Why “Just-in-Time” CALEA Compliance Solutions are Never on Time

Subsentio takes a hard look at “Just-in-Time” CALEA Compliance Solutions and how they can put both public safety and CSPs themselves at risk.

Anyone who has worked with Subsentio knows our passion for precision. We work overtime to make sure every client has the right CALEA Compliance solution in place, and that it is tested and ready for action when a court order for a lawful intercept arrives. When that day comes we immediately review the court order for accuracy, implement the technology solution, then work hand-in-hand with law enforcement to ensure that all steps in the process are carried out systematically, quickly and according to plan.

At its core our business is about ensuring public safety and national security. We treat CALEA Compliance with the same rigor and seriousness that ER or SWAT teams apply to their respective fields. Subsentio has hundreds of clients that appreciate this level of commitment because it delivers reliable results.

However, not everybody feels the same way about CALEA Compliance. Some are willing to “settle for less” even when lives are at stake. One example of that is called the “Just-in-Time” solution.


Origin of “Just-in-Time” CALEA Compliance

In the CALEA realm, “Just-in-Time” may be characterized as the practice of after-the-fact compliance. A communications service provider (CSP) pays a low monthly fee to a Trusted Third Party or “TTP.” When a court order for a lawful intercept arrives, the TTP ships the CSP a technology solution such as a Probe. The CSP engineering department deploys the Probe. The TTP then establishes a VPN to the requesting law enforcement agency and bingo – the lawful intercept is ready to proceed. In theory the concept is simplicity itself.

When first conceived, “Just-in-Time” CALEA Compliance solutions seemed like a brilliant solution to an overwhelming issue faced by many CSPs. The Federal Communications Commission (FCC) had just issued a “’Report and Order” extending CALEA compliance requirements to the new generation of broadband and VoIP providers whose services connected with the public switches telephone networks (PSTNs).

Overnight, hundreds of such small to medium-size players found themselves subject to complex rules requiring the installation of expensive technology solutions. Suddenly these smaller CSPs faced an unavoidable capex outlay. Enter low-cost “Just-in-Time” CALEA Compliance solutions to the rescue.

Failing the Acid Test of CALEA Compliance

Unfortunately, in practice “Just-in-Time” CALEA Compliance turned out to be riddled with problems. All stemmed from: (1) absence of planning; (2) zero management oversight; and (3) reliance on the practice of having nothing in place prior to receipt of the court order.

For instance, it often happened that the CSP contact in charge of managing the “Just-in-Time” solution had changed jobs without being replaced, leaving no one in charge of the process. CSP engineers responsible for deploying the Probe might be eager to help, but unable to take action because their back office systems lacked “rack space” for the device.

Immediately impacted by this lag time were law enforcement agents. Without a working CALEA Compliance solution in place, investigations came to a standstill. The longer the delay, the more time that dangerous elements had to play their game of threatening national security and public safety. And when there is an exigent or emergency court order such as a kidnapping or terrorist activity, it’s impossible to ship and install a probe in time to meet our goal of turning up an order in 10 minutes or less.

One piece of evidence no one could ignore: The CSP’s inability to act promptly on the court order showed that it wasn’t really CALEA compliant.

That was bad news for the CSP.

Penalties for Non-Compliance

It’s still bad news for CSPs that continue to adhere to old “Just-in-Time” CALEA Compliance solutions.

If the law enforcement agency chooses to do so, it can take the service provider to court. The fine for non-compliance with CALEA can be set at up to $10,000 per day. When a federal investigation is thwarted, the U.S. Department of Justice itself may step in. So may the Federal Communications Commission if it is discovered that the CSP has failed to file a mandatory CALEA Compliance Plan at the FCC.

In reality, the “Just-in-Time” solution intended to make a CSP’s CALEA compliance easy and inexpensive can quickly turn into a serious and costly legal liability.

Don’t Gamble on Just-in-Time

Subsentio, the CALEA Compliance Company™ and the largest Trusted Third Party provider in the U.S., has a much better set of options: a full suite of cost-effective solutions across the spectrum of legal compliance: active, passive and new “cloud-based” LI solutions, plus Subsentio Records Production for call records — all backed by our unique end-to-end service bureau that guarantees results.

Benefits of the Subsentio Service Bureau model:

  • Assessment of the CSP’s current CALEA Compliance status.
  • Selection of the ideal technology solution based on a CSP’s needs and budget.
  • Deployment and Testing of the technology solution, followed by regular testing to ensure performance.
  • Legal Assistance in creating and filing the CSP’s mandatory CALEA Compliance Plan with the FCC– including names/contact info of those responsible for the Plan, whether in-house personnel or outsourced to Trusted Third Party, Subsentio.
  • Training.
  • Expert Legal Review of all court orders for Lawful Intercept.
  • 24X7X365 Support for CALEA Compliance and Records Production, including exigent circumstances.
  • Close Liaison with LEAs responsible for the lawful intercept, managed by Subsentio’s team of former FBI officials with Top Secret Security clearance.

Add it all up and the sum is reliable, affordable “hands free” CALEA Compliance for our clients.

Settling for less is a bad gamble that puts not only public safety but the CSP itself at risk. If this sounds like you, call Subsentio at 877-510-4357, and let’s get serious about your CALEA Compliance needs.