Академический Документы
Профессиональный Документы
Культура Документы
When the government wants to record or monitor your private communications as they
happen, it has three basic options, all of which we'll cover in-depth: it can install a hidden
microphone or "bug" to eavesdrop on your conversation; it can install a "wiretap" to
capture the content of your phone or Internet communications as they happen; or it can
install a "pen register" and a "trap and trace device" to capture dialing and routing
information indicating who you communicate with and when. In this section, we'll lay out
the legal rules for when the government can conduct these types of surveillance, and look
at some statistics to help you gauge the risk of having your communications targeted.
Wiretapping
Wiretapping By The Government is Strictly Regulated
When it comes to secretly eavesdropping on your conversations whether you're
talking in private or public, on the phone or face to face, by email or by instant messenger
no one's got better funding, equipment or experience than the government. They are
capable of "bugging" you by using tiny hidden microphones that they've installed in your
home, office, or anywhere else that you have private conversations. They can also bug
you from long distances or through windows using high-powered microphones, or even
laser microphones that can hear what you say by sensing the vibrations of your voice on
the window's glass. They can put a "wire" or a small hidden microphone on an informant
or undercover police officer to record their conversations with other people. Or they can
conduct a "wiretap," where they tap into your phone or computer communications.
Use of these investigative techniques is regulated by very strong laws that protect the
privacy of your communications against any eavesdropper, including law enforcement,
and we'll describe those below. (Another set of laws regulating surveillance for foreign
intelligence and national security purposes will be discussed later.)
However, it's important to note at the outset that the government has been known to break
these laws and spy on communications without going to a judge first, usually in the name
of national security. Indeed, as was first revealed in December 2005, since 9/11 the
National Security Agency (NSA) has been conducting a massive and illegal program to
wiretap the phone calls and emails of millions of ordinary Americans without warrants,
hoping to discover terrorists by sifting through the mounds of data using computers (for
more details, see EFF's NSA Spying page and the Beyond FISA section of this guide).
One might hope that the information collected as part of the NSA's dragnet surveillance
will only be used against real terrorists, but there's no guarantee, particularly when there's
no court oversight. And we don't have any hard data about how the NSA actually uses
that information, with whom it is shared, or how long it is stored. So, although
communications that have been illegally wiretapped by the NSA are unlikely to be used
against you in a criminal trial the Fourth Amendment's exclusionary rule would likely
disallow it there's no knowing whether it might be used against you in the future in
some other way.
Therefore, regardless of the strengths of the laws described below, you should consider
wiretapping to be a high risk, unless and until the NSA program is stopped by
Congressional action or a successful lawsuit. EFF is currently suing the government and
the individual officials responsible for the NSA program (see
http://www.eff.org/cases/jewel), as well as AT&T, one of the companies assisting in the
illegal surveillance (see http://www.eff.org/nsa/hepting), to try and stop the surveillance.
According to the Wiretap Act, it's a crime for anyone that is not a party to a
communication anyone that isn't one of the people talking, listening, writing, reading,
or otherwise participating in the communication to intercept the communication,
unless at least one of the parties to the communication has previously consented to
(agreed to) the interception. Many state wiretap laws require all parties to consent, but
those laws control state and local police, not the feds. If the police want to intercept an
oral, wire, or electronic communication to which they are not a party and for which they
have no consent, they have to get a wiretap order. Of course, an undercover police officer
or informant that is talking to you while wearing a wire is a party to the conversation and
has consented to the interception.
Privacy tip: Wiretapping and public websites, newsletters, and message boards
The police do not need to get a wiretap order to read your organization's website, sign up
for your email newsletter, visit your public MySpace or Facebook profile or pose as a
member in an Internet chat room. Since those are all open to the public, you're allowing
the police to become a party to those communications.
find that normal investigative techniques have failed, appear unlikely to succeed, or
would be too dangerous.
The wiretap order, if issued, will almost always require the cooperation of some other
person for it to be carried out. For example, the police can make your landlord let them
into your apartment to install a bug, or, more often, force your ISP or phone company to
help them intercept your phone or Internet communications. The wiretap order will
include a "gag order" prohibiting anyone who cooperated with the police from telling you
or anyone else about the wiretap.
It's important to note that when it comes to tapping your Internet or phone
communications, third parties like your ISP or your phone company can act as an
important check on police abuse. In general, the police need their cooperation, and most
will not cooperate unless there is a valid wiretap order requiring them to (otherwise, they
could be violating the law themselves). However, as AT&T and other companies'
cooperation in the NSA's illegal wiretapping shows, these companies can never be a
perfect check against government abuse, particularly when the government cites national
security as its goal.
Although law enforcement can intercept your communications without your knowledge,
they generally have to tell you about it when they are done. A wiretap order initially lasts
for 30 days, and investigators can obtain additional 30-day renewals from the court if
they need more time. But after the interception is completed and the wiretap order
expires, an inventory must be issued to the person(s) named in the wiretap order and, as
the judge may require, to other persons whose communications were intercepted.
Wiretap Statistics
How Big is The Risk?
A wiretap is an incredibly powerful surveillance tool. A single wiretap can invade the
privacy of dozens or even hundreds of people. Fortunately, wiretaps in criminal
investigations are pretty rare. Here are some numbers to keep in mind when calculating
the risk of government wiretaps to you or your organization, according to the 2007
Wiretap Report to Congress from the Administrative Office of U.S. Courts:
In 2007, according to the report, 2,208 applications for wiretap orders were
submitted to state and federal courts. 457 were in federal cases, the rest state. The
courts granted every application, and of the 2,208 authorized wiretaps, 2,119 of
them were installed.
Although it may appear that the number of federal wiretaps has been steadily
dropping since 2004, in contrast to the sharp rise in state wiretaps, the truth is
much more troubling. According to the latest report, the U.S. Department of
Justice has in recent years declined to provide information about all of its wiretap
activity for the report, in order to protect "sensitive and/or sealed" information.
The Department of Justice admits that if it did provide all of that information,
however, the 2007 report "would not reflect any decrease in the use of courtapproved electronic surveillance" by U.S. agencies. So, the feds aren't
wiretapping any less they're just being even more secretive about it and
presumably the number of federal wiretaps is growing at the same rate as the state
number.
On average, according to the report, each installed wiretap intercepted over 3,000
separate communications.
On average, according to the report, each installed wiretap intercepted the
communications of 94 different people. In other words, the 2,119 installed
wiretaps reported in 2007 intercepted the communications of nearly two hundred
thousand people!
Nearly 95% of the 2,119 wiretap installations reported in 2007 were for the
interception of wire communications that is, taps on phones rather than for
interception of electronic communications. It's doubtful that the federal authorities
have been fully forthcoming on this point they reported only one (!) wiretap of
electronic communications and only three wiretaps that collected a combination
of wire and electronic communications but it's clear that telephone wiretaps are
still much more prevalent than Internet wiretaps. One major reason for this is that
the government has another way of getting at your Internet communications,
under less strict legal requirements: by obtaining stored copies of your
communications from your ISP or your email provider, as described in the next
section, Information Stored By Third Parties. Oral intercepts through the
bugging of your home or car or office, for example are also quite rare. You're
more likely to have your oral conversations intercepted by an undercover agent or
informant wearing a hidden microphone, since such conduct does not require a
wiretap order.
Wiretaps by type of communication intercepted:
what they intercepted, and aren't required to notify the targets of the surveillance when it
has ended.
With a pen/trap tap on your phone, the police can intercept:
That information is revealing enough on its own. But pen/traps aren't just for phones
anymore thanks the USA PATRIOT Act, the government can now use pen/trap orders
to intercept information about your Internet communications as well. By serving a
pen/trap order on your ISP or email provider, the police can get:
All email header information other than the subject line, including the email
addresses of the people to whom you send email, the email addresses of people
that send to you, the time each email is sent or received, and the size of each
email that is sent or received.
Your IP (Internet Protocol) address and the IP address of other computers on the
Internet that you exchange information with, with timestamp and size
information.
The communications ports and protocols used, which can be used to determine
what types of communications you are sending using what types of applications.
Although we don't think the statute allows it, the police might also use pen/trap
taps to get the URLs (web addresses) of every website you visit, allowing them to
track what you are reading when you surf the web. The Department of Justice's
apparent policy on this score is to collect information about what site you are
visiting e.g., "www.eff.org" using pen/trap taps, but to obtain a wiretap
order before collecting information about what particular page or file you are
visiting e.g., "www.eff.org/nsa". However, there's no way to confirm that
federal authorities actually follow this policy in all cases, and serious doubt as to
whether state authorities do.
(If you are confused by terms like "IP addresses" and "communications ports and
protocols", you may want to take a quick look at our very basic explanation of how the
Internet works.)
Pen/trap taps enable what the security experts call traffic analysis. That's when an
attacker tries to discover information about an asset by analyzing how it moves. For
example, if your organization is working with another organization and you need to keep
the relationship confidential, traffic analysis of your Internet communications could
reveal the connection and show who you emailed, who you instant messaged with, what
web sites you visited, and what online forums you posted to. It could also show when
those communications occurred and how big they were.
For the government, the usual goal of a pen/trap tap is to identify who you are
communicating with and when. In particular, individuals can often be identified based on
the IP address assigned to their computer. IP addresses are generally allotted in batches,
semi-permanently, to institutions such as universities, Internet service providers (ISPs),
and businesses. Depending how the institution distributes its IP address allotment, it may
be more or less difficult to link specific computers, and users, to certain IP addresses. It is
often surprisingly easy. ISPs often keep detailed logs about IP address allotment, and as
we'll discuss later, those logs are easy for the government to get using a subpoena.
Similarly, if the government is collecting email addresses with a pen/trap, it's easy for
them to go to the email provider and subpoena the identity of the person who registered
that address.
Another purpose of pen/trap taps is to access information about your cell phone's location
in real-time. When your handset is powered on, it connects to nearby cell towers to signal
its proximity, so that the towers can rapidly route a call when it comes through. Law
enforcement can use pen/trap devices to monitor these connections, or "pings", to
pinpoint the physical location of the handset, sometimes within a few meters. And
although Congress has made clear that pen/trap orders alone cannot be used to authorize
this sort of location surveillance, it hasn't yet clarified what type of court order would
suffice. So, although many courts have chosen to require warrants for location tracking,
others have not, and the government has routinely been able to get court authorization for
such tracking without probable cause.
As already noted, court authorization for a pen/trap tap is much easier to get than a
wiretap order. We don't know how many pen/trap orders get issued every year
unfortunately, there is no annual report on pen/trap surveillance like there is for
wiretapping but we have heard unofficial numbers that reach into the many tens of
thousands. Therefore, the risk of being subjected to pen/trap surveillance is higher than
the risk of being wiretapped.