CALEA: Never Intended for the Internet

Published April 29, 2004

The FBI petition seeking to expand the scope of the Communications Assistance for Law Enforcement Act (CALEA) to include Internet surveillance, currently before the Federal Communications Commission, is truly broad-ranging. It not only asks the FCC to rewrite CALEA, but proposes a massive bureaucratic process under which the telecommunications industry would perpetually present new communications service offerings to the FCC (and, presumably, the FBI) for CALEA compliance.

The FCC has recognized that, in enacting CALEA back in 1994, Congress sought to balance three important policies: “(1) to preserve a narrowly focused capability for law enforcement agencies to carry out properly authorized intercepts; (2) to protect privacy in the face of increasingly powerful and personally revealing technologies; and (3) to avoid impeding the development of new communications services and technologies.”

Aging Badly

In this age of rapid technological innovation, however, 10 years is a long time. CALEA was already showing its age in 1999, when the FCC invited an expert report from the Telecommunications Industry Association (TIA) to address CALEA compliance problems associated with packet-mode communications, of which the Internet is a principal example, under J-STD-025. The so-called JEM Report, submitted to the FCC in September 2000, made clear that packet-mode technologies raised serious legal and technical issues.

The problems of forcing CALEA requirements upon new technologies and a constantly changing communications environment are even greater today. The legal and technical issues raised by packet-mode communications technologies remain largely unsolved outside of a few relatively well-defined areas.

The main reason for this and other CALEA compliance issues is simple: CALEA was neither intended nor written to apply to the Internet. Given the pace of technological innovation, attempting to apply CALEA to the Internet creates enormous legal, technical, economic, and social problems.

The FCC has been committed to lowering government barriers to innovation and the deployment of innovative services. The FBI’s proposed “solution” to its CALEA problems would raise those barriers by putting the FCC and FBI in the role of technology gatekeeper. Even if the FCC and FBI had the resources to attempt to play this role–which we seriously doubt–there is every reason to believe the effort would be futile for law enforcement, dangerous to civil liberties, and prohibitively costly to innovation and the U.S. economy.

Weak Case to Begin With

From the very beginning, the case for CALEA rested on weak evidence. The FBI in 1994 presented Congress with only 183 technology-based “problems” encountered by federal, state, and local law enforcement agencies, probably a small fraction of the total number of electronic surveillance orders issued in that period. Moreover, the public record merely indicates law enforcement could not “fully” implement authorized electronic surveillance. The FBI apparently did not assert these problems materially affected the ability of law enforcement agencies to investigate crime.

Similarly, the current FBI petition presents no evidence that today’s communications system materially affects law enforcement’s ability to investigate crime. We do not know, for instance, whether law enforcement is able to gather evidence through other means. We do know law enforcement authority to conduct electronic surveillance as well as to obtain records has increased dramatically since 1994. Even before the enactment of the PATRIOT Act, the requirements for conducting “roving wiretaps” under Title III were significantly relaxed.

Equally important, the FBI is silent on how new technologies and information practices have enhanced or will enhance its ability to investigate crime. There are many reasons to believe the FBI is, overall, better off today than before. The FBI has demonstrated considerable ability to adapt to new technologies on its own. The FBI’s Carnivore technology allows it to gather packet-mode information more efficiently. Even end-user encryption–expressly permitted by CALEA–appears less problematic than the FBI had warned, given the FBI’s technical creativity in using key loggers.

In short, the FBI seeks to build a new bureaucratic structure for federal technology management on bald assertions that do not and cannot justify its sweeping proposal. At the very least, the FCC should require the FBI to present meaningful evidence in support of its assertions. It is premature to embark on a costly and time-consuming rulemaking without such evidence.

The Electronic Frontier Foundation ( is a nonprofit organization promoting the individual rights to access, use, and privacy in technology, telecommunications, and the Internet. This article was adapted from comments the EFF submitted to the FCC on a petition by the Department of Justice and the FBI to expand the telecommunications surveillance powers granted by CALEA.