Beyond content in transmission and store content, there is non-content information including

• basic subscriber information (phone number, address, name) and
• transactional information (who called, when, how long).

Customers have no Fourth Amendment protection in transactional records. See United States v. Baxter, 492 F.2d 150, 167 (9th Cir. 1973), cert. denied, 416 U.S. 940, 94 S.Ct. 1945 (1974); United States v. Fithian, 452 F.2d 505, 506 (9th Cir. 1971); United States v. Clegg, 509 F.2d 605, 610 (5 Cir. 1975) . Customers have no expectation of privacy in their telephone records (who they called) and the use of a Pen Register does not constitute a search. Smith v. Maryland, 442 US 735 - Supreme Court 1979

While there is not constitutional protection of this information, there is statutory protection; ECPA covers it.

Transactional Records: Pen Registers & Trap and Trace

Law enforcement officers may seek to receive transactional information about the communication, or they may seek to receive the communication, the message, itself. Generally, the actual content of a communications receives greater protection than information about the transaction of a communication.

Transactional information does not reveal the message of the communication but more generally provides information that the communication took place. These are known as pen register, or trap and trace records. 18 U.S.C. §§ 3121-27. Pen registers traditionally recorded "the number dialed on a telephone line" and trap and trace devices "capture incoming electronic impulses that identify the originating number." [Electronic Frontier] [Hill 1195-96] The Patriot Act clarified that law enforcement offices may also seek all "dialing, routing, addressing, or signaling information" including email addresses, inbound FTP connections, or the location from which a remote user is logging in. 18 U.S.C. § 3121(c). [DOJ US Attorney's Manual Title 9-7.500 Electronic Surveillance: Prior Consultation with the Computer Crime and Intellectual Property Section of the Criminal Division (CCIPS) for Applications for Pen Register and Trap and Trace Orders Capable of Collecting Uniform Resource Locators (URLs)] [H.R. Rep. No. 103-827, at 10, 17, 31] [Allen 409] Transactional information would not include the subject line of an email. 18 U.S.C. § 2510(8).

In the old network, transactional information could be acquired by attaching a device to the network. In the new network, the Patriot Act made clear that a trap and trace device could be “attached or applied;” in other words, law enforcement officials can gain access to software and computer processing. [See Carnivore, CALEA]

Derived From: Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations Computer Crime and Intellectual Property Section, Criminal Division, DOJ p 152 (2009) (Remember: This is a rendition of the state of the law from law enforcement and reflects their views)

The distinction between addressing information and content also applies to Internet communications. For example, when computers on the Internet communicate with each other, they break down messages into discrete chunks known as packets and then send each packet out to its intended destination. Every packet contains addressing information in the header of the packet (much like the "to" and "from" addresses on an envelope), followed by the payload of the packet, which contains the contents (much like a letter inside an envelope). The Pen/Trap statute permits law enforcement to obtain the addressing information of Internet communications much as it would addressing information for traditional phone calls. However, collecting the entire packet ordinarily implicates Title III. The primary difference between an Internet pen/trap device and an Internet Title III intercept device is that the former is designed to capture and retain only addressing information, while the latter is designed to capture and retain the entire packet.

The same distinction applies to Internet email. Every Internet email message consists of a set of headers that contain addressing and routing information generated by the mail program, followed by the actual contents of the message authored by the sender. The addressing and routing information includes the email address of the sender and recipient, as well as information about when and where the message was sent on its way (roughly analogous to the postmark on a letter). See United States v. Forrester, 512 F.3d 500, 510 (9th Cir. 2008) (email to/from addresses and IP addresses constitute addressing information). The Pen/Trap statute permits law enforcement to obtain the header information of Internet emails (except for the subject line, which can contain content) using a court order, just like it permits law enforcement to obtain addressing information for phone calls and individual Internet packets using a court order. Conversely, the interception of email contents, including the subject line, requires compliance with the strict dictates of Title III.

In some circumstances, questions may arise regarding whether particular components of network communications contain content. See In re Application of United States, 396 F. Supp. 2d 45, 49 (D. Mass. 2005) (asserting that uniform resource locators ("URLs") may contain content); In re Pharmatrak, Inc. Privacy Litigation, 329 F.3d 9, 16 (1st Cir. 2003) (noting that user-entered search terms are sometimes appended to the query string of the URL for the search results page). Because of these and other issues, the United States Attorneys' Manual currently requires prior consultation with CCIPS before a pen/trap may be used to collect all or part of a URL. See United States Attorneys' Manual § 9- 7.500. Prosecutors who have other questions about whether a particular type of information constitutes contents may contact CCIPS for assistance [].

Legal Process

Transactional information may be obtained pursuant to a court order. 18 U.S.C. § 3123. [Search & Seizure Manual Appendix D] The law enforcement official must represent to the Court “that the information likely to be obtained by such installation and use is relevant to an ongoing criminal investigation.” 18 U.S.C. § 3123(a). Court orders shall specify

• The name of subscriber;
• The name of the person who is the target of the investigation and what the criminal offense is; and
• The identification of the communication to be watched, such as the phone number or other identifier.

18 U.S.C. § 3123(b)(1). A court order must specify the initial service provider but it need not specify subsequent providers. 18 U.S.C. § 3123(b)(1)(A). Subsequent providers may request certification that the order applies to that provider, and the law enforcement officer is obligated to provide it. 18 U.S.C. § 3123(a)(1).

Confused? So are we. Check out the What Gets What Chart.

"To obtain a pen/trap order, applicants must identify themselves, identify the law enforcement agency conducting the investigation, and then certify their belief that the information likely to be obtained is relevant to an ongoing criminal investigation being conducted by the agency. See 18 U.S.C. § 3122(b)(1)-(2)." [Search Seizure 2009 p 154]

DOJ has reported that it’s new pen register/trap and trace authority “was employed in the investigation of the murder of journalist Daniel Pearl to obtain information that proved critical to identifying some of the perpetrators.” [Jamie Brown]

Pen Registers for email have been found to be constitutional. [Forrester (9th Cir)]

See also Emergency Trap and Trace

Geographic Scope: Court orders issued by federal court may be executed anywhere in the United States. 18 U.S.C. § 3123(a)(1); 18 U.S.C. § 3127(2). Court orders issued by states are good only within that state. 18 U.S.C. § 3123(a)(2).

Time Limit: These Court orders are good for 60 days and can be extended for an additional sixty-day periods. 18 U.S.C. § 3123(c).

Gag Rule: A court order shall direct the service provider to keep it quiet. The service provider is not permitted to disclose “the existence of the pen register or trap and trace device or the existence of the investigation” unless directed to do so by the court. 18 U.S.C. § 3123(d).

Installation: The court order shall tell the service provider that they get to help the law enforcement officials out with the pen register or trap and trace. 18 U.S.C. § 3124. In instances where officers install their own device, they must use "technology reasonably available to it" in order to avoid intercepting the contents of the communication. 18 U.S.C. § 3121(c). [See Carnivore, CALEA]

"The government must also use "technology reasonably available to it" to avoid recording or decoding the contents of any wire or electronic communications. 18 U.S.C. § 3121(c). When there is no way to avoid the inadvertent collection of content through the use of reasonably available technology, DOJ policy requires that the government may not use any inadvertently collected content in its investigation. However, a few courts have gone beyond the statute's requirement that the government use technology reasonable available to it to avoid collecting content. Citing the exclusion of contents from the definitions of pen register and trap and trace device, these courts have stated or implied that the government cannot use pen/trap devices that might collect any content at all. See In re Application of the United States, 2007 WL 3036849, at *8-9 (S. D. Tex. 2007) ("[T]he Pen Register Statute does not permit the Government simply to minimize the effects of its collection of unauthorized content, but instead prohibits the collection of content in the first place."); In re Application of United States, 416 F. Supp. 2d 13, 17 (D.D.C. 2006) ("[T]he Government must ensure that the process used to obtain information about email communications excludes the contents of those communications."). Courts have been particularly likely to take this position in the context of phone pen/trap devices that would collect "post-cut-through dialed digits" because this data can include content that cannot be separated out using reasonably available technology. See In re Applications of United States, 515 F. Supp. 2d 325, 339 (E.D.N.Y. 2007); In re Application of United States, 441 F. Supp. 2d 816, 827 (S.D. Tex. 2006); In re Application of United States, 2007 WL 3036849, at *8-*9 (S. D. Tex. 2007). Because this area of the law is developing rapidly, prosecutors or agents may have questions about current trends, and they may direct any such questions to [] CCIPS" [Search Seizure 2009 p 156]

Cost Recovery: Service providers shall be paid for their troubles. 18 U.S.C. § 3124(c). [But see CALEA]

Reporting Requirement: In instances where officers install their own device, the officers must comply with the reporting requirement, keeping a record of the officers who installed and have access to the device, the date and time the devices was installed and uninstalled, the configuration of the device, and the information collected by the device. 18 U.S.C. § 3123(a)(3). This information must be provided to the court under seal within 30 days of the termination of the order.

The Attorney General must also report to Congress annually on the number of pen register and trap and traces applied for. 18 U.S.C. § 3126

The Pen/Trap Statute and Cell-Site Information

Derived From: Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations Computer Crime and Intellectual Property Section, Criminal Division, DOJ, p 158 (2009) (Remember: This is a rendition of the state of the law from law enforcement and reflects their views)

Cell-site data identifies the antenna tower and, in some cases, the 120- degree face of the tower to which a cell phone is connected at the beginning and end of each call made or received by a cell phone. "These towers can be up to 10 or more miles apart in rural areas and may be up to a half-mile or more apart even in urban areas." In re Application of United States, 405 F. Supp. 2d 435, 449 (S.D.N.Y. 2005). Thus, at best, this data reveals the neighborhood in which a cell phone user is located at the time a call starts and at the time it terminates; it does not provide continuous tracking and is not a virtual map of a cell phone user's movements. Despite its relative lack of precision, cell-site information is an important investigatory tool that can help law enforcement determine where to establish physical surveillance and locate kidnapping victims, fugitives, and targets of criminal investigations. This section discusses using the combined authority of the Pen/Trap statute and 18 U.S.C. § 2703(d) to obtain prospective cell-site data. For a discussion of how to obtain historical cell-site data, see Chapter 3.

In most districts, investigators may obtain prospective cell-site information through an application that satisfies both the Pen/Trap statute and 18 U.S.C. § 2703(d). The rationale behind this "hybrid" use of the Pen/Trap statute and § 2703(d) is as follows. Cell-site data is "dialing, routing, addressing, or signaling information," and therefore 18 U.S.C. § 3121(a) requires the government to obtain a pen/trap order to acquire this information. However, the Communications Assistance for Law Enforcement Act of 1994 ("CALEA") precludes the government from relying "solely" on the authority of the Pen/ Trap statute to obtain cell-site data for a cell phone subscriber. 47 U.S.C. § 1002(a). Thus, some additional authority is required to obtain prospective cellsite information. Section 2703(d) provides this authority because, as discussed in Chapter 3, supra, it authorizes the government to use a court order to obtain all non-content information pertaining to a customer or subscriber of an electronic communication service.

When seeking a hybrid order for prospective cell-site information, prosecutors must satisfy the requirements of both the Pen/Trap statute and 18 U.S.C. § 2703(d). This application should contain: (i) a government attorney's affirmation "that the information likely to be obtained is relevant to an ongoing criminal investigation," 18 U.S.C. § 3122, and (ii) a further demonstration by the government attorney of "specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation." 18 U.S.C. § 2703(d). Hybrid orders otherwise generally follow the procedures for pen/trap orders.

District courts and magistrate judges have split on whether hybrid orders may be used to compel disclosure of prospective cell-site information. Compare In re Application of United States, 2008 WL 5082506 (E.D.N.Y. 2008) (upholding hybrid orders for cell-site information), In re Application of United States, 460 F. Supp. 2d. 448, 462 (S.D.N.Y. 2006) (same), and In re Application of United States, 433 F. Supp. 2d 804, 806 (S.D. Tex. 2006) (same), with In re Application of United States, 416 F. Supp. 2d 390, 396-97 (D. Md. 2006) (rejecting hybrid orders), and In re Application of United States, 396 F. Supp. 2d 294, 327 (E.D.N.Y. 2005) (same). Courts that have rejected hybrid orders for prospective cell-site information have generally required the government to obtain a warrant to compel its disclosure. See, e.g., In re Application of United States, 416 F. Supp. 2d at 397. Most of these courts have not held that a warrant is constitutionally required to obtain prospective cell-site information. Instead, they have held that as a matter of statutory construction, the Pen/Trap statute and 18 U.S.C. § 2703(d) cannot be used to obtain prospective cellsite information, and that Rule 41 can be used because it "governs any matter in which the government seeks judicial authorization to engage in certain investigative activities." In re Application of United States, 396 F. Supp. 2d at 322. []

Trap and Trace Order, Example

Derived From: Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations Computer Crime and Intellectual Property Section, Criminal Division, DOJ, p 235 (2009) (Remember: This is a rendition of the state of the law from law enforcement and reflects their views)