CALEA: When is an Information Service Not an Information Service?
When the FCC says so, that's when.
Today, the D.C. Circuit ruled 2-1 that the FCC's views on CALEA coverage should be deferred to. (I've posted many times about CALEA here.)
The brief background about CALEA is that it is a 1994 statute written to ensure that telecom carriers would build their facilities so as to be easily tappable by law enforcement. “Information services” were explicitly left out of its coverage — and were understood to include online applications like email.
Now, although the FBI has made no showing that it's having problems enforcing subpoenas or warrants for information, law enforcement badly wants to extend the coverage of CALEA to include broadband access and VoIP services that connect to the traditional phone network.
The problem? Congress didn't write the statute to include what law enforcement wants. The FCC has helped law enforcemet in two recent orders that re-read CALEA to cover “information services” to the extent they are “substantial replacements” for local telephone service. This is a weak legal argument, but the FCC has persisted.
Today, Judge Sentelle, writing for the majority, points out that the CALEA statute and the 1996 Act are different (in particular, the 1996 Act doesn't include a “substantial replacement” element). The FCC has interpreted CALEA to cover information services in some circumstances. The D.C. Circuit is saying that it should defer to the FCC's interpretation when it is making a “reasonable policy choice.”
Judge Edwards's thundering dissent notes that deference isn't appropriate when Congress hasn't delegated authority to the Commission in the first place. (Last year, I wrote an article saying the same thing.) In a nutshell,
In determining that broadband Internet providers are subject to CALEA as “telecommunications carriers,” and not excluded pursuant to the “information services” exemption, the Commission apparently forgot to read the words of the statute.
He's right. Only Congress can revise CALEA. That kind of work isn't within FCC's mandate.
I hope the petitioners in this case will seek certiorari — it's vital for innovation, the future of the internet, and the future role of administrative agencies in this country that the Supreme Court weigh in.
Comments
3 Responses to “CALEA: When is an Information Service Not an Information Service?”
Got something to say?
Once again, we find ourselves on the opposite side of the CALEA issues.
It seems plain that Congress very much constructed CALEA to be an extensible set of provisions and mechanisms to evolve the network forensic capabilities needed by law enforcement. The FCC has consistently taken this view as have the Courts - as underscored by the D.C. Circuit's opinion today.
The Commission's (and the court's) decision to interpret terminology differently in different statutory contexts, is also the right outcome - in law and in public policy. As discussed at some length in the oral argument before the court, the purposes and needs of law enforcement (CALEA) are very different from those of economic regulation (Communications Act). Indeed, the recent enactment of the VAWA Anti-Cyberstalking provision by Congress - that explicitly denominates Internet software applications as telecommunication devices - underscores both the distinction and the need.
I fail to see the basis for opposing what seem like profoundly important need for trusted network forensics associated with the large and exponentially growing criminal activity and attacks on our public communication infrastructures - a need that has been recognized and instantiated worldwide.
–tony
I could see an argument for CALEA applying to VoIP under the wording of the statute (though I agree with Edwards' dissent). I don't see one for applying it to broadband–and the statute clearly exempts web and email traffic as part of its definition of “information services.”
I don't see broadband data taps as the solution to online criminal activity–there aren't enough law enforcement resources to deal with the information they already have. The best way to reduce criminal activity on the net is to create the right incentives to get all the compromised consumer machines patched and secured, since they are the primary medium for proxying criminal activity on the net (via botnets). That would stop the majority of spam, phishing, and adware/spyware/click fraud, which would cut off a large portion of the money supply to the miscreant economy.
This isn't the first time the FCC has engaged in rule-making without statutory authority–they modified the rules prohibiting telemarketing to residences via prerecorded messages (47 CFR 64.1200) allow for an established business relationship exemption ( (a)(2)(iv) ), even though the Telephone Consumer Protection Act provides for no such exemption (47 USC 227(b)(2)(B)–note the “and” between (b)(2)(B)(ii)(I) and (II)).
“[w]here Congress explicitly enumerates certain exceptions to a general prohibition, additional exceptions are not to be implied, in the absence of contrary legislative intent.” Andrus v. Glover Constr. Co., 446 U.S. 608, 616-17, 100 S.Ct. 1905, 1910, 64 L.Ed.2d 548 (1980)
Check out this introduction article on Cyberstalking:
http://www.articleworld.org/Cyberstalking