Вы находитесь на странице: 1из 9

What Can the Government Do?

When the government wants to record or monitor your private communications as they
happen, it has three basic options, all of which we'll cover in-depth: it can install a hidden
microphone or "bug" to eavesdrop on your conversation; it can install a "wiretap" to
capture the content of your phone or Internet communications as they happen; or it can
install a "pen register" and a "trap and trace device" to capture dialing and routing
information indicating who you communicate with and when. In this section, we'll lay out
the legal rules for when the government can conduct these types of surveillance, and look
at some statistics to help you gauge the risk of having your communications targeted.

Wiretapping
Wiretapping By The Government is Strictly Regulated
When it comes to secretly eavesdropping on your conversations whether you're
talking in private or public, on the phone or face to face, by email or by instant messenger
no one's got better funding, equipment or experience than the government. They are
capable of "bugging" you by using tiny hidden microphones that they've installed in your
home, office, or anywhere else that you have private conversations. They can also bug
you from long distances or through windows using high-powered microphones, or even
laser microphones that can hear what you say by sensing the vibrations of your voice on
the window's glass. They can put a "wire" or a small hidden microphone on an informant
or undercover police officer to record their conversations with other people. Or they can
conduct a "wiretap," where they tap into your phone or computer communications.
Use of these investigative techniques is regulated by very strong laws that protect the
privacy of your communications against any eavesdropper, including law enforcement,
and we'll describe those below. (Another set of laws regulating surveillance for foreign
intelligence and national security purposes will be discussed later.)
However, it's important to note at the outset that the government has been known to break
these laws and spy on communications without going to a judge first, usually in the name
of national security. Indeed, as was first revealed in December 2005, since 9/11 the
National Security Agency (NSA) has been conducting a massive and illegal program to
wiretap the phone calls and emails of millions of ordinary Americans without warrants,
hoping to discover terrorists by sifting through the mounds of data using computers (for
more details, see EFF's NSA Spying page and the Beyond FISA section of this guide).
One might hope that the information collected as part of the NSA's dragnet surveillance
will only be used against real terrorists, but there's no guarantee, particularly when there's
no court oversight. And we don't have any hard data about how the NSA actually uses
that information, with whom it is shared, or how long it is stored. So, although
communications that have been illegally wiretapped by the NSA are unlikely to be used

against you in a criminal trial the Fourth Amendment's exclusionary rule would likely
disallow it there's no knowing whether it might be used against you in the future in
some other way.
Therefore, regardless of the strengths of the laws described below, you should consider
wiretapping to be a high risk, unless and until the NSA program is stopped by
Congressional action or a successful lawsuit. EFF is currently suing the government and
the individual officials responsible for the NSA program (see
http://www.eff.org/cases/jewel), as well as AT&T, one of the companies assisting in the
illegal surveillance (see http://www.eff.org/nsa/hepting), to try and stop the surveillance.

Wiretapping Law Protections


Wiretapping Law Protects "Oral," "Wire," and "Electronic" Communications Against
"Interception"
Before 1967, the Fourth Amendment didn't require police to get a warrant to tap
conversations occurring over phone company lines. But that year, in two key decisions
(including the Katz case), the Supreme Court made clear that eavesdropping bugging
private conversations or wiretapping phone lines counted as a search that required a
warrant. Congress and the states took the hint and passed updated laws reflecting the
court's decision and providing procedures for getting a warrant for eavesdropping.
The federal wiretap statute, originally passed in 1968 and sometimes called "Title III" or
the Wiretap Act, requires the police to get a wiretap order often called a "superwarrant" because it is even harder to get than a regular search warrant before they
monitor or record your communications. One reason the Fourth Amendment and the
statute give us more protection against government eavesdropping than against physical
searches is because eavesdropping violates not only the targets' privacy, but the privacy
of every other person that they communicate with.
The Supreme Court has also said that since eavesdropping violates so many individuals'
privacy, the police should only be allowed to bug or wiretap when investigating very
serious crimes. So, the Wiretap Act contains enumerated offenses that is, a list of
crimes that are the only ones that can be investigated with a wiretap order.
Unfortunately, Congress has added so many crimes to that list in the past 30 years that
now practically any federal felony can justify a wiretap order.
The Wiretap Act requires the police to get a wiretap order whenever they want to
"intercept" an "oral communication," an "electronic communication," or a "wire
communication." Interception of those communications is commonly called electronic
surveillance.
An oral communication is your typical face-to-face, in-person talking. A communication
qualifies as an oral communication that is protected by the statute (and the Fourth

Amendment) if it is uttered when you have a reasonable expectation that your


conversation won't be recorded. So, if the police want to install a microphone or a "bug"
in your house or office (or stick one outside of a closed phone booth, like in the Katz
case), they have to get a wiretap order. The government may also attempt to use your own
microphones against you for example, by obtaining your phone company's
cooperation to turn on your cell phone's microphone and eavesdrop on nearby
conversations.
A wire communication is any voice communication that is transmitted, whether over the
phone company's wires, a cellular network, or the Internet. You don't need to have a
reasonable expectation of privacy for the statute to protect you, although radio broadcasts
and other communications that can be received by the public are not protected. If the
government wants to tap any of your phone calls landline, cellphone, or Internet-based
it has to get a wiretap order.
An electronic communication is any transmitted communication that isn't a voice
communication. So, that includes all of your non-voice Internet and cellular phone
activities like email, instant messaging, texting and websurfing. It also covers faxes and
messages sent with digital pagers. Like with wire communications, you don't need to
have a reasonable expectation of privacy in your electronic communications for them to
be protected by the statute.
Privacy tip: Voice communications have more legal protection.
Under the Wiretap Act, although a wiretap order is needed to intercept your email and
other electronic communications, only your oral and wire communications that is,
voice communications are covered by the statute's exclusionary rule. So, for example,
if your phone calls are illegally intercepted, that evidence can't be introduced against you
in a criminal trial, but the statute won't prevent the introduction of illegally intercepted
emails and text messages.
An interception is any acquisition of the contents of any oral, wire, or electronic
communication using any mechanical or electronic device for example, using a
microphone or a tape recorder to intercept your oral communications, or using computer
software or hardware to monitor your Internet and phone communications. Wiretap law
does not protect you from government eavesdroppers that are just using their ears.
Although the government may get a super-warrant to "intercept" your communications, it
is not allowed to prevent your communications from occurring. For example, the
government can't prevent your calls from being connected, block your emails and their
attachments, or otherwise interfere with your communications based on an intercept
order. In fact, if their goal is to gather intelligence on you by tapping your
communications, it will not be in their best interest to interfere in your communications
and possibly tip you off to their surveillance, which might prompt you to use another
communications method that may be more difficult to tap.

According to the Wiretap Act, it's a crime for anyone that is not a party to a
communication anyone that isn't one of the people talking, listening, writing, reading,
or otherwise participating in the communication to intercept the communication,
unless at least one of the parties to the communication has previously consented to
(agreed to) the interception. Many state wiretap laws require all parties to consent, but
those laws control state and local police, not the feds. If the police want to intercept an
oral, wire, or electronic communication to which they are not a party and for which they
have no consent, they have to get a wiretap order. Of course, an undercover police officer
or informant that is talking to you while wearing a wire is a party to the conversation and
has consented to the interception.
Privacy tip: Wiretapping and public websites, newsletters, and message boards
The police do not need to get a wiretap order to read your organization's website, sign up
for your email newsletter, visit your public MySpace or Facebook profile or pose as a
member in an Internet chat room. Since those are all open to the public, you're allowing
the police to become a party to those communications.

Getting a Court Order Authorizing a


Wiretap
It Isn't Easy
The requirements for getting a wiretap order from a judge are very strict. The Wiretap Act
(and similar state statutes) requires law enforcement to submit a lengthy application that
contains a full and complete statement of facts about (1) the crime that has been, is being,
or is about to be committed and (2) the place, like your house or office, and/or the
communications facilities, like those of your phone company or ISP, from which the
communications are to be intercepted. The government must also submit a particular
description of (3) the communications sought to be intercepted and (4) the identity of the
persons committing the crime (if known) and of the persons whose communications are
to be intercepted. Finally, the government must offer 5) a full and complete statement of
whether other investigative procedures have been tried and have failed or why they
appear unlikely to succeed or are too dangerous, (6) a full and complete statement of the
period of time for which the interception is to be maintained, and (7) a full and complete
statement about all previous wiretap applications concerning any of the same persons,
facilities, or places.
The court can then issue the wiretap order only if it finds probable cause to believe that
(1) a person is committing an enumerated offense (one of the crimes listed in the Wiretap
Act); (2) communications concerning that crime will be obtained through the
interception; and (3) the facilities from which the communications are to be intercepted
are being used in connection with the commission of the offense. The court must also

find that normal investigative techniques have failed, appear unlikely to succeed, or
would be too dangerous.
The wiretap order, if issued, will almost always require the cooperation of some other
person for it to be carried out. For example, the police can make your landlord let them
into your apartment to install a bug, or, more often, force your ISP or phone company to
help them intercept your phone or Internet communications. The wiretap order will
include a "gag order" prohibiting anyone who cooperated with the police from telling you
or anyone else about the wiretap.
It's important to note that when it comes to tapping your Internet or phone
communications, third parties like your ISP or your phone company can act as an
important check on police abuse. In general, the police need their cooperation, and most
will not cooperate unless there is a valid wiretap order requiring them to (otherwise, they
could be violating the law themselves). However, as AT&T and other companies'
cooperation in the NSA's illegal wiretapping shows, these companies can never be a
perfect check against government abuse, particularly when the government cites national
security as its goal.
Although law enforcement can intercept your communications without your knowledge,
they generally have to tell you about it when they are done. A wiretap order initially lasts
for 30 days, and investigators can obtain additional 30-day renewals from the court if
they need more time. But after the interception is completed and the wiretap order
expires, an inventory must be issued to the person(s) named in the wiretap order and, as
the judge may require, to other persons whose communications were intercepted.

Wiretap Statistics
How Big is The Risk?
A wiretap is an incredibly powerful surveillance tool. A single wiretap can invade the
privacy of dozens or even hundreds of people. Fortunately, wiretaps in criminal
investigations are pretty rare. Here are some numbers to keep in mind when calculating
the risk of government wiretaps to you or your organization, according to the 2007
Wiretap Report to Congress from the Administrative Office of U.S. Courts:

In 2007, according to the report, 2,208 applications for wiretap orders were
submitted to state and federal courts. 457 were in federal cases, the rest state. The
courts granted every application, and of the 2,208 authorized wiretaps, 2,119 of
them were installed.

Although it may appear that the number of federal wiretaps has been steadily
dropping since 2004, in contrast to the sharp rise in state wiretaps, the truth is

much more troubling. According to the latest report, the U.S. Department of
Justice has in recent years declined to provide information about all of its wiretap
activity for the report, in order to protect "sensitive and/or sealed" information.
The Department of Justice admits that if it did provide all of that information,
however, the 2007 report "would not reflect any decrease in the use of courtapproved electronic surveillance" by U.S. agencies. So, the feds aren't
wiretapping any less they're just being even more secretive about it and
presumably the number of federal wiretaps is growing at the same rate as the state
number.
On average, according to the report, each installed wiretap intercepted over 3,000
separate communications.
On average, according to the report, each installed wiretap intercepted the
communications of 94 different people. In other words, the 2,119 installed
wiretaps reported in 2007 intercepted the communications of nearly two hundred
thousand people!

"Roving" wiretap orders are especially powerful. Instead of being limited to


particular phone lines or Internet accounts, these orders allow the police to tap any
phone or computer that the suspect uses, even if it isn't specified in the order
itself. In 2007, 21 roving wiretap orders were reported by state authorities, mostly
in narcotics cases. The federal authorities didn't report any roving wiretaps, but
that doesn't mean they didn't use them; the Department of Justice likely thinks all
of its roving wiretaps were in cases too "sensitive" to warrant reporting.
Over 80% of all reported wiretap orders in 2007 were issued in drug
investigations.
Wiretap orders by crime:

Nearly 95% of the 2,119 wiretap installations reported in 2007 were for the
interception of wire communications that is, taps on phones rather than for
interception of electronic communications. It's doubtful that the federal authorities
have been fully forthcoming on this point they reported only one (!) wiretap of
electronic communications and only three wiretaps that collected a combination
of wire and electronic communications but it's clear that telephone wiretaps are
still much more prevalent than Internet wiretaps. One major reason for this is that
the government has another way of getting at your Internet communications,
under less strict legal requirements: by obtaining stored copies of your
communications from your ISP or your email provider, as described in the next
section, Information Stored By Third Parties. Oral intercepts through the
bugging of your home or car or office, for example are also quite rare. You're
more likely to have your oral conversations intercepted by an undercover agent or

informant wearing a hidden microphone, since such conduct does not require a
wiretap order.
Wiretaps by type of communication intercepted:

In conclusion, although the annual Wiretap Report is no longer as useful a gauge as it


once was due to the Department of Justice's recent withholding of information, it's still
clear that unless you're suspected of dealing drugs (or targeted for foreign intelligence
surveillance), the chances of you or your organization's phone lines being tapped are
fairly low, and the chances of your Internet communications being tapped are even lower.
But remember, you don't have to be a suspect to end up having your communications
intercepted. So, for example, if your organization serves a client population arguably
connected to criminal activity, or if you personally associate with "shady characters,"
your risk goes up.

"Pen Registers" and "Trap and Trace


Devices"
Less Powerful Than a Wiretap But With Much Weaker Privacy Safeguards
There's a particular type of communications surveillance that we haven't discussed yet
and that's not included in the above numbers: surveillance using pen registers and/or trap
& trace devices ("pen/trap taps"). Pen registers record the phone numbers that you call,
while trap & trace devices record the numbers that call you. The Supreme Court decided
in 1979, in the case of Smith v. Maryland, that because you knowingly expose phone
numbers to the phone company when you dial them (you are voluntarily handing over the
number so the phone company will connect you, and you know that the numbers you call
may be monitored for billing purposes), the Fourth Amendment doesn't protect the
privacy of those numbers against pen/trap surveillance by the government. The contents
of your telephone conversation are protected, but not the dialing information.
Luckily, Congress decided to give us a little more privacy than the Supreme Court did
but not much more by passing the Pen Register Statute to regulate the use of
"pen/trap" devices. Under that statute, the police do have to go to court for permission to
conduct a pen/trap tap and get your dialing information, but the standard for getting a
pen/trap order is much lower than the probable cause standard used for normal wiretaps.
The police don't even have to state any facts as part of the Electronic Communications
Privacy Act of 1986 they just need to certify to the court that they think the dialing
information would be relevant to their investigation. If they do so, the judge must issue
the pen/trap order (which lasts for sixty days rather than a wiretap order's thirty days).
Also, unlike normal wiretaps, the police aren't required to report back to the court about

what they intercepted, and aren't required to notify the targets of the surveillance when it
has ended.
With a pen/trap tap on your phone, the police can intercept:

The phone numbers you call


The phone numbers that call you
The time each call is made
Whether the call was connected, or went to voicemail
The length of each call
Most worrisome, we've heard some reports of the government using pen/trap taps
to intercept content that should require a wiretap order: specifically, the content of
SMS text messages, as well as "post-cut-through dialed digits" (digits you dial
after your call is connected, like your banking PIN number, your prescription
refill numbers, or your vote for American Idol).

That information is revealing enough on its own. But pen/traps aren't just for phones
anymore thanks the USA PATRIOT Act, the government can now use pen/trap orders
to intercept information about your Internet communications as well. By serving a
pen/trap order on your ISP or email provider, the police can get:

All email header information other than the subject line, including the email
addresses of the people to whom you send email, the email addresses of people
that send to you, the time each email is sent or received, and the size of each
email that is sent or received.
Your IP (Internet Protocol) address and the IP address of other computers on the
Internet that you exchange information with, with timestamp and size
information.
The communications ports and protocols used, which can be used to determine
what types of communications you are sending using what types of applications.
Although we don't think the statute allows it, the police might also use pen/trap
taps to get the URLs (web addresses) of every website you visit, allowing them to
track what you are reading when you surf the web. The Department of Justice's
apparent policy on this score is to collect information about what site you are
visiting e.g., "www.eff.org" using pen/trap taps, but to obtain a wiretap
order before collecting information about what particular page or file you are
visiting e.g., "www.eff.org/nsa". However, there's no way to confirm that
federal authorities actually follow this policy in all cases, and serious doubt as to
whether state authorities do.

(If you are confused by terms like "IP addresses" and "communications ports and
protocols", you may want to take a quick look at our very basic explanation of how the
Internet works.)
Pen/trap taps enable what the security experts call traffic analysis. That's when an
attacker tries to discover information about an asset by analyzing how it moves. For

example, if your organization is working with another organization and you need to keep
the relationship confidential, traffic analysis of your Internet communications could
reveal the connection and show who you emailed, who you instant messaged with, what
web sites you visited, and what online forums you posted to. It could also show when
those communications occurred and how big they were.
For the government, the usual goal of a pen/trap tap is to identify who you are
communicating with and when. In particular, individuals can often be identified based on
the IP address assigned to their computer. IP addresses are generally allotted in batches,
semi-permanently, to institutions such as universities, Internet service providers (ISPs),
and businesses. Depending how the institution distributes its IP address allotment, it may
be more or less difficult to link specific computers, and users, to certain IP addresses. It is
often surprisingly easy. ISPs often keep detailed logs about IP address allotment, and as
we'll discuss later, those logs are easy for the government to get using a subpoena.
Similarly, if the government is collecting email addresses with a pen/trap, it's easy for
them to go to the email provider and subpoena the identity of the person who registered
that address.
Another purpose of pen/trap taps is to access information about your cell phone's location
in real-time. When your handset is powered on, it connects to nearby cell towers to signal
its proximity, so that the towers can rapidly route a call when it comes through. Law
enforcement can use pen/trap devices to monitor these connections, or "pings", to
pinpoint the physical location of the handset, sometimes within a few meters. And
although Congress has made clear that pen/trap orders alone cannot be used to authorize
this sort of location surveillance, it hasn't yet clarified what type of court order would
suffice. So, although many courts have chosen to require warrants for location tracking,
others have not, and the government has routinely been able to get court authorization for
such tracking without probable cause.
As already noted, court authorization for a pen/trap tap is much easier to get than a
wiretap order. We don't know how many pen/trap orders get issued every year
unfortunately, there is no annual report on pen/trap surveillance like there is for
wiretapping but we have heard unofficial numbers that reach into the many tens of
thousands. Therefore, the risk of being subjected to pen/trap surveillance is higher than
the risk of being wiretapped.

Вам также может понравиться