Protection from prying NSA eyes

A (Classified) proposal

Boost IT visibility and business value

The law has always recognised a distinction between listening in on the contents of a communication and just looking at data about the conversation. It is for that reason that the postal inspectors are allowed to put a "mail cover on mail to record the outside information without a warrant.

The US wiretap law, contained in Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (just called Title II for short) makes it illegal to intercept or disclose the contents of intercepted communications without an appropriate warrant, either for law enforcement purposes, or under the Foreign Intelligence Surveillance Act. For international telephone calls, the government has asserted that the inherent powers of the executive branch, or the 18 September, 2001 Authorisation for the Use of Military Force against those responsible for the attacks on the World Trade Centre, and the Pentagon as limited authority (or so they said at the time) to listen in on the contents of international communications if the President suspects (or more accurately, if some NSA employee suspects) that they are relevant to some terrorism investigation. This program was discussed previously.

Other US laws also regulate the improper disclosure of the contents of both telephone communications and electronic communications. These include the Electronic Communications Privacy Act (ECPA) and the Stored Communications Act. However, with the exception of the provisions of the SCA discussed below, these laws (like FISA and Title III) tend to focus on the contents of the communications – what was said or typed or emailed.

Wrapper information

So what if the government wants to know what telephone numbers you called, when you called them, and how long the calls lasted? The US Supreme Court, in a case called Smith v. Maryland in 1979 essentially said that the Fourth Amendment did not protect such data. You see, everybody knows, the Court reasoned, that the phone company keeps these records (unlike recording the contents of the communications). The Supreme Court noted:

"[W]e doubt that people in general entertain any actual expectation of privacy in the numbers they dial. All telephone users realise that they must 'convey' phone numbers to the telephone company, since it is through telephone company switching equipment that their calls are completed. All subscribers realise, moreover, that the phone company has facilities for making permanent records of the numbers they dial, for they see a list of their long-distance (toll) calls on their monthly bills. In fact, pen registers and similar devices are routinely used by telephone companies 'for the purposes of checking billing operations, detecting fraud, and preventing violations of law'...Electronic equipment is used not only to keep billing records of toll calls, but also 'to keep a record of all calls dialed from a telephone which is subject to a special rate structure'."

So, how could you expect this to be private? Even if YOU thought it might be private, the Supreme Court disabused you of this notion saying that you of course can't expect anything you give over to third parties (like the phone company) to be private. The court observed:

"When he used his phone, petitioner voluntarily conveyed numerical information to the telephone company and 'exposed' that information to its equipment in the ordinary course of business. In so doing, petitioner assumed the risk that the company would reveal to police the numbers he dialed. The switching equipment that processed those numbers is merely the modern counterpart of the operator who, in an earlier day, personally completed calls for the subscriber."

The problem with this analysis is its application then to the contents of, lets say emails or VoIP calls. You see, the contents of such communications are routinely "exposed" to the ISPs in the ordinary course of business. They are also routinely stored by the ISP as well – albeit for greater or shorter periods of time. While the laws noted above – mostly the ECPA and the SCA - protect the disclosure of these communications, applying the rationale of the Smith case apparently the Constitution of the United States wouldn't protect even these contents.

So does this mean that the numbers you call have no legal protection at all? Not so fast. Smith just decided that the Fourth Amendment didn't protect the numbers dialed. Congress stepped in and passed the Pen-register statute, which provided that it was illegal to install a "pen register" or "trap and trace" device (a device to record numbers dialed, etc.) without first obtaining a court order after a certification by a federal or state prosecutor, or under FISA.

However, these trap and trace statutes, either for national security under FISA or for criminal matters under the trap and trace statute, are more akin to a rifle than a shotgun. They are designed to obtain the calling records of a particular individual or small group of individuals, with a showing that the records are either relevant to a particular criminal investigation or anti-terrorism investigation. It is not designed to permit access to tens of thousands of such records (or millions) in the hope that they might later be helpful in some terrorism case. Besides, if there was a FISA warrant here, don't you think the government would have said so? It's pretty clear there was no trap and trace order, so the turning over the records was illegal, right? Not so fast. I love the law.

You see, there was no "trap and trace" or "pen register" installed on the phone company. In fact, the government did not even ask the phone company to create the massive databases which indicated what telephone numbers were dialed by whom and when. In fact, the phone company routinely does this on its own, for billing, call completion and anti-fraud purposes, and maybe even for load distribution, direct marketing, and other purposes as well. The law doesn't prohibit this. Indeed, the trap and trace law expressly states that it doesn't apply to a phone company or ISP's actions, "relating to the operation, maintenance, and testing of a wire or electronic communication service or to the protection of the rights or property of such provider, or to the protection of users of that service from abuse of service or unlawful use of service; or to record the fact that a wire or electronic communication was initiated or completed in order to protect such provider, another provider furnishing service toward the completion of the wire communication, or a user of that service, from fraudulent, unlawful or abusive use of service". Any lawyer with a subpoena can - and usually does – get copies of your phone bills. They are particularly useful to show things like adultery in divorce cases.

The Essential Guide to IT Transformation

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Sonos AXES support for Apple's iOS4 and 5
Want to use your iThing? You can't - it's too old
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Too many IT conferences to cover? MICROSOFT to the RESCUE!
Yet more word of cuts emerges from Redmond
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
prev story


Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.