The Digital Telephony Legislation of 1994:
Law Enforcement Hitches a Ride on the Information Superhighway
By NJ Criminal Lawyer, David A. Schwartz, Esq.
In this article, the author analyzes the impact of the 1994 digital telephony legislation on electronic surveillance by law enforcement. The legislation encompasses surveillance of cellular and digital communications by enacting a program under which telecommunication carriers must provide law enforcement access to evolving technologies that transmit voice, data and video. Predecessor statutes are explained to put this digital telephony legislation in context. The article also discusses the transactional records generated by electronic communications and remote computing services and how digital telephony raised law enforcement’s burden in obtaining such records. Finally, the article considers new criminal offenses relating to cloning cellular telephones and minimilization requirements for pen registers.
When Title III of the Omnibus Safe Streets and Crime Control Act was enacted in 1968, electronic surveillance of wire communications was conducted by placing alligator clips on a hard-wired telephone line that remained at a fixed position. The connection to the telephone line was usually made at a point between the telephone set and the first junction box or at the local switching station. The tapped telephone line was within a “local loop” and dedicated to a specific telephone number. The local loop consisted of two wires strung over a land line connecting the telephone set to the telephone office. The telephone system transmitted an analog signal through the copper wire, and the entire communication was transmitted, from inception to conclusion, by one carrier.
The geometric growth in telecommunications technology, carriers and services over the past ten years has been a great boon for consumers and businesses. It has also been a coextensive advantage for criminals who have become more sophisticated in incorporating telecommunications technology as an integral part of their activity.
For example, the introduction of fiber optic cable (which transmits at a greater speed and has a much greater line capacity than copper wire), and the increase in the number of carriers involved in processing a single electronic or wire transmission, make it difficult to isolate specific communications. Digital signals cannot be heard and thus cannot be surveilled by conventional methods. Although cellular wiretaps are within the technological ability of law enforcement, cellular service makes the requirement of transmitting a communication from a fixed location through the local loop obsolete. Today, there are more than 300 cellular carriers operating in the United States. Features such as call forwarding and “follow me” allow instant redirection of calls made to and from cellular, as well as hard-wired, phones. This new flexibility similarly hampers the ability to isolate and tap specific communications or to obtain “call identifying information.”
The FBI claimed, beginning in 1992, that as a result of these advances, law enforcement was left in the dust of this latest technological revolution, with its ability to wiretap and conduct other electronic surveillance seriously impaired.
With wiretaps one of its most effective crime fighting tools, the FBI considered upgrading its access to the new telecommunications technologies its “highest legislative priority in recent years.” The FBI won its high-tech parity program when, on October 25, 1994, President Clinton signed the digital telephony legislation proposed in the House of Representatives (HR 4922) (digital telephony), which took effect immediately. While achieving its technological goals, law enforcement was handed new restrictions on its ability to investigate crimes on the information superhighway. Indeed, the digital telephony legislation is a substantial and well-timed advancement for privacy interests.
To guarantee law enforcement’s continuous access to evolving technology, digital telephony requires telecommunications carriers to retrofit and design their systems to (1) have the capability to expeditiously isolate and intercept targeted electronic and wire communications transmitted in a carrier’s service area; (2) isolate information identifying the origin and destination of targeted communications; (3) provide intercepted communications and call identifying information to law enforcement at a location over a line away from the carrier’s premises; and (4) carry out the interception unobtrusively and with a minimum of interference. Any wiretap enabled by this legislation must be effectuated on the site of the carrier’s facility and may only be activated by an employee of the carrier.
The telecommunication carriers required to guarantee access to communications transmitted by the new technology are any common carrier that offers wireline or wireless service for hire to the public. These include local exchange carriers, interexchange carriers, cellular carriers, personal communications services (PCS), competitive access providers (CAPs), cable television operators, and satellite-based service providers.
Telecommunication services excluded from the coverage of the legislation, and that need not ensure law enforcement access to new technology, are “information services” and services or facilities that support transport or switching of communications for private networks or switching for the sole purpose of interconnecting telecommunications carriers. By definition, the legislation does not cover private networks, private branch exchanges (PBX’s), automated teller machine (ATM) networks, electronic mail (E-Mail) services, electronic bulletin boards, the Internet service providers, and commercial on-line information services, such as Prodigy, America On-Line, and Compuserve.
To retrofit existing telecommunications equipment, expand future transmission capacity, and pay for new software to accommodate law enforcement, the federal government will subsidize carriers up to $500 million dollars for the cost of compliance, through 1997. Thereafter, the legislation appropriates such sums as are necessary, to remain available until expended.
The Impact of Digital Telephony on Criminal Law
There are aspects of the digital telephony legislation that require the attention of the criminal defense bar. For example, this law significantly amends the existing wiretap provisions of Title III by adding another potential method to suppress the results of a wiretap or intercept. As a result of the digital telephony legislation, the radio portion of a cordless phone transmission (that transmission between the cordless telephone handset and the base unit) now falls within the category of communications for which a court order is needed for interception.
Digital telephony also significantly amends the provisions relating to law enforcement’s ability to obtain transactional information from electronic communication services and remote computing services. The pen register and trap and trace device provisions of the Electronic Communications Privacy Act (ECPA) of 1986 are also affected. Finally, digital telephony adds new anticloning crimes for digital telecommunications and cellular communications to Title 18 of the United States Code. This article discusses the provisions of digital telephony that have an impact on the practice of criminal law.
As originally enacted, Title III only authorized the court-ordered interception of wire and oral communications. Wire communications were limited, by definition, to communications made, in whole or in part, through the use of facilities for the transmission of communications by the air of wire, cable, or other such connection, from point of origin to point of reception. “Interception” of communications under Title III was limited to the “aural” acquisition of the contents of any wire or oral communications.
Following divestiture of AT&T in 1984, there was an explosion in telecommunication technology, including digital communication (which transmits voice, data and images), E-Mail, micro-wave networks, fiber-optic cable, and cellular telephone systems. Under the narrow rubric of Title III, digital communications, including computer-to-computer transmissions via modem, E-Mail, and video images, could not be lawfully intercepted. The advent of cellular communications raised serious questions regarding their lawful interception and produced a variety of answers.
The concern that Title III did not provide legal authority for the interception of communications made through these new technologies was shared by Congress when the legislation was substantially revised nineteen years after its initial enactment: “This gap [between Title III communications and the new forms of telecommunication and computer technology] results in legal uncertainty. . . . The lack of any clear standards may expose law enforcement officers to liability and may endanger the admissibility of evidence.”
Owing to the narrow scope of its terms, and its own inflexibility, the original Title III wiretap legislation was rendered unworkable. By 1986, Title III was, in many respects, obsolete. By passing the Electronic Communication Privacy Act of 1986, (ECPA), which amended Title III, Congress intended to bring the legal authority for wiretap and electronic surveillance in line with the new communications technology, while remaining true to the protection of privacy interests. There is, however, a great deal of debate as to whether privacy interests received adequate protection under ECPA. Many commentators believe ECPA fell far short of the mark.
ECPA expanded the type of communications subject to wire-tap and surveillance by including communications that fell into a new and broadly defined category of “electronic communication.” As a result, a Title III wiretap would lawfully attach to “any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system. . . .” Accordingly, communications consisting only of data, radio transmissions, E-Mail, digitized transmissions, and video teleconferences were now covered by Title III.
Cellular communications, whether “between two cellular telephones or between a cellular telephone and a ‘land line’ telephone” were included in ECPA’s amended definition of “wire communications.” The permissible range of “intercept” was also expanded to include the “aural or other acquisition of any wire, electronic or oral communication. . . .” Fiber-optic cable (and transmissions thereon) were now covered based on the inclusion of “photoelectronic or photooptical system” in the definition of wire/electronic communication.
ECPA also marked the first legislation controlling the disclosure of information (including the content and transactional records generated by such communications) by stored wire and electronic communications services. In enacting ECPA, Congress broadly categorized electronic storage of information into that held by either an electronic communication service or a remote computing service. An electronic communication service includes any service providing the ability to send or receive wire or electronic communications. A remote computing service is an off-site computer storage or processing service, made available to the public.
The disclosure provisions pertaining to electronically stored information are categorized as either disclosure of “content” or as disclosure of “a record or other information pertaining to a subscriber to or customer of such service.” Thus, under ECPA, law enforcement was granted access to the contents of E-Mail. The method of governmental access to the content of electronic mail depends on the length of time the message is held in storage. For example, for access to messages held less than 180 days, the government must obtain a warrant. For access to messages held for more than 180 days, provided that the subscriber is given notice, the contents of the message may be delivered upon the mere service of a subpoena. Notice to the subscriber of disclosure can be delayed under certain circumstances. This 180-day cutoff for the requirement of a warrant is artificial at best and ignores the proliferation of E-Mail as a substitute for telephone communications. Indeed, there is no Title III counterpart for access to wire communications, upon subpoena only, for telephone calls, held by an electric answering service, such as voice mail.
Under ECPA, government agents can obtain a wealth of information about the substance of a communication short of obtaining the actual content because the transactional records generated in connection with “life-on-line” discussed subsequently, are extremely revealing. The ECPA provision governing the disclosure of transactional “records” (as distinguished from telephone “toll records”) was largely left undefined. The sweeping potential for disclosure due to the unrestricted definition of “records” and their availability through subpoena only, was another serious blow ECPA dealt to privacy, but that digital telephony has effectively addressed.
ECPA also governs the use of pen registers and trap and trace devices. A pen register is a device attached to a telephone line to record the telephone numbers dialed from that particular line. A trap and trace device identifies the origin of an incoming call made to a particular telephone line. Neither a pen register nor a trap and trace device reveals the content of a communication. However, when a pen register records the key pad pulse tones depressed after connection to the receiving telephone line, as when accessing voice mail, bank account, or credit card account information, a pen register captures far more information than the telephone number called.
Under ECPA, the lawful placement of a pen register or trap and trace device can be obtained by an ex parte court order. The government, in obtaining permission to attach these devices, need only certify that the information likely to be obtained is relevant to an ongoing investigation.
Finally, ECPA specifically excluded the radio portion of a cordless phone transmission from Title III protections.
The Impact of Digital Telephony on Title III & ECPA
Soon after passing Title III, Congress realized that the wiretap act did not require telecommunications carriers to assist law enforcement in intercepting wire communications. Accordingly, Congress amended Title III in 1970 to require telecommunication carriers to assist law enforcement in conducting court-ordered wiretaps by furnishing the government with all information, facilities, and technical assistance necessary to accomplish the interception unobtrusively and with a minimum of interference.
Under the digital telephony legislation, interception of communications effectuated through new technological methods (at which the legislation is aimed) must be initiated on the carrier’s switching premises, and may only be activated by the affirmative intervention of an officer or employee of the carrier. This restriction has obvious implication in the event that the intercept is effectuated by government agents while on the carrier’s premises but without the intervention of an officer or employee of the carrier. This method of “turning on the tap” will violate digital telephony’s security provisions. As a result, the statutory suppression remedies under Section 2518 of Title III might be triggered, depending on the type of communication at issue.
For example, ECPA amended Title III by injecting an arcane dichotomy between “wire communications” on the one hand and the remedies available for unlawful and unconstitutional interceptions of “electronic communications” on the other. In the case of a wire communication, an aggrieved party may move to suppress its contents on grounds that (1) the interception was unlawful; (2) the order of authorization or approval for interception was insufficient on its face; or (3) the interception was not made in conformity with the order of authorization or approval.
The statutory remedies in ECPA for unlawful interception of wire communications do not apply to electronic communications. Suppression of electronic communications must be based on Fourth Amendment grounds.
Thus, the statutory remedies in Sections 2518(10)(a)(i), 2518(10)(a)(ii), and 2518(10)(a)(iii) apply to hard-wired telephone communications, including those transmitted through fiber-optic cable, and cellular communications. Wire communications that have been redirected through call forwarding or “follow me” features are similarly covered. In contrast, however, under Title III, digital communications, video conferencing, and E-mail are subject to suppression for constitutional violations only.
Under nonemergency circumstances, the carrier providing access under digital telephony must deliver the intercepted communications and call identifying information to the government in a format that can be transmitted over facilities or through services procured by the government. The intercepted information must then be delivered to a location delivery provisions for exigent or emergency circumstances. This exception would allow a carrier, at its discretion, to comply with the transmission of a communication by allowing the monitoring to occur at its premises if that is the only means of accomplishing the interception.
Transactional Records Generated
The digital telephony legislation acknowledges that communications made between computers leave a paper trail, albeit in cyberspace. This paper trail differs from, and is far more revealing of the individual user than, telephone toll records generated and maintained by the networks (AT&T, MCI, and U.S. Sprint) or the seven regional holding companies. One of the major flaws of ECPA was that it authorized disclosure of computer-based transactional records to law enforcement through service of an administrative, grand jury, or trial subpoena. In amending ECPA, digital telephony raised law enforcement’s burden to obtain this information. The difference in the content of telephone toll records and electronic transactional records best illustrates the point and why the change was necessary.
Telephone toll records can be disclosed to law enforcement through service of a subpoena. Toll records reveal only the city, date, time, duration, and receiving telephone number of a long-distance call made from a specific phone line. The originating and receiving telephone numbers correspond only to a particular customer. These records do not indicate whether the registered customer actually placed the telephone calls. Nor do they reveal the identity of the recipient(s) and the nature of the communication, i.e. whether it was voice communication, modem, or facsimile. Moreover, only long-distance numbers are recorded in telephone toll records. Law enforcement must resort to a pen register or trap and trace device to capture the origin or destination of local calls.
Transactional Records From On-Line Services.
Unlike telephone toll records, a message sent by electronic mail, through an electronic communications service or remote computing service (referred to collectively as on-line services), typically indicates that a communication was sent or received by a specific, identifiable person. For example, if an individual travels overseas and sends an E-mail message to a friend in the United States, a record that this message was sent from one person to the other will be maintained.
On-line service providers act as a host computer to link another computer (e.g., an individual personal computer) to the Internet. These services maintain transactional information that reveals the subject of E-mail communications, or that sheds light on their content. Where, for example, an individual is a member of an on-line discussion group, or an electronic bulletin board, all communications made in connection therewith are sent to each member of the discussion group. This function is similar to a telephone conference call. The telephone toll record lists each telephone line accessed in the conference call. This is, however, where the similarity ends. The communication to the discussion group identifies the parties and subject matter of the communication. The list of participants in the on-line conference is indistinguishable from their individual E-mail addresses. Thus, there is no way to segregate this information from the transactional record stream.
Most of the on-line information services maintain information stored in files, libraries, and archives. Users of these services can access thousands of sources by executing a series of commands to locate and retrieve a file to their E-mail addresses. For example, downloading a file from public archives on the Internet is accomplished by establishing a link to the host computer. The log-in identifier for public archives is the file transfer protocol (FTP). The password to the host computer is the subscriber’s Internet address. By executing the FTP, an individual can browse through directories where files “reside” and execute another command to retrieve or “download” a particular file.
On-line services keep records of all transactions involving file transfer and retrieval. These records reveal the identity of the user, the time they connected with the host computer, which archive(s) were examined, and the particular file the user retrieved. By analogy, the transactional records maintained by the on-line services allow someone to follow the subscriber to the library and examine both the books browser through and the books borrowed.
If an individual user of an on-line service accesses archives about the cultivation of marijuana, pornography, or chemicals used in making explosives, a record exists as to the information retrieved by the user.
Some degree of anonymity in sending an E-mail message can be achieved by routing the message through a service known as a “remailer.” This service takes the incoming message and removes the sender’s identifying information. The message is then forwarded to the recipient—out of sequence—and without a return address. (The reason that the message is remailed out of the sequence in which it was received by the remailer is to avoid the possibility of tracking the sender by matching the records of incoming and outgoing messages.)
Domestic services that provide access to the Internet, such as Netcom, Inc., bar the use of remailers. Nevertheless, the issue of E-mail anonymity is another subject of potential legislation and controversy, given the legitimate need for privacy and law enforcement’s already keen interest in remailer sites.
Disclosure of Transactional Information: The Intermediate Standard
Prior to the enactment of the digital telephony legislation, the government could obtain a customer’s or subscriber’s transactional records from a provider of an electronic communication service or remote computing service through an administrative subpoena, grand jury subpoena, or trial subpoena.
The information available to law enforcement under a subpoena was broadly defined as a “record or other information” pertaining to a subscriber. This unqualified category of information clearly included detailed transactional information generated by these services, not just toll records. The legislative history of ECPA illustrates that the information included in a Section 2703(c)(B) disclosure “is information about the customer’s use of the service.”
Digital telephony created an intermediate procedural hurdle between a subpoena and a warrant issued under the Federal Rules of Criminal Procedure for the disclosure of transactional information. Although digital telephony did not alter the wording of the transactional records disclosure provision in ECPA, the House Report on digital telephony sheds light on the type of records that now receive heightened protection:
The bill eliminates the use of a subpoena to obtain E-mail addresses and other similar transactional data from electronic communications service providers. Currently, the government can obtain transactional logs containing a person’s entire on-line profile merely upon presentation of an administrative subpoena issued by an investigator without any judicial intervention. Under H.R. 4922, a court order would be required.
Under the digital telephony legislation, the court order required to obtain disclosure of this information will only issue if the government offers “specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation.”
Despite this, digital telephony did not alter the government’s access to the “toll records” generated by an electronic communications service or remote computing service. These records, which are similar to the telephone toll records, only contain the billing records, length of service, and the types of services a subscriber or customer utilized.
Minimization of Information Obtained by Pen Registers and Trap and Trace Devices
Digital telephony requires law enforcement to use “technology reasonably available” in order to limit pen register recording and decoding of impulses to call identifying information. This restriction finds its practical application in situations where, for example, a caller connects with an answering telephone line and continues to press the touch-tone digits on the key pad to navigate through an interactive phone system, such as voice mail or the customer service department of a bank or credit card company. Whether the technology used by the government is that reasonably available, at the time, to terminate recording and decoding after call connection, will surely spark “minimization litigation.”
Digital telephony also prohibits governmental use of pen registers and trap and trace devices, which reveal information that may disclose the physical location of the caller, except to the extent that location is revealed by the telephone number.
Digital telephony does not hold a telecommunications carrier responsible for decrypting a communication encoded by a subscriber unless the encryption was provided by the carrier and the carrier possesses the information necessary to decode the communication.
Digital telephony also added new provisions to Section 1029 of Title 18, United States Code, prohibiting the possession of telecommunications instruments for the purpose of obtaining unauthorized telecommunications services. Modifying such instruments is similarly prohibited. This offense is known as cloning or tumbling. Fraudulent possession of scanning devices, which is required equipment in the cloning process, is also prohibited.
Cloning is accomplished by first obtaining the electronic serial number (ESN) of a particular cellular phone. Each cellular phone gets an ESN at the time it is manufactured. When a cellular phone is purchased, it receives a mobile identification number (MIN), which is programmed into the phone. The ESN/MIN combination becomes the identity of the subscriber. When a call is processed, the ESN/MIN is transmitted to the carrier for account verification. A scanner can capture the ESN/MIN combination and be used to reprogram another cellular phone. The undetected use of a cloned phone makes wiretapping a suspect’s communications impossible.
Digital telephony represents law enforcement’s demand to keep pace with emerging communication technology and its role on the information superhighway. While ECPA expanded the scope of communications subject to lawful surveillance, the privacy protections for individuals who substituted the computer for the telephone handset suffered considerably. Suppression of transactional record information and the content of electronic communications will require in-depth knowledge of the particular on-line service, remote computing services, and the various telecommunications carriers, in order to apply the safeguards of the digital telephony legislation. The government’s need to keep pace with the growing sophistication in telecommunications technology is no greater than that of the criminal defense bar.