This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies
By closing this message or continuing to use our site, you agree to our cookie policy. Learn More
This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • Home
  • News
    • Security Newswire
    • Technologies
    • Security Blog
    • Newsletter
    • Web Exclusives
  • Columns
    • Career Intelligence
    • Security Talk
    • The Corner Office
    • Leadership & Management
    • Cyber Tactics
    • Overseas and Secure
    • The Risk Matrix
  • Management
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • More
  • Physical
    • Access Management
    • Video Surveillance
    • Identity Management
    • More
  • Cyber
  • Sectors
    • Education: University
    • Hospitals & Medical Centers
    • Critical Infrastructure
    • More
  • Exclusives
    • Security 500 Report
    • Most Influential People in Security
    • Top Guard and Security Officer Companies
    • The Security Leadership Issue
    • Annual Innovations, Technology, & Services Report
  • Events
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
    • Security 500 West
  • Resources
    • The Magazine
      • This Month's Issue
      • Digital Edition
      • Archives
      • Professional Security Canada
    • Videos
      • ISC West 2019
    • Photo Galleries
    • Polls
    • Classifieds & Job Listings
    • White Papers
    • Mobile App
    • Store
    • Sponsor Insights
    • Continuing Education
  • InfoCenters
    • Break-in Prevention
    • Building AppSec in Enterprises
    • Video Management Systems
  • Contact
    • Editorial Guidelines
  • Advertise
Home » The Communications Assistance for Law Enforcement Act: a Lesson from the Past
Security Leadership and ManagementManagementCyber TacticsCyber

The Communications Assistance for Law Enforcement Act: a Lesson from the Past

SEC0819-Cyber-Feat-slide1_900px
SEC0819-cyber-slide2_900px
SEC0819-Cyber-Feat-slide1_900px
SEC0819-cyber-slide2_900px
August 1, 2019
John McClurg
KEYWORDS security careers / security officer / security risk management
Reprints
No Comments

On a recent trip to Australia, I appeared on a National morning news show. It wasn’t long until the hosts were trying to get me to weigh in on a debate that was then raging in their legislature. The point of contention was the proper balance between privacy interests and the need for law enforcement and the intelligence community, in their battle against terrorism and other crimes, to intercept communications being shrouded with powerful encryption. [Sound familiar?] I acknowledged the consternation and hand-wringing then occurring in their country as familiar reactions.

Echoing the Philosopher George Santayana, I shared an experience from our U.S. past, when in 1994, the Voice-Over-Internet Protocol was emerging in the Telcom industry, engendering great concern on the part of Law Enforcement and the Intelligence Community that this new technology was going to undercut our ability to effectively monitor our adversaries. The Congress, the Private Sector, Law Enforcement, and Intelligence Community came together and worked collaboratively to formulate a solution about which there was considerable consternation – worries that if this legislation were enacted proverbial “dogs and cats” would start living together. The legislation, the Communications Assistance for Law Enforcement Act, or CALEA, was enacted; the provisions and oversight called out in the legislation engaged; and the feared consequences never experienced. Subsequently, CALEA has never been amended. However, in 2005 the Federal Communications Commission issued an order extending the coverage of CALEA to two-way interconnected VoIP and broadband Internet access, further preserving the ability of law enforcement to conduct lawful intercepts despite evolutions in network technology.

Under CALEA, a telecommunications carrier, including Internet Service Providers who provide paying subscribers with access to the public Internet, must essentially ensure that, when it is served with a court order for lawful surveillance, its network can isolate the communications of the criminal suspect, terrorist or spy identified, and deliver the communications to the law enforcement agency named in the order. The 1994 Congress was aware of the internet, but because the new computer-based medium was not at that time significantly used by criminals, and because political leaders wanted to let the nascent technology grow unfettered by regulation, they limited CALEA, exempting “information and electronic messaging services.” CALEA is now 25 years old and the internet – no longer a nascent service free from criminal or terrorist use. On the contrary, the nefarious actors now exploit the most advanced internet-based techniques in the planning and execution of their schemes – reason enough, for a public-safety minded community, to close the CALEA coverage divide, and something Congress could do by updating the old statute.

For those concerned about the possible encroachment on privacy interests, CALEA extends subscriber privacy protection at every stage of the intercept process:

The Technical Standard-Setting Stage. Industry lawyers and engineers craft intercept standards that limit solutions to delivering only the call content and call-identifying information required by CALEA Section 103. The standards also protect the privacy of non-suspect subscribers.

The Solution Development Stage. Equipment vendors design solutions that conform to industry standards or achieve the goals of CALEA Section 103 in other privacy-protective ways.

The Court Order Stage. Telecommunications carriers confirm the court order is properly authorized before implementing it.

The Implementation Stage. The intercept solution may be activated only when authorized by the carrier’s appointed officer or employee. When the solution is activated, the carrier controls the type of data transmitted to law enforcement and is required to employ security measures to prevent security breaches and privacy measures to keep the intercept confidential.

Shortly after my visit, the Australians passed new Encryption Laws. Now it may be time for the U.S. to take a lesson from our Australian friends.

Subscribe to Security Magazine

Recent Articles by John McClurg

Expense-in-Depth: Total Cost of Controls Reconsidered

"Trust" Revisited: The Birth of Continuous Authentication

AR and VR: How Immersive Technology Is Bringing Cybersecurity Scenarios to Life

How Sense of Privacy Threatens Facial Recognition's Protective Power

Headshot_johnmcclurg

John McClurg serves as Sr. Vice President, CISO and Ambassador-At-Large in BlackBerry's/Cylance’s Office of Security & Trust. McClurg previously was CSO at Dell; Vice President of Global Security at Honeywell International, Lucent Technologies/Bell Laboratories; and in the U.S. Intelligence Community, as a twice-decorated member of the Federal Bureau of Investigation.

 

Related Articles

Transformative Leadership: The Past Can Predict The Future

8 Lessons to Learn from the Sony Breach

Business Travel to Brazil: Lessons from the Sao Paulo Grand Prix Armed Robbery

Related Products

Risk Analysis and the Security Survey, 4th Edition

Effective Security Management, 6th Edition

You must login or register in order to post a comment.

Report Abusive Comment

Subscribe For Free!
  • Print & Digital Edition Subscriptions
  • Security eNewsletter & Other eNews Alerts
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

cybersecurity breach

The Top 12 Data Breaches of 2019

ransomware-enews

British American Tobacco Suffers Data Breach and Ransomware Attack

Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news

Major Retailer Macy's Is Hacked

server room, cybersecurity, penetration testing,

Explained: Firewalls, Vulnerability Scans and Penetration Tests

cyber network

How to Achieve Cybersecurity with Patience, Love and Bribery

SEC2019_Everbridge_1119_360x184customcontent

Events

December 17, 2019

Conducting a Workplace Violence Threat Analysis and Developing a Response Plan

There are few situations a security professional will face that is more serious than a potential workplace violence threat. Every security professional knows and understands that all employers have a legal, ethical and moral duty to take reasonable steps to prevent and respond to threats of violence in their workplace.
January 23, 2020

The Value of a Unified Approach to Critical Event Management

From extreme weather to cyberattacks to workplace violence, every organization will experience at least one, if not multiple, critical events per year. And in today’s interconnected digital and physical world, the cascading safety, brand, and revenue impacts of critical events are more severe.
View All Submit An Event

Poll

Emergency Communications

What does your enterprise use to communicate emergencies to company employees?
View Results Poll Archive

Products

Effective Security Management, 6th Edition

Effective Security Management, 6th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

See More Products
SEC500_250x180 clear

Security Magazine

SEC-December-2019-Cover_144px

2019 December

This month, Security magazine brings you the 2019 Guarding Report, featuring David Komendat, Boeing CSO, and many other public safety leaders to discuss threats and solutions for 2020 and security officer training. Also, we highlight Hector Rodriguez, Director of Public Safety and Security at Marymount California University, CCPA regulations, NIST standards, VMS and much more.

View More Create Account
  • More
    • Market Research
    • Custom Content & Marketing Services
    • Security Group
    • Editorial Guidelines
    • Privacy Policy
    • Survey And Sample
  • Want More
    • Subscribe
    • Connect
    • Partners

Copyright ©2019. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing