Cybertelecom
Cybertelecom
Federal Internet Law & Policy
An Educational Project
ECPA :: Title III :: Pen Register Act
Non Content :: Trap & Trace
Dont be a FOOL; The Law is Not DIY

Beyond content in transmission and store content, there is non-content information including

Customers have no Fourth Amendment protection in transactional records. See United States v. Baxter, 492 F.2d 150, 167 (9th Cir. 1973), cert. denied, 416 U.S. 940, 94 S.Ct. 1945 (1974); United States v. Fithian, 452 F.2d 505, 506 (9th Cir. 1971); United States v. Clegg, 509 F.2d 605, 610 (5 Cir. 1975) . Customers have no expectation of privacy in their telephone records (who they called) and the use of a Pen Register does not constitute a search. Smith v. Maryland, 442 US 735 - Supreme Court 1979

While there is not constitutional protection of this information, there is statutory protection; ECPA covers it.

Transactional Records: Pen Registers & Trap and Trace

Law enforcement officers may seek to receive transactional information about the communication, or they may seek to receive the communication, the message, itself. Generally, the actual content of a communications receives greater protection than information about the transaction of a communication.

A "pen register" is defined as "a device or process which records or decodes dialing, routing, addressing, or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted, provided, however, that such information shall not include the contents of any communication . . . ." 18 U.S.C. § 3127(3).

A "trap and trace device" is defined as "a device or process which captures the incoming electronic or other impulses which identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication, provided, however that such information shall not include the contents of any communication." 18 U.S.C. § 3127(4).

"Because Internet headers contain both “to” and “from” information, a device that reads the entire header (minus the subject line in the case of email headers) is both a pen register and a trap and trace device, and it is commonly referred to as a pen/trap device." [Search Seizure 2009 p 154]

Transactional information does not reveal the message of the communication but more generally provides information that the communication took place. These are known as pen register, or trap and trace records. 18 U.S.C. §§ 3121-27.

Pen registers traditionally recorded "the number dialed on a telephone line" and trap and trace devices "capture incoming electronic impulses that identify the originating number." [Electronic Frontier] [Hill 1195-96] The Patriot Act clarified that law enforcement offices may also seek all "dialing, routing, addressing, or signaling information" including email addresses, inbound FTP connections, or the location from which a remote user is logging in. 18 U.S.C. § 3121(c). [DOJ US Attorney's Manual Title 9-7.500 Electronic Surveillance: Prior Consultation with the Computer Crime and Intellectual Property Section of the Criminal Division (CCIPS) for Applications for Pen Register and Trap and Trace Orders Capable of Collecting Uniform Resource Locators (URLs)] [H.R. Rep. No. 103-827, at 10, 17, 31] [Allen 409] [Forrester 9th Cir. 2007 (IP addresses covered)]

Transactional information would not include the subject line of an email. 18 U.S.C. § 2510(8).

In the old network, transactional information could be acquired by attaching a device to the network. In the new network, the Patriot Act made clear that a trap and trace device could be “attached or applied;” in other words, law enforcement officials can gain access to software and computer processing. [See Carnivore, CALEA]

Derived From: Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal InvestigationsPDF Computer Crime and Intellectual Property Section, Criminal Division, DOJ p 152 (2009) (Remember: This is a rendition of the state of the law from law enforcement and reflects their views)

The distinction between addressing information and content also applies to Internet communications. For example, when computers on the Internet communicate with each other, they break down messages into discrete chunks known as packets and then send each packet out to its intended destination. Every packet contains addressing information in the header of the packet (much like the "to" and "from" addresses on an envelope), followed by the payload of the packet, which contains the contents (much like a letter inside an envelope). The Pen/Trap statute permits law enforcement to obtain the addressing information of Internet communications much as it would addressing information for traditional phone calls. However, collecting the entire packet ordinarily implicates Title III. The primary difference between an Internet pen/trap device and an Internet Title III intercept device is that the former is designed to capture and retain only addressing information, while the latter is designed to capture and retain the entire packet.

The same distinction applies to Internet email. Every Internet email message consists of a set of headers that contain addressing and routing information generated by the mail program, followed by the actual contents of the message authored by the sender. The addressing and routing information includes the email address of the sender and recipient, as well as information about when and where the message was sent on its way (roughly analogous to the postmark on a letter). See United States v. Forrester, 512 F.3d 500, 510 (9th Cir. 2008) (email to/from addresses and IP addresses constitute addressing information). The Pen/Trap statute permits law enforcement to obtain the header information of Internet emails (except for the subject line, which can contain content) using a court order, just like it permits law enforcement to obtain addressing information for phone calls and individual Internet packets using a court order. Conversely, the interception of email contents, including the subject line, requires compliance with the strict dictates of Title III.

In some circumstances, questions may arise regarding whether particular components of network communications contain content. See In re Application of United States, 396 F. Supp. 2d 45, 49 (D. Mass. 2005) (asserting that uniform resource locators ("URLs") may contain content); In re Pharmatrak, Inc. Privacy Litigation, 329 F.3d 9, 16 (1st Cir. 2003) (noting that user-entered search terms are sometimes appended to the query string of the URL for the search results page). Because of these and other issues, the United States Attorneys' Manual currently requires prior consultation with CCIPS before a pen/trap may be used to collect all or part of a URL. See United States Attorneys' Manual 9- 7.500. Prosecutors who have other questions about whether a particular type of information constitutes contents may contact CCIPS for assistance [].

Legal Process

Transactional information may be obtained pursuant to a court order. 18 U.S.C. § 3123. [Search & Seizure Manual Appendix D] The law enforcement official must represent to the Court “that the information likely to be obtained by such installation and use is relevant to an ongoing criminal investigation.” 18 U.S.C. § 3123(a). Court orders shall specify

18 U.S.C. § 3123(b)(1). A court order must specify the initial service provider but it need not specify subsequent providers. 18 U.S.C. § 3123(b)(1)(A). Subsequent providers may request certification that the order applies to that provider, and the law enforcement officer is obligated to provide it. 18 U.S.C. § 3123(a)(1).

Confused? So are we. Check out the What Gets What Chart.

"To obtain a pen/trap order, applicants must identify themselves, identify the law enforcement agency conducting the investigation, and then certify their belief that the information likely to be obtained is relevant to an ongoing criminal investigation being conducted by the agency. See 18 U.S.C. § 3122(b)(1)-(2)." [Search Seizure 2009 p 154]

DOJ has reported that it’s new pen register/trap and trace authority “was employed in the investigation of the murder of journalist Daniel Pearl to obtain information that proved critical to identifying some of the perpetrators.” [Jamie Brown]

Pen Registers for email have been found to be constitutional. [Forrester (9th Cir)]

See also Emergency Trap and Trace

Geographic Scope: Court orders issued by federal court may be executed anywhere in the United States. 18 U.S.C. § 3123(a)(1); 18 U.S.C. § 3127(2). Court orders issued by states are good only within that state. 18 U.S.C. § 3123(a)(2).

Time Limit: These Court orders are good for 60 days and can be extended for an additional sixty-day periods. 18 U.S.C. § 3123(c).

Gag Rule: A court order shall direct the service provider to keep it quiet. The service provider is not permitted to disclose “the existence of the pen register or trap and trace device or the existence of the investigation” unless directed to do so by the court. 18 U.S.C. § 3123(d).

Installation: The court order shall tell the service provider that they get to help the law enforcement officials out with the pen register or trap and trace. 18 U.S.C. § 3124. In instances where officers install their own device, they must use "technology reasonably available to it" in order to avoid intercepting the contents of the communication. 18 U.S.C. § 3121(c). [See Carnivore, CALEA]

"The government must also use "technology reasonably available to it" to avoid recording or decoding the contents of any wire or electronic communications. 18 U.S.C. 3121(c). When there is no way to avoid the inadvertent collection of content through the use of reasonably available technology, DOJ policy requires that the government may not use any inadvertently collected content in its investigation. However, a few courts have gone beyond the statute's requirement that the government use technology reasonable available to it to avoid collecting content. Citing the exclusion of contents from the definitions of pen register and trap and trace device, these courts have stated or implied that the government cannot use pen/trap devices that might collect any content at all. See In re Application of the United States, 2007 WL 3036849, at *8-9 (S. D. Tex. 2007) ("[T]he Pen Register Statute does not permit the Government simply to minimize the effects of its collection of unauthorized content, but instead prohibits the collection of content in the first place."); In re Application of United States, 416 F. Supp. 2d 13, 17 (D.D.C. 2006) ("[T]he Government must ensure that the process used to obtain information about email communications excludes the contents of those communications."). Courts have been particularly likely to take this position in the context of phone pen/trap devices that would collect "post-cut-through dialed digits" because this data can include content that cannot be separated out using reasonably available technology. See In re Applications of United States, 515 F. Supp. 2d 325, 339 (E.D.N.Y. 2007); In re Application of United States, 441 F. Supp. 2d 816, 827 (S.D. Tex. 2006); In re Application of United States, 2007 WL 3036849, at *8-*9 (S. D. Tex. 2007). Because this area of the law is developing rapidly, prosecutors or agents may have questions about current trends, and they may direct any such questions to [] CCIPS" [Search Seizure 2009 p 156]

Cost Recovery: Service providers shall be paid for their troubles. 18 U.S.C. § 3124(c). [But see CALEA]

Reporting Requirement: In instances where officers install their own device, the officers must comply with the reporting requirement, keeping a record of the officers who installed and have access to the device, the date and time the devices was installed and uninstalled, the configuration of the device, and the information collected by the device. 18 U.S.C. § 3123(a)(3). This information must be provided to the court under seal within 30 days of the termination of the order.

The Attorney General must also report to Congress annually on the number of pen register and trap and traces applied for. 18 U.S.C. § 3126

The Pen/Trap Statute and Cell-Site Information


Trap and Trace Order, Example

Derived From: Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal InvestigationsPDF Computer Crime and Intellectual Property Section, Criminal Division, DOJ, p 235 (2009) (Remember: This is a rendition of the state of the law from law enforcement and reflects their views)

UNITED STATES DISTRICT COURT
FOR THE _________

___________________________

IN RE APPLICATION OF THE
UNITED STATES OF AMERICA FOR
AN ORDER AUTHORIZING THE INSTALLATION
AND USE OF PEN REGISTER AND TRAP
AND TRACE DEVICES
___________________________

)
)
) MISC. NO.
)
) FILED UNDER SEAL
)
)

ORDER

[AUSA name], on behalf of the United States, has submitted an application pursuant to 18 U.S.C. 3122 and 3123, requesting that the Court issue an Order pursuant to 18 U.S.C. 3123, authorizing the installation and use of pen registers and trap and trace devices ("pen/trap devices") on the [service provider] email account [target email address], whose listed subscriber is [subscriber name].

The Court finds that the applicant is an attorney for the government and has certified that the information likely to be obtained by such installation and use is relevant to an ongoing criminal investigation being conducted by [law enforcement agency] of unknown individuals in connection with possible violations of [statutes].

IT IS THEREFORE ORDERED, pursuant to 18 U.S.C. 3123, that pen/trap devices may be installed and used to record, decode, and/or capture dialing, routing, addressing, and signaling information associated with each communication to or from the [service provider] email account [target email address], including the date, time, and duration of the communication, and the following, without geographic limit:

  • IP addresses, including IP addresses associated with access to the account;
  • Headers of email messages, including the source and destination network addresses, as well as the routes of transmission and size of the messages, but not content located in headers, such as subject lines;
  • the number and size of any attachments.

IT IS FURTHER ORDERED, pursuant to 18 U.S.C. 3123(c)(1), that the use and installation of the foregoing is authorized for sixty days from the date of this Order;

IT IS FURTHER ORDERED, pursuant to 18 U.S.C. 3123(b)(2) and 3124(a)-(b), that [service provider] and any other person or entity providing wire or electronic communication service in the United States whose assistance may, pursuant to 18 U.S.C. 3123(a), facilitate the execution of this Order shall, upon service of this Order, furnish information, facilities, and technical assistance necessary to install the pen/trap devices, including installation and operation of the pen/trap devices unobtrusively and with minimum disruption of normal service;

IT IS FURTHER ORDERED that [law enforcement agency] reasonably compensate [service provider] and any other person or entity whose assistance facilitates execution of this Order for reasonable expenses incurred in complying with this Order;

IT IS FURTHER ORDERED that [service provider] and any other person or entity whose assistance may facilitate execution of this Order notify [law enforcement agency] of any changes relating to the email account [target email account], including changes to subscriber information, and to provide prior notice to [law enforcement agency] before terminating service to the email account;

IT IS FURTHER ORDERED that [law enforcement agency] and the applicant have access to the information collected by the pen/trap devices as soon as practicable, twenty-four hours per day, or at such other times as may be acceptable to [law enforcement agency], for the duration of the Order;

IT IS FURTHER ORDERED, pursuant to 18 U.S.C. 3123(d)(2), that [service provider] and any other person or entity whose assistance facilitates execution of this Order, and their agents and employees, shall not disclose in any manner, directly or indirectly, by any action or inaction, the existence of the application and this Order, the pen/trap devices, or the investigation to any person, except as necessary to effectuate this Order, unless and until otherwise ordered by the Court;

IT IS FURTHER ORDERED that the Clerk of the Court shall provide the United States Attorney's Office with three certified copies of this application and Order, and shall provide copies of this Order to [law enforcement agency] and [service provider] upon request;

IT IS FURTHER ORDERED that the application and this Order are sealed until otherwise ordered by the Court, pursuant to 18 U.S.C. 3123(d)(1).

Date United States Magistrate Judge

© Cybertelecom ::