American Bar Association
Forum on Communications Law

Privacy and Law Enforcement in the Digital Age

David L. Sobel

On August 15, 2000, a three-judge panel of the U.S. Court of Appeals for the District of Columbia Circuit reversed an FCC order implementing the Communications Assistance for Law Enforcement Act (CALEA).1 Based on the grounds that the FCC exceeded its authority and unlawfully trod upon privacy interests that Congress sought to protect, the ruling, United States Telecommunications Ass'n v. Federal Communications Comm'n,2 is a critical one for privacy rights in the Internet and mobile communications age.

After a brief review of congressional action on communications and privacy concerns, this article describes the problem that Congress sought to solve with CALEA, analyzes the careful balance Congress struck in writing the law, and summarizes the order adopted by the FCC. It next describes the challenge to the FCC's order by privacy groups and the telecommunications industry, and reports on the D.C. Circuit's decision in USTA v. FCC, which reversed and remanded major portions of the order. The article then discusses the decision's implications for other privacy cases involving communications networks, primarily that privacy interests have equal standing with the needs of law enforcement in assessing what steps telecommunications carriers must take to provide technical assistance to the police.

Congress, Communications, and Privacy

Congress has long recognized that the need to protect individual privacy from government intrusion, the heart of the Fourth Amendment, becomes ever more critical as the means and opportunities to invade privacy increase.

As early as 1934, Congress delineated explicit rules protecting the privacy of communications and limiting the government's ability to surreptitiously intercept electronic communications.3 In 1968, Congress established a framework to allow electronic wiretapping only under the most limited circumstances. Under Title III of the Omnibus Crime Control and Safe Streets Act of 1968, wiretapping clearly was meant to be an investigative means of "last resort." The Electronic Communications Privacy Act in 1986 extended privacy protections to a new set of technologies such as e-mail, cellular phones, and paging devices.

In 1994, Congress enacted CALEA, largely in response to the FBI's concern that new technologies could be used to thwart criminal investigations. Still, even as it attempted to accommodate the FBI's concerns, CALEA also extended privacy protections to newer technologies and required that any new technical surveillance standards must protect privacy. Congress recognized the substantial privacy interests at stake when the police are given a key to a trap door that is required to be built into the nation's telephone network-a trap door that enables the police to see who is using the Internet and for what purpose, who is calling whom, and to monitor those communications. With CALEA, Congress codified this privacy concern in three ways:

.It mandated in § 1002(b) that carriers protect privacy interests;

.It required the Federal Communications Commission (FCC), if it were asked to adopt rules, to follow the mandate of § 1006(b) and "protect the privacy and security of communications not authorized to be intercepted"; and

.It made sure that law enforcement was not in charge of defining its own capability, but instead placed a neutral entity in the form of the FCC in the middle of any dispute.

These protections grew in importance as the Internet and digital communications became more widespread. Between CALEA's adoption in 1994 and the court challenge over FCC implementation in 1999, the use of e-mail and the Internet mushroomed, and cellular and PCS telephones became ubiquitous. One side effect was that the FBI and other law enforcement agencies became more committed to reach into the nation's communications infrastructure to access information. However, the rapid change in the communications networks made clear to privacy advocates, and eventually to the telecommunications industry itself, that substantial privacy interests were at stake in efforts to make these technologies "wiretap friendly."

The government clashed with industry and privacy groups over which capabilities telecommunications carriers should have to provide under CALEA: law enforcement thought the list of capabilities that the industry adopted was inadequate, and privacy groups thought the list exceeded the statutory mandate. Accordingly, the FCC had to rule on the industry's proposed list of capabilities and determine whether that list should be altered. In its CALEA order, the FCC generally ruled in favor of law enforcement and required telecommunications carriers to make even more extensive and expensive changes to their equipment to provide additional access to telephone networks. Supported by equipment manufacturers and service providers, privacy groups and major industry trade associations claimed that these rules violated CALEA and faulted the FCC for unreasonable decision making.

Statutory and Rulemaking Background of CALEA

Electronic Surveillance

Congress enacted CALEA to expand upon Title III of the Omnibus Crime Control and Safe Streets Act of 19684 and the Electronic Communications Privacy Act of 1986 (ECPA).5 Motivated principally by concerns over privacy rights of persons using modern communications devices, these statutes established broad federal prohibitions against wiretapping and eavesdropping without appropriate court orders. With a court order, however, law enforcement officials can conduct electronic surveillance by intercepting the contents of communications or, with a lesser standard of proof, can obtain the telephone numbers of a surveillance target's incoming and outgoing calls.

Title III governs the interception of the contents of communications, which the statute defines as "any information concerning the substance, purport, or meaning of that communication."6 The courts have recognized that "[a]nimating the whole of Title III [was] 'an overriding congressional concern' with the protection of individual privacy."7 Title III imposes strict limitations on the ability of law enforcement to obtain call contents-limitations that embody, and in some respects go beyond, the protections guaranteed by the Fourth Amendment. Absent an emergency, a law enforcement agency may intercept the content of a communication only under a court order issued upon findings of probable cause to believe that a particular crime is being committed, that communications concerning the specified offense will be intercepted, and that the telephone equipment to be tapped is commonly used by the alleged offender or in connection with the offense.8

ECPA establishes a similar framework for a broader class of communications beyond conventional telephone service. It sets rules for law enforcement to gain access to a broad category of electronic communication and permits the use of pen registers and trap and trace devices to detect whom a surveillance target is calling and who is calling him or her.9 ECPA contains minimum standards for court-approved law enforcement access to "electronic or other impulses" that identify "the numbers dialed" for outgoing calls and "the originating number" for incoming calls.10 This narrow category of information is not protected by the Fourth Amendment.11 ECPA nevertheless requires law enforcement agencies to obtain court orders before using pen registers. To obtain such an order, the government need merely certify that "the information likely to be obtained . . . is relevant to an ongoing criminal investigation."12

Origins and Purposes of CALEA

CALEA grew out of law enforcement agencies' concerns that telecommunications advances had begun to outpace their ability to obtain the types of information they previously could access under Title III and the ECPA. As FBI Director Louis Freeh testified, "The purpose of this legislation, quite simply, is to maintain technological capabilities commensurate with existing statutory authority-that is, to prevent advanced telecommunications technology from repealing, de facto, statutory authority now existing and conferred to us by Congress."13 Director Freeh also stated emphatically that law enforcement was not seeking to expand its wiretapping authority.14

Congress responded to the FBI's narrow request by enacting CALEA, with its stated goal to " preserve the government's ability . . . to intercept communications involving advanced technologies such as digital or wireless trans-mission."15 Furthermore, Congress expressly acknowledged the importance of privacy interests at stake when equipping law enforcement with invasive surveillance tools. Under CALEA, law enforcement was to receive "no more and no less access to information than it had in the past"16 because Congress simply was preserving law enforcement's "narrowly focused capability" to intercept communications. This limited grant of authority to law enforcement was restrained by congressional intent "to protect privacy in the face of increasingly powerful and personally revealing technologies."17 To preserve the delicate balance between privacy interests and law enforcement assistance struck by CALEA, Congress admonished against "overbroad interpretation of the [statutory] requirements" and explained that it "expect[ed] industry, law enforcement, and the FCC to narrowly interpret the requirements."18

Statutory Framework

Sections 2518 and 3124 of Title 18 provide that telecommunications carriers must give assistance to law enforcement agencies when they seek to implement a wiretap warrant or pen register order. Because the telecommunications equipment used by common carriers has become increasingly sophisticated, law enforcement asserts that it has not always been able to implement wiretaps or pen registers with its own resources. Accordingly, CALEA imposes carefully circumscribed duties on telecommunications carriers to retrofit or design their networks so that law enforcement can conduct lawful electronic surveillance. These include:

. Wiretaps. To allow interception of call contents under Title III, carriers must "enabl[e] the government, pursuant to a court order or other lawful authorization, to intercept . . . all wire and electronic communications carried by the carrier."19

. Pen registers. To permit monitoring of numbers dialed under ECPA, carriers must "enabl[e] the government, pursuant to a court order or other lawful authorization, to access call-identifying information that is reasonably available to the carrier."20

. Privacy protection. Carriers must ensure that authorized interceptions are conducted "unobtrusively and . . . in a manner that protects the privacy and security of communications and call-identifying information not authorized to be intercepted."21

Congress recognized that these general capabilities on the wireline and wireless telephone networks would have to be translated into specific technical requirements. Thus, CALEA authorizes industry standard-setting associations to formulate technical requirements for compliance. The effect of these industry standards would be to create a "safe harbor" in which a carrier is deemed in compliance with CALEA if it adheres to the adopted standards.22 Law enforcement's role in the process is limited to "consult[ation] with the appropriate associations and standard-setting organizations." Congress was explicit about the role of police in the communications network: law enforcement may not require or prohibit "any specific design" of equipment, facilities, services, features, or system configurations.23

The entire structure of CALEA demonstrates congressional concern that telephone networks should not become the handmaiden of law enforcement. Congress made clear in the House Report for CALEA that it sought "to preserve a narrowly focused capability for law enforcement agencies to carry out properly authorized intercepts."24 More fundamentally, Congress circumscribed the role of law enforcement in the entire process. First, industry was directed to develop a standard and to "consult" with the FBI. Second, if a dispute arose between the FBI and the telecommunications industry, a neutral third party, namely the FCC, as an entity that cares about the functioning of the telecommunications network but also would respect the views of law enforcement, would resolve any differences.

As noted, once an industry standard has been established, CALEA empowers the FCC to modify the standard on petition by any agency or person claiming that the standard is "deficient." The FCC may add or modify a requirement only if the new requirement (1) meets the statutory capability requirements by cost-effective methods, (2) protects the privacy and security of communications not authorized to be intercepted, (3) minimizes the costs of such compliance on residential consumers, (4) encourages the provision of new technologies and services, and (5) provides reasonable time and conditions for compliance. It is evident that Congress expected law enforcement to petition the FCC and wanted law enforcement to have the burden of proof to change any industry-adopted standard.

Development of Industry Standards

Carriers and telecommunications equipment manufacturers began working to develop a safe harbor standard in early 1995 through two standard-setting committees accredited by the American National Standards Institute (ANSI). In 1996, the FBI set forth an expansive list of features it wanted carriers to implement and specific technical means by which they should be provided. The industry published a standard that included all the features mandated by the language of CALEA or addressed in the legislative proceedings plus some concessions to the FBI's demands. The standard, known as the Interim Standard/Trial Use Standard J-STD-025 or by its short form, "J-standard," was adopted by the industry association in December 1997. The J-standard defines the services and features carriers must provide to support electronic surveillance and the interfaces necessary to deliver intercepted information to law enforcement.

In March 1998, the Justice Department and the FBI petitioned the FCC to add a "punch list" of nine capabilities to the J-standard.25 The Center for Democracy and Technology (CDT) also challenged the J-standard for exceeding CALEA's capability requirements and violating the statute's mandate to protect the privacy of communications that are not authorized to be intercepted. The Telecommunications Industry Association (TIA) and the Cellular Telecommunications Industry Association (CTIA) separately petitioned for a rulemaking. The FCC sought comment on all the petitions and asked for additional information in a further notice of proposed rulemaking. On August 31, 1999, the FCC released its CALEA order .26

Privacy and Industry Groups and the CALEA Order

The United States Telecom Association (USTA), the Electronic Privacy Information Center (EPIC), the American Civil Liberties Union (ACLU), the Electronic Frontier Foundation (EFF), CTIA, and CDT appealed the FCC order to the U.S. Court of Appeals for the District of Columbia Circuit. The court consolidated the appeals in USTA v. FCC and provided for copetitioners: public interest petitioners (EPIC, ACLU, and EFF) and telecommunications petitioners (USTA, CTIA, and CDT).

The public interest petitioners argued that the FCC's interpretation of CALEA, a statute intended simply to replicate law enforcement's existing wiretapping capabilities in the digital age, endangered the public's right to privacy by permitting law enforcement to obtain the actual contents of communications without complying with Title III or the Fourth Amendment. They emphasized that the challenge to the order would not deny law enforcement any information to which it is lawfully entitled. The issue raised by the public interest petitioners focused on crucial procedural protections: whether law enforcement would be required to comply with long-standing Title III and Fourth Amendment requirements (obtaining a court order) before gaining access to the contents of conversations.

The plaintiffs challenged the following elements of the order:

Packet-Mode Communication

Packet-mode communication is the transmission technology used to send data over the Internet and for voice traffic via next-generation telecommunications systems. In traditional telecommunications, a call establishes a continuously open circuit between two parties. In packet-mode communication, information (voice or data) is broken down into small pieces of digital electronic information called packets. Each packet is like an envelope, containing both message contents and a header with addressing information. Packets travel various routes over a complex network to their destination where they are reassembled into a coherent message. Because each packet contains both a header and message content, the technology creates unique privacy concerns.

In the CALEA order , the FCC recognized that packet-mode communication presents "significant technical and privacy concerns."27 Specifically, the call-identifying information (whom the target is e-mailing or calling) and call content (what the target is saying or writing) are found in the same envelope. The FCC recognized that the J-standard's approach to packet-mode communication would allow law enforcement to receive "both call-identifying information and call content even in cases where a [law enforcement agency] is authorized only to receive call-identifying information (i.e. , under a pen register)."28 In light of the concerns raised by packet-mode communications, the FCC asked the industry to study the problem further and make recommendations on amending the J-standard to protect privacy more effectively.29 Nonetheless, the FCC imposed an interim standard that required carriers to deliver all packet-mode communications to a law enforcement agency, even though the agency had authority to receive call-identifying information only.30

The petitioners contended that, as a threshold matter, the FCC's conclusion was the result of flawed rulemaking. The FCC itself recognized that the record on packet-mode communication was incomplete. Even more fundamental, the statutory language giving the FCC authority to act did not support the FCC's packet-mode conclusion.

CALEA imposes four requirements on the telecommunications industry. Three of the requirements are intended to preserve, not expand or enhance, law enforcement's surveillance capabilities, and the fourth is intended to uphold the privacy interests of the American public.31 Although the FCC asserted that the law enforcement agency itself would protect the privacy interests threatened by the interim standard,32 that rationale was not embraced by Congress, which required carriers to protect communications not authorized to be intercepted. Finally, the FCC order appeared to violate Title III and well-settled law by requiring carriers to deliver call contents to law enforcement agencies that did not have a proper court order.

Dialed Digit Extraction

The FCC's decision to include a "dialed digit extraction" capability in the J-standard also gave law enforcement officers access to call contents without a court order. Dialed digit extraction enables a law enforcement agency to obtain the touch-tone digits that a caller enters after having dialed to make the original connection. These are called "post-cut-through digits." In some cases, post-cut-through digits are the destination telephone number that is dialed after using a calling card number to reach a long distance or interexchange carrier. In other cases, the digits are the equivalent of call contents-personal identification numbers, bank account numbers, paging information, credit card numbers, prescription drug codes, and the like. The FCC recognized in the CALEA order that some post-cut-through digits were call contents.33 But because the call-identifying post-cut-though digits could not be separated from the contents digits, the FCC required carriers to provide all post-cut-through digits to a law enforcement agency with only a pen register order.34

The petitioners asserted that, in adding the dialed digit extraction capability to the J-standard, the FCC ignored CALEA's mandate that it consider "[t]he need to protect the privacy and security of communications not authorized to be intercepted."35 The CALEA order wholly abrogated the privacy protection for call contents afforded by the warrant standards in Title III. The FCC correctly stated that "[it did] not believe that CALEA contemplates changing the standard of proof in obtaining a warrant in order to avoid implementing a particular CALEA feature."36 Yet the FCC, acting far outside its area of competence and thus deprived of any Chevron deference, changed the standard of proof necessary to access dialed digits that constitute content.37 If technology currently does not allow telecommunications services to separate post-cut-through digits used to dial a second telephone from the remainder of the call's contents, the petitioners argued that law enforcement should have no authority to obtain access to those digits on a pen register order.38

Finally, the petitioners claimed that, as with packet-mode communication, the FCC's dialed digit extraction conclusion was the result of faulty rulemaking. Based on its erroneous assumptions about congressional goals for CALEA, the FCC rejected alternatives such as serving the originating carrier with a Title III warrant to obtain all dialed digits or having the originating carrier identify the long distance carrier in question and serving that carrier with a pen register order. Moreover, by giving law enforcement access to call contents without Title III authorization, the CALEA order clearly was unlawful.

Constitutional Concerns

The FCC's conclusions about packet-mode communication and dialed digit extraction, according to the public interest petitioners, abrogated constitutional privacy protections. By ordering carriers to provide law enforcement with access to electronic communication contents without requiring law enforcement to obtain the constitutionally required warrant, the CALEA order compelled carriers to engage in illegal searches and seizures. The Fourth Amendment protects "[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures."39 A search or seizure, within the meaning of the Fourth Amendment, occurs when the government infringes an individual's legitimate expectation of privacy.40 Courts consistently have held that an individual has a reasonable and legitimate expectation of privacy in the contents of telephone communications.41

The CALEA order allowed communication contents to be funneled to law enforcement upon only the most minimal showing of need, and it permitted law enforcement to obtain call contents while avoiding the constitutional requirements constraining such collection. Moreover, the exclusionary rule-the rule that unconstitutionally obtained evidence cannot be used in court-is a limited remedy that would have been insufficient to compensate for the CALEA order's constitutional shortcomings. An individual's Fourth Amendment rights are violated not when government uses the fruits of an illegal search but rather when the illegal search occurs.42 Thus, the deterrence value of the exclusionary rule in no way legitimizes the assault on individual privacy found in the CALEA order.

Location Information

The public interest petitioners also argued that CALEA does not authorize the FCC's finding that the location of a subscriber's nearest cell site at the beginning and end of each call is call-identifying information that must be made available to law enforcement. CALEA contains language that expressly prohibits carriers from delivering location information to government officials based solely on a pen register order.43 Furthermore, FBI Director Freeh, in hearings on CALEA, rejected the argument that CALEA would require disclosure of location information.44 The FCC plainly acted beyond the terms of CALEA in requiring carriers to provide law enforcement with information it never sought before Congress.

D.C. Circuit Upholds the Public's Privacy Interests

In August, a three-judge panel (Circuit Judges Douglas Ginsburg, A. Raymond Randolph, and David Tatel) of the D.C. Circuit issued its opinion in USTA v. FCC,45 reversing and remanding the CALEA order on the grounds that the FCC exceeded the authority granted to it by Congress. The opinion, written by Judge Tatel, found that the FCC wholly and fatally failed to consider privacy interests in its requirements for a dialed digit extraction capability. Furthermore, the court ruled that the FCC misapprehended its ability to require carriers to deliver packet contents along with header information on the authority of only a pen register order. However, the court held that the FCC correctly determined that location information associated with a cellular or wireless telephone should remain a J-standard capability.

Packet-Mode Communication

Although the court found that the FCC properly denied petitions to remove packet-mode data from the J-standard, it provided a strongly worded clarification that a law enforcement agency is entitled to the contents of packets only if it obtains a Title III warrant. The FCC "was simply mistaken" when it "interpreted the J-standard as expanding the authority of law enforcement agencies to obtain the contents of communications." The FCC could not require that carriers provide packet header and content information to a law enforcement agency only on the basis of a pen register order. "CALEA authorizes neither the [FCC] nor the telecommunications industry to modify either the evidentiary standards or procedural safeguards for securing legal authorization to obtain packets from which call content has not been stripped, nor may the [FCC] require carriers to provide the government with information that is 'not authorized to be intercepted.' "

Dialed Digit Extraction

At the heart of whether the FCC could require telecommunications carriers to provide post-cut-through digits and other punch list data was the question of how to define "call-identifying information." In order to add dialed digit extraction and other capabilities to the J-standard, the FCC first would have to have found a deficiency in the J-standard's definition of "call-identifying information" and related terms. The court found that the FCC utterly failed to do so. "Although the [FCC] used its rulemaking power to alter the J-standard, it identified no deficiencies in the standard's definitions of the terms 'origin,' 'destination,' 'direction,' and 'termination,' which describe 'call-identifying information' in terms of telephone numbers." Consequently, the court found that the FCC had not performed its statutorily mandated role in modifying the J-standard and had improperly added dialed digit extraction and other capabilities.

Moreover, the court found that the FCC failed to consider privacy protection as required by CALEA when it added the dialed digit extraction capability. The FCC "had a statutory obligation to address how its Order, which requires the capability to provide all dialed digits pursuant to a pen register order, would 'protect the privacy and security of communications not authorized to be intercepted.' " However, the FCC only considered the costs to law enforcement and the time-consuming nature of proposed alternatives. When asked at oral argument about the FCC's decision-making process, FCC counsel admitted that "[w]e addressed ourselves to the privacy questions with a little bit of hand wringing and worrying." The court tartly replied in its opinion that "[n]either hand wringing nor worrying can substitute for reasoned decision making." The court vacated the FCC's addition of dialed digit extraction and the other challenged punch list capabilities.

Location Information

Although the court upheld the FCC's decision to retain a location requirement in the J-standard under which carriers will have to be able to provide a wireless subscriber's nearest cell site at the beginning and end of a call, it reiterated that the information does have privacy protections. The court found that the FCC "demonstrated its understanding that antenna location information could only be obtained with something more than a pen register order."

Implications of the Decision

USTA v. FCC confirms several aspects of how CALEA is to be implemented that perhaps should have been apparent to the FCC from the statute's text and legislative history. First, the decision confirms that CALEA is meant to preserve law enforcement's abilities to conduct telecommunications surveillance, but not to enhance them. Title III and ECPA remain sources for and constraints on law enforcement's authority. Second, Congress intended for privacy interests to carry substantial weight as CALEA is implemented. The FCC is not free to ignore congressional concern for privacy protection. Third, CALEA does not permit the FCC to allow law enforcement agencies to bootstrap access to the contents of packet-mode communications onto authorizations for only call-identifying information. If available technology does not allow packet contents to be separated from addresses or post-cut-through digits denoting telephone numbers from those constituting contents, then law enforcement needs to comply with the more stringent requirements for obtaining a Title III warrant. Finally, the court ignored the government's argument that a law enforcement agency could obtain access to call contents with a mere pen register order when contents could not be separated from call-identifying information as long as the agency ignored the contents information and "minimized" its interception. The argument was of no avail to the government, which confirms that privacy protections are violated at the time of unauthorized government access, not just if and when the government attempts to use the information that it unlawfully obtained.

Currently, the FCC is again compiling comments from industry representatives, law enforcement agencies, and privacy groups as it seeks to refashion its implementation of CALEA in line with the D.C. Circuit's opinion.


1. 47 U.S.C. §§ 1001 et seq.

2. 227 F.3d 450 (D.C. Cir. 2000).

3. Communications Act of 1934, 47 U.S.C. § 605, § 705 (1934).

4. 18 U.S.C. §§ 2510 et seq.

5. 18 U.S.C. §§ 3121 et seq.

6. 18 U.S.C. § 2510(8).

7. Chong v. DEA, 929 F.2d 729, 732 (D.C. Cir. 1991) (quoting Gelbard v. United States, 408 U.S. 41, 48 (1972)).

8. 18 U.S.C. § 2518(3).

9. Pen registers record the telephone numbers of outgoing calls and trap and trace devices, much like caller-ID systems record the telephone numbers of incoming calls. Both devices are referred to collectively as pen registers.

10. 18 U.S.C. §§ 3127(3)-(4).

11. Smith v. Maryland, 442 U.S. 735, 742 (1979).

12. 18 U.S.C. §§ 3122-23.

13. Digital Telephony and Law Enforcement Access to Advanced Telecommunications Technologies and Services: Joint Hearings on H.R. 4922 and S. 2375, 103d Cong. 7 (1994).

14. See id. at 6.

15. H.R. Rep. No. 103-827, at 9 (1994), reprinted in 1994 U.S.C.C.A.N. 3489.

16. Id. at 22, reprinted in 1994 U.S.C.C.A.N. 3502.

17. Id. at 13, reprinted in 1994 U.S.C.C.A.N. 3493.

18. Id. at 22-23, reprinted in 1994 U.S.C.C.A.N. 3502-03.

19. 47 U.S.C. § 1002(a)(1).

20. 47 U.S.C. § 1002(a)(2) (emphasis added).

21. 47 U.S.C. § 1002(a)(4). CALEA also establishes requirements for delivery of information to the government (47 U.S.C. § 1002(a)(3)) although this provision was not at issue in the appeal of the FCC's implementation of the Act.

22. 47 U.S.C. § 1006(a). Carriers that do not comply with the safe harbor and do not otherwise meet CALEA's requirements may incur civil fines of up to $10,000 per day. See 18 U.S.C. § 2522(c).

23. 47 U.S.C. §§ 1002(b)(1)(A), 1006(a).

24. House Rep., supra note 13, at 13, reprinted in 1994 U.S.C.C.A.N. 3493 (emphasis added).

25. Department of Justice/FBI Joint Petition for Expedited Rulemaking (Mar. 27, 1998).

26. Third Report and Order, In re Communications Assistance for Law Enforcement Act, CC Docket No. 97-213, 14 FCC Rcd 16794 (1999) (CALEA order). The FCC originally sought comments on April 20, 1998, and issued its further notice of proposed rulemaking for CALEA on November 5, 1998.

27. Id. ¶ 55.

28. Id.

29. Id.

30. Id.

31. Specifically, carriers must ensure that their facilities are capable of (1) expeditiously isolating and enabling law enforcement to intercept call content; (2) expeditiously isolating and enabling the government to access reasonably available call-identifying information; (3) delivering intercepted communications and call-identifying information to the government in a format that allows them to be transmitted to a law enforcement listening facility; and (4) doing all of the above three functions "in a manner that protects . . . the privacy and security of communications and call-identifying information not authorized to be intercepted" and the confidentiality of the interception. See 47 U.S.C. § 1002(a)(1)-(4).

32. See CALEA order ¶ 56.

33. See id. ¶ 119.

34. See id. ¶ 123. In addition to dialed digit extraction, the FCC added party hold/join/drop information, id. ¶¶ 74-75, subject-initiated dialing and signaling information, id. ¶ 82, and in-band and out-of-band signaling capabilities to the J-standard, id. ¶ 89, all of which were subsequently challenged. The FCC also added partial capabilities regarding the content of conference calls, id. ¶¶ 64-67, and timing parameters, id. ¶ 96. It declined to add surveillance status messages, id. at 101, continuity tones, id. at 106, and feature status messages, id. at 111, to the J-standard from the FBI's punch list. None of the latter decisions was challenged.

35. 47 U.S.C. § 1008(1)(C).

36. CALEA order ¶ 120.

37. See Professional Airways Sys. Specialists v. Federal Labor Relations Auth., 809 F.2d 855, 857 n.6 (D.C. Cir. 1987) (finding that when agency interprets a general statute, courts "engage in a de novo interpretation of the statute, guided, of course, by congressional intent").

38. See Brown v. Waddell, 50 F.3d 285, 294 (4th Cir. 1995) (holding that duplicate digital display pager used to intercept numeric transmissions is not "pen register" under ECPA and its use by law enforcement without was "unauthorized interception of 'electronic communications'" as matter of law).

39. U.S. Const. amend. IV.

40. See Katz v. United States, 389 U.S. 347, 353 (1967).

41. See Smith v. Maryland , 442 U.S. 735, 741 (1979); Katz, 389 U.S. at 353.

42. See United States v. Balsys , 524 U.S. 666, 692 (1998) ("[B]reaches of privacy are complete at the moment of illicit intrusion, whatever use may or may not be made of their fruits."); United States v. Verdugo-Urquidez, 494 U.S. 259, 264 (1990) (explaining that Fourth Amendment prohibits unreasonable searches and seizures whether or not evidence is excluded from criminal trial because Fourth Amendment violation is "'fully accomplished' at the time of an unreasonable governmental intrusion").

43. See 47 U.S.C. § 1002(a)(2).

44. See Joint Hearings, supra note 11, at 33.

45. United States Telecom Ass'n v. FCC, 227 F.3d 450 (D.C. Cir. 2000).


David L. Sobel ( is General Counsel of the Electronic Privacy Information Center (EPIC). He is grateful for the assistance of Gerard J. Waldron and Russell J. Jessee of Covington & Burling, Washington, D.C., in the drafting of this article and for their representation of EPIC, the Electronic Frontier Foundation, and the American Civil Liberties Union in challenging the implementation of CALEA before the FCC and in the D.C. Circuit in USTA v. FCC.

Back to Table of Contents