sense of how they collect information
about government use. The critical
statutory regulations are the Wiretap
Act; the Pen Register Act; the Stored
Communications Act; the Foreign
Intelligence Surveillance Act (FISA);
and the different provisions for National Security Letters. The first three
laws concern the use of surveillance
for domestic purposes—that is, in the
context of ordinary criminal investigations. The last two statutes regulate
the use of surveillance for foreign intelligence purposes, such as counter-terrorism. And, in a nutshell, the most
public information is generated about
the U.S. government’s use of the Wiretap Act. Yet, this law in many ways has
become less important than other
telecommunications surveillance statutes, and we know far less about the
use of these other statutes.
Telecommunications Surveillance
for criminal investigations
A review of the legal basis for telecommunications surveillance starts, logically, with the Wiretap Act, which is
the oldest of the modern statutory authorities in this area. Enacted in 1968,
the Wiretap Act sets a high statutory
standard before the government can
“intercept” a “wire or oral communication.” It also requires the government to publish relatively detailed
data sets about its use. The Wiretap
Act assigns the task of collecting this
information to the Administrative Office of the United States Courts, which
then publishes the statistics. 1
ILLUs TRATIon By s TUAR T BRADFoRD
What is the problem then? The difficulty is that the Wiretap Act regulates only the capturing of the content
of messages contemporaneously with
their transmission. As an example of
its coverage, if law enforcement wish-es to intercept a telephone call as it is
occurring, the Wiretap Act will apply.
Yet, technological changes have created a variety of information that falls
outside the Wiretap Act, whether because it is “telecommunications attributes” rather than content, or stored
on a server. Telecommunications attributes are generally regulated by
the Pen Register Act, and information
stored on a server generally falls under
the Stored Communications Act. I will
consider each law in turn.
The Pen Register Act, as first en-
acted in 1986, regulated only access to
telephone numbers dialed from a specific phone, or received by it. Today,
the Pen Register Act, as amended by
the Patriot Act in 2001, more broadly
regulates access to “dialing, routing,
addressing, or signaling information.” Examples of such information
are IP addresses and email addressing information.
all, the situation is reminiscent of the
anarchic administrative conditions
prior to the New Deal’s creation of
the Federal Register and other means
for the orderly publication of governmental records.
As a further shortcoming, pen register reports only list federal collection
of information pursuant to the law. If
use of the Pen Register Act follows the
Like the Wiretap Act, the Pen Register Act requires collection of information about its use. Yet, reports pursuant to it are far less detailed than
those under the Wiretap Act, and the
U.S. government does not make them
publicly available. And perhaps the
greatest surprise is that Congress has
shown scant interest in even ensuring it actually receives the information to which it is statutorily entitled
from the Department of Justice. Over-
pattern of the Wiretap Act, however,
states are now engaging in far greater
use of their authority than are federal
law enforcement authorities.
The third statutory authority for
telecommunications surveillance is
the Stored Communications Act. This
statute is particularly significant today
because so many kinds of telecommunications occur in asynchronous fashion. For example, sending an email
message may be the most prevalent