ECPA: Law Enforcement:
Non Content

Beyond content in transmission and that is stored, there is non-content information including basic subscriber information and transactional information. In the telephone network, subscriber list information is the stuff you see in the phone book: name, address, phone number. [CPNI] This would be information an ISP might have in the account of a particular subscriber. The rule is that an ISP can disclose non-content information to anyone except the government. 18 U.S.C. § 2702(a)(3), (c)(5). [Jessup] The government needs proper legal authority (a subpoena or court order) or consent of the subscriber. The government must identify itself to the ISP as “The Man.” In the McVeigh case, the government failed to identify itself to AOL as the government and failed to have either legal authority or consent of McVeigh.

Transactional Information: Pen Registers & Trap and Trace

Law enforcement officers may seek to receive transactional information about the communication, or they may seek to receive the communication, the message, itself. Generally, the actual content of a communications receives greater protection than information about the transaction of a communication.

A "pen register" is defined as a device or process which records or decodes dialing, routing, addressing, or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted, provided, however, that such information shall not include the contents of any communication . . . . 18 U.S.C. § 3127(3). A "trap and trace device" is defined as a device or process which captures the incoming electronic or other impulses which identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication, provided, however that such information shall not include the contents of any communication. 18 U.S.C. § 3127(4).

Transactional information does not reveal the message of the communication but more generally provides information that the communication took place. These are known as pen register, or trap and trace records. 18 U.S.C. §§ 3121-27. Pen registers traditionally recorded "the number dialed on a telephone line" and trap and trace devices "capture incoming electronic impulses that identify the originating number." [Electronic Frontier] [Hill 1195-96] The Patriot Act clarified that law enforcement offices may also seek all "dialing, routing, addressing, or signaling information" including email addresses, inbound FTP connections, or the location from which a remote user is logging in. 18 U.S.C. § 3121(c). [DOJ US Attorney's Manual Title 9-7.500 Electronic Surveillance: Prior Consultation with the Computer Crime and Intellectual Property Section of the Criminal Division (CCIPS) for Applications for Pen Register and Trap and Trace Orders Capable of Collecting Uniform Resource Locators (URLs)] [H.R. Rep. No. 103-827, at 10, 17, 31] [Allen 409] Transactional information would not include the subject line of an email. 18 U.S.C. § 2510(8).

In the old network, transactional information could be acquired by attaching a device to the network. In the new network, the Patriot Act made clear that a trap and trace device could be “attached or applied;” in other words, law enforcement officials can gain access to software and computer processing. [See Carnivore, CALEA]

Transactional information may be obtained pursuant to a court order. 18 U.S.C. § 3123. [Search & Seizure Manual Appendix D] The law enforcement official must represent to the Court “that the information likely to be obtained by such installation and use is relevant to an ongoing criminal investigation.” 18 U.S.C. § 3123(a). Court orders shall specify

• The name of subscriber;
• The name of the person who is the target of the investigation and what the criminal offense is; and
• The identification of the communication to be watched, such as the phone number or other identifier.

18 U.S.C. § 3123(b)(1). A court order must specify the initial service provider but it need not specify subsequent providers. 18 U.S.C. § 3123(b)(1)(A). Subsequent providers may request certification that the order applies to that provider, and the law enforcement officer is obligated to provide it. 18 U.S.C. § 3123(a)(1).

DOJ has reported that it’s new pen register/trap and trace authority “was employed in the investigation of the murder of journalist Daniel Pearl to obtain information that proved critical to identifying some of the perpetrators.” [Jamie Brown]

Pen Registers for email have been found to be constitutional. [Forrester (9th Cir)]

Emergency: In the event of an emergency, law enforcement officers can act first and ask later. 18 U.S.C. § 3125. Law enforcement officers can make emergency requests where there is

(A) immediate danger of death or serious bodily injury to any person; or

(B) conspiratorial activities characteristic of organized crime,

(C) an immediate threat to a national security interest; or

(D) an ongoing attack on a protected computer (as defined in section 1030) that constitutes a crime punishable by a term of imprisonment greater than one year

that requires the installation and use of a pen register or a trap and trace device before an order authorizing such installation and use can, with due diligence, be obtained, and

(2) there are grounds upon which an order could be entered under this chapter to authorize such installation and use;

The law enforcement officer must apply for the court order within 48 hours. Exactly how the law enforcement officers deliver the good news to the service provider is not clear but DOJ documents suggest that a phone call would suffice. [Patriot Act 2001] This authority ends when the stuff needed is nabbed or when the 48 hours has expired without having the application for a court order approved. 18 U.S.C. § 3125(b). Service providers, landlords, and others who furnish facilities or assistance pursuant in these situations shall be reasonably compensated for their trouble. 18 U.S.C. § 3125(d).

See also ECPA ISP :: Time of Emergency
See also Law Enforcement: Times of Emergency.

Geographic Scope: Court orders issued by federal court may be executed anywhere in the United States. 18 U.S.C. § 3123(a)(1); 18 U.S.C. § 3127(2). Court orders issued by states are good only within that state. 18 U.S.C. § 3123(a)(2).

Time Limit: These Court orders are good for 60 days and can be extended for an additional sixty-day periods. 18 U.S.C. § 3123(c).

Gag Rule: A court order shall direct the service provider to keep it quiet. The service provider is not permitted to disclose “the existence of the pen register or trap and trace device or the existence of the investigation” unless directed to do so by the court. 18 U.S.C. § 3123(d).

Installation: The court order shall tell the service provider that they get to help the law enforcement officials out with the pen register or trap and trace. 18 U.S.C. § 3124. In instances where officers install their own device, they must use "technology reasonably available to it" in order to avoid intercepting the contents of the communication. 18 U.S.C. § 3121(c). [See Carnivore, CALEA]

Cost Recovery: Service providers shall be paid for their troubles. 18 U.S.C. § 3124(c). [But see CALEA]

Reporting Requirement: In instances where officers install their own device, the officers must comply with the reporting requirement, keeping a record of the officers who installed and have access to the device, the date and time the devices was installed and uninstalled, the configuration of the device, and the information collected by the device. 18 U.S.C. § 3123(a)(3). This information must be provided to the court under seal within 30 days of the termination of the order.

Last Updated: Jan 2004