Time to Revisit Your Company’s Compliance with CALEA and Associated FCC’s Regulatory Requirements is Now

The Federal Communications Commission’s (FCC) Enforcement Bureau investigations arising from referrals or other information supplied by the Universal Service Administrative Company (USAC) appear to be increasingly expansive. While the initial or primary issue leading to an Enforcement Bureau investigation may be related to one of the universal service programs administered by USAC, such as the Universal Service Fund (USF) contribution or Form 499 registration duties, once an investigation is initiated, it is becoming increasingly clear that the Enforcement Bureau is turning over other easily overturned rocks in search of other possible violations of the Communications Act or FCC regulations.

Among the myriad legal and regulatory obligations Form 499 Filers are subjected to is compliance with the Communications Assistance for Law Enforcement Act (CALEA) and the duty to maintain and file a System Security and Integrity Plan (SSI Plan) with the FCC. As explained below, while many service providers comply with their practical, day-to-day responsibilities to assist law enforcement, such as responding to lawful subpoenas, there may be gaps in compliance with some of the technical, administrative and esoteric requirements. 

You can conduct a quick and simple self-audit by asking yourself these questions: 

Does my company have a System Security and Integrity Plan (SSI Plan)?

Has my company’s SSI Plan been filed with the FCC? 

If you answered “No” to either question, continue reading and be ready to take action to ensure your company’s compliance before a potentially minor technical rule violation — failure to file an SSI Plan — leads to forfeiture exposure by virtue of an Enforcement Bureau investigation of an entirely unrelated matter.

Recent Expanded Enforcement Based on Late 499 Registrations Results in $180,000 Payment

Recently, the FCC adopted a consent decree against Global Data Systems (GDS). Although the core issue was late 499 registrations, the investigation expanded to include liability for non-compliance within one year of the apparent violation. Based on the broader investigation, GDS agreed to pay $180,000 for failing to file 46 FCC Form 499 Worksheets, seven Form 477 filings, and five annual customer proprietary network information (CPNI) certifications; appoint a compliance officer, develop and implement a compliance plan, develop a compliance manual and training program; and file periodic compliance reports. Had GDS not entered into the consent decree, it faced additional forfeitures or fines based on non-compliance uncovered by the expanded investigation.

Enforcement Bureau Expanding Scope of Investigations

Some omissions—unfiled Form 499s or Form 477s, CPNI, and Communications and Video Accessibility Act (CVAA) Certifications—are easily identified because they are either in an FCC database or public docket, making investigation and enforcement simple. Other filing or submission omissions, while not in a database or public docket, are reviewable with relative ease because they should be in the FCC’s possession. Of particular concern is compliance with CALEA, auditable by virtue of a company’s failure to file an SSI Plan.

CALEA Responsibilities for Telecommunications Carriers and Penalty Exposure for Violations

Pursuant to CALEA, telecommunications carriers (“entities engaged in the transmission or switching of electronic communications to the public for hire,” including wireline, wireless, broadband Internet access, and two-way interconnected VoIP providers) must ensure they can, upon appropriate legal authorization, isolate and deliver intercepted communications to law enforcement. Isolation and delivery requires both (1) technical solutions to ensure communications can be intercepted and (2) following the policies and procedures adopted to supervise and control assistance to law enforcement in a carrier’s SSI plan. Carriers must submit their SSI plan to the FCC for review and acceptance and appoint a senior officer or employee to ensure intercepted communications or call-identifying information can be activated only with appropriate legal authorization and the appointed individual’s affirmative intervention.

Failure to comply with CALEA subjects a carrier to significant penalties, including exposure up to $20,731 per violation or day up to a maximum of $155,485. Penalties for failing to comply with CALEA are in addition to penalties for other violations, such as failing to complete a 499 registration or submit filing to the FCC. Given the compounding nature of these penalties, complying with requirements before an investigation—particularly one triggered by a minor omission—is critical.

NEED HELP WITH CALEA COMPLIANCE OR ENSURING YOUR COMPANY HAS MET ALL ITS FILING OBLIGATIONS TO AVOID EXPOSURE TO PENALTIES AND POTENTIAL ENFORCEMENT ACTION?

The CommLaw Group Can Help!

Given the FCC Enforcement Division’s growing interest in expanding investigations into single omissions to cover any possible compliance failures, The CommLaw Group is helping clients (old and new) review their required filings and ensure no necessary filings are overlooked.

Complying with CALEA, which affects wireline, wireless, broadband Internet, and two-way VoIP providers, is complex and requires (1) the right technical capability to assist law enforcement, (2) a designated senior officer or employee, and (3) plans and procedures in place to act on lawful communications interception requests (evidenced by an SSI plan filed with and accepted by the FCC). Given the myriad of other required FCC filing obligations, it’s easy to overlook CALEA. Without an SSI plan in place, your company has already missed the deadline and must act immediately to ensure CALEA compliance.

Potential penalties from an investigation and enforcement action for failure to comply with FCC filing requirements—particularly with CALEA, which is of interest to both the FCC and the Federal Bureau of Investigation (FBI) and—can be mitigated or eliminated by taking the necessary action today to ensure you have efficiently and intelligently assessed and met your filing requirements.

CONTACT US NOW, WE ARE STANDING BY TO GUIDE YOUR COMPANY’S COMPLIANCE EFFORTS

Jonathan Marashlian – Tel: 703-714-1313 / E-mail: jsm@CommLawGroup.com

Linda McReynolds – Tel: 703-714-1318 / E-mail: lgm@CommLawGroup.com

ATTORNEY ADVERTISING DISCLAIMER: This information may be considered advertising in some jurisdictions under the applicable law and ethical rules. The determination of the need for legal services and the choice of a lawyer are extremely important decisions and should not be based solely upon advertisements or self-proclaimed expertise. No representation is made that the quality of the legal services to be performed is greater than the quality of legal services performed by other lawyers