CALEA Compliance Policy and Statement
Altus is an interconnected Voice Over IP (VoIP) service provider and must comply with the Communication Assistance for Law Enforcement Act (CALEA), which was extended to VoIP carriers in 2004. Altus works with its technology partner BroadSoft to ensure compliance with CALEA. As of February 2, 2018, BroadSoft became a wholly owned subsidiary of Cisco (NASDAQ: CSCO)
The Altus communications offering uses the BroadSoft call control platform and related software developed by BroadSoft to deliver VoIP services to the Altus customer base. When surveillance is requested by a Law Enforcement Agency (LEA), Broadsoft will use the CALEA solution embedded within their platform to deliver call-identifying information and/or call content to the requesting LEA, typically in real time, using highly secure methods such as Virtual Private Network tunnels. If files are exchanged containing information on a subject, they will be password protected wherever possible to ensure secure delivery of the information.
Any LEA request for intercept received by Altus or its partners is directly forwarded to the designated CALEA representative within BroadSoft. BroadSoft has a ticketing system that will be used to track interception requests. BroadSoft complies with section 1.200004 of the FCC rule. A unique ticket will be created for each interception request and will serve as the record of reference for the life of the request. Only specific employees within BroadSoft will have access to view and respond to the CALEA tickets.
Each unique service ticket will contain the following information:
- The unique ticket number.
- The time and date of the request being received by BroadSoft.
- The Telephone number(s) and/or circuit identification of the intercept or call-identifying target.
- The identity of the law enforcement officer and agency presenting the authorization.
- The name of the person signing the appropriate legal authorization.
- The type of interception of communications or access to call-identifying information (e.g., pen register, trap and trace, Title III, FISA).
- The case number that will be used by the LEA to reference and correlate any intercepted data.
- The start date and time that the communications interception or collection of call-identifying information was implemented in the network.
- The stop date and time when the communications interception of collection of call-identifying information is removed from the network when the time on the warrant expires.
If an Altus customer is the target of surveillance, the LEA will contact us to initiate the request. We then collected the necessary information from the LEA to create and manage the ticket with BroadSoft.
The type of surveillance request will dictate the requirements to implement it into the network. The following is a high-level summary of the most common request types:
Customer Service Information
In this scenario, the LEA requests information for the physical address of the subject and/or the call records to or from specific phone numbers. BroadSoft stores addresses and call records in a data warehouse. There is a web-based dashboard that can be queried to create a report of call history for specific numbers. This report can be downloaded and sent to the requesting LEA. Either Altus or BroadSoft can access this information and send it to the LEA to fulfill the request.
Trap and Surveillance
This type of surveillance is defined as a request to deliver all call content to the LEA. In this scenario, the LEA has requested delivery of both the signaling information and the media form and to the target subject. There are three tasks that must be completed to establish surveillance. The LEA will need to provide information and a technical resource to work with to complete these tasks. This implementation should be completed within 72 hours following the initial receipt of the request from the LEA.
Establish Secure IP Connectivity to LEA
A secure data connection must be established to the LEA for delivery of the call content information. Altus will coordinate with BroadSoft and the LEA to establish an IP-Sec tunnel for delivery of the data transmission. The LEA will need to provide a technical contact to work with BroadSoft to establish the data connectivity
Each request will have a defined length as determined by the court order or warrant. At the end of the warranted period, the configuration of the surveillance must be removed from the network.
 See 47 CFR Sections 1.20000 – 1.20008.