May 15 2007

CALEA Deadline Passes

"CALEA: are you in or out?" This subject heading in a recent online discussion of the Communications Assistance for Law Enforcement Act illustrates the anxiety the law has generated on college and university campuses around the country.

Why the anxiety? In 1994, Congress passed CALEA so telecommunications providers would configure their networks to make it easier for law enforcement to conduct wiretaps. Internet service providers (ISPs) were originally exempt from CALEA, but the proliferation of online communications prompted the FCC to expand the law. It set a May 14, 2007, deadline for broadband access and Voice over Internet Protocol (VoIP) providers to comply with CALEA. Because most campuses provide Internet services and many provide VoIP on campus, they were left to decide whether they must comply.

That CALEA compliance deadline passed Monday; most campuses have determined they are not required to comply. But that doesn't mean they won't have to comply down the road.

John Morris, staff counsel at the Center for Democracy & Technology, says the war is not over. He agrees that colleges and universities are not covered under CALEA, but maintains that campuses are waiting to see if Congress or the Federal Communications Commission (FCC) moves to expand the law.

"There's still a lot of ambiguity," EDUCAUSE government relations officer Wendy Wigen adds.

A Washington, D.C., circuit court decision that backed the expansion of CALEA said the law applies only to public, facilities-based providers. Organizations that run private networks and rely on ISPs, which most campuses do, are not required to make their systems CALEA-compliant for now.

Even campuses that must comply with CALEA have to do so only at the points where their networks touch the Internet. That means they won't have to reconfigure their entire networks -- a scenario that would have cost billions of dollars for higher education."ÒWe lost a war, but we won the most important battle," Wigen says.

Complying with CALEA means your network must be able to conduct lawful intercept of voice and data communications in an IP network. The question is whether campuses must redesign their networks to make them easy to wiretap, or whether they can continue to work with law enforcement on a case-by-case basis. Upgrades could cost $100,000 or more for most institutions. Considering how rare campus wiretap requests are, CALEA compliance doesn't make financial sense.

But at least one university telecom specialist is optimistic that the cost can be kept down. Texas A&M University held a demo in February that showed that a lawful intercept could be accomplished without expensive changes to its switch infrastructure.

"The university community is concerned that complying with federal LI [lawful intercept] requirements will be difficult and expensive," Walt Magnussen, Texas A&M director of telecommunications, said in a statement. "Minimizing this difficulty and expense will require innovative work with the best available tools. With a few weeksÕ work, we were able to build a solution that meets the compliance standard for voice intercept. We are still looking into the data collection requirements."