Pen register: Difference between revisions
m v2.04b - Bot T20 CW#61 - Fix errors for CW project (Reference before punctuation) |
m →NSA call database controversy: +WL Roger Vinson |
||
(22 intermediate revisions by 14 users not shown) | |||
Line 1: | Line 1: | ||
{{Short description|Device that records all numbers called from a particular telephone line}} |
{{Short description|Device that records all numbers called from a particular telephone line}} |
||
A '''pen register''', or '''dialed number recorder''' (DNR), is |
A '''pen register''', or '''dialed number recorder''' (DNR), is a device that records all [[Telephone number|numbers]] called from a particular [[telephone]] line.<ref name="Applegate, John, and Amy Grossman">{{Cite journal|last=Applegate, John, and Amy Grossman|title=Pen Registers after Smith v. Maryland|journal=Harv. CR-CLL}}</ref> The term has come to include any device or program that performs similar functions to an original pen register, including programs [[Internet surveillance|monitoring]] [[Internet]] communications. |
||
The United States statutes governing pen registers are codified under [https://www.law.cornell.edu/uscode/text/18/part-II/chapter-206 18 U.S.C., Chapter 206]. |
The United States statutes governing pen registers are codified under [https://www.law.cornell.edu/uscode/text/18/part-II/chapter-206 18 U.S.C., Chapter 206]. |
||
== Definitions == |
== Definitions == |
||
[[File:Pen Register.jpg|thumb|400px|Pen |
[[File:Pen Register.jpg|thumb|400px|Pen register manufactured by J. H. Bunnell & Co, Brooklyn, New York]] The term ''pen register'' originally referred to a device for recording [[telegraph]] signals on a strip of paper. [[Samuel F. B. Morse]]'s 1840 telegraph patent described such a register as consisting of a [[lever]] holding an armature on one end, opposite an [[electromagnet]], with a [[fountain pen]], [[pencil]] or other marking instrument on the other end, and a clockwork mechanism to advance a paper recording tape under the marker.<ref>Samuel F. B. Morse, Improvement in the Mode of Communicating Information by Signals by the Application of Electro-Magnetism, [https://patents.google.com/patent/US1647 U.S. Patent 1647], June 20, 1840; see page 4 column 2</ref> |
||
The term ''telegraph register'' came to be a generic term for such a recording device in the later 19th century.<ref>See for example, Frank Wood's Telegraph Register, [ |
The term ''telegraph register'' came to be a generic term for such a recording device in the later 19th century.<ref>See for example, Frank Wood's Telegraph Register, [https://patents.google.com/patent/US338329 U.S. Patent 338,329], Mar. 23, 1886.</ref> Where the record was made in ink with a pen, the term ''pen register'' emerged. By the end of the 19th century, pen registers were widely used to record pulsed electrical signals in many contexts. For example, one fire-alarm system used a "double pen-register",<ref>William F. Singer, Electrical Automatic Fire-Alarm System, [https://patents.google.com/patent/US436640 U.S. Patent 436,640], Sept. 16, 1890; see page 3 line 48</ref> and another used a "single or multiple pen register".<ref>Bernice J. Noyes, Electric Signalling Apparatus, [https://patents.google.com/patent/US534908 U.S. Patent 534,908], Feb. 26, 1895; see page 1 lines 82-83.</ref> |
||
As [[pulse dialing]] came into use for [[telephone exchange]]s, pen registers had obvious applications as diagnostic instruments for recording sequences of telephone dial pulses. In the United States, the clockwork-powered Bunnell pen register remained in use into the 1960s.<ref>Bunnell Ink Writing Register (Pen Register), [http://etler.com/docs/BSP/030/030-340-701_I2.pdf Bell System Practices, Section 030-340-701], 2 Sept 1961.</ref> |
As [[pulse dialing]] came into use for [[telephone exchange]]s, pen registers had obvious applications as diagnostic instruments for recording sequences of telephone dial pulses. In the United States, the clockwork-powered Bunnell pen register remained in use into the 1960s.<ref>Bunnell Ink Writing Register (Pen Register), [http://etler.com/docs/BSP/030/030-340-701_I2.pdf Bell System Practices, Section 030-340-701], 2 Sept 1961.</ref> |
||
Line 28: | Line 28: | ||
Twelve years later the Supreme Court held that a pen register is not a search because the "petitioner voluntarily conveyed numerical information to the telephone company." ''[[Smith v. Maryland]]'', 442 U.S. 735, 744 (1979). Since the [[defendant]] had disclosed the dialed numbers to the telephone company so they could connect his call, he did not have a reasonable expectation of privacy in the numbers he dialed. The court did not distinguish between disclosing the numbers to a human operator or just the automatic equipment used by the telephone company. |
Twelve years later the Supreme Court held that a pen register is not a search because the "petitioner voluntarily conveyed numerical information to the telephone company." ''[[Smith v. Maryland]]'', 442 U.S. 735, 744 (1979). Since the [[defendant]] had disclosed the dialed numbers to the telephone company so they could connect his call, he did not have a reasonable expectation of privacy in the numbers he dialed. The court did not distinguish between disclosing the numbers to a human operator or just the automatic equipment used by the telephone company. |
||
The Smith decision left pen registers completely outside [[United States Constitution|constitutional]] protection. If there was to be any privacy protection, it would have to be enacted by Congress as statutory [[telecommunications privacy laws|privacy law]]{{Citation needed|date=September 2019}}. |
The Smith decision left pen registers completely outside [[United States Constitution|constitutional]] protection. If there was to be any privacy protection, it would have to be enacted by Congress as statutory [[telecommunications privacy laws|privacy law]]{{Citation needed|date=September 2019}}.<ref name="Applegate, John, and Amy Grossman"/> |
||
== Pen Register Act == |
== Pen Register Act == |
||
Line 37: | Line 37: | ||
Some have argued that the government should be required to present "specific and articulable facts" showing that the information to be gathered is relevant and material to an ongoing investigation. This is the standard used by Title II of the ECPA with regard to the contents of stored communications. Others, such as [[Daniel J. Solove]], [[Petricia Bellia]], and [[Dierdre Mulligan]], believe that [[probable cause]] and a warrant should be necessary.<ref name="Solove">{{cite journal |first=Daniel J. |last=Solove |title=Reconstructing Electronic Surveillance Law |volume=72 |journal=[[George Washington Law Review|Geo. Wash. L. Rev.]] |issue=6 |pages=1264–1305 |year=2004 }}</ref><ref name="Bellia">{{cite journal |first=Patricia L. |last=Bellia |title=Surveillance Law Through Cyberlaw's Lens |volume=72 |journal=[[George Washington Law Review|Geo. Wash. L. Rev.]] |issue=6 |pages=1375–1458 |year=2004}}</ref><ref name="Mulligan2004">{{cite journal |last=Mulligan |first=Deirdre K. |title=Reasonable Expectations in Electronic Communications: A Critical Perspective on the Electronic Communications Privacy Act |volume=72 |journal=[[George Washington Law Review|Geo. Wash. L. Rev.]] |issue=6 |pages=1557–1598 |year=2004}}</ref> [[Paul Ohm]] argues that [[standard of proof]] should be replaced/reworked for electronic communications altogether.<ref name="Ohm2009">{{cite journal |last=Ohm |first=Paul |year=2009 |title=Probably Probable Cause: The Diminishing Importance of Justification Standards |journal=[[Minnesota Law Review|Minn. L. Rev.]] |volume=94 |issue=3 |pages=1514–1560 |url=http://www.minnesotalawreview.org/wp-content/uploads/2012/03/Ohm_MLR.pdf}}</ref> |
Some have argued that the government should be required to present "specific and articulable facts" showing that the information to be gathered is relevant and material to an ongoing investigation. This is the standard used by Title II of the ECPA with regard to the contents of stored communications. Others, such as [[Daniel J. Solove]], [[Petricia Bellia]], and [[Dierdre Mulligan]], believe that [[probable cause]] and a warrant should be necessary.<ref name="Solove">{{cite journal |first=Daniel J. |last=Solove |title=Reconstructing Electronic Surveillance Law |volume=72 |journal=[[George Washington Law Review|Geo. Wash. L. Rev.]] |issue=6 |pages=1264–1305 |year=2004 }}</ref><ref name="Bellia">{{cite journal |first=Patricia L. |last=Bellia |title=Surveillance Law Through Cyberlaw's Lens |volume=72 |journal=[[George Washington Law Review|Geo. Wash. L. Rev.]] |issue=6 |pages=1375–1458 |year=2004}}</ref><ref name="Mulligan2004">{{cite journal |last=Mulligan |first=Deirdre K. |title=Reasonable Expectations in Electronic Communications: A Critical Perspective on the Electronic Communications Privacy Act |volume=72 |journal=[[George Washington Law Review|Geo. Wash. L. Rev.]] |issue=6 |pages=1557–1598 |year=2004}}</ref> [[Paul Ohm]] argues that [[standard of proof]] should be replaced/reworked for electronic communications altogether.<ref name="Ohm2009">{{cite journal |last=Ohm |first=Paul |year=2009 |title=Probably Probable Cause: The Diminishing Importance of Justification Standards |journal=[[Minnesota Law Review|Minn. L. Rev.]] |volume=94 |issue=3 |pages=1514–1560 |url=http://www.minnesotalawreview.org/wp-content/uploads/2012/03/Ohm_MLR.pdf}}</ref> |
||
The Pen Register Act did not include an [[exclusionary rule]]. While there were [[civil litigation|civil remedies]] for violations of the Act, evidence gained in violation of the Act can still be used against a defendant in court. There have also been calls for |
The Pen Register Act did not include an [[exclusionary rule]]. While there were [[civil litigation|civil remedies]] for violations of the Act, evidence gained in violation of the Act can still be used against a defendant in court. There have also been calls for Congress to add an [[exclusionary rule]] to the Pen Register Act, as this would make it more analogous to traditional [[Fourth Amendment to the United States Constitution|Fourth Amendment]] protections. The penalty for violating the Pen Register Act is a misdemeanor, and it carries a prison sentence of not more than one year.<ref>{{cite web|url=https://www.law.cornell.edu/uscode/usc_sec_18_00003121----000-.html|title=18 U.S.C. § 3121(d)|website=cornell.edu}}</ref> |
||
== USA PATRIOT Act == |
== USA PATRIOT Act == |
||
Section 216 of the 2001 [[USA PATRIOT Act]] expanded the definition of a pen register to include devices or programs that provide an analogous function with |
Section 216 of the 2001 [[USA PATRIOT Act]] expanded the definition of a pen register to include devices or programs that provide an analogous function with Internet communications. Prior to the Patriot Act, it was unclear whether or not the definition of a pen register, which included very specific telephone terminology,<ref name=":0">{{Cite journal|last=Schwartz|first=Paul M.|date=2009-09-01|title=Law and technologyKeeping track of telecommunications surveillance|url=https://doi.org/10.1145/1562164.1562175|journal=Communications of the ACM|volume=52|issue=9|pages=24–26|doi=10.1145/1562164.1562175|s2cid=8119299|issn=0001-0782}}</ref> could apply to Internet communications. Most courts and law enforcement personnel operated under the assumption that it did, however, the [[Clinton administration]] had begun to work on legislation to make that clear, and one [[magistrate]] judge in [[California]] did rule that the language was too telephone-specific to apply to [[Internet surveillance]]. |
||
The Pen Register Statute is a privacy act. As there is no constitutional protection for information divulged to a third party under the Supreme Court's expectation of privacy test, and the routing information for phone and |
The Pen Register Statute is a privacy act. As there is no constitutional protection for information divulged to a third party under the Supreme Court's expectation of privacy test, and the routing information for phone and Internet communications are divulged to the company providing the communication, the absence or inapplicability of the statute would leave the routing information for those communications completely unprotected from government surveillance. |
||
The government also has an interest in making sure the Pen Register Act exists and applies to |
The government also has an interest in making sure the Pen Register Act exists and applies to Internet communications. Without the Act, they cannot compel service providers to give them records or do Internet surveillance with their own equipment or [[software]], and the law enforcement agency, which may not have very good [[Computer technology|technological]] capabilities, will have to do the surveillance itself at its own cost. |
||
Rather than creating new laws regarding Internet surveillance, the Patriot Act simply expanded the definition of a pen register to include computer software programs doing Internet surveillance by accessing information. While not completely compatible with the technical definition of a pen register device, this was the interpretation that had been used by almost all courts and law enforcement agencies prior to the change.<ref name=":0" /> |
Rather than creating new laws regarding Internet surveillance, the Patriot Act simply expanded the definition of a pen register to include computer software programs doing Internet surveillance by accessing information. While not completely compatible with the technical definition of a pen register device, this was the interpretation that had been used by almost all courts and law enforcement agencies prior to the change.<ref name=":0" /> |
||
Line 53: | Line 53: | ||
{{Main|NSA call database}} |
{{Main|NSA call database}} |
||
When, in 2006, the Bush administration came under fire for having secretly collected billions of phone call details from regular Americans, ostensibly to check for calls to terror suspects, the Pen Register Act was cited, along with the [[Stored Communications Act]], as example of how such domestic spying violated Federal law.<ref>{{Cite web|title=Privacy: An Overview of Federal Statutes Governing Wiretapping and Electronic Eavesdropping|url=https://www.everycrsreport.com/reports/98-326.html|access-date=2020-11-21|website=www.everycrsreport.com|language=en}}</ref> |
When, in 2006, the Bush administration came under fire for having secretly collected billions of phone call details from regular Americans, ostensibly to check for calls to terror suspects, the Pen Register Act was cited, along with the [[Stored Communications Act]], as an example of how such domestic spying violated Federal law.<ref>{{Cite web|title=Privacy: An Overview of Federal Statutes Governing Wiretapping and Electronic Eavesdropping|url=https://www.everycrsreport.com/reports/98-326.html|access-date=2020-11-21|website=www.everycrsreport.com|language=en}}</ref> |
||
In 2013, the Obama |
In 2013, the Obama administration sought a court order "requiring Verizon on an 'ongoing, daily basis' to give the NSA information on all telephone calls in its systems, both within the US and between the US and other countries". The order was approved on April 25, 2013, by federal Judge [[Roger Vinson]], member of the secret [[Foreign Intelligence Surveillance Court]] (FISC), which court had been created by the [[Foreign Intelligence Surveillance Act]] (FISA). The order gave the government unlimited authority to compel Verizon to collect and provide the data for a specified three-month period ending on July 19. This is the first time significant and top-secret documents have been revealed exposing the continuation of the practice on a massive scale under U.S. President [[Barack Obama]]. |
||
According to ''[[The Guardian]]'', "it is not known whether Verizon is the only cell-phone provider to be targeted with such an order, although previous reporting has suggested the NSA has collected cell records from all major mobile networks. It is also unclear from the leaked document whether the three-month order was a one-off |
According to ''[[The Guardian]]'', "it is not known whether Verizon is the only cell-phone provider to be targeted with such an order, although previous reporting has suggested the NSA has collected cell records from all major mobile networks. It is also unclear from the leaked document whether the three-month order was a one-off or the latest in a series of similar orders".<ref>{{cite news |first=Glenn |last=Greenwald |url=https://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order |title=NSA collecting phone records of millions of Verizon customers daily |newspaper=The Guardian |date=June 5, 2013 }}</ref> |
||
== Hemisphere DEA call database controversy == |
== Hemisphere DEA call database controversy == |
||
On September 1, 2013, the [[Drug Enforcement Administration|DEA]]'s Hemisphere Project was revealed to the public by ''[[The New York Times]]''. In a series of [[PowerPoint]] slides acquired through a lawsuit, [[AT&T]] is revealed to be operating a call database going back to 1987 which the DEA has warrantless access to with no judicial oversight under "administrative subpoenas" originated by the DEA. The DEA pays AT&T to maintain employees throughout the country devoted to investigating call records through this database for the DEA. The database grows by 4 billion records per day, and presumably covers all traffic that crosses AT&T's network. Internal directives instructed participants never to reveal the project publicly, despite the fact that the project was portrayed as a "routine" part of DEA investigations; several investigations unrelated to drugs have been mentioned as using the data. When questioned on their participation, [[Verizon]], [[Sprint Corporation|Sprint]], and [[T-Mobile]] refused to comment on whether they were part of the project, generating fears that ''pen registers'' and ''trap and trace'' devices are effectively irrelevant in the face of ubiquitous private-public-partnership surveillance with indefinite data retention.<ref>{{cite news |first=Scott|last=Shane & Colin Moynihan|url=https://www.nytimes.com/2013/09/02/us/drug-agents-use-vast-phone-trove-eclipsing-nsas.html?hp&_r=0&pagewanted=all |title=Drug Agents Use Vast Phone Trove, Eclipsing N.S.A.'s |newspaper=The New York Times |date=September 1, 2013 }}</ref> |
On September 1, 2013, the [[Drug Enforcement Administration|DEA]]'s Hemisphere Project was revealed to the public by ''[[The New York Times]]''. In a series of [[PowerPoint]] slides acquired through a lawsuit, [[AT&T]] is revealed to be operating a call database going back to 1987 which the DEA has warrantless access to with no judicial oversight under "administrative subpoenas" originated by the DEA. The DEA pays AT&T to maintain employees throughout the country devoted to investigating call records through this database for the DEA. The database grows by 4 billion records per day, and presumably covers all traffic that crosses AT&T's network. Internal directives instructed participants never to reveal the project publicly, despite the fact that the project was portrayed as a "routine" part of DEA investigations; several investigations unrelated to drugs have been mentioned as using the data. When questioned on their participation, [[Verizon]], [[Sprint Corporation|Sprint]], and [[T-Mobile US|T-Mobile]] refused to comment on whether they were part of the project, generating fears that ''pen registers'' and ''trap and trace'' devices are effectively irrelevant in the face of ubiquitous private-public-partnership surveillance with indefinite data retention.<ref>{{cite news |first=Scott|last=Shane & Colin Moynihan|url=https://www.nytimes.com/2013/09/02/us/drug-agents-use-vast-phone-trove-eclipsing-nsas.html?hp&_r=0&pagewanted=all |title=Drug Agents Use Vast Phone Trove, Eclipsing N.S.A.'s |newspaper=The New York Times |date=September 1, 2013 }}</ref> |
||
== Information collected == |
== Information collected == |
||
Information that is legally collectible according to 2014 pen trap laws includes: |
Information that is legally collectible according to 2014 pen trap laws includes:{{citation needed|date=July 2024}} |
||
=== Phone === |
=== Phone === |
||
Line 74: | Line 74: | ||
* The length of each call |
* The length of each call |
||
* Content of SMS text messages |
* Content of SMS text messages |
||
* Post-cut-through dialed digits--(digits |
* Post-cut-through dialed digits--(digits dialed after call is connected, like banking [[personal identification number]] (PIN) or prescription refill numbers) |
||
* The real-time location of |
* The real-time location of a cell phone to within a few meters |
||
=== Email === |
=== Email === |
||
* All email header information other than the subject line |
* All email header information other than the subject line |
||
* The email addresses of the people to whom |
* The email addresses of the people to whom an email was sent |
||
* The email addresses of people |
* The email addresses of people who received the email |
||
* The time each email is sent or received |
* The time each email is sent or received |
||
* The size of each email that is sent or received |
* The size of each email that is sent or received |
||
Line 88: | Line 88: | ||
* [[IP address]], port, and protocol used |
* [[IP address]], port, and protocol used |
||
* The IP address of other computers on the Internet that |
* The IP address of other computers on the Internet that information was exchanged with |
||
* Time-stamp and size information of |
* Time-stamp and size information of Internet access |
||
* Protocol traffic analysis to obtain URL web addresses surfed on the web, emails posted or read, instant messages exchanged, and information posted onto message boards |
* Protocol traffic analysis to obtain URL web addresses surfed on the web, emails posted or read, instant messages exchanged, and information posted onto message boards |
||
Latest revision as of 18:07, 1 July 2024
A pen register, or dialed number recorder (DNR), is a device that records all numbers called from a particular telephone line.[1] The term has come to include any device or program that performs similar functions to an original pen register, including programs monitoring Internet communications.
The United States statutes governing pen registers are codified under 18 U.S.C., Chapter 206.
Definitions
[edit]The term pen register originally referred to a device for recording telegraph signals on a strip of paper. Samuel F. B. Morse's 1840 telegraph patent described such a register as consisting of a lever holding an armature on one end, opposite an electromagnet, with a fountain pen, pencil or other marking instrument on the other end, and a clockwork mechanism to advance a paper recording tape under the marker.[2]
The term telegraph register came to be a generic term for such a recording device in the later 19th century.[3] Where the record was made in ink with a pen, the term pen register emerged. By the end of the 19th century, pen registers were widely used to record pulsed electrical signals in many contexts. For example, one fire-alarm system used a "double pen-register",[4] and another used a "single or multiple pen register".[5]
As pulse dialing came into use for telephone exchanges, pen registers had obvious applications as diagnostic instruments for recording sequences of telephone dial pulses. In the United States, the clockwork-powered Bunnell pen register remained in use into the 1960s.[6]
After the introduction of tone dialing, any instrument that could be used to record the numbers dialed from a telephone came to be defined as a pen register. Title 18 of the United States Code defines a pen register as:
a device or process which records or decodes dialing, routing, addressing, or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted, provided, however, that such information shall not include the contents of any communication, but such term does not include any device or process used by a provider or customer of a wire or electronic communication service for billing, or recording as an incident to billing, for communications services provided by such provider or any device or process used by a provider or customer of a wire communication service for cost accounting or other like purposes in the ordinary course of its business[7]
This is the current definition of a pen register, as amended by passage of the 2001 USA PATRIOT Act. The original statutory definition of a pen register was created in 1984 as part of the Electronic Communications Privacy Act, which defined a "Pen Register" as:
A device which records or decodes electronic or other impulses which identify the numbers called or otherwise transmitted on the telephone line to which such device is dedicated.
A pen register is similar to a trap and trace device. A trap and trace device would show what numbers had called a specific telephone, i.e., all incoming phone numbers. A pen register rather would show what numbers a phone had called, i.e. all outgoing phone numbers. The two terms are often used in concert, especially in the context of Internet communications. They are often jointly referred to as "Pen Register or Trap and Trace devices" to reflect the fact that the same program will probably do both functions in the modern era, and the distinction is not that important. The term "pen register" is often used to describe both pen registers and trap and trace devices.[8]
Background
[edit]In Katz v. United States (1967), the United States Supreme Court established its "reasonable expectation of privacy" test. It overturned Olmstead v. United States (1928) and held that warrantless wiretaps were unconstitutional searches, because there was a reasonable expectation that the communication would be private. From then on, the government was required to get a warrant to execute a wiretap.
Twelve years later the Supreme Court held that a pen register is not a search because the "petitioner voluntarily conveyed numerical information to the telephone company." Smith v. Maryland, 442 U.S. 735, 744 (1979). Since the defendant had disclosed the dialed numbers to the telephone company so they could connect his call, he did not have a reasonable expectation of privacy in the numbers he dialed. The court did not distinguish between disclosing the numbers to a human operator or just the automatic equipment used by the telephone company.
The Smith decision left pen registers completely outside constitutional protection. If there was to be any privacy protection, it would have to be enacted by Congress as statutory privacy law[citation needed].[1]
Pen Register Act
[edit]The Electronic Communications Privacy Act (ECPA) was passed in 1986 (Pub. L. No. 99-508, 100 Stat. 1848). There were three main provisions or Titles to the ECPA. Title III created the Pen Register Act, which included restrictions on private and law enforcement uses of pen registers. Private parties were generally restricted from using them unless they met one of the exceptions, which included an exception for the business providing the communication if it needed to do so to ensure the proper functioning of its business.
For law enforcement agencies to get a pen register approved for surveillance, they must get a court order from a judge. According to 18 U.S.C. § 3123(a)(1), the "court shall enter an ex parte order authorizing the installation and use of a pen register or trap and trace device anywhere within the United States, if the court finds that the attorney for the Government has certified to the court that the information likely to be obtained by such installation and use is relevant to an ongoing criminal investigation".[9] Thus, a government attorney only needs to certify that information will "likely" be obtained in relation to an 'ongoing criminal investigation'. This is the lowest requirement for receiving a court order under any of the ECPA's three titles. This is because in Smith v. Maryland, the Supreme Court ruled that use of a pen register does not constitute a search. The ruling held that only the content of a conversation should receive full constitutional protection under the right to privacy; since pen registers do not intercept conversation, they do not pose as much threat to this right.
Some have argued that the government should be required to present "specific and articulable facts" showing that the information to be gathered is relevant and material to an ongoing investigation. This is the standard used by Title II of the ECPA with regard to the contents of stored communications. Others, such as Daniel J. Solove, Petricia Bellia, and Dierdre Mulligan, believe that probable cause and a warrant should be necessary.[10][11][12] Paul Ohm argues that standard of proof should be replaced/reworked for electronic communications altogether.[13]
The Pen Register Act did not include an exclusionary rule. While there were civil remedies for violations of the Act, evidence gained in violation of the Act can still be used against a defendant in court. There have also been calls for Congress to add an exclusionary rule to the Pen Register Act, as this would make it more analogous to traditional Fourth Amendment protections. The penalty for violating the Pen Register Act is a misdemeanor, and it carries a prison sentence of not more than one year.[14]
USA PATRIOT Act
[edit]Section 216 of the 2001 USA PATRIOT Act expanded the definition of a pen register to include devices or programs that provide an analogous function with Internet communications. Prior to the Patriot Act, it was unclear whether or not the definition of a pen register, which included very specific telephone terminology,[15] could apply to Internet communications. Most courts and law enforcement personnel operated under the assumption that it did, however, the Clinton administration had begun to work on legislation to make that clear, and one magistrate judge in California did rule that the language was too telephone-specific to apply to Internet surveillance.
The Pen Register Statute is a privacy act. As there is no constitutional protection for information divulged to a third party under the Supreme Court's expectation of privacy test, and the routing information for phone and Internet communications are divulged to the company providing the communication, the absence or inapplicability of the statute would leave the routing information for those communications completely unprotected from government surveillance.
The government also has an interest in making sure the Pen Register Act exists and applies to Internet communications. Without the Act, they cannot compel service providers to give them records or do Internet surveillance with their own equipment or software, and the law enforcement agency, which may not have very good technological capabilities, will have to do the surveillance itself at its own cost.
Rather than creating new laws regarding Internet surveillance, the Patriot Act simply expanded the definition of a pen register to include computer software programs doing Internet surveillance by accessing information. While not completely compatible with the technical definition of a pen register device, this was the interpretation that had been used by almost all courts and law enforcement agencies prior to the change.[15]
NSA call database controversy
[edit]When, in 2006, the Bush administration came under fire for having secretly collected billions of phone call details from regular Americans, ostensibly to check for calls to terror suspects, the Pen Register Act was cited, along with the Stored Communications Act, as an example of how such domestic spying violated Federal law.[16]
In 2013, the Obama administration sought a court order "requiring Verizon on an 'ongoing, daily basis' to give the NSA information on all telephone calls in its systems, both within the US and between the US and other countries". The order was approved on April 25, 2013, by federal Judge Roger Vinson, member of the secret Foreign Intelligence Surveillance Court (FISC), which court had been created by the Foreign Intelligence Surveillance Act (FISA). The order gave the government unlimited authority to compel Verizon to collect and provide the data for a specified three-month period ending on July 19. This is the first time significant and top-secret documents have been revealed exposing the continuation of the practice on a massive scale under U.S. President Barack Obama.
According to The Guardian, "it is not known whether Verizon is the only cell-phone provider to be targeted with such an order, although previous reporting has suggested the NSA has collected cell records from all major mobile networks. It is also unclear from the leaked document whether the three-month order was a one-off or the latest in a series of similar orders".[17]
Hemisphere DEA call database controversy
[edit]On September 1, 2013, the DEA's Hemisphere Project was revealed to the public by The New York Times. In a series of PowerPoint slides acquired through a lawsuit, AT&T is revealed to be operating a call database going back to 1987 which the DEA has warrantless access to with no judicial oversight under "administrative subpoenas" originated by the DEA. The DEA pays AT&T to maintain employees throughout the country devoted to investigating call records through this database for the DEA. The database grows by 4 billion records per day, and presumably covers all traffic that crosses AT&T's network. Internal directives instructed participants never to reveal the project publicly, despite the fact that the project was portrayed as a "routine" part of DEA investigations; several investigations unrelated to drugs have been mentioned as using the data. When questioned on their participation, Verizon, Sprint, and T-Mobile refused to comment on whether they were part of the project, generating fears that pen registers and trap and trace devices are effectively irrelevant in the face of ubiquitous private-public-partnership surveillance with indefinite data retention.[18]
Information collected
[edit]Information that is legally collectible according to 2014 pen trap laws includes:[citation needed]
Phone
[edit]- Dialed numbers
- Received call numbers
- The time the call was made
- Whether the call was answered, or went to voice-mail
- The length of each call
- Content of SMS text messages
- Post-cut-through dialed digits--(digits dialed after call is connected, like banking personal identification number (PIN) or prescription refill numbers)
- The real-time location of a cell phone to within a few meters
- All email header information other than the subject line
- The email addresses of the people to whom an email was sent
- The email addresses of people who received the email
- The time each email is sent or received
- The size of each email that is sent or received
Internet
[edit]- IP address, port, and protocol used
- The IP address of other computers on the Internet that information was exchanged with
- Time-stamp and size information of Internet access
- Protocol traffic analysis to obtain URL web addresses surfed on the web, emails posted or read, instant messages exchanged, and information posted onto message boards
See also
[edit]- Call detail record
- Smith v. Maryland
- United States v. Davis, dealing with cell phone location data
References
[edit]- ^ a b Applegate, John, and Amy Grossman. "Pen Registers after Smith v. Maryland". Harv. CR-CLL.
{{cite journal}}
: CS1 maint: multiple names: authors list (link) - ^ Samuel F. B. Morse, Improvement in the Mode of Communicating Information by Signals by the Application of Electro-Magnetism, U.S. Patent 1647, June 20, 1840; see page 4 column 2
- ^ See for example, Frank Wood's Telegraph Register, U.S. Patent 338,329, Mar. 23, 1886.
- ^ William F. Singer, Electrical Automatic Fire-Alarm System, U.S. Patent 436,640, Sept. 16, 1890; see page 3 line 48
- ^ Bernice J. Noyes, Electric Signalling Apparatus, U.S. Patent 534,908, Feb. 26, 1895; see page 1 lines 82-83.
- ^ Bunnell Ink Writing Register (Pen Register), Bell System Practices, Section 030-340-701, 2 Sept 1961.
- ^
- ^ "Introduction to Government Investigations". cyber.harvard.edu. Retrieved 2020-10-23.
- ^ "18 U.S. Code § 3123 – Issuance of an order for a pen register or a trap and trace device". LII / Legal Information Institute.
- ^ Solove, Daniel J. (2004). "Reconstructing Electronic Surveillance Law". Geo. Wash. L. Rev. 72 (6): 1264–1305.
- ^ Bellia, Patricia L. (2004). "Surveillance Law Through Cyberlaw's Lens". Geo. Wash. L. Rev. 72 (6): 1375–1458.
- ^ Mulligan, Deirdre K. (2004). "Reasonable Expectations in Electronic Communications: A Critical Perspective on the Electronic Communications Privacy Act". Geo. Wash. L. Rev. 72 (6): 1557–1598.
- ^ Ohm, Paul (2009). "Probably Probable Cause: The Diminishing Importance of Justification Standards" (PDF). Minn. L. Rev. 94 (3): 1514–1560.
- ^ "18 U.S.C. § 3121(d)". cornell.edu.
- ^ a b Schwartz, Paul M. (2009-09-01). "Law and technologyKeeping track of telecommunications surveillance". Communications of the ACM. 52 (9): 24–26. doi:10.1145/1562164.1562175. ISSN 0001-0782. S2CID 8119299.
- ^ "Privacy: An Overview of Federal Statutes Governing Wiretapping and Electronic Eavesdropping". www.everycrsreport.com. Retrieved 2020-11-21.
- ^ Greenwald, Glenn (June 5, 2013). "NSA collecting phone records of millions of Verizon customers daily". The Guardian.
- ^ Shane & Colin Moynihan, Scott (September 1, 2013). "Drug Agents Use Vast Phone Trove, Eclipsing N.S.A.'s". The New York Times.
Further reading
[edit]- Brennan, Christopher R. (2012). "Katz Cradle: Holding On to Fourth Amendment Parity in an Age of Evolving Electronic Communication". Wm. & Mary L. Rev. 53 (5): 1797–1823.
- Kerr, Orin (2003). "Internet Surveillance Law After the USA Patriot Act: The Big Brother That Isn't". Nw. U. L. Rev. 97 (2): 607–673. SSRN 317501.