CALEA is the Communications Assistance for Law Enforcement Act. It originally passed in October of 1994, and initially only applied to providers of telephone services. It was put in place due to the increasing use of digital phone switches, and it required that phone companies be able to assist law enforcement in performing electronic surveillance if presented with a valid court order or other lawful intercept authorization. In addition, switch manufacturers needed to ensure that their equipment was CALEA compliant.
In 2006 the law was extended to apply to "all facilities-based broadband Internet access providers and providers of interconnected VoIP service." In other words, if you are an ISP, you must be CALEA compliant and you need to take CALEA seriously. If you receive a CALEA request and are not able to comply, you can be fined up to $10,000 per day by the court until you are able to.
As part of the CALEA, telecommunications companies (including ISPs since 2006) are required to file a System Security and Integrity Plan (SSI plan). This plan documents how the service provider will be complying with CALEA, and has the contact information of the people at the company who will be assisting any law enforcement agency that presents a lawful intercept request under CALEA. Originally SSI plans were paper copies that were sent in to the FCC and filed. As of June 29, 2023, SSI plans must be filed electronically in the CEFS. This is a requirement for every facilities-based Internet Service Provider.
You need to get compliant before you receive a CALEA request, and filing is an important step to let the FCC know that you are compliant and will be able to respond to a CALEA request in a timely manner. Since SSI plans will now be online, it will also make it easier for the FCC to determine which ISPs have filed their plans and which have not.
CALEA compliance requires the appropriate technology to be placed in the right location in your network so you can enable, mediate and securely deliver a live stream of data from a specified subscriber to the requesting law enforcement agency when presented with a lawful intercept request. You must also have policies in place to ensure that CALEA requests are handled quickly and confidentially. This includes having specified CALEA contacts that law enforcement can get in touch with at any time, that any CALEA-based court orders you receive are fully verified, and that all intercepts that are initiated (and the targets of those intercepts) will be kept confidential and on a need-to-know basis.
There are two options to become compliant. One is to have your own mediation equipment on hand, along with the appropriate staff who can fully verify CALEA requests, deploy the equipment appropriately and securely to isolate the specific information requested from a specific subscriber, and deliver it to the requesting Law Enforcement Agency (LEA). This can be difficult and expensive for all but the largest providers. The other option is to use a Trusted Third Party (TTP). TTPs can act as your CALEA contact, including verifying any lawful intercept requests, sending the required mediation equipment and assisting in its proper deployment, and managing the process of delivering the intercepted data to the LEA in the required format securely and confidentially.
If you are not yet CALEA compliant, ZCorum can act as your CALEA Trusted Third Party. We can provide the services and intercept devices needed so that you are always ready to respond appropriately to a CALEA request in a timely manner, and avoid potential fines for non compliance.
To request a Sample SSI form, which will help you collect and document the information needed for your online SSI filing, go here.
For more information about CALEA and the online filing mandate for SSI plans, watch this video.
Download the CALEA Electronic Filing System (CEFS) User Manual:
You can also find more information about CALEA and SSI plans on the FCC CALEA Website.