22 February 2000
Source: http://www.access.gpo.gov/su_docs/aces/fr-cont.html

-------------------------------------------------------------------------

[Federal Register: February 22, 2000 (Volume 65, Number 35)]
[Rules and Regulations]
[Page 8666]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr22fe00-15]

=======================================================================
-----------------------------------------------------------------------

FEDERAL COMMUNICATIONS COMMISSION

47 CFR Part 64


Public Information Collection Approved by Office of Management
and Budget

AGENCY: Federal Communications Commission.

ACTION: Notice of effective date.

-----------------------------------------------------------------------

SUMMARY: The Federal Communications Commission (FCC) has received
Office of Management and Budget (OMB) approval for the paperwork
information burdens contained in the Report and Order and the Order on
Reconsideration regarding implementation of the Communications
Assistance for Law Enforcement Act. The effective date for certain rule
sections was held in abeyance until OMB approval for these burdens was
granted. This document is needed to notify the public that OMB has
approved these burdens and to announce the effective date of the
associated rules.

DATES: The affected rules, 47 CFR 64.2103, 64.2104, and 64.2105 (64 FR
51462, September 23, 1999) became effective February 2, 2000.

FOR FURTHER INFORMATION CONTACT: John Spencer, 202-418-1310.

SUPPLEMENTARY INFORMATION: The Federal Communications Commission has
received OMB approval for the following public information collections
pursuant to the Paperwork Reduction Act of 1995, Public Law 96-511. The
rules adopted in this proceeding (see Report and Order at 64 FR 51462,
September 23, 1999, and Order on Reconsideration at 64 FR 52244,
September 28, 1999) are therefore effective February 2, 2000. An agency
may not conduct or sponsor a collection of information unless it
displays a currently valid control number. Notwithstanding any other
provisions of law, no person shall be subject to any penalty for
failing to comply with a collection of information subject to the
Paperwork Reduction Act (PRA) that does not display a valid control
number. Questions concerning the OMB control numbers and expiration
dates should be directed to Judy Boley, Federal Communications
Commission, (202) 418-0214.

Federal Communications Commission

    OMB Control No.: 3060-0809.
    Expiration Date: 04/30/00.
    Title: Communications Assistance for Law Enforcement Act, Report
and Order and Order on Reconsideration.
    Form No.: N/A.
    Estimated Annual Burden: 36,000 burden hours annually, 6 hours per
response; 6,000 responses.
    Description: The information filed with the Commission will be used
to verify telecommunications carriers' conformance with the CALEA
requirements, and the information made available to law enforcement
officials will be used to determine the accountability and accuracy of
telecommunications carriers' compliance with lawful electronic
surveillance orders.

Federal Communications Commission.
Magalie Roman Salas,
Secretary.
[FR Doc. 00-3889 Filed 2-18-00; 8:45 am]
BILLING CODE 6712-01-P

-------------------------------------------------------------------------

[Federal Register: September 23, 1999 (Volume 64, Number 184)]
[Rules and Regulations]               
[Page 51462-51470]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr23se99-18]                         

=======================================================================
-----------------------------------------------------------------------

FEDERAL COMMUNICATIONS COMMISSION

47 CFR Part 64

[CC Docket No. 97-213; FCC 99-11]

 
Implementation of the Communications Assistance for Law 
Enforcement Act

AGENCY: Federal Communications Commission.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: This document establishes limited rules to ensure that 
carriers have policies and procedures in place that require the 
affirmative intervention by and knowledge of, their employees in 
effectuating any interception through their switching premises, and 
that such interception is done lawfully and documented carefully. The 
decision mandates that this be done by appointment of a designated 
senior officer or employee by each carrier company who is responsible 
for maintaining such security procedures. The decision also establishes 
reporting and recordkeeping requirements for informing law enforcement 
officials of all acts of unauthorized electronic surveillance that 
occur on the carriers' premises, as well as any compromises of the 
carriers' systems security and integrity procedures that involve the 
execution of electronic surveillance. Finally, the decision adopts 
filing requirements for large and small carriers. This document 
contains modified information collections subject to the Paperwork 
Reduction Act of 1995 (PRA), Public Law 104-13, and has been submitted 
to the Office of Management and Budget (OMB) for review under the 
section 3507 of the PRA.

DATES: Effective December 22, 1999 except for Secs. 64.2103, 64.2104, 
and 64.2105, which contain information collection requirements that 
have not been approved by the Office of Management and Budget. The FCC 
will publish a document in the Federal Register announcing the 
effective date for those sections. Public comment on the information 
collections are due November 22, 1999.

FOR FURTHER INFORMATION CONTACT: Thomas Wasilewski, 202-418-1310. For 
further information concerning the information collections contained in 
this Report and Order, contact Les Smith, Federal Communications 
Commission, Room 1A-804, 445 12th Street, S.W., Washington, DC 20054, 
or via the Internet at lesmith@fcc.gov.

SUPPLEMENTARY INFORMATION: This is a summary of the Commission's Report 
and Order (R&O) in CC Docket No. 97-213; FCC 99-11, adopted January 29, 
1999, and released March 15, 1999. The complete text of this R&O is 
available for inspection and copying during normal business hours in 
the FCC Reference Information Center, Courtyard Level, 445 12th Street, 
S.W., Washington, DC, and also may be purchased from the Commission's 
copy contractor, International Transcription Services (ITS, Inc.), CY-
B400, 445 12th Street, S.W., Washington, DC.

Synopsis of the Report and Order

    1. The Commission adopts a Report and Order (R&O) in CC Docket No. 
97-213, regarding implementation of the Communications Assistance for 
Law Enforcement Act (CALEA).<SUP>1</SUP> The R&O establishes systems 
security and integrity regulations that all telecommunications carriers 
must follow to comply with section 105 of CALEA. The regulations were 
proposed in the Notice of Proposed Rule Making (NPRM) in this 
proceeding, which can be found at 62 FR 63302, November 11, 1997. The 
R&O adopts these regulations pursuant to the authority granted to the 
Commission under section 105 of CALEA and section 229 of the 
Communications Act of 1934, as amended. Accordingly, the R&O finds that 
telecommunications carriers must ensure that ``any interception of 
communications or access to call-identifying information effected 
within its switching premises can be activated only in accordance with 
a court order or other lawful authorization and with the affirmative 
intervention of an individual officer or employee of the carrier'' 
<SUP>2</SUP> acting in accordance with the regulations adopted in the 
R&O and sections 229(b) and (c) of the Communications Act.
---------------------------------------------------------------------------

    \1\ Public Law 103414, 108 Stat. 4279 (1994).
    \2\ 47 U.S.C. 1004.
---------------------------------------------------------------------------

    2. While recognizing that certain carriers currently have existing 
policies and procedures in place to secure and protect their 
telecommunications systems in a manner that would comply with section 
105 of CALEA and sections 229(b) and (c) of the Communications Act, the 
R&O finds that the void created by those carriers without such policies 
and procedures demands adoption of minimum set of requirements that 
will ensure compliance with section 105 of CALEA and sections 229(b) 
and (c) of the Communications Act. The R&O declines, however, to adopt 
specific or detailed policies and procedures that telecommunications 
carriers must include within their internal operating practices to 
ensure compliance, because, as the R&O further finds, it is not the 
Commission's responsibility to ``micro-manage'' telecommunications 
carriers' corporate policies. The rules adopted in the R&O are intended 
to provide carriers with guidance as to the minimum requirements 
necessary to achieve compliance with section 105 of CALEA and sections 
229(b) and (c) of the Communications Act in the least burdensome manner 
possible.
    3. The R&O mandates that carriers, as part of their policies and 
procedures, must appoint the senior authorized officer(s) or 
employee(s) whose job function includes being a point of contact for 
law enforcement on a daily, around-the-clock basis. Carriers must 
include in their policies and procedures a description of the job 
functions of such points of contact and a method to enable law 
enforcement authorities to contact these individuals.
    4. Although the Commission declines to adopt a proposal to require 
carriers to

[[Page 51463]]

respond to an interception request within a specific time frame, the 
R&O encourages carriers to respond promptly and comply with any other 
relevant statutes concerning their duty to assist law enforcement 
authorities in performing an interception of communications or 
facilitating access to call-identifying information.
    5. The R&O next clarifies the term ``appropriate authorization,'' 
as used in section 229(b)(1)(A) of the Communications Act, which 
requires that common carriers establish appropriate personnel 
supervision and control policies and procedures ``to require 
appropriate authorization to activate interception of communications or 
access to call-identifying information(.)'' <SUP>3</SUP> The R&O, based 
on the explicit language of section 105 of CALEA and section 229(b) of 
the Communications Act, concludes that ``appropriate authorization'' 
refers both to the legal authorization that law enforcement must 
present to a carrier in the form of an order, warrant, or other 
authorization issued by a judge or magistrate pursuant to federal or 
state statutory authority (appropriate legal authorization), and to the 
authorization a carrier's employee must receive from the carrier to 
assist law enforcement (appropriate carrier authorization) to engage in 
the interception of communication or the access to call-identifying 
information. The R&O concludes that a carrier satisfies the requirement 
for appropriate authorization only when a carrier's employee implements 
the interception of communications or access to call-identifying 
information in accordance with appropriate carrier authorization after 
having received legal authorizations.
---------------------------------------------------------------------------

    \3\ 47 U.S.C. 229(b)(1)(A).
---------------------------------------------------------------------------

    6. The R&O also requires carriers to state in their internal 
policies and procedures that carrier personnel must receive both 
appropriate legal authorization and appropriate carrier authorization 
before taking any action to affirmatively implement the interception of 
communications or access to call-identifying information. Carriers must 
also, upon receipt of a proffered authorization by law enforcement, 
determine that such authorization is what it purports to be, and that 
it can be implemented technically, including that it is sufficiently 
and accurately detailed to enable the carrier to comply with its terms. 
The Commission notes, however, that its determination in the R&O under 
section 105 of CALEA and section 229 of the Communications Act 
regarding the level of scrunity applicable to a carrier's review of a 
court order or certification is in no way intended to alter or replace 
any standard or level of scrutiny imposed under any other state or 
federal statute. Accordingly, the R&O requires that, as part of their 
policies and procedures, carriers should also comply with appropriate 
authorization requirements contained in any other relevant state or 
federal statute when reviewing an authorization, and must ensure that 
their designated senior officer(s) or employee(s) responsible for 
affirmatively intervening to activate the interception of 
communications or access to call-identifying information is fully 
apprised of any additional relevant federal and state statutory 
provisions.
    7. The R&O further provides that carriers must report all acts of 
unauthorized electronic surveillance that occur on their premises, as 
well as any compromises of the carrier's system security and integrity 
procedures that involve the execution of electronic surveillance, to 
the appropriate law enforcement agency. The R&O does not, however, 
impose a specific time frame within which a carrier must report a 
security breach. Rather, the R&O requires that carriers report such 
breaches within a reasonable period of time and in compliance with any 
other relevant statutes.
    8. Additionally, in order to comply with section 229(b)(2), the 
carrier must maintain secure and accurate records of each interception 
of communication or access to call-identifying information, made with 
or without appropriate authorization, in the form of single 
certification. This certification must include, at a minimum: (1) The 
telephone number(s) and/or circuit identification numbers involved; (2) 
the start date and time of the opening of the circuit for law 
enforcement; (3) the identity of the law enforcement officer presenting 
the authorization; (4) the name of the judge or prosecuting attorney 
signing the authorization; (5) the type of interception of 
communications or access to call-identifying information; and (6) the 
name of the telecommunications carrier's personnel who is responsible 
for overseeing the interception of communication or access to call-
identifying information and who is acting in accordance with the 
carrier's policies established under section 229(b)(1). The designated 
employee must sign each record, to certify the record is complete and 
accurate. The Order mandates that carriers maintain these records for 
ten years and keep records relating to the content of authorized 
interception for a period of time determined by individual carriers in 
accordance with policies and procedures established under section 
229(b)(1) of the Communications Act and applicable state and federal 
statutes of limitation.<SUP>4</SUP>
---------------------------------------------------------------------------

    \4\ On July 16, 1999, the Commission adopted an Order on 
Reconsideration (Order) in this proceeding (FCC 99-184), which 
revises the recordkeeping and maintenance requirements adopted in 
the R&O. The Order eliminates the requirement that 
telecommunications carriers retain the content or call-identifying 
information of any interceptions of communications and the 10 year 
record retention requirement. Instead, carriers must retain the 
certification for a ``reasonable period of time.''
---------------------------------------------------------------------------

    9. The R&O adopts filing requirements in accordance with section 
229(b)(3) of the Communications Act. In this regard, the R&O finds that 
all telecommunications carriers must submit to the Commission the 
policies and procedures adopted to comply with the requirements 
established under sections 229(b)(1) and (2), regardless of carrier 
size. The Commission will review carriers' policies procedures to 
determine whether they comply with the Commission's Rules. If the 
Commission determines that a carrier's policies and procedures are non-
compliant, the carrier shall modify its policies and procedures in 
accordance with an order released by the Commission. Moreover, the 
Commission shall conduct investigations as may be necessary to ensure 
compliance by telecommunications carriers with the requirements of 
rules established by the Commission under section 229 of the 
Communications Act and section 105 of CALEA.
    10. The R&O mandates that all carriers file their policies and 
procedures within 90 days from the effective date of the rules adopted 
in this R&O, and they must further file their policies and procedures 
with the Commission no later than 90 days after the effective date of a 
merger or divestiture in which a carrier becomes the surviving or 
divested entity. This 90 day filing requirement also applies to 
carriers who amend existing policies and procedures already filed with 
the Commission.
    11. Finally, the R&O does not adopt any rules (in addition to the 
liabilities established by Congress in CALEA) that extend criminal and/
or civil liability, vicarious or otherwise, to a carrier for the 
violations of section 105 of CALEA and section 229 of the 
Communications Act. Instead, if a carrier violates the Commission's 
rules implementing section 105 of CALEA, the Commission shall enforce, 
pursuant to section 229(d), the penalties articulated in

[[Page 51464]]

sections 503(b) of the Communications Act and 1.80 of the Commission's 
Rules.

Paperwork Reduction Act of 1995 Analysis

    12. The actions contained in this R&O have been analyzed with 
respect to the Paperwork Reduction Act of 1995 and found to impose 
modified reporting and recordkeeping requirements or burdens on the 
public. Implementation of these modified reporting and recordkeeping 
requirements will be subject to approval by the Office of Management 
and Budget, as prescribed by the Act. The new or modified paperwork 
requirements contained in the Report and Order will go into effect 
December 22, 1999, dependent on OMB approval.

Final Regulatory Flexibility Analysis

    13. As required by section 603 of the Regulatory Flexibility Act 
(RFA), 5 U.S.C. 603, an Initial Regulatory Flexibility Analysis (IRFA) 
was incorporated in the NPRM. The Commission sought written public 
comments on the proposals in the NPRM, including the IRFA. The 
Commission's Final Regulatory Flexibility Analysis (FRFA) in this 
Report and Order conforms to the RFA, as amended by the Contract With 
America Advancement Act of 1996 (CWAAA), Public Law 104-121, 110 Stat. 
847 (1996).<SUP>5</SUP>
---------------------------------------------------------------------------

    \5\ Subtitle II of the CWAAA is ``The Small Business Regulatory 
Enforcement Fairness Act of 1996'' (SBREFA), codified at 5 U.S.C. 
601 et. seq.
---------------------------------------------------------------------------

(1) Need for and Purpose of this Action

    14. This Report and Order responds to the legislative mandate 
contained in the Communications Assistance for Law Enforcement Act, 
Public Law 103-414, 108 Stat. 4279 (1994). The Commission, in 
compliance with 47 U.S.C. 229, promulgated rules in this Report and 
Order to ensure the prompt implementation of section 105 of CALEA. In 
enacting CALEA, Congress sought to ``make clear a telecommunications 
carrier's duty to cooperate in the interception of communications for 
law enforcement purposes. . .'' <SUP>6</SUP> Specifically, Congress 
sought to balance three key policies with CALEA: ``(1) to preserve a 
narrowly focused capability for law enforcement agencies to carry out 
properly authorized intercepts; (2) to protect privacy in the face of 
increasingly powerful and personally revealing technologies; and (3) to 
avoid impeding the development of new communications services and 
technologies.'' <SUP>7</SUP>
---------------------------------------------------------------------------

    \6\ CALEA, supra, at preamble.
    \7\ H. Rep. No. 103-837 at 23, reprinted in 1994 U.S.C.C.A.N. 
3489.
---------------------------------------------------------------------------

    15. The rules adopted in this Report and Order implement Congress's 
goal to clarify a telecommunications carrier's duty to cooperate with 
law enforcement agencies that request lawful electronic surveillance, 
and to balance the three key policies, enumerated in this decision. The 
objective of the rules adopted in this Report and Order is to 
implement, as quickly and effectively as possible, the national 
telecommunications policy for telecommunications carriers to support 
the lawful electronic surveillance needs of law enforcement agencies.

(2) Summary of the Issues Raised by Public Comments Made in Response to 
the IRFA

Summary of Initial Regulatory Flexibility Analysis (IRFA)
    16. In the NPRM, the Commission performed an IRFA and asked for 
comments that specifically addressed issues raised in the IRFA. In the 
IRFA, the Commission found that the rules it proposed to adopt in this 
proceeding may have a significant impact on a substantial number of 
small businesses as defined by section 601(3) of the RFA.
    17. In the IRFA, the Commission reiterated its proposed rules in 
the NPRM requiring telecommunications carriers to establish policies 
and procedures governing the conduct of officers and employees who are 
engaged in surveillance activity. The proposed rules required 
telecommunications carriers to maintain records of all interceptions of 
communications and call identification information. Additionally, the 
proposed rules required telecommunications carriers to execute an 
affidavit for, and maintain a separate record of, each electronic 
surveillance. Furthermore, the Commission sought comment on the length 
of time telecommunications carriers should retain electronic 
surveillance records, noting that 18 U.S.C. 2518(8)(a) calls for a 
retention period of ten years for intercepted communications. The 
proposed rules also required telecommunications carriers to report 
security breaches (compromises to lawful electronic surveillance and 
illegal electronic surveillance) to both the Commission and the 
affected law enforcement agency.
    18. In the IRFA, the Commission reiterated that our proposed rules 
require telecommunications carriers classified as Class A companies 
pursuant to 47 U.S.C. 32.11 to file individually with the Commission a 
statement of its processes and procedures used to comply with the 
systems security rules promulgated by the Commission. 
Telecommunications carriers classified as Class B companies pursuant to 
47 U.S.C. 32.11 could elect either to file a statement describing their 
security processes and procedures or to certify that they observed 
procedures consistent with the security rules promulgated by the 
Commission. The Commission noted that because electronic surveillance 
capacity and capability requirements are still being developed it is 
not possible to predict with certainty whether the costs of compliance 
will be proportionate with regard to both small and large 
telecommunications carriers.
    19. In the IRFA, the Commission tentatively concluded that a 
substantial number of telecommunications carriers who have been 
subjected to demands from law enforcement personnel to provide lawful 
interceptions and call-identifying information for a period time 
preceding CALEA already have in place practices for proper employee 
conduct and recordkeeping. The Commission noted that, as a practical 
matter, telecommunications carriers need such practices to protect 
themselves from suit by persons who claim they were the victims of 
illegal surveillance. By providing general guidance regarding the 
conduct of carrier personnel and the content of records in the proposed 
regulations, the Commission intended telecommunications carriers to use 
their existing practices to the maximum extent possible. Thus, in the 
IRFA, the Commission tentatively concluded that the additional cost to 
most telecommunications carriers for conforming to the Commission's 
proposed regulations, should be minimal.
    20. Comments. Only one party filed comments in response to the 
IRFA, but many parties commented on the Commission's proposed system 
security and integrity regulations in response to the NPRM. The record 
provided by all of these commenting parties clearly disfavors the 
amount of recordkeeping proposed by the Commission in the NPRM, and 
includes numerous suggestions to reduce the amount of paperwork 
required by the proposed regulations without jeopardizing statutory 
compliance. Thus, the final regulations reduce significantly the amount 
of paperwork required of telecommunications carriers. Other parties 
commented that the Commission should not promulgate any new rules to

[[Page 51465]]

implement CALEA. A plain reading of 47 U.S.C. 229(b) shows that 
Congress requires the Commission to promulgate regulations that ensure 
the systems security and integrity of carriers, by compelling carriers 
to submit their CALEA systems security and integrity policies and 
procedures to the Commission and provide records that prove to the 
Commission how each telecommunications carrier is complying with the 
requirements of CALEA section 105. Thus, commentary against any new 
regulations contradicts the plain language of 47 U.S.C. 229.

(3) Description and Estimates of the Number of Entities Affected by 
This Report and Order

    21. Consistent with prior practice, the Commission shall continue 
to exclude small incumbent LECs from the definition of a small entity 
for the purpose of this FRFA. Nevertheless, as mentioned above, the 
Commission includes small incumbent LECs in the FRFA. Accordingly, the 
Commission's use of the terms ``small entities'' and ``small 
businesses'' does not encompass ``small incumbent LECs.'' The 
Commission uses the term ``small incumbent LECs'' to refer to any 
incumbent LECs that arguably might be defined by SBA as ``small 
business concerns.''
    22. Total Number of Telephone Companies Affected. Many of the 
decisions and rules adopted in the R&O may have a significant effect on 
a substantial number of the small telephone companies identified by 
SBA. The United States Bureau of the Census (``the Census Bureau'') 
reports that, at the end of 1992, there were 3,497 firms engaged in 
providing telephone services, as defined therein, for at least one 
year.<SUP>8</SUP> This number contains a variety of different 
categories of carriers, including local exchange carriers, 
interexchange carriers, competitive access providers, cellular 
carriers, mobile service carriers, operator service providers, pay 
telephone operators, PCS providers, covered SMR providers, and 
resellers. It seems certain that some of those 3,497 telephone service 
firms may not qualify as small entities or small incumbent LECs because 
they are not ``independently owned and operated.'' <SUP>9</SUP> For 
example, a PCS provider that is affiliated with an interexchange 
carrier having more than 1,500 employees would not meet the definition 
of a small business. It seems reasonable to conclude, therefore, that 
fewer than 3,497 telephone service firms are small entity telephone 
service firms or small incumbent LECs that may be affected by this 
Report and Order.
---------------------------------------------------------------------------

    \8\ United States Department of Commerce, Bureau of the Census, 
1992 Census of Transportation, Communications, and Utilities: 
Establishment and Firm Size, at Firm Size 1-123 (1995) (1992 
Census).
    \9\ 15 U.S.C. 632(a)(1).
---------------------------------------------------------------------------

    23. Wireline Carriers and Service Providers. SBA has developed a 
definition of small entities for telephone communications companies 
other than radiotelephone (wireless) companies. The Census Bureau 
reports that, there were 2,321 such telephone companies in operation 
for at least one year at the end of 1992. According to SBA's 
definition, a small business telephone company other than a 
radiotelephone company is one employing fewer than 1,500 persons. All 
but 26 of the 2,321 non-radiotelephone companies listed by the Census 
Bureau were reported to have fewer than 1,000 employees. Thus, even if 
all 26 of those companies had more than 1,500 employees, there would 
still be 2,295 non-radiotelephone companies that might qualify as small 
entities or small incumbent LECs. Although it seems certain that some 
of these carriers are not independently owned and operated, we are 
unable at this time to estimate with greater precision the number of 
wireline carriers and service providers that would qualify as small 
business concerns under SBA's definition. Consequently, we estimate 
that there are fewer than 2,295 small entity telephone communications 
companies other than radiotelephone companies that may be affected by 
the decisions and rules adopted in this Report and Order.
    24. Local Exchange Carriers. Neither the Commission nor SBA has 
developed a definition of small providers of local exchange services 
(LECs). The closest applicable definition under SBA rules is for 
telephone communications companies other than radiotelephone (wireless) 
companies. The most reliable source of information regarding the number 
of LECs nationwide of which the Commission is aware appears to be the 
data that we collect annually in connection with the Telecommunications 
Relay Service (TRS). According to the most recent data, 1,347 companies 
reported that they were engaged in the provision of local exchange 
services.<SUP>10</SUP> Although it seems certain that some of these 
carriers are not independently owned and operated, or have more than 
1,500 employees, The Commission is unable at this time to estimate with 
greater precision the number of LECs that would qualify as small 
business concerns under SBA's definition. Consequently, the Commission 
estimates that there are fewer than 1,347 small incumbent LECs that may 
be affected by the decisions and rules adopted in this Report and 
Order.
---------------------------------------------------------------------------

    \10\ Federal Communications Commission, CCB, Industry Analysis 
Division, Telecommunications Industry Revenue: TRS Fund Worksheet 
Data, Tbl. 1 (Average Total Telecommunications Revenue Reported by 
Class of Carrier) (Dec. 1996) (TRS Worksheet).
---------------------------------------------------------------------------

    25. Interexchange Carriers. Neither the Commission nor SBA has 
developed a definition of small entities specifically applicable to 
providers of interexchange services (IXCs). The closest applicable 
definition under SBA rules is for telephone communications companies 
other than radiotelephone (wireless) companies. The most reliable 
source of information regarding the number of IXCs nationwide of which 
the Commission is aware appears to be the data collected annually in 
connection with the TRS Worksheet. According to the most recent data, 
130 companies reported that they were engaged in the provision of 
interexchange services. Although it seems certain that some of these 
carriers are not independently owned and operated, or have more than 
1,500 employees, the Commission is unable at this time to estimate with 
greater precision the number of IXCs that would qualify as small 
business concerns under SBA's definition. Consequently, the Commission 
estimates that there are fewer than 130 small entity IXCs that may be 
affected by the decisions and rules adopted in this Report and Order.
    26. Competitive Access Providers. Neither the Commission nor SBA 
has developed a definition of small entities specifically applicable to 
providers of competitive access services (CAPs). The closest applicable 
definition under SBA rules is for telephone communications companies 
other than radiotelephone (wireless) companies. The most reliable 
source of information regarding the number of CAPs nationwide of which 
the Commission is aware appears to be the data that we collect annually 
in connection with the TRS Worksheet. According to the most recent 
data, 57 companies reported that they were engaged in the provision of 
competitive access services. Although it seems certain that some of 
these carriers are not independently owned and operated, or have more 
than 1,500 employees, the Commission is unable at this time to estimate 
with greater precision the number of CAPs that would qualify as small 
business concerns under SBA's definition. Consequently, the Commission 
estimates that there are fewer than 57 small entity CAPs that may be 
affected by the decisions and rules adopted in this Report and Order.

[[Page 51466]]

    27. Operator Service Providers. Neither the Commission nor SBA has 
developed a definition of small entities specifically applicable to 
providers of operator services. The closest applicable definition under 
SBA rules is for telephone communications companies other than 
radiotelephone (wireless) companies. The most reliable source of 
information regarding the number of operator service providers 
nationwide of which the Commission is aware appears to be the data 
collected annually in connection with the TRS Worksheet. According to 
the most recent data, 25 companies reported that they were engaged in 
the provision of operator services. Although it seems certain that some 
of these companies are not independently owned and operated, or have 
more than 1,500 employees, the Commission is unable at this time to 
estimate with greater precision the number of operator service 
providers that would qualify as small business concerns under SBA's 
definition. Consequently, the Commission estimates that there are fewer 
than 25 small entity operator service providers that may be affected by 
the decisions and rules adopted in this Report and Order.
    28. Wireless (Radiotelephone) Carriers. SBA has developed a 
definition of small entities for radiotelephone (wireless) companies. 
The Census Bureau reports that there were 1,176 such companies in 
operation for at least one year at the end of 1992. According to SBA's 
definition, a small business radiotelephone company is one employing 
fewer than 1,500 persons.<SUP>11</SUP> The Census Bureau also reported 
that 1,164 of those radiotelephone companies had fewer than 1,000 
employees. Thus, even if all of the remaining 12 companies had more 
than 1,500 employees, there would still be 1,164 radiotelephone 
companies that might qualify as small entities if they are 
independently owned are operated. Although it seems certain that some 
of these carriers are not independently owned and operated, the 
Commission is unable at this time to estimate with greater precision 
the number of radiotelephone carriers and service providers that would 
qualify as small business concerns under SBA's definition. 
Consequently, the Commission estimates that there are fewer than 1,164 
small entity radiotelephone companies that may be affected by the 
decisions and rules adopted in this Report and Order.
---------------------------------------------------------------------------

    \11\ 13 CFR 121.201, Standard Industrial Classification (SIC) 
Code 4812.
---------------------------------------------------------------------------

    29. Cellular Service Carriers. Neither the Commission nor the SBA 
has developed a definition of small entities specifically applicable to 
Cellular Service Carriers and to Mobile Service Carriers. The closest 
applicable definition under SBA rules for both services is for 
telephone companies other than radiotelephone (wireless) companies. The 
most reliable source of information regarding the number of Cellular 
Service Carriers and Mobile Service Carriers nationwide of which the 
Commission is aware appears to be the data collected annually in 
connection with the TRS Worksheet. According to the most recent data, 
792 companies reported that they are engaged in the provision of 
cellular services. Although it seems certain that some of these 
carriers are not independently owned and operated, or have more than 
1,500 employees, the Commission is unable at this time to estimate with 
greater precision the number of cellular service carriers that would 
qualify as small business concerns under SBA's definition. 
Consequently, the Commission estimates that there are fewer than 792 
small entity cellular service carriers that might be affected by the 
actions and rules adopted in this Report and Order.
    30. Mobile Service Carriers. Neither the Commission or the SBA has 
developed a definition of small entities specifically applicable to 
mobile service carriers, such as paging companies. The closest 
applicable definition under SBA rules is for radiotelephone (wireless) 
companies. The most reliable source of information regarding the number 
of mobile service carriers nationwide of which the Commission is aware 
appears to be the data collected annually in connection with the TRS 
Worksheet. According to the most recent data, 138 companies reported 
that they were engaged in the provision of mobile services. Although it 
seems certain that some of these carriers are not independently owned 
and operated, or have more than 1,500 employees, the Commission is 
unable at this time to estimate with greater precision the number of 
mobile service carriers that would qualify under SBA's definition. 
Consequently, the Commission estimates that there are fewer than 138 
small entity mobile service carriers that may be affected by the 
decision and rules adopted in this Report and Order.
    31. Broadband Personal Communications Service. The broadband PCS 
spectrum is divided into six frequency blocks designated A through F, 
and the Commission has held auctions for each block. The Commission 
defined ``small entity'' for Blocks C and F as an entity that has 
average gross revenues of less than $40 million in the three previous 
calendar years. For Block F, an additional classification for ``very 
small business'' was added, and is defined as an entity that, together 
with its affiliates, has average gross revenues of not more than $15 
million for the preceding three calendar years. These regulations 
defining ``small entity'' in the context of broadband PCS auctions have 
been approved by SBA. No small businesses within the SBA-approved 
definition bid successfully for licenses in Blocks A and B. There were 
90 winning bidders that qualified as small entities in the Block C 
auctions. A total of 93 small and very small business bidders won 
approximately 40% of the 1,479 licenses for Blocks D, E, and F. 
However, licenses for Blocks C through F have not been awarded fully, 
therefore there are few, if any, small businesses currently providing 
PCS services. Based on this information, the Commission concludes that 
the number of small broadband PCS licenses will include the 90 winning 
C Block bidders and the 93 qualifying bidders in the D, E, and F 
blocks, for a total of 183 small PCS providers as defined by the SBA 
and the Commission's auction rules.
    32. SMR Licensees. Pursuant to 47 CFR 90.814(b)(1), the Commission 
has defined ``small entity'' in auctions for geographic area 800 MHz 
and 900 MHz SMR licenses as a firm that had average annual gross 
revenues of less than $15 million in the three previous calendar years. 
This definition of a ``small entity'' in the context of 800 MHz and 900 
MHz SMR has been approved by the SBA. The rules adopted in this Report 
and Order may apply to SMR providers in the 800 MHz and 900 MHz bands 
that either hold geographic area licenses or have obtained extended 
implementation authorizations. The Commission does not know how many 
firms provide 800 MHz or 900 MHz geographic area SMR service pursuant 
to extended implementation authorizations, nor how many of these 
providers have annual revenues of less than $15 million. The Commission 
assumes, for purposes of this FRFA, that all of the extended 
implementation authorizations may be held by small entities, which may 
be affected by the decisions and rules adopted in this Report and 
Order.
    33. The Commission recently held auctions for geographic area 
licenses in the 900 MHz SMR band. There were 60 winning bidders who 
qualified as small entities in the 900 MHz auction. Based on this 
information, the Commission concludes that the number of geographic 
area SMR licensees affected

[[Page 51467]]

by the rule adopted in this Report and Order includes these 60 small 
entities. No auctions have been held for 800 MHz geographic area SMR 
licenses. Therefore, no small entities currently hold these licenses. A 
total of 525 licenses will be awarded for the upper 200 channels in the 
800 MHz geographic area SMR auction. The Commission, however, has not 
yet determined how many licenses will be awarded for the lower 230 
channels in the 800 MHz geographic area SMR auction. There is no basis, 
moreover, on which to estimate how many small entities will win these 
licenses. Given that nearly all radiotelephone companies have fewer 
than 1,000 employees and that no reliable estimate of the number of 
prospective 800 MHz licensees can be made, we assume, for purposes of 
this FRFA, that all of the licenses may be awarded to small entities 
who, thus, may be affected by the decisions adopted in this Report and 
Order.
    34. Resellers. Neither the Commission nor SBA has developed a 
definition of small entities specifically applicable to resellers. The 
closest applicable definition under SBA rules is for all telephone 
communications companies. The most reliable source of information 
regarding the number of resellers nationwide of which the Commission is 
aware appears to be the data collected annually in connection with the 
TRS. According to the most recent data, 260 companies reported that 
they were engaged in the resale of telephone services. Although it 
seems certain that some of these carriers are not independently owned 
and operated, or have more than 1,500 employees, the Commission is 
unable at this time to estimate with greater precision the number of 
resellers that would qualify as small business concerns under SBA's 
definition. Consequently, the Commission estimates that there are fewer 
than 260 small entity resellers that may be affected by the decisions 
and rules adopted in this Report and Order.
    35. Pay Telephone Operators. Neither the Commission nor the SBA has 
developed a definition of small entities specifically applicable to pay 
telephone operators. The closest applicable definition under SBA rules 
is for telephone communications companies other than radiotelephone 
(wireless) companies. The most reliable source of information regarding 
the number of pay telephone operators nationwide of which the 
Commission is aware appears to be the data collected annually with the 
TRS Worksheet. According to the most recent data, 271 companies 
reported that they were engaged in the provision of pay telephone 
services. Although it seems certain that some of these carriers are not 
independently owned and operated, or have more than 1,500 employees, 
the Commission is unable at this time to estimate with greater 
precision the number of pay telephone operators that would qualify as 
small business concerns under SBA's definition. Consequently, the 
Commission estimates that there are fewer than 271 small entity pay 
telephone operators that may be affected by the decisions and rules 
adopted in this Report and Order.
    36. Cable Services or Systems. SBA has developed a definition of 
small entities for cable and other pay television services, which 
includes all such companies generating $11 million or less in revenue 
annually.<SUP>12</SUP> This definition includes cable systems 
operators, closed circuit television services, direct broadcast 
satellite services, multipoint distribution systems, satellite master 
antenna systems and subscription television services. According to the 
Census Bureau, there were 1,788 such cable and other pay television 
services and 1,439 had less than $11 million in revenues.<SUP>13</SUP>
---------------------------------------------------------------------------

    \12\ 13 CFR 121.201, SIC Code 4841.
    \13\ 1992 Economic Census Industry and Enterprise Receipts Size 
Report, Table 2D, SIC 4841 (U.S. Bureau of the Census data under 
contract to the Office of Advocacy of the U.S. Small Business 
Administration).
---------------------------------------------------------------------------

    37. The Commission has developed its own definition of a small 
cable system operator for the purposes of rate regulation. Under the 
Commission's Rules, a ``small cable company'' is one serving fewer than 
400,000 subscribers nationwide.<SUP>14</SUP> Based on the most recent 
information, the Commission estimates that there were 1,439 cable 
operators that qualified as small cable system operators at the end of 
1995. Since then, some of those companies may have grown to serve over 
400,000 subscribers, and others may have been involved in transactions 
that caused them to be combined with other cable operators. 
Consequently, the Commission estimates that there are fewer than 1,439 
small entity cable system operators that may be affected by the 
decisions and rules adopted in this Report and Order.
---------------------------------------------------------------------------

    \14\ 47 CFR 76.901(e).
---------------------------------------------------------------------------

    38. The Communications Act also contains a definition of a small 
cable system operator, which is ``a cable operator that, directly or 
through an affiliate, serves in the aggregate fewer than 1 percent of 
all subscribers in the United States and is not affiliated with any 
entity or entities whose gross annual revenues in the aggregate exceed 
$250,000,000.'' <SUP>15</SUP> The Commission has determined that there 
are 61,700,000 subscribers in the United States. Therefore, the 
Commission found that an operator serving fewer than 617,000 
subscribers shall be deemed a small operator if its annual revenues, 
when combined with the total annual revenues of all of its affiliates, 
do not exceed $250 million in the aggregate.<SUP>16</SUP> Based on 
available data, the Commission finds that the number of cable operators 
serving 617,000 subscribers or less totals 1,450. The Commission does 
not request nor do we collect information concerning whether cable 
system operators are affiliated with entities whose gross annual 
revenues exceed $250,000,000, and thus are unable at this time to 
estimate with greater precision the number of cable system operators 
that would qualify as small cable operators under the definition in the 
Communications Act. The Commission further notes that recent industry 
estimates project that there will be a total of 65,000,000 subscribers, 
and the Commission has based our fee revenue estimates on that figure.
---------------------------------------------------------------------------

    \15\  47 U.S.C. 543(m)(2).
    \16\  47 CFR 76.1403(b).
---------------------------------------------------------------------------

    39. Other Pay Services. In the IRFA, the Commission included a 
category entitled ``other pay services.'' Other pay services are also 
classified under SIC 4841, which include cable operators, closed 
circuit television services, direct broadcast satellite services (DBS), 
multipoint distribution systems (MDS), satellite master antenna systems 
(SMATV), and subscription television services. The Commission received 
no comments regarding service providers in this category in response to 
either the IRFA or the NPRM at large. Accordingly, the Commission 
cannot determine at this time the number of service providers in this 
category that intend to offer services to the public as 
telecommunications carriers, and become subject to CALEA's 
requirements.

(4) Summary Analysis of the Projected Reporting, Recordkeeping and 
Other Compliance Requirements and Steps Taken to Minimize the 
Significant Economic Impact of this Report and Order on Small Entities, 
Including Significant Alternatives Considered and Rejected.

    40. In this section of the FRFA, the Commission analyzes the 
projected reporting, recordkeeping, and other compliance requirements 
that may apply to small entities as a result of this Report and Order. 
The Commission also

[[Page 51468]]

describes the steps taken to minimize the economic impact of our 
decisions on small entities, including the significant alternatives 
considered and rejected.
    41. In the final regulations, the Commission affirms the proposal 
in the NPRM to establish regulations that are general in nature and 
provide as guidance, so that telecommunications carriers may utilize 
their existing policies and procedures to the greatest extent possible. 
In addition, the Commission eliminated all references to proposed rules 
and tentative conclusions relating to vicarious liability arising out 
of a telecommunications carrier's failure to accomplish either of CALEA 
section 105's two objectives.
    42. In the final regulations, the Commission eliminated all 
regulations originally proposed pursuant to 47 U.S.C. 229(b)(1) that 
appeared to go beyond the scope of CALEA section 105, overlapped other 
proposed regulations, were unnecessarily cumbersome, or otherwise 
unnecessary. Accordingly, carriers must: (1) Appoint a senior officer 
or employee as point of contact responsible for affirmatively 
intervening to ensure that interception of communications or access to 
call-identifying information can be activated only in accordance with 
the appropriate legal authorization; (2) include a description of the 
job function of the appointed point of contact for law enforcement to 
reach on a daily, around-the-clock basis in their policies and 
procedures; (3) effectuate a requested interception promptly; (4) 
incorporate our interpretation of the phrase ``appropriate 
authorization'' in their policies and procedures; (5) state in their 
policies and procedures that carrier personnel must receive appropriate 
legal authorization, before enabling law enforcement officials to 
implement the interception of communications or access to call-
identifying information; (6) require the appointed senior point of 
contact to be apprised of all relevant federal and state statutory 
provisions concerning the lawful interception of communications or 
access to call-identifying information; (7) report security compromises 
and unlawful interception of communications or access to call-
identifying information to the appropriate law enforcement authorities 
within a reasonable length of time after discovery; (8) maintain a 
secure and accurate record of each interception of communications or 
access to call-identifying information, made with or without 
appropriate authorization, in the form of single certification; (9) 
maintain secure and records of call-identifying information and 
unauthorized interceptions (including the content of the unauthorized 
interception) for ten years; <SUP>17</SUP> 10) maintain secure and 
accurate records of the content of each authorized interception of 
communications for a period of time determined by them in accordance 
with the policies and procedures that they establish under section 
229(b)(1) of the Communications Act and applicable state and federal 
statutes of limitation; (11) provide a detailed description of how long 
it will maintain its records of intercept content; and (12) file with 
the Commission, within 90 days of the effective date of these rules, 
the policies and procedures it uses to comply with the requirements of 
this subchapter, and thereafter, within 90 days of a carrier's merger 
or divestiture or a carrier's amendment of its existing policies and 
procedures.
---------------------------------------------------------------------------

    \17\  See footnote 4 of this summary.
---------------------------------------------------------------------------

    43. The Commission eliminated the requirement of ``designated 
employees,'' and the requirement for telecommunications carriers to 
provide updated lists of designated employees that included personal 
information about them, to law enforcement agencies. Instead, 
telecommunications carriers, as part of their policies and procedures, 
should only appoint a senior authorized officer or employee as a point 
of contact for law enforcement to reach on a daily, around-the-clock 
basis. Telecommunications carriers will include a description of the 
job function of the designated point of contact and a method to enable 
law enforcement authorities to contact the individual employed in this 
capacity in their polices and procedures.
    44. The Commission eliminated the proposed regulation requiring a 
separate affidavit and a separate record for each surveillance. 
Instead, the final regulation requires that telecommunications carriers 
compile and maintain a single record of each intercepted communications 
or access to call-identifying information, certified by a carrier 
employee in charge of that electronic surveillance, that contains the 
following information: (1) The telephone number(s) and/or circuit 
identification number(s) involved; (2) the start date and time of the 
opening of the circuit for law enforcement; (3) the identity of the law 
enforcement officer presenting the authorization; (4) the name of the 
judge or prosecuting attorney who signed the authorization; (5) the 
type of intercepted communications or access to call-identifying 
information; (6) the name(s) of the telecommunications carriers' 
personnel who are responsible for overseeing the interception of 
communications or access to call-identifying information and who are 
acting in accordance with the carriers' policies and procedures 
established under 47 U.S.C. 229(b)(1). This record shall be signed by 
the individual who is responsible for overseeing the interception of 
communications or access to call-identifying information and who is 
acting in accordance with the carriers' policies and procedures 
established under 47 U.S.C. 229(b)(1). To avoid duplicating the 
existing ten year record retention requirement for records of 
authorized interception content in 18 U.S.C. 2518(8)(a), the Commission 
allows telecommunications carriers to retain records of the content of 
authorized interceptions for a period of time that they find reasonably 
necessary. However, because 18 U.S.C. 2518(8)(a) does not encompass 
records of call-identifying information and records of unauthorized 
interceptions, the Commission requires carriers to maintain secure and 
records of call-identifying information and unauthorized interceptions 
(including the content of the unauthorized interception) for ten 
years.<SUP>18</SUP>
---------------------------------------------------------------------------

    \18\ See Order on Reconsideration which revises this regulation, 
and which will be published shortly in the Federal Register.
---------------------------------------------------------------------------

    In the final regulations, the Commission did not affirm our 
proposal to provide a lessened reporting requirement for carriers that 
fell below the gross annual revenue threshold established in 47 CFR 
32.9000 of the Commission's Rules. The Commission concludes that 47 
U.S.C. 229(b)(3) requires all telecommunications carriers to submit 
their policies and procedures to the Commission established under 47 
U.S.C. 229(b)(1) and (2). The statute makes no distinction between 
classes of telecommunications carriers for the purpose of lessening the 
regulatory burden for smaller carriers. Accordingly, the Commission's 
final regulations contain the requirement that all telecommunications 
carriers must file their systems security and integrity policies and 
procedures with the Commission, within 90 days of this Report and 
Order's effective date. The Commission notes, however, that since the 
proposed regulations have been drastically reduced, the burden imposed 
by the regulations adopted herein is also significantly reduced for all 
telecommunications carriers, including the smaller ones.

[[Page 51469]]

(5) Report to Congress

    46. The Commission shall send a copy of this FRFA, along with this 
Report and Order, in a report to Congress pursuant to the Small 
Business Regulatory Enforcement Fairness Act of 1996, 5 U.S.C. 
801(a)(1)(A). A copy of this FRFA will also be published in the Federal 
Register.

Ordering Clauses

    47. Accordingly, it is ordered that, pursuant to sections 4(i), 
4(j), and 229 of the Communications Act of 1934, as amended, 47 U.S.C. 
154(i), 154(j), and 229, and section 105 of the Communications 
Assistance for Law Enforcement Act, 47 U.S.C. 1004, the rules are 
adopted.
    48. It is further ordered that the rules will become effective 
December 22, 1999 except for Secs. 64.2103, 64.2104, and 64.2105, which 
contain information collection requirements that have not been approved 
by the Office of Management and Budget. The FCC will publish a document 
in the Federal Register announcing the effective date for those 
sections.
    49. It is further ordered that the Regulatory Flexibility Analysis, 
as required by Section 604 of the Regulatory Flexibility Act, and as 
set forth above is adopted.
    50. It is further ordered that the Commission's Office of Public 
Affairs, Reference Operations Division, shall send a copy of this 
Report and Order, including the Final Regulatory Flexibility Analysis, 
to the Chief Counsel for Advocacy of the Small Business Administration.

Paperwork Reduction Act

    52. This Report and Order contains a modified information 
collection. The Commission, as part of its continuing effort to reduce 
paperwork burdens, invites the general public and the Office of 
Management and Budget (OMB) to comment on the information collections 
contained in this Report and Order, as required by the Paperwork 
Reduction Act of 1995, Public Law 104-13. Public and agency comments 
are due November 22, 1999; OMB comments are due 90 days from date of 
publication of this Report and Order in the Federal Register. Comments 
should address: (a) whether the proposed collection of information is 
necessary for the proper performance of the functions of the 
Commission, including whether the information shall have practical 
utility; (b) the accuracy of the Commission's burden estimates; (c) 
ways to enhance the quality, utility, and clarity of the information 
collected; and (d) ways to minimize the burden of the collection of 
information on the respondents, including the use of automated 
collection techniques or other forms of information technology.
    OMB Approval Number: 3060-0809.
    Title: Communications Assistance for Law Enforcement Act, Report 
and Order.
    Form No.: N/A.
    Type of Review: Revision of existing collection.
    Respondents: Business or other for profit.
    Number of Respondents: 5000.
    Estimated Time Per Response: 53 hours.
    Total Annual Cost Burden: $11,850,000.
    Total Annual Burden: 265,000 hours.
    Needs and Uses: The information submitted to the Commission by 
telecommunications Carriers will be used to determine whether or not 
the telecommunications carriers are in conformance with CALEA's 
requirements, and the information maintained by telecommunications 
carriers will be used by law enforcement officials to determine the 
accountability and accuracy of telecommunications carriers' compliance 
with lawful electronic surveillance orders.

List of Subjects in 47 CFR Part 64

    Communications common carriers, Reporting and recordkeeping 
requirements.

Federal Communications Commission.
Magalie Roman Salas,
Secretary.

Rule Changes

    For the resaons discussed in the preamble, the Federal 
Communications Commission amends 47 CFR Part 64 as follows:

PART 64--MISCELLANEOUS RULES RELATING TO COMMON CARRIERS

    1. The authority citation for Part 64 is revised to read as 
follows:

    Authority: 47 U.S.C. 151, 154, 201, 202, 205, 218-220, and 332 
unless otherwise noted. Interpret or apply Secs. 201, 218, 225, 226, 
227, 229, 332, 48 Stat. 1070, as amended. 47 U.S.C. 201-204, 218, 
225, 226, 227, 229, 332, 501 and 503 unless otherwise noted.

    2. Part 64 is amended to add Subpart V to read as follows:

Subpart V--Telecommunications Carrier Systems Security and 
Integrity Pursuant to the Communications Assistance for Law 
Enforcement Act (CALEA)

Sec.
64.2100  Purpose.
64.2101  Scope.
64.2102  Definitions.
64.2103  Policies and procedures for employee supervision and 
control.
64.2104  Maintaining secure and accurate records.
64.2105  Submission of policies and procedures and commission 
review.
64.2106  Penalties.


Sec. 64.2100  Purpose.

    Pursuant to the Communications Assistance for Law Enforcement Act, 
Public Law 103-414, 108 Stat. 4279 (1994) (codified as amended in 
sections of 18 U.S.C. and 47 U.S.C.), this subpart contains rules that 
require a telecommunications carrier to ensure that any interception of 
communications or access to call-identifying information effected 
within its switching premises can be activated only in accordance with 
appropriate legal authorization, appropriate carrier authorization, and 
with the affirmative intervention of an individual officer or employee 
of the carrier acting in accordance with regulations prescribed by the 
Commission.


Sec. 64.2101  Scope.

    The definitions included in this subchapter shall be used solely 
for the purpose of implementing CALEA requirements.


Sec. 64.2102  Definitions.

    (a) Appropriate legal authorization. The term appropriate legal 
authorization means:
    (1) A court order signed by a judge or magistrate authorizing or 
approving interception of wire or electronic communications; or
    (2) Other authorization, pursuant to 18 U.S.C. 2518(7), or any 
other relevant federal or state statute.
    (b) Appropriate carrier authorization. The term appropriate carrier 
authorization means the policies and procedures adopted by 
telecommunications carriers to supervise and control officers and 
employees authorized to assist law enforcement in conducting any 
interception of communications or access to call-identifying 
information.
    (c) Appropriate authorization. The term appropriate authorization 
means both appropriate legal authorization and appropriate carrier 
authorization.

[[Page 51470]]

Sec. 64.2103  Policies and procedures for employee supervision and 
control.

    A telecommunications carrier shall:
    (a) Establish policies and procedures to ensure the supervision and 
control of its officers and employees;
    (b) Appoint a senior officer or employee as a point of contact 
responsible for affirmatively intervening to ensure that interception 
of communications or access to call-identifying information can be 
activated only in accordance with appropriate legal authorization, and 
include, in its policies and procedures, a description of the job 
function of the appointed point of contact for law enforcement to reach 
on a seven days a week, 24 hours a day basis;
    (c) Incorporate, in its polices and procedures, an interpretation 
of the phrase appropriate authorization that encompasses the 
definitions of appropriate legal authorization and appropriate carrier 
authorization, as stated above;
    (d) State, in its policies and procedures, that carrier personnel 
must receive appropriate legal authorization and appropriate carrier 
authorization before enabling law enforcement officials and carrier 
personnel to implement the interception of communications or access to 
call-identifying information;
    (e) Report to the affected law enforcement agencies, within a 
reasonable time upon discovery:
    (1) Any act of compromise of a lawful interception of 
communications or access to call-identifying information to 
unauthorized persons or entities; and
    (2) Any act of unlawful electronic surveillance that occurred on 
its premises.
    (f) Include, in its policies and procedures, a detailed description 
of how long it will maintain its records of the content of an 
interception.


Sec. 64.2104  Maintaining secure and accurate records.

    (a) A telecommunications carrier shall maintain a secure and 
accurate record of each interception of communications or access to 
call-identifying information, made with or without appropriate 
authorization, in the form of single certification.
    (1) This certification must include, at a minimum, the following 
information:
    (i) The telephone number(s) and/or circuit identification numbers 
involved;
    (ii) The start date and time of the opening of the circuit for law 
enforcement;
    (iii) The identity of the law enforcement officer presenting the 
authorization;
    (iv) The name of the person signing the appropriate legal 
authorization;
    (v) The type of interception of communications or access to call-
identifying information (e.g., pen register, trap and trace, Title III, 
FISA); and
    (vi) The name of the telecommunications carriers' personnel who is 
responsible for overseeing the interception of communication or access 
to call-identifying information and who is acting in accordance with 
the carriers' policies established under Sec. 64.2103.
    (2) This certification must be signed by the individual who is 
responsible for overseeing the interception of communications or access 
to call-identifying information and who is acting in accordance with 
the telecommunications carrier's policies established under 
Sec. 64.2103. This individual will, by his/her signature, certify that 
the record is complete and accurate.
    (3) This certification must be compiled either contemporaneously 
with, or within a reasonable period of time after the initiation of the 
interception of the communications or access to call-identifying 
information.
    (4) A telecommunications carrier may satisfy the obligations of 
paragraph (a) of this section by requiring the individual who is 
responsible for overseeing the interception of communication or access 
to call-identifying information and who is acting in accordance with 
the carriers' policies established under Sec. 64.2103 to sign the 
certification and append the appropriate legal authorization and any 
extensions that have been granted. This form of certification must at a 
minimum include all of the information listed in paragraph (a) of this 
section.
    (b) A telecommunications carrier shall maintain secure and accurate 
records of:
    (1) Call-identifying information and unauthorized interceptions 
(including the content of the unauthorized interception) for ten years;
    (2) The content of each authorized interception of communications 
for a reasonable period of time as determined by the carrier.
    (c) It is the telecommunications carrier's responsibility to ensure 
its records are complete and accurate.
    (d) Violation of this rule is subject to the penalties of 
Sec. 64.2106.


Sec. 64.2105  Submission of policies and procedures and commission 
review.

    (a) Each telecommunications carrier shall file with the Commission 
the policies and procedures it uses to comply with the requirements of 
this subchapter. These policies and procedures shall be filed with the 
Federal Communications Commission within 90 days of the effective date 
of these rules, and thereafter, within 90 days of a carrier's merger or 
divestiture or a carrier's amendment of its existing policies and 
procedures.
    (b) The Commission shall review each telecommunications carrier's 
policies and procedures to determine whether they comply with the 
requirements of Sec. 64.2103 and Sec. 64.2104.
    (1) If, upon review, the Commission determines that a 
telecommunications carrier's policies and procedures do not comply with 
the requirements established under Sec. 64.2103 and Sec. 64.2104, the 
telecommunications carrier shall modify its policies and procedures in 
accordance with an order released by the Commission.
    (2) The Commission shall review and order modification of a 
telecommunications carrier's policies and procedures as may be 
necessary to insure compliance by telecommunications carriers with the 
requirements of the regulations prescribed under Sec. 64.2103 and 
Sec. 64.2104.


Sec. 64.2106  Penalties.

    In the event of a telecommunications carrier's violation of 
Sec. 64.2103 or Sec. 64.2104 of this subchapter, the Commission shall 
enforce the penalties articulated in 47 U.S.C. 503(b) of the 
Communications Act of 1934 and 47 CFR 1.8.

[FR Doc. 99-24853 Filed 9-22-99; 8:45 am]
BILLING CODE 6712-01-P

-------------------------------------------------------------------------

[Federal Register: September 28, 1999 (Volume 64, Number 187)]
[Rules and Regulations]               
[Page 52244-52246]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr28se99-14]                         


[[Page 52244]]

=======================================================================
-----------------------------------------------------------------------

FEDERAL COMMUNICATIONS COMMISSION

47 CFR Part 64

[CC Docket No. 97-213; FCC 99-184]

 
Implementation of the Communications Assistance for Law 
Enforcement Act

AGENCY: Federal Communications Commission

ACTION: Final rule; reconsideration

-----------------------------------------------------------------------

SUMMARY: This decision revises rules previously adopted to implement 
sections of the Communications Assistance for Law Enforcement Act. In 
particular, the Commission eliminates the requirement that 
telecommunications carriers retain records of call content or 
associated call-identifying information of any unauthorized or 
authorized interceptions. This decision also eliminates the ten-year 
retention requirement for such material regarding unauthorized 
interceptions. Instead, carriers must maintain their certification of 
such call intercepts for a reasonable period of time. The action is 
taken to make the rules more in keeping with Congressional intent. This 
decision adopts modified information collections subject to the 
Paperwork Reduction Act of 1995 (PRA). The general public and other 
Federal agencies are invited to comment on the proposed or modified 
information collections contained in this proceeding.

DATES: These rules contain information collections that have not been 
approved by OMB. The Commission will publish a document in the Federal 
Register announcing the effective dates of these rules. Public and 
agency comments are due on the information collections November 29, 
1999.

FOR FURTHER INFORMATION CONTACT: Thomas Wasilewski, 202-418-1310. For 
further information concerning the information collections contained in 
this Report and Order, contact Les Smith, Federal Communications 
Commission, Room 1A-804, 445 12th Street, S.W., Washington, DC 20054, 
or via the Internet at lesmith@fcc.gov.

SUPPLEMENTARY INFORMATION: This is a summary of the Commission's Order 
on Reconsideration (Order) in CC Docket No. 97-213; FCC 99-184, adopted 
July 16, 1999, and released August 2, 1999. The complete text of this 
Order is available for inspection and copying during normal business 
hours in the FCC Reference Information Center, Courtyard Level, 445 
12th Street, S.W., Washington, DC, and also may be purchased from the 
Commission's copy contractor, International Transcription Services 
(ITS, Inc.), CY-B400, 445 12th Street, S.W., Washington, DC.

Synopsis of the Order on Reconsideration

    1. The Commission, on its own motion, adopts an Order on 
Reconsideration (Order) in CC Docket No. 97-213, regarding 
implementation of the Communications Assistance for Law Enforcement Act 
(CALEA). This Order is a limited reconsideration of the Commission's 
Rule, adopted in the Report and Order (R&O) in this proceeding. (FCC 
99-11.) regarding obligations placed upon carriers to maintain secure 
and accurate records or wiretap, pen register, and trap and trace 
interceptions.
    2. Section 64.2104(b) of the Commission rules adopted in the R&O, 
erroneously required carriers to retain records of call information and 
unauthorized interceptions, including the content of such 
interceptions, for ten years, and erroneously required carriers to 
retain records of content of authorized interceptions. The Commission 
thus eliminates these requirements and instead finds that carriers 
should maintain the certification, as described in Sec. 64.2104(a) for 
``a reasonable period of time.''

Administrative Matters

Supplemental Regulatory Flexibility Act Statement

    3. As required by the Regulatory Flexibility Act (RFA),<SUP>1</SUP> 
an Initial Regulatory Flexibility Analysis (IRFA) was incorporated in 
the Notice of Proposed Rulemaking (NPRM) <SUP>2</SUP> in this 
proceeding implementing the Communications Assistance for Law 
Enforcement Act (CALEA or the Act). The Commission sought written 
public comment on the proposals in the NPRM, including the IRFA. A 
Final Regulatory Flexibility Analysis (FRFA) conforming to the RFA was 
then incorporated into the Report and Order implementing section 105 of 
the Act. The Commission's Supplemental Final Regulatory Flexibility 
Analysis (Supplemental FRFA) in this Order reflects revised or 
additional information to that contained in the FRFA. The Supplemental 
FRFA is thus limited to matters raised in response to the R&O and 
addressed in this Reconsideration. This Supplemental FRFA conforms to 
the RFA.<SUP>3</SUP>
---------------------------------------------------------------------------

    \1\ See 5 U.S.C. 603. The RFA, 5 U.S.C. 601 et seq., has been 
amended by the Contract with America Advancement Act, Public Law No. 
104-121, 110 Stat. 847 (1996) (CWAAA). Title II of the CWAAA is the 
Small Business Regulatory Enforcement Fairness Act of 1996 (SBREFA).
    \2\ 62 FR 63302, November 28, 1997.
    \3\ See 5 U.S.C. 604.
---------------------------------------------------------------------------

(a) Need for and Purpose of this Action
    4. The actions taken in this Order are in response to letters 
requesting clarification of the rules that erroneously require carriers 
to retain records of call content or associated call-identifying 
information of any unauthorized or authorized interceptions. The 
limited revisions made in the Order are intended to clarify the rules 
adopted in the R&O by eliminating these erroneous requirements.
(b) Summary of the Issues Raised by Public Comments Made in Response to 
the FRFA
    5. No comments were received in direct response to the FRFA, but 
the Commission received several letters requesting clarification of the 
rules adopted in the R&O. After release of the R&O, but prior to 
publication of the rules in the Federal Register, the Commission 
received letters from CTIA and AirTouch stating that Sec. 64.2104(b) of 
the new rules erroneously requires carriers to retain records of call-
identifying information and unauthorized interceptions, including the 
content of such interceptions, and erroneously requires carriers to 
retain records of content of authorized interceptions. Subsequently, 
the Federal Bureau of Investigation (FBI) sent the Commission a letter 
supporting the position taken by CTIA and AirTouch on this issue, 
stating that those requirements ``are not mandated by section 105 of 
CALEA and that, in some respects, compliance with these requirements 
could cause a carrier to violate federal electronic surveillance 
laws,'' since those laws do not require or entitle carriers to acquire 
and retain such information, but merely direct them, according to 
lawful court orders and other authorizations, to provide the technical 
assistance necessary to aid law enforcement in making intercepts.
(c) Description and Estimates of the Number of Entities Affected by 
This Report and Order
    6. A Final Regulatory Flexibility Analysis was incorporated into 
the R&O. In that analysis, the Commission described in detail the small 
entities that might be significantly affected by the rules adopted in 
the R&O. Those entities may be found in a number of wireless services 
including: telephone companies, wireline carriers and service

[[Page 52245]]

providers, local exchange carriers, interexchange carriers, competitive 
access providers, wireless radiotelephone carriers, cellular licensees, 
mobile service carriers, broadband personal communications service, SMR 
licensees, resellers, pay telephone operators, cable services or 
systems, and other pay services. In this Order, the Commission hereby 
incorporates by reference the description and estimate of the number of 
small entities from the previous FRFA in this proceeding.
    7. The rule changes in this Order will affect small entities as 
indicated in the FRFA presented in the R&O. To the extent that a rule 
change here affects a particular wireless service, our estimates 
contained in the R&O, remain valid as to the size of those services.
(d) Description of Projected Reporting, Recordkeeping and Other 
Compliance Requirements
    8. In this Order, the Commission adopts no new rules and impose no 
additional reporting, recordkeeping or other compliance requirements. 
The Commission does, however, adopt specific rule changes clarifying 
that we no longer find telecommunications carriers should retain the 
content or call-identifying information of any interceptions of 
communications. Moreover, the Commission no longer finds the 10 year 
record retention requirement to be necessary, since it was originally 
implemented in order to remain consistent with the record retention 
requirement in 18 U.S.C. 2518(8)(a) with regard to content of 
authorized call intercepts. Since the Commission is no longer requiring 
carriers to maintain records of content or call-identifying 
information, we find it more appropriate to allow carriers to maintain 
the certification for a ``reasonable period of time''. Thus, we are 
making conforming changes in Sec. 64.2104(b) of the Commission Rules by 
modifying the rules expressed in paragraph (f) of new Sec. 64.2103 and 
paragraph (b) of new Sec. 64.2104, as they appear in the R&O, and 
replace them with a revised final Secs. 64.2103(f) and 64.2104(b) of 
the Commission's Rules, as set forth in this Order.
(e) Steps Taken to Minimize Significant Economic Impact on Small 
Entities, and Significant Alternatives Considered
    9. The analysis of the Commission's efforts to minimize the 
possible significant economic impact on small entities as described in 
the FRFA, is unchanged by the Order, save that the removal of the 
recordkeeping obligations described in section (d) above will result in 
a reduction of the recordkeeping burden for all entities affected by 
the R&O and this Order.
(f) Report to Congress
    10. The Commission shall send a copy of this Order, including this 
Supplemental FRFA, in a report to Congress pursuant to the Small 
Business Regulatory Enforcement Fairness Act of 1996, see 5 U.S.C. 
801(a)(1)(A). In addition, the Commission shall send a copy of this 
Order, including this Supplemental FRFA, to the Chief Counsel for 
Advocacy of the Small Business Administration. A copy of this order and 
Supplemental FRFA (or summaries thereof) will also be published in the 
Federal Register.

Ordering Clauses

    11. Accordingly, it is ordered that, pursuant to 47 CFR 1.108, 
(4)(i) and 4(j), and section 229 of the Communications Act of 1934, as 
amended, 47 U.S.C. 154(i), 154(j), and 229, and section 105 of the 
Communications Assistance for Law Enforcement Act, 47 U.S.C. 1004, 
Sec. 64.2104(b) of the Commission's rules, 47 CFR 64.2104(b), is 
modified as set out in this decision.
    12. It is further ordered that the rules set forth in this decision 
will become effective 90 days after publication in the Federal 
Register.
    13. It is further ordered that the Commission's Office of Public 
Affairs, Reference Operations Division, shall send a copy of this Order 
on Reconsideration, including the Supplemental Final Regulatory 
Flexibility Analysis, to the Chief Counsel for Advocacy of the Small 
Business Administration.

Paperwork Reduction Act

    14. This Order contains a modified information collection. The 
Commission, as part of its continuing effort to reduce paperwork 
burdens, invites the general public to comment on the possible 
information collections contained in this Order, as required by the 
Paperwork Reduction Act of 1995, Public Law No. 104-13. Written 
comments must be submitted by the public and by other Agencies on the 
proposed information collections on or before November 29, 1999. 
Comments should address: (1) Whether the proposed collection of 
information is necessary for the proper performance of the functions of 
the Commission, including whether the information shall have practical 
utility; (2) the accuracy of the Commission's burden estimates; (3) 
ways to enhance the quality, utility, and clarity of the information 
collected; and (4) ways to minimize the burden of the collection of 
information on the respondents, including the use of automated 
collection techniques or other forms of information technology.
    OMB Approval Number: 3060-0809.
    Title: Communications Assistance for Law Enforcement Act, Order on 
Reconsideration.
    Form No.: N.A.
    Type of Review: Modification of Existing Collection.
    Respondents: Business and other for-profit and non-profit 
institutions.
    Number of Respondents: 5,000.
    Estimated Time Per Response: 25 hours.
    Needs and Uses: This modification decreases the recordkeeping 
burden on carriers imposed in the R&O, to remain constistent with the 
record retention requirement in 18 U.S.C. 2518(8)(a).

List of Subjects in 47 CFR Part 64

    Communications common carriers, Reporting and recordkeeping 
requirements.

Federal Communications Commission.
Magalie Roman Salas,
Secretary.

Rule Changes

    Part 64 of Title 47 of the Code of Federal Regulations is amended 
as follows:

PART 64--MISCELLANEOUS RULES RELATING TO COMMON CARRIERS

    1. The authority citation for Part 64 continues to read as follows:

    Authority: 47 U.S.C. 151, 154, 201, 202, 205, 218-220, and 332 
unless otherwise noted. Interpret or apply 201, 218, 225, 226, 227, 
229, 332, 48 Stat. 1070, as amended. 47 U.S.C. 201-204, 218, 225, 
226, 227, 229, 332, 501 and 503 unless otherwise noted.

    2. Section 64.2103 is amended by revising paragraph (f) to read as 
follows:


Sec. 64.2103  Policies and procedures for employee supervision and 
control.

* * * * *
    (f) Include, in its policies and procedures, a detailed description 
of how long it will maintain its records of each interception of 
communications or access to call-identifying information pursuant to 
Sec. 64.2104.
    3. Section 64.2104 is amended by revising paragraph (b) to read as 
follows:


Sec. 64.2104  Maintaining secure and accurate records.

* * * * *
    (b) A telecommunications carrier shall maintain the secure and 
accurate records set forth in paragraph (a) for a

[[Page 52246]]

reasonable period of time as determined by the carrier.
* * * * *
[FR Doc. 99-25145 Filed 9-27-99; 8:45 am]
BILLING CODE 6712-01-P

-------------------------------------------------------------------------