    (a) A telecommunications carrier shall maintain a secure and 
accurate record of each interception of communications or access to 
call-identifying information, made with or without appropriate 
authorization, in the form of single certification.
    (1) This certification must include, at a minimum, the following 
information:
    (i) The telephone number(s) and/or circuit identification numbers 
involved;
    (ii) The start date and time that the carrier enables the 
interception of communications or access to call identifying 
information;
    (iii) The identity of the law enforcement officer presenting the 
authorization;
    (iv) The name of the person signing the appropriate legal 
authorization;
    (v) The type of interception of communications or access to call-
identifying information (e.g., pen register, trap and trace, Title III, 
FISA); and
    (vi) The name of the telecommunications carriers' personnel who is 
responsible for overseeing the interception of communication or access 
to call-identifying information and who is acting in accordance with 
the carriers' policies established under Sec.  1.20003.
    (2) This certification must be signed by the individual who is 
responsible for overseeing the interception of communications or access 
to call-identifying information and who is acting in accordance with 
the telecommunications carrier's policies established under Sec.  
1.20003. This individual will, by his/her signature, certify that the 
record is complete and accurate.
    (3) This certification must be compiled either contemporaneously 
with, or within a reasonable period of

[[Page 38110]]

time after the initiation of the interception of the communications or 
access to call-identifying information.
    (4) A telecommunications carrier may satisfy the obligations of 
paragraph (a) of this section by requiring the individual who is 
responsible for overseeing the interception of communication or access 
to call-identifying information and who is acting in accordance with 
the carriers' policies established under Sec.  1.20003 to sign the 
certification and append the appropriate legal authorization and any 
extensions that have been granted. This form of certification must at a 
minimum include all of the information listed in paragraph (a) of this 
section.
    (b) A telecommunications carrier shall maintain the secure and 
accurate records set forth in paragraph (a) of this section for a 
reasonable period of time as determined by the carrier.
    (c) It is the telecommunications carrier's responsibility to ensure 
its records are complete and accurate.
    (d) Violation of this rule is subject to the penalties of Sec.  
1.20008.


Sec.  1.20005  Submission of policies and procedures and Commission 
review.

    (a) Each telecommunications carrier shall file with the Commission 
the policies and procedures it uses to comply with the requirements of 
this subchapter. These policies and procedures shall be filed with the 
Federal Communications Commission within 90 days of the effective date 
of these rules, and thereafter, within 90 days of a carrier's merger or 
divestiture or a carrier's amendment of its existing policies and 
procedures.
    (b) The Commission shall review each telecommunications carrier's 
policies and procedures to determine whether they comply with the 
requirements of Sec. Sec.  1.20003 and 1.20004.
    (1) If, upon review, the Commission determines that a 
telecommunications carrier's policies and procedures do not comply with 
the requirements established under Sec. Sec.  1.20003 and 1.20004, the 
telecommunications carrier shall modify its policies and procedures in 
accordance with an order released by the Commission.
    (2) The Commission shall review and order modification of a 
telecommunications carrier's policies and procedures as may be 
necessary to insure compliance by telecommunications carriers with the 
requirements of the regulations prescribed under Sec. Sec.  1.20003 and 
1.20004.


Sec.  1.20006  Assistance capability requirements.

    (a) Telecommunications carriers shall provide to a Law Enforcement 
Agency the assistance capability requirements of CALEA regarding wire 
and electronic communications and call-identifying information, see 47 
U.S.C. 1002. A carrier may satisfy these requirements by complying with 
publicly available technical requirements or standards adopted by an 
industry association or standard-setting organization, such as J-STD-
025 (current version), or by the Commission.
    (b) Telecommunications carriers shall consult, as necessary, in a 
timely fashion with manufacturers of its telecommunications 
transmission and switching equipment and its providers of 
telecommunications support services for the purpose of ensuring that 
current and planned equipment, facilities, and services comply with the 
assistance capability requirements of 47 U.S.C. 1002.
    (c) A manufacturer of telecommunications transmission or switching 
equipment and a provider of telecommunications support service shall, 
on a reasonably timely basis and at a reasonable charge, make available 
to the telecommunications carriers using its equipment, facilities, or 
services such features or modifications as are necessary to permit such 
carriers to comply with the assistance capability requirements of 47 
U.S.C. 1002.


Sec.  1.20007  Additional assistance capability requirements for 
wireline, cellular, and PCS telecommunications carriers.

    (a) Definition--(1) Call-identifying information. Call identifying 
information means dialing or signaling information that identifies the 
origin, direction, destination, or termination of each communication 
generated or received by a subscriber by means of any equipment, 
facility, or service of a telecommunications carrier. Call-identifying 
information is ``reasonably available'' to a carrier if it is present 
at an intercept access point and can be made available without the 
carrier being unduly burdened with network modifications.
    (2) Collection function. The location where lawfully authorized 
intercepted communications and call-identifying information is 
collected by a law enforcement agency (LEA).
    (3) Content of subject-initiated conference calls. Capability that 
permits a LEA to monitor the content of conversations by all parties 
connected via a conference call when the facilities under surveillance 
maintain a circuit connection to the call.
    (4) Destination. A party or place to which a call is being made 
(e.g., the called party).
    (5) Dialed digit extraction. Capability that permits a LEA to 
receive on the call data channel a digits dialed by a subject after a 
call is connected to another carrier's service for processing and 
routing.
    (6) Direction. A party or place to which a call is re-directed or 
the party or place from which it came, either incoming or outgoing 
(e.g., a redirected-to party or redirected-from party).
    (7) IAP. Intercept access point is a point within a carrier's 
system where some of the communications or call-identifying information 
of an intercept subject's equipment, facilities, and services are 
accessed.
    (8) In-band and out-of-band signaling. Capability that permits a 
LEA to be informed when a network message that provides call 
identifying information (e.g., ringing, busy, call waiting signal, 
message light) is generated or sent by the IAP switch to a subject 
using the facilities under surveillance. Excludes signals generated by 
customer premises equipment when no network signal is generated.
    (9) J-STD-025. The standard, including the latest version, 
developed by the Telecommunications Industry Association (TIA) and the 
Alliance for Telecommunications Industry Solutions (ATIS) for wireline, 
cellular, and broadband PCS carriers. This standard defines services 
and features to support lawfully authorized electronic surveillance, 
and specifies interfaces necessary to deliver intercepted 
communications and call-identifying information to a LEA. Subsequently, 
TIA and ATIS published J-STD-025-A and J-STD-025-B.
    (10) Origin. A party initiating a call (e.g., a calling party), or 
a place from which a call is initiated.
    (11) Party hold, join, drop on conference calls. Capability that 
permits a LEA to identify the parties to a conference call conversation 
at all times.
    (12) Subject-initiated dialing and signaling information. 
Capability that permits a LEA to be informed when a subject using the 
facilities under surveillance uses services that provide call 
identifying information, such as call forwarding, call waiting, call 
hold, and three-way calling. Excludes signals generated by customer 
premises equipment when no network signal is generated.
    (13) Termination. A party or place at the end of a communication 
path (e.g. the called or call-receiving party, or the switch of a party 
that has placed another party on hold).
    (14) Timing information. Capability that permits a LEA to associate 
call-

[[Page 38111]]

identifying information with the content of a call. A call-identifying 
message must be sent from the carrier's IAP to the LEA's Collection 
Function within eight seconds of receipt of that message by the IAP at 
least 95% of the time, and with the call event time-stamped to an 
accuracy of at least 200 milliseconds.
    (b) In addition to the requirements in Sec.  1.20006, wireline, 
cellular, and PCS telecommunications carriers shall provide to a LEA 
the assistance capability requirements regarding wire and electronic 
communications and call identifying information covered by J-STD-025 
(current version), and, subject to the definitions in this section, may 
satisfy these requirements by complying with J-STD-025 (current 
version), or by another means of their own choosing. These carriers 
also shall provide to a LEA the following capabilities:
    (1) Content of subject-initiated conference calls;
    (2) Party hold, join, drop on conference calls;
    (3) Subject-initiated dialing and signaling information;
    (4) In-band and out-of-band signaling;
    (5) Timing information;
    (6) Dialed digit extraction, with a toggle feature that can 
activate/deactivate this capability.


Sec.  1.20008  Penalties.

    In the event of a telecommunications carrier's violation of this 
subchapter, the Commission shall enforce the penalties articulated in 
47 U.S.C. 503(b) of the Communications Act of 1934 and 47 CFR 1.80.

PART 22--PUBLIC MOBILE SERVICES

0
3. The authority citation for part 22 continues to read as follows:

    Authority: 47 U.S.C. 154, 222, 303, 309, and 332.

Subpart J--[Removed]

0
4. Remove subpart J, consisting of Sec. Sec.  22.1100 through 22.1103.

PART 24--PERSONAL COMMUNICATIONS SERVICES

0
5. The authority citation for part 24 continues to read as follows:

    Authority: 47 U.S.C. 154, 301, 302, 303, 309, and 332.

Subpart J--[Removed]

0
6. Remove subpart J, consisting of Sec. Sec.  24.900 through 24.903.

PART 64--MISCELLANEOUS RULES RELATING TO COMMON CARRIERS

0
7. The authority citation for part 64 continues to read as follows:

    Authority: 47 U.S.C. 154, 254(k); secs. 403(b)(2)(B), (c), Pub. 
L. 104-104, 110 Stat. 56. Interpret or apply 47 U.S.C. 201, 218, 
222, 225, 226, 228, and 254(k) unless otherwise noted.

Subpart V--[Removed and Reserved]

0
8. Remove and reserve subpart V, consisting of Sec. Sec.  64.2100 
through 64.2106.

Subpart W--[Removed and Reserved]

0
9. Remove and reserve subpart W, consisting of Sec. Sec.  64.2200 
through 64.2203.

[FR Doc. 06-5954 Filed 7-3-06; 8:45 am]
BILLING CODE 6712-01-P