Judge Orenstein foundh that a cellphone was in fact a tracking device,
and that a showing of probable cause
was necessary to obtain prospective
cell site data. On Sept. 7, 2010 the United States Court of Appeals for the Third
Circuit upheld a lower court’s opinion
that a cellular telephone was in fact a
tracking device, and further ruled that
it is within a magistrate judge’s discretion to require a showing of probable
cause before granting a request for historical cell site data.i
CALEA and the USA PATRIOT Act.
Clearly the information made available by the cellular architecture has
motivated law enforcement to pursue
it. And having gotten used to this massive source of personal information,
law enforcement would like to keep the
data conduits open. The development
and commercialization of new telephone technologies in the 1980s and
1990s caused concern that less sur-veillance-friendly architectures were
becoming the norm. This prompted
law enforcement to ask Congress for
legislation that would require service
providers to provide a common means
for surveillance regardless of the technology in use. The Director of the FBI
made the point quite clearly in testimony before Congress:
The purpose of this legislation, quite
simply, is to maintain technological capabilities commensurate with existing
statutory authority; that is, to prevent
advanced telecommunications technology from repealing, de facto, statutory
authority now existing and conferred to
us by the Congress.
Former FBI Director Louis Freeh18
The result of this effort—the Communications Assistance for Law Enforcement Act (CALEA4)—was passed
on the last night of the 1994 congressional session. CALEA requires that service providers “facilitat[e] authorized
communications interceptions and
access to call-identifying information
unobtrusively and with a minimum of
interference with any subscriber’s tele-
h 384 F. Supp.2d 562 (E.D.N. Y. 2005)
communications service.”j
Perhaps the most significant im-
pact of CALEA on cellular systems will
be through its amended provisions
affecting voice-over-IP (VoIP). Under
CALEA, VoIP service providers cannot
release IP calls to travel freely between
subscriber terminal adapters; instead,
the service provider must anchor most
calls, creating a fixed point that must
be traversed by call packets in both di-
rections.k Upon the presentation of an
appropriate warrant, a duplicate call
stream is generated at this fixed point
and passed to a law enforcement agen-
cy. Such restrictions will almost cer-
tainly apply to 4G cellular platforms,
which will implement all-IP solutions
for voice and data.l
Several of the provisions of the USA
PATRIOT Actm also have current and fu-
ture implications for cellular systems.
The PATRIOT Act amended much of
the legislation discussed earlier,n the
following provides a brief summary of
a few key elements.
˲ ˲ Section 204 amended Title II of the
ECPA so that stored voicemail can be
obtained by the government through a
search warrant rather than through the
more stringent process of obtaining a
wiretap order.o
˲ ˲ Section 216 expanded the pen reg-
ister and trap and trace provisions of
the ECPA to explicitly cover the context
j 47 U.S.C. Section 1002(a)
k The fixed point often takes the form of a Ses-
sion Border Controller (SBC). See, for exam-
ple, The Benefits of Router-Integrated Session
Border Control, White paper, Juniper Net-
works, http://www.juniper.net/us/en/local/pdf/
whitepapers/2000311-en.pdf and http://tools.
ietf.org/html/draft-ietf-sipping-sbc-funcs-00.
l For a discussion of potential vulnerabilities of
CALEA monitoring systems, see Pfitzmann et
al. 35 and Sherr et al. 41
m Uniting and Strengthening America by Provid-
ing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001, signed
into law Oct. 26, 2001.
n A detailed discussion can be found at http://
epic.org/privacy/terrorism/usapatriot/#history.
Many of the provisions discussed here had as-
sociated sunset clauses, but as recently as Mar.
1, 2010, Congress has continued to provide ex-
tensions to these clauses.
of Internet traffic. The URLs visited
from a cellular platform, for example,
thus receive the low level of protection
provided by Title III of the ECPA.
˲ ˲ Section 217 permits government
interception of the “communications
of a computer trespasser” if the owner
or operator of a “protected computer”
authorizes the interception.
The last of the provisions, commonly referred to as the “computer trespasser” provision, has caused concern as it
appears to allow interception of all traffic through intermediate routers and
switches if the owners of the equipment
authorize the interception. This could,
for example, include all traffic through
a gateway GPRS support node—the interface between 3G cellular networks
and the Internet. Given that the service
providers have been granted immunity
from lawsuits filed in response to their
cooperation with intelligence agencies, 27 this provision was particularly
troubling to some privacy advocates.p
It should be noted that some researchers have argued that the PATRIOT Act has simply clarified existing
policy. Orin Kerr, for example, has provided a detailed argument that “none
of the changes altered the basic statutory structure of the Electronic Communications Privacy Act of 1986.” 26
The Right to Market. Thus far, I have
focused on the laws and regulations
that limit law enforcement’s access
to the data collected by cellular service providers. But what of the service
providers themselves? A quick tour
through some recent case law is interesting in that it shows how the carriers
view their right to use this information, and the commercial value that
they place on it. In what follows there
will be two basic questions: Are the carriers limited in how they may use the
data for their own marketing? Are they
limited in their ability to sell the data to
third parties?
On January 3, 1996 Congress
passed the Telecommunications Act
of 1996, the first major restructuring
of telecom law since 1934. Section
222 of the Act states that “[e]very telecommunications carrier has a duty
to protect the confidentiality of proprietary information of, and relating
p See, for example, http://epic.org/privacy/ter-rorism/usapatriot/.