DOJ and FBI Plan to Seek Sweeping Changes to CALEA in 2011
This morning the New York Times ran a story about the Department of Justice and Federal Bureau of Investigation plans to seek sweeping changes to the Communications Assistance to Law Enforcement Act (“CALEA”) in Congress in 2011. This effort is the natural next step in the Administration’s “Going Dark” program, which is hoping to address technology changes that the FBI claims are preventing law enforcement from maintaining the existing level of lawful access to communications via intercept in the face of new technologies. According to the Times, the government’s focus seems to be on three specific areas: (1) requiring foreign companies to maintain a U.S. presence where lawful intercept orders can be served and complied with; (2) requiring communications providers who enable encryption to be able to decrypt; and (3) requiring developers of peer-to-peer software programs to build in capability for the intercepts to be enabled. However, the article also discusses problems the FBI has faced with communications providers, not subject to CALEA today, who are not able to provide technical assistance necessary to accomplish a wiretap at the time they are served with an order. The FBI is voicing concerns about the national security implications that the delay in developing such capabilities can have in critical investigations. Clearly, any government proposal to amend CALEA is going to attempt to significantly broaden the types of communications services that fall within CALEA’s requirements. This may be the greatest concern for smaller providers who are not yet subject to frequent intercept requests, as new CALEA requirements could nonetheless require expensive engineering efforts to create the capacity for wiretaps orders that may never come. And one largely agreed failure of CALEA as it exists today is the failure of the reimbursement provisions to actually compensate providers for their compliance with CALEA’s requirements.
The timing of this proposal is also a concern. Last week’s Congressional hearings on ECPA reform were joined by representatives of state and local law enforcement who raised limits on CALEA, growth in use of encryption technology, and lack of mandated data retention as concerns to be considered alongside ECPA reform. If November’s elections put Congress under Republican control in 2011, “ECPA reform” could ultimately bear little resemblance to what is currently being advocated by its civil liberties proponents.