Southern Ohio Communications Services, LLC
CALEA Compliance Manual
219 W Emmitt Ave., Waverly, Ohio 45690
Adopted: October 29th, 2020
TABLE OF CONTENTS
I.......... STATEMENT OF CORPORATE POLICY AND purpose........................................... 4
II........ GENERAL POLICIES FOR ELECTRONIC SURVEILLANCE...................................... 5
A. “Appropriate Authorization” Required To Conduct Electronic Surveillance......... 5
B. Personnel Involved in Implementing Electronic Surveillance................................ 5
III....... COMPLIANCE STEPS FOR CONDUCTING ELECTRONIC SURVEILLANCE......... 8
A. Electronic Surveillance Request Pursuant To Title III, Pen Register Or Trap And Trace Device, Or Other Non-FISA Laws Initiated by Court Order, Or Administrative Subpoena.......................................... 8
B. Electronic Surveillance Request Pursuant To Title III, Pen Register or Trap and Trace Device, or Other non-FISA Laws WITHOUT Court Order or Directive But Initiated Under Exigent and Emergency Circumstances. 9
C. Electronic Surveillance Request Pursuant to FISA or FISA Amendments Initiated By Court Order or Directive 10
D. Electronic Surveillance Request Pursuant to FISA or FISA Amendments WITHOUT Court Order or Directive But Initiated Under Exigent and Emergency Circumstances..................................................... 12
E. Subscriber or Cellphone Location Information..................................................... 15
F. Unauthorized Surveillance and Compromises of Authorized Surveillance; Disclosure of Electronic Surveillance. 15
G. Situations When Electronic Surveillance May Not Be Possible........................... 17
IV....... CALEA RECORDKEEPING........................................................................................... 17
A. Requirements for the Interception Record............................................................ 17
B. Contents of the Interception Record...................................................................... 17
C. Certification of the Interception Record................................................................ 18
D. Retention and Filing of Interception Record......................................................... 18
V........ CALEA reporting requirements...................................................................... 18
A. The SSI Plan and Compliance Manual................................................................. 18
B. The Interception Record........................................................................................ 18
APPENDIX 1 -- Glossary
APPENDIX 2 -- Interception Record Certification Form for Electronic Surveillance
APPENDIX 3 -- Checklist for Requests for Location Information
APPENDIX 4 -- Contact Information for Southern Ohio Communications Services CALEA Personnel
APPENDIX 5 -- Southern Ohio Communications Services SSI Plan
FCC CALEA Compliance Manual for Southern Ohio Communications Services
It is the policy of Southern Ohio Communications Services, Inc. (“Southern Ohio Communications Services”) to comply with all laws of the United States, including the Communications Assistance for Law Enforcement Act (“CALEA”).[1] CALEA generally requires all telecommunications carriers, facilities-based broadband internet access service providers and voice over Internet Protocol (“VoIP”) providers (collectively, Carrier”) to cooperate in the interception of communications for law enforcement purposes, and for other purposes.
Section 105 of CALEA requires a Carrier to ensure, before assisting an authorized Law Enforcement Agency (“LEA”) carry out any interception of communications or access to call-identifying information effected within its switching premises can be activated (1) “only in accordance with a court order or other lawful authorization,” and (2) with the “affirmative intervention of an individual officer or employee acting in accordance with regulations” prescribed by the Federal Communications Commission (“FCC”).[2] This Manual constitutes the required FCC CALEA policies and procedures to govern “Electronic Surveillance,” (as defined below) for Southern Ohio Communications Services.[3] This Manual also provides measures to secure and protect the unauthorized disclosure of customer proprietary network information (“CPNI”) when cooperating with LEA. CPNI is sensitive personal information that Carriers have about their customers as a result of their business relationship (e.g., phone numbers called and received; the frequency, duration, location and timing of such calls; any services purchased by the customer, such as call waiting) and information contained in telephone bills.[4] CPNI excludes name, address & telephone number. All carriers are required to secure and protect CPNI.
“Electronic Surveillance” collectively includes, without limitation, the following types of requests, including those without a court order or subpoena under exigent and emergency circumstances:
- Call Content Interception
- Call-Identifying Information Interceptions Using Pen Register or Trap and Trace
- Foreign Intelligence Surveillance Act (“FISA”) Request
- Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008 (“FISA Amendent”) Request or Directive
- Subscriber or Cellphone Location-Based Information (historical or real-time)
- Subscriber Name, Email Address, Postal Address and/or IP Address Information
- Call Logs and Call Details
- Online Search or Transaction History
- Electronic Email Monitoring (log, envelope data or content)
The purpose of this Manual and subsequent editions/updates is to provide Southern Ohio Communications Services’ personnel with a guide for compliance with any local, state or federal LEA request. This Manual is current as of the date on the cover but is not intended as a comprehensive guide to all issues that may arise with respect to CALEA. Any questions about how to comply with or any violation of or departure from the policies and procedures in this Manual should be referred to the Southern Ohio Communications Services CALEA Manager: bchilders@socs.cc;740-947-2409
All employees are required to follow the policies and procedures specified in this Manual. The FCC is authorized under CALEA to impose forfeitures and sanctions for violations of both its regulations and Carriers’ internal surveillance policies and procedures. Under Titles 18 and 50 of the United States Code, Southern Ohio Communications Services and/or its officers and individual employees may also be subject to civil damages, fines, or imprisonment for the unlawful interception or disclosure of wire and electronic communications or improper use of wiretapping equipment.
It is the policy of Southern Ohio Communications Services to permit only lawful, authorized Electronic Surveillance to be conducted on its switching premises. Accordingly, employees shall have “Appropriate Authorization,” which consists of both Appropriate Legal Authorization and Appropriate Carrier Authorization before enabling law enforcement officials and provider personnel to implement the interception of communications or to access email- or call-identifying information. Pursuant to FCC Rules, 47 C.F.R. § 64.2102, “Appropriate Legal Authorization,” “Appropriate Carrier Authorization,” and “Appropriate Authorization” have the following meaning:
Appropriate Legal Authorization: means (1) a court order signed by a judge or magistrate authorizing or approving interception of wire or electronic communications; or (2) other authorization, pursuant to 18 U.S.C. § 2518(7) or any other relevant federal or state statute.
Appropriate Carrier Authorization: means the policies and procedures adopted by Southern Ohio Communications Services to supervise and control officers and employees authorized to assist law enforcement in conducting any interception of communications or access to call-identifying information.
Appropriate Authorization: means both Appropriate Legal Authorization and Appropriate Carrier Authorization.
The following Southern Ohio Communications Services personnel have responsibility for implementing and overseeing Southern Ohio Communications Services’ CALEA compliance. This includes, among other things, implementing the various tasks for physically provisioning Electronic Surveillance and conducting any necessary review of court orders or other LEA requests to determine the authority for implementing an Electronic Surveillance request.
All Southern Ohio Communications Services personnel involved in enabling authorized Electronic Surveillance by law enforcement officials, including, but not limited to, those personnel described herein are required under federal law and company policy to strictly protect the confidentiality of any and all information regarding any law enforcement investigation or Electronic Surveillance. All Southern Ohio Communications Services personnel involved in enabling authorized Electronic Surveillance must acknowledge the confidentiality and non-disclosure obligations outlined in this Manual.
The Initial Contact for an Electronic Surveillance is the first person contacted by LEA for any Electronic Surveillance request, e.g., a Southern Ohio Communications Services employee that provides customer service, third party Call Center employee, or a receptionist. The Initial Contact shall IMMEDIATELY forward any such request to both Southern Ohio Communications Services’ CALEA Manager and Custodian of Records, regardless of the time of day, i.e., 24/7/365.
The CALEA Manager is responsible for facilitating internal preparedness and training for Southern Ohio Communications Services officers and employees and pertinent sub-contractors or agents to respond to LEA requests and ensure that the Southern Ohio Communications Services’ SSI Plan is followed and updated. The CALEA Manager is also ultimately responsible for the execution of any Electronic Surveillance request. The CALEA Manager (or its designee) will receive the LEA request and review and perform the initial evaluation of a request for Electronic Surveillance and forward the court order or other legal authorization to the Legal Contact, if necessary.
The CALEA Manager (or its designee) also shall determine whether the Electronic Surveillance can be implemented technically by conferring with the Designated Employee and whether the court order is sufficiently and accurately detailed to enable the Southern Ohio Communications Services to comply with its terms.
The CALEA Manager may complete Part 1 of the Interception Record Certification Form and certify the Interception Record is complete and accurate.
Contact information for Southern Ohio Communications Services’ CALEA Manager is included in the Contact Information for Southern Ohio Communications Services CALEA Personnel List and Southern Ohio Communications Services System Security Integrity (“SSI”) Plan, and which are attached to this Manual under Appendices 5 and 6, respectively.
IMPORTANT: Requests made pursuant to the FISA or FISA Amendments of 2008 or involving matters of national security or national or foreign intelligence involve very complex and constantly changing laws and legal issues. If such a request is received, the Legal Contact must be notified IMMEDIATELY without discretion of the CALEA Manager, and no action may be taken to implement the request except at the direction of the Legal Contact.
The Custodian of Records is a Southern Ohio Communications Services employee responsible for receiving, reviewing, and performing the initial evaluation of a request for surveillance from a LEA and then forwarding the court order or other legal authorization to the Legal Contact for review and/or approval. (The CALEA Manager may also serve as the Custodian of Records.) The Custodian of Records must complete Part 1 of the Interception Record Certification Form.
When a request for Electronic Surveillance is received, the CALEA Manager or the Custodian of Records (or their designee) shall notify the Legal Contact as soon as practicable and provide him or her with a copy of the request and any supporting documentation. If the Legal Contact has confirmed that the request for surveillance has Appropriate Legal Authorization, the Legal Contact shall notify the Custodian of Records or the CALEA Manager, whomever submitted the request to the Legal Contact.
The Legal Contact will review the information in Part 1 of the Interception Record Certification Form and the associated court order or subpoena (or LEA Certification for requests without court orders or subpoena) and, upon determination of its facial validity, the Legal Contact shall complete Part 2 of the Certification Form and forward the Certification Form to the Designated Employee.
The primary Legal Contact(s) shall be:
Stephen E. Coran, Esq.
Lerman Senter PLLC
202/416-6751 (Work)
202/607-6182 (Mobile)
The alternate Legal Contact(s) shall be:
S. Jenell Trigg, Esq., CIPP US
Lerman Senter PLLC
202/416-1090 (Work)
202/669-7877 (Mobile)
The Designated Employee(s) is a Southern Ohio Communications Services technician that is responsible for provisioning Electronic Surveillance equipment. The Designated Employee(s) will ensure that Electronic Surveillance within Southern Ohio Communications Services’ switching premises will be conducted only at the direction of the Custodian of Records or the CALEA Manager.
The Designated Employee(s) must complete Part 3 of the Interception Record Certification Form.
6. Designated Employee Supervisor
The Designated Employee Supervisor shall function as the employee responsible for overseeing the Designated Employee(s) and the Electronic Surveillance. The Designated Employee Supervisor will ensure that surveillance is conducted in accordance with the policies outlined in this Manual.
The Designated Employee Supervisor must complete Part 3 of the Interception Record Certification Form.
COMPLIANCE STEPS:
1. All Electronic Surveillance with a non-FISA court order or subpoena shall be referred immediately to both the CALEA Manager (and its designee) and the Custodian of Records (or its designee) by the Initial Contact. The Custodian of Records shall implement the LEA request and consult with the Legal Contact as soon as practicable to determine whether the LEA request has the Appropriate Legal Authorization.
IMPORTANT: LEA requests under FISA or FISA Amendments are not to be implemented in any manner without Legal Contact approval
2. Before implementing the interception, the Custodian of Records (or its designee) shall request that the Legal Contact review the Electronic Surveillance request to ensure that it contains the following information:
(a) the identity of the person, if known, whose communications are to be intercepted;
(b) the nature and location of the communications facilities or the place for which authority to intercept is granted;
(c) a particular description of the type of communication sought to be intercepted and a statement of the particular offense to which it relates;
(d) the identity of the LEA authorized to intercept the communications, and of the person authorizing the application;
(e) the period of time during which the interception is authorized, including a statement whether the interception shall automatically terminate when the described communication has been first obtained;
(f) a provision that the authorization to intercept shall be executed as soon as practicable and conducted in such a way as to minimize the interception of communications not otherwise subject to interception;
(g) a probable cause determination consistent with Rule 41 of the Federal Rules of Criminal Procedure; AND
(h) the signature of a federal district court judge, magistrate (unless content is also requested) or authorized state judge.
COMPLIANCE STEPS:
1. Any Electronic Surveillance request initiated WITHOUT a court order pursuant to Title III, Pen Register Or Trap And Trace Device, Stored Communications Act, or other non-FISA court orders under exigent and emergency circumstances shall be referred IMMEDIATELY by the CALEA Manager (or its designee) or Custodian of Records or its designee) to the Legal Contact.
2. Before implementing the interception, the Custodian of Records or its designee) and/or the Legal Contact shall ensure that the LEA provides a certification (“LEA Certification”) containing the following information:
(a) the information, facilities, or technical assistance required;
(b) the period of time during which the provision of information, facilities, or technical assistance is authorized;
(c) a statement that no warrant or court order is required by law;
(d) a statement that all statutory requirements have been met;
(e) a statement that a copy of any subsequently-issued warrant or court order required by law will be provided promptly;
(f) a statement that the specific requested assistance is required; AND
(g) the signature of EITHER (i) the Attorney General of the United States, OR (ii) a law enforcement officer specially designated by the Attorney General, the Deputy Attorney General, the Associate Attorney General, or by the principal prosecuting attorney of any state or subdivision thereof.
3. Upon receiving authorization from the Legal Contact, the CALEA Manager shall contact the Designated Employee and/or Designated Employee Supervisor to implement the Electronic Surveillance and continue to oversee the implementation of the Electronic Surveillance.
4. The Designated Employee and Designated Employee Supervisor shall continue to oversee the implementation of the Electronic Surveillance and ensure that the Electronic Surveillance issued under the exigent or emergency circumstances terminates with-in 48 hours. If a subsequent court order was provided by the LEA, the Electronic Surveillance terminates when the Authorized Legal Authorization expires. The Electronic Surveillance shall be terminated at the time specified in the subsequent court order (which, in the absence of an extension, cannot exceed thirty (30) days). The Designated Employee or the Designated Employee Supervisor shall document the start and end dates, and all pertinent details for the Interception Record.
COMPLIANCE STEPS:
1. Any court order presented by a LEA for Electronic Surveillance pursuant to FISA shall be referred immediately to the Custodian of Records (or designee) AND to the Legal Contact.
NO ACTION SHALL BE TAKEN TO IMPLEMENT THE REQUEST EXCEPT AT THE DIRECTION OF THE LEGAL CONTACT.
NOTE: Court orders issued pursuant to FISA are generally considered to be classified, and the government may therefore refuse to provide a copy of the order and/or may place restrictions on which Southern Ohio Communications Services personnel, agents, or representatives will be permitted to view the order.
2. Before implementing the interception the Custodian of Records (or its designee) and/or the Legal Contact will review the court order (if made available) to ensure that it contains the following information:
(a) the identity, if known, or a description of the target of the Electronic Surveillance;
(b) the nature and location of each of the facilities or places at which the Electronic Surveillance will be directed, if known;
(c) the type of information sought to be acquired and the types of communications or activities to be subjected to the surveillance;
(d) the means by which the Electronic Surveillance will be affected and whether physical entry will be used to affect the surveillance;
(e) the period of time during which the Electronic Surveillance is approved;
(f) directions that:
(i) the minimization procedures established by the US Attorney be followed;
(ii) a specified communications provider, custodian, or other specified person furnish all information, facilities, or technical assistance necessary to accomplish the Electronic Surveillance in such a manner as will protect its secrecy and produce a minimum of interference with the services that such provider or person is providing to the target of the Electronic Surveillance;
(iii) the provider or specified person providing assistance maintain any records of the surveillance under security procedures approved by the US Attorney General; AND
(iv) the provider or specified person be compensated at the prevailing rate.
AND
(g) the signature of a federal district court judge publicly designated as a FISA judge pursuant to 50 U.S.C. § 1803.
3. The Custodian of Records (or its designee) shall determine whether the surveillance can be implemented technically by conferring with the Designated Employee and whether the court order is sufficiently and accurately detailed to enable the provider to comply with its terms.
4. Upon receiving authorization from the Legal Contact, the Designated Employee and/or Designated Employee Supervisor shall provision and continue to oversee the implementation of the surveillance. Upon receipt of the Certification Form, the Designated Employee and Designated Employee Supervisor shall complete Part 3 of the Certification Form, insert the start date of the surveillance, sign and date the Surveillance Enabled Section of the form, provide a copy of the form to the Legal Contact, and file the Certification Form in the CALEA Cabinet.
5. The Designated Employee shall continue to oversee the conduct of the Electronic Surveillance and ensure that the surveillance terminates when the legal authorization expires. The interception shall be terminated at the time specified in the order. In the absence of an extension, the surveillance cannot exceed 90 days (or 1 year if the surveillance is targeted against a foreign power, or 120 days if the surveillance is targeted against an agent of a foreign power). The Designated Employee shall insert the end date, sign and date the Surveillance Disabled Section of the Form, and forward the Certification Form to the Legal Contact.
6. The Legal Contact shall ensure that the Certification Form and all attachments are placed in the appropriate file. The file shall be maintained by the Legal Contact, on behalf of SOCS, in secure and appropriately marked files for the required statutory time period or other time period as specified in Southern Ohio Communications Services’ document retention policies.
1. Any request by a LEA for Electronic Surveillance pursuant to FISA but initiated without a court order under (i) the exigent or emergency circumstances set forth in 50 U.S.C. § 1805(e); (ii) 50 U.S.C. § 1881(a) (added by the FISA Amendments Act of 2008); or (iii) 50 U.S.C. § 1881(b) (added by the FISA Amendments Act of 2008) shall be referred immediately to the Custodian of Records (or designee) AND to the Legal Contact.
2. If the request is made pursuant to the exigent or emergency circumstances provisions of 50 U.S.C. § 1805(f) or 50 U.S.C. § 1881(b) (added by the FISA Amendments Act of 2008):
Although FISA does not expressly require a certification for requests made pursuant to the exigent or emergency circumstances provisions of 50 U.S.C. § 1805(f) or 50 U.S.C. § 1881(b) (added by the FISA Amendments Act of 2008), the Custodian of Records (or its designee) and Legal Contact shall ensure that the LEA provides an LEA Certification containing the following information before implementing the request:
(a) the information, facilities, or technical assistance required;
(b) the period of time during which the provision of information, facilities, or
technical assistance is authorized;
(c) a statement that no warrant or court order is required by law;
(d) a statement that all statutory requirements have been met;
(e) a statement that the specific requested assistance is required; AND
(f) the signature of EITHER (i) the Attorney General of the United States, OR (ii) a law enforcement officer specially designated by the Attorney General.
If the request is made pursuant to a Directive issued under 50 U.S.C. § 1881(a) (added by the FISA Amendments Act of 2008):
The Custodian of Records (or its designee) and Legal Contact shall ensure that the Directive:
(a) is in writing;
(b) states that the target of the requested surveillance activity is NOT a United States person AND is located OUTSIDE the United States; AND
(c) is issued by the Attorney General of the United States and the Director of National Intelligence.
NO ACTION SHALL BE TAKEN TO IMPLEMENT A DIRECTIVE ISSUED UNDER 50 U.S.C. § 1881(a) OF FISA EXCEPT AT THE DIRECTION OF THE LEGAL CONTACT.
3. The Custodian of Records shall determine whether the surveillance can be
implemented technically by conferring with the Designated Employee and whether the emergency request is sufficiently and accurately detailed to enable the provider to comply with its terms. The Custodian of Records shall complete Part 1 of the Interception Record Certification Form providing it, the LEA Certification, and the specifics of the exigent or emergency request to the Legal Contact for review and approval.
4. The Legal Contact will review the information in Part 1 of the Certification Form and complete Part 2 of the Certification Form and forward the Certification Form to the Designated Employee.
5. Upon receiving authorization from the Legal Contact, the Designated Employee and/or Designated Employee Supervisor may implement the surveillance and shall continue to oversee the implementation of the surveillance. Upon receipt of the Certification Form, the Designated Employee and Designated Employee Supervisor shall complete Part 3 of the Certification Form, insert the start date of the surveillance, and sign and date the Surveillance Enabled Section of the form. The Designated Employee shall then provide a copy of the form to the Legal Contact and file the Certification Form in the CALEA Cabinet.
6. The Designated Employee, Designated Employee Supervisor and Legal Contact shall continue to oversee the conduct of the Electronic Surveillance and terminate the surveillance as soon as any of the following events occur:
(a) the information sought is obtained;
(b) the LEA’s application for a court order is denied; or
(c) seven (7) days have elapsed since the authorization of the surveillance by the Attorney General without the granting of a court order (Note: this 7-day time limit does not apply to Directives issued pursuant to 50 U.S.C. § 1881(a)).
7. If the LEA provides a court order for the surveillance, the Legal Contact shall validate the court order (as specified in Section V.F., Step Two above), attach the order to the Certification Form, and handle the surveillance in all respects under the procedures in Section V.F. Should the LEA fail to provide a court order, the Designated Employee shall insert the end date, sign and date the Surveillance Disabled Section of the Certification Form, and forward the Certification Form to the Legal Contact.
8. The Legal Contact shall ensure that the Certification Form and all attachments are placed in the appropriate file. The Legal Contact shall forward a copy of the file to the Southern Ohio Communications Services Compliance Officer. The file shall be maintained by the Legal Contact, on behalf of SOCS, in secure and appropriately marked files for the required statutory time period or other time period as specified in Southern Ohio Communications Services’ document retention policies.
IMPORTANT: If a request for any form of Electronic Surveillance – other than a request made pursuant to FISA – presented by a LEA claiming exigent or emergency circumstances shall be referred immediately to the Custodian of Records. The Custodian of Records shall consult with the Legal Contact as soon as practicable. Before implementing the request, the Custodian of Records and the Legal Contact shall:
(a) Determine whether the law enforcement agent making the request is properly authorized or designated to do so under the applicable statute;
(b) Determine whether exigent or emergency circumstances exist such that a warrant or court order is not IMMEDIATELY required, as Southern Ohio Communications Services expects LEAs to provide Appropriate Legal Authorization within 48 hours after receiving the urgent request. In general, federal law defines an emergency situation as one that involves immediate danger of death or serious physical injury to any person (see 18 U.S.C. § 2518(7));
(c) Determine the precise scope and nature of the Electronic Surveillance requested (i.e., Interception, location information, pen register/trap and trace); AND
(d) Document all answers and information obtained.
Upon determining that exigent or emergency circumstances exist, the Custodian of Records and/or the Legal Contact shall follow the above procedures for conducting Electronic Surveillance without a court order or subpoena.
COMPLIANCE STEPS:
1. Any request by a LEA for subscriber location information – regardless of circumstances or legal basis – shall be referred immediately to the Custodian of Records (or its designee). The Custodian of Records (or its designee) shall consult with the Legal Contact as soon as practicable.
2. Before implementing any request for location information, the Custodian of Records (or its designee) and/or the Legal Contact shall review and complete the “Checklist for Requests for Location Information” (see Appendix 3 to this Manual).
3. If the request is for Pinging of a subscriber’s device, before implementing the request, the Custodian of Records (or its designee) and/or the Legal Contact shall advise the requesting LEA that there is a possibility that the “ping” could potentially alert the subscriber of the surveillance activity, explain how this could occur, and obtain confirmation from the requesting LEA that it understands this issue and wishes to proceed with Pinging.
4. If the request is for real-time location information, including a “ping,” the Custodian of Records (or its designee) and/or the Legal Contact shall determine whether the request is being made pursuant to:
(a) 18 U.S.C. § 2518 (also known as “Title III”).
If so, the Custodian of Records (or its designee) and/or the Legal Contact shall follow the procedures set forth in either Section V.A. or Section V.B. of this Manual.
(b) 18 U.S.C. § 3117 (tracking devices).
If so, the Custodian of Records (or its designee) and/or the Legal Contact shall follow the procedures set forth in either Section V.A. or Section V.B. of this Manual, except that a warrant or court order that does not also request a content interception may be signed by a magistrate judge.
(c) A combination of both the Stored Communications Act (“SCA”), 18 U.S.C. §§ 2701 – 2712 and the Pen Register/Trap and Trace Statute, 18 U.S.C. §§ 3121 – 3127, also known as the “hybrid theory.” For hybrid theory requests seeking historical location information, refer to Step Five.
(d) Emergency/Exigent circumstances.
If so, the Custodian of Records (or its designee) and/or the Legal Contact shall follow the procedures set forth in Section III of this Manual. If exigent/emergency circumstances are not present, the Custodian of Records (or its designee) and/or the Legal Contact shall follow Southern Ohio Communications Services’ procedures for the processing of requests for subscriber information or records.
5. If the request is for stored or “historic” location information, and made pursuant to the authorities identified above in Step Four, the Custodian of Records (or its designee) and/or the Legal Contact shall treat such request as a request for connection records and will follow the same procedures as if the information had been requested through a subpoena.
Southern Ohio Communications Services employees are prohibited from conducting any unauthorized surveillance and from disclosing to any person the existence of, or information about, any law enforcement investigation or Electronic Surveillance on its premises. Disclosure regarding the existence of, or information about, any LEA investigation or Electronic Surveillance is permitted only when required by legal process and at the direction of the CALEA Manager with consultation with the Legal Contact, if necessary.
COMPLIANCE STEPS:
1. If any Southern Ohio Communications Services employee has knowledge of or becomes aware of any act of unauthorized Electronic Surveillance or any compromise of Southern Ohio Communications Services’ system security and integrity procedures that involve the execution of Electronic Surveillance to unauthorized persons or entities, that employee shall report the incident immediately to the Southern Ohio Communications Services CALEA Manager: bchilders@socs.cc;740-947-2409.
2. Employees shall report (1) any incidents of unauthorized Electronic Surveillance and any act of compromise of a lawful interception of communications or access to call-identifying information to unauthorized persons or entities; and (2) any act of unlawful Electronic Surveillance that occurred on its premises in accordance with the procedures below:
(a) The CALEA Manager, acting with the Legal Contact and the Designated Employee shall determine which LEAs are affected and promptly notify the pertinent LEA of the incident within a reasonable time upon discovery – no more than 48 hours upon the initial discovery.
(b) The CALEA Manager shall complete the Interception Record for any unauthorized Electronic Surveillance and ensure that all records available to Southern Ohio Communications Services regarding the Electronic Surveillance are placed in the appropriate company files. Specific for the content of the Interception Record can be found in Section III, Recordkeeping, of this Manual.
There may be situations when Southern Ohio Communications Services will not be able to comply with an LEA request. For example, in situations in which a subscriber redirects, hands-off, or assigns its wire or electronic communications to another service area or another service provider, or utilizes facilities in another service area or of another service provider, and Southern Ohio Communications Services no longer has access to the content of such communications or call-identifying information. The CALEA Manager will ensure that appropriate information is made available to the LEA, identifying the provider of a wire or electronic communication service that has acquired access to the communications or call-identifying information. If a subscriber requests that a telephone number be ported to another provider after a valid surveillance request is initially made, Southern Ohio Communications Services will provide a LEA with the identity of the new provider to whom a number has been ported as soon as practicable.
The CALEA Manager shall maintain a record of each Electronic Surveillance (each, an “Interception Record”), regardless of whether the surveillance was authorized or unauthorized, or completed. The Interception Record, along with a copy of the subpoena, warrant, court order, or LEA Certification shall be retained for a period of 5 years. Certain authorized requests are classified and strictly confidential; consequently, a copy of the subpoena, warrant, or court order may not be retained by Southern Ohio Communications Services. In that instance, the Interception Record shall be revised to indicate only non-target information to describe the request and document the surveillance. The CALEA Manager is responsible for ensuring each Interception Record is maintained in both electronic and hard copies.
Each Interception Record shall include:
1. The telephone number(s) and/or circuit identification numbers involved;
2. The start date and time that the Company enables the interception of communications or access to call identifying information;
3. The identity of the LEA officer presenting the authorization;
4. The name and title of the person signing the Appropriate Legal Authorization;
5. The type of interception of communications or access to call-identifying information (e.g., pen register, trap and trace, Title III, FISA); and
6. The name of the then-serving CALEA Manager and the Written Finding.
Each Interception Record shall be signed by the then-serving CALEA Manager, who must certify that the overall Interception Record is complete and accurate. The Interception Record must be compiled either contemporaneously with, or no later than 24 hours after the initiation of the interception of the Electronic Surveillance.
The CALEA Manager, with consultation with the Legal Contact (if necessary), shall also establish and label files to retain all Interception records, including pertinent LEA Certification Forms, court orders, and other records for all authorized and unauthorized Electronic Surveillance, whether completed or not. The CALEA Manager shall compile and maintain all records associated with the Electronic Surveillance request in secure and appropriately marked files for the a minimum 2 (two) years or an alternative longer time period as specified in Southern Ohio Communications Services’ document retention plan and schedule.
The CALEA Manager is responsible for ensuring that the Southern Ohio Communications Services SSI Plan is up to date and accurate at all times. Southern Ohio Communications Services must file an SSI Plan with the FCC, along with a copy of this Manual, on a confidential basis with-in 90 days of a merger, divestature or acqusition of a new Carrier.
The Interception Record is NOT filed with the FCC. It must be retained by Southern Ohio Communications Services in a secure and confidential manner for at least five (5) years.
# # #
APPENDIX 1
GLOSSARY
CALEA Cabinet – a locked cabinet used to store Southern Ohio Communications Services CALEA equipment. Access is limited to only the Designated Employees, Designated Employees Supervisors, and the CALEA Manager.
Call Content Interception — an interception of a communication, including its content (i.e. a wiretap carried out pursuant to a court order issued in accordance with Title III (codified as Title I of the ECPA, 18 U.S.C. §§ 2510-2522)).
Call-Identifying Information Interception — accessing dialing or signaling information that identifies the origin, direction, destination, or termination of a communication generated or received by a subscriber by means of any equipment, facility, or service of a telecommunications carrier or VoIP provider (e.g., a Pen Register or Trap and Trace surveillance).
Certification Form – the Interception Record Certification Form for Electronic Surveillance, appended hereto in Appendix 2 and required by 47 C.F.R. § 64.2104, to document the Southern Ohio Communications Services’ practices and procedures undertaken to review for Appropriate Legal Authorization. The Certification Form must be completed by the CALEA Manager, Custodian of Records, Legal Contact, the Designated Employee(s) and the Designated Employee Supervisor.
Compliance Officer – Southern Ohio Communications Services employee responsible for overseeing compliance matters for Southern Ohio Communications Services. Southern Ohio Communications Services employee responsible for receiving, reviewing, and performing the initial evaluation of a request for surveillance from a Law Enforcement Agency, and then forwarding the court order or other legal authorization to the Legal Contact for review and/or approval.
Custodian of Records – Southern Ohio Communications Services employee responsible for receiving, reviewing, and performing the initial evaluation of a request for surveillance from a Law Enforcement Agency, and then forwarding the court order or other legal authorization to the Legal Contact for review and/or approval. The CALEA Manager may designate another responsible employee(s) to serve as a Custodian of Records, or alternatively, the CALEA Manager can serve in both positions. The Southern Ohio Communications Services Custodian of Records contact information is identified in Appendix 5 to this Manual.
Designated Employee – Southern Ohio Communications Services technician responsible for activating surveillance equipment. Such employee will ensure that interception of communications or access to call identifying information acquired within Southern Ohio Communications Services’ switching premises will be activated only as directed by the Legal Contact and/or the Custodian of Records upon their review and approval of the relevant Appropriate Legal Authorization.
Designated Employee Supervisor – Southern Ohio Communications Services supervisor responsible for overseeing the Designated Employee and the interception of communications or access to call-identifying information. The Designated Employee Supervisor will ensure that surveillance is conducted in accordance with the policies outlined in this Manual.
Electronic Communications Privacy Act (“ECPA”) – federal statute designed to prevent unauthorized government access to private electronic communications, codified at 18 U.S.C. §§ 2510-2522 (also known as “Title III” or the “Wiretap Act”); 18 U.S.C. §§ 2701-2712 (also known as the “Stored Communications Act” or “SCA”); and 18 U.S.C. §§ 3121-3127 (also known as the “Pen Register/Trap and Trace Statute”).
Foreign Intelligence Surveillance Act (“FISA”) – federal statute authorizing Electronic Surveillance for national security purposes under very specific circumstances and strict conditions, codified at 50 U.S.C. §§ 1801 – 1885c.
Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008, (“FISA Amendments”) – federal statute amending FISA, the USA Patriot Act, and Protect America Act of 2007 authorizing Electronic Surveillance for national security purposes under very specific circumstances and strict conditions, codified at 50 U.S.C. §§ 1801 et seq.
Initial Contact – is the first person contacted by LEA for any Electronic Surveillance request, e.g., a Southern Ohio Communications Services employee or vendor that provides customer service, third party Call Center employee, or a receptionist.
Interception Record – A written report used to provide an accurate record of each Electronic Surveillance (authorized or unauthorized) that includes the Certification Form (as defined herein) and documentation of a Law Enforcement Agency request, the Appropriate Legal Authorization, Appropriate Carrier Authorization, and the Electronic Surveillance start/end dates, as well as any extensions.
Law Enforcement Agency (“LEA”) – local, state or federal government entity requesting Electronic Surveillance.
Legal Contact – Southern Ohio Communications Services designated in-house attorneys and/or outside counsel responsible for providing legal assistance whenever a request for Electronic Surveillance is received.
Pen Register Surveillance — recording or decoding electronic or other impulses which identify the numbers dialed or otherwise transmitted on the telephone line to which a Pen Register device is attached, authorized pursuant to a court order issued under the Pen Register/Trap and Trace Statute, 18 U.S.C. §§ 3121-3127.
Pinging – sending a telephone call, dispatch call, or other signal to a subscriber’s device to obtain information regarding the device’s current status and/or location.
Stored Communications Act (“SCA”) – federal statute governing the disclosure of information stored in the carrier’s network and/or records regarding a subscriber’s communications services, including, but not limited to, communications content, date/time of any communications, origination/destination of any communications, calling or billing records, etc., codified at 18 U.S.C. §§ 2701-2712.
Title III – term used in warrants, court orders and documents, LEA requests, and the FCC’s CALEA regulations to refer to call content interception (i.e., wiretaps). The term “Title III” comes from Title III of the Omnibus Crime Control and Safe Streets Act of 1968 and should not be confused with Title III of the ECPA, which covers pen register/trap and trace surveillance.
Trap and Trace Surveillance — capturing the incoming electronic or other impulses which identify the originating number of an instrument or device from which a wire or electronic communication was transmitted, authorized pursuant to a court order issued under the Pen Register/Trap and Trace Statute, 18 U.S.C. §§ 3121-3127.
Wiretap – capturing and recording and/or passing along communications content to an authorized LEA.
APPENDIX 2
Interception Record
Certification Form for Electronic Surveillance
INSTRUCTIONS: This is a three-part form. The information requested below shall be provided as indicated on this form by the individual(s) identified in each part and signed and dated by each individual.
PART 1: Custodian of Records and/or CALEA Manager
The Appropriate Legal Authorization for the surveillance shall be attached to this form. If the authorization is attached, check the box below.
If the Appropriate Legal Authorization is of such a classified and strictly confidential nature, then Southern Ohio Communications Services cannot retain and attach a copy as a matter of law. In that instance, NO reference at all to the target telephone number, the requesting LEA officer, or any other identifying information shall be made on this form. General information to document the surveillance may be included in Items 2, 6, 7 and 8 below. If the authorization is not attached, check the appropriate box below.
Upon completion of the Electronic Surveillance, forward this form to the Legal Contact or Designated Employee, as appropriate.
NOTE: If an extension order (for an extended time period) for an Appropriate Legal Authorization is received, document that extension of time here and complete this form. Then, the Custodian of Records shall complete a new Certification Form for each extension order and repeat this process for each extension order received. Please note that an Electronic Surveillance may not actually end on a certain date and time if the extension order is received before the end date and time. In that instance, the surveillance may be continuous and not interrupted or ended. The date the extension order is received is documented to show that continuous surveillance without interruption. If, however, the extension order is not received before the end date and time, then the surveillance should be terminated as directed. The completed Certification Forms for the Appropriate Legal Authorization and any related extension orders should be filed together and maintained by the Legal Contact; the Legal Contact shall forward a copy of the file to the Compliance Officer.
|
1. Telephone number(s) and/or circuit identification numbers involved |
|
|
2. Start date and time of interception of communications or access to call identifying information. |
|
|
3. Law enforcement officer presenting the authorization |
|
|
4. Person signing the Appropriate Legal Authorization |
|
|
5. Type of surveillance (e.g., Pen Register, Trap and Trace, “Title III”, FISA) |
|
|
6. Employee responsible for overseeing the surveillance |
|
|
7. End date and time for interception of communications or access to call identifying information. |
|
|
8. Southern Ohio Communications Services Reference Number & Court Order Docket Number |
|
Check all that apply:
I have attached the court order or other Legal Authorization for this surveillance as well as any extensions that have been granted.
This is an extension order to a current Legal Authorization for surveillance
I cannot attach the court order or other Legal Authorization for this surveillance due to its classified nature. I have reviewed the Legal Authorization, and it appears to be valid on its face.
I have forwarded this form and all attachments to the Legal Contact on _________ (insert date).
I have determined that an exigent or emergency situation exists that requires the immediate provision of the requested surveillance and have forwarded this form and all attachments directly to the Designated Employee for implementation.
Signed:_________________________________ Date: _________________________________
Name (Print):_____________________________ Title: _________________________________
Interception Record
Certification Form for Electronic Surveillance
PART 2: Legal Contact
I have reviewed the information provided by the Custodian of Records or CALEA Manager and the court order or other Appropriate Legal Authorization appended to the Certification Form for Electronic Surveillance.
I have not reviewed the Legal Authorization due to its classified and strictly confidential nature; but, I have reviewed the information provided by the Custodian of Records or CALEA Manager. Based on that review and discussion with the Custodian of Records, I find the Legal Authorization to be valid on its face and authorize the Designated Employee to provision the requested surveillance.
Signed: ________________________________________ Date:____________________________
Name (Print): ___________________________________ Title: ____________________________
Interception Record
Certification Form for Electronic Surveillance
Part 3: Designated Employee(s)/Designated Employee Supervisor
|
1. Technician(s) Provisioning Surveillance |
|
|
2. Employee responsible for overseeing the surveillance (if different than above) |
|
|
3. Surveillance ID and Password |
|
Designated Employee
Surveillance Enabled – Start Date: _________________________________________________
I, _______________________ (please print), have provisioned the Electronic Surveillance in accordance with the terms described on this form and on any attached documents.
Signed: _________________________________________ Date: _________________
Designated Employee
Surveillance Disabled – End Date: __________________________________________________
I, ________________________ (please print), have confirmed the Electronic Surveillance is disabled.
Signed: _________________________________________ Date: _________________
Designated Employee – Alternatively, Surveillance Not Disabled, but Continued Due to an Extension Order
Surveillance Not Disabled – Surveillance Continued Date: ________________________________
I, _______________________ (please print), have confirmed that the Electronic Surveillance is not disabled, but continued until ____________________ (date) due to receipt of an extension order.
Signed: _________________________________________ Date: _________________
NOTE: If there is an extension order to continue the current Electronic Surveillance, complete this form by signing and dating here (and have the Designated Employee Supervisor sign and date). Then create a new Certification Form for the extension order and repeat the process and signatures for that new order.
Designated Employee Supervisor
I, ____________________________(please print), was responsible for overseeing the interception of the communication of access to Identifying information and certify that surveillance was conducted in accordance with Southern Ohio Communications Services policies for implementing such surveillance.
Signed:__________________________________________ Date:__________________
APPENDIX 3
Checklist for Requests for Location Information
- Type of emergency (examples: “kidnapping”, “hostage”, “planned attack”, “armed and dangerous” these are just examples, and there could be others)
- A missing person is not automatically an emergency. The requesting party should supply additional facts to support a good faith belief the threat of imminent bodily harm is present.
_____ Historical location information of cell sites
Time period covered: ___________________________________
_____ Real-time location information (i.e., phone activity or location of cell tower sites)
_____ Real-time location information requiring Southern Ohio Communications Services’s affirmative intervention (i.e., Pinging)
**NOTE: the common request seeking location information for 30 days prior to the date of the order and extending thirty days beyond the order is actually a request for both historical and real-time location information.
- Court order, warrant, subpoena, or other?
- Basis of authority (law(s) or statute(s)):
- “Probable cause”?
- If not, please specify (for example: “specific articulable facts,” etc.)
APPENDIX 4
bchilders@socs.cc;740-947-2409