MetroPCS CALEA Compliance Manual

MetroPCS Communications inc.

  • 15 pages
  • October 3, 2006

Download

1.0 OBJECTIVE

Date ofissue: April 22, 2002

It is the policy of MetroPCS to comply with the letter and spirit of all laws of the United
States, including the Communications Assistant for Law Enforcement Act (hereinafter
referred to as “CALEA”) relating to the implementation of law enforcement wiretap
requests. CALEA requires MetroPCS to implement security measures to safeguard the
privacy and reliability of information obtained through lawfully authorized interceptions
of communications (i.e., wiretaps, pin registers, and subpoenas) and to help prevent
unauthorized interceptions. MetroPCS Personnel must receive appropriate legal
authorization and appropriate carrier authorization (as such terms are defined herein) to
implement the interception of communications or access to call-identifying information.

2.0 SCOPE

This Policy applies to all employees, contractors, and consultants of MetroPCS and each
of its subsidiaries (collectively “MetroPCS Personnel”).

3.0 DEFINITIONS

3.1 Appropriate Legal Authorization

The tenn “Appropriate legal authorization” means:
• A court order signed by a judge or magistrate authorizing or approving
interception of wire or electronic communications, or
• Other authorization issued pursuant to an appropriate federal or state
statute (i.e., Title 18, federal trap and trace statutes, Foreign Intelligence
Surveillance Act or any other relevant federal or state statue.).

3.2 Appropriate Carrier Authorization

The tenn “Appropriate carrier authorization” means the policies and procedures
adopted by MetroPCS to supervise and control MetroPCS personnel authorized to
assist law enforcement in conducting any interception of communications or
access to call identifying infonnation. Compliance with these policies and
procedures requires, but is not limited to:

• Verification of appropriate legal authorization (Section 3.1)
• The legal authorization is what it purports to be (i.e., is valid on its face)
• The request is described in sufficient detail such that it can be technically
implemented

3.3 Appropriate Authorization

• The tenn “appropriate authorization” means both appropriate legal
authorization and appropriate carrier authorization.

4.0 POLICY

Date of Issue: April 22, 2002

It is MetroPCS’ policy that no interception of communications (i.e. wiretaps) or access to
call-identifying information using MetroPCS’ equipment and/or systems will be activated
unless done so pursuant to a written court order or other lawful authorization requesting
such action and with the affirmative intervention of MetroPCS’ Staff VP Audit &
Security Services or his designates. All written requests (i.e., court orders and subpoenas)
from law enforcement agencies must be forwarded to the Compliance Department for
review, approval, and implementation.

Interceptions of communications and access to call-identifying information shall only be
made by MetroPCS Personnel authorized by MetroPCS’ Staff VP Audit & Security
Services and pursuant to appropriate authorization. A background check and a
nondisclosure agreement shall be required for all authorized personnel. It is against
Company policy for unauthorized personnel to intercept and/or access call-identifYing
information.

4.1 Exigent Circumstances

In certain limited situations, law enforcement personnel can declare that “Exigent
Circumstances” exist that require, without a Subpoena or Court Order,
respectively, (1) that certain customer information be turned over to them, (2) that
a specific customer’s service be turned off or on, or (3) that a Temporary PIN
Register or Wiretap be granted for up to 48 hours. It is the responsibility of the
Staff VP Audit & Security Services to determine the validity and authority for the
declaration of Exigent Circumstances.

4.2 Responsibility For Oversight Of Process

The Staff VP Audit & Security Services shall oversee, review, and approve (refer
to Section 3.3) all requests and shall ensure that each request is supported by
appropriate legal authorization, as defined in Section 3.1. This responsibility
requires expertise to recognize requests that meet federal and state statutes
permitting interceptions. Responses to authorized and approved requests will be
made in a timely manner with consideration given to the number of requests (i.e.,
workload) and the number of available personnel. Verbal requests for
interceptions from law enforcement agencies shall not be honored unless Exigent
Circumstances exist.

4.3 Records Retention

Date oflssue: April 22, 2002

The Staff VP Audit & Security Services shall be responsible for maintaining
secure and accurate records as required by the FCC’s rules, including, but not
limited to, the records of each interception (made with or without appropriate
authorization). The Audit & Security Services Department will retain the original
written request for record keeping purposes for a minimum of five years, and will
record and store a certification that includes the following information for a
minimum of five years:

• Telephone number(s) and/or circuit identification numbers
• Start date and start time of the interception and/or access to call identifying
information
• Identity of the law enforcement officer presenting the authorization
• Name of the judge, magistrate, or prosecuting attorney signing the
authorization
• Type of interception and/or access to call identifying information
• The name of the MetroPCS Personnel responsible for initiating the
interception in accordance with the policies established herein.

This certification must be signed by the Staff VP Audit & Security Services or his
designate. By his or her signature, such individual will certify that the record is
complete and accurate. This certification must be compiled either
contemporaneously with, or within a reasonable period of time after the
completion of the interception of the communications or access to call-identifying
information.

Share this:

Facebooktwitterredditlinkedinmail