ECPA :: Title III :: Pen Register Act
Non Content :: Trap & Trace
- Transactional Records
- Legal Process
Beyond content in transmission and store content, there is non-content information including
- basic subscriber information (phone number, address, name) and
- transactional information (who called, when, how long).
Customers have no Fourth Amendment protection in transactional records pursaunt to the third party doctrine. See United States v. Baxter, 492 F.2d 150, 167 (9th Cir. 1973), cert. denied, 416 U.S. 940, 94 S.Ct. 1945 (1974); United States v. Fithian, 452 F.2d 505, 506 (9th Cir. 1971); United States v. Clegg, 509 F.2d 605, 610 (5 Cir. 1975) . Customers have no expectation of privacy in their telephone records (who they called) and the use of a Pen Register does not constitute a search. Smith v. Maryland, 442 US 735 - Supreme Court 1979
While there is not constitutional protection of this information, there is statutory protection; ECPA covers it.
Transactional information can reveal significant amounts of personal information. Jonathan Mayer and Patrick Mutchler, MetaPhone: The Sensitivity of Telephone Metadata, Web Policy (Mar. 12, 2014)
Transactional Records: Pen Registers & Trap and Trace
Law enforcement officers may seek to receive transactional information about the communication, or they may seek to receive the communication, the message, itself. Generally, the actual content of a communications receives greater protection than information about the transaction of a communication.
A "pen register" is defined as "a device or process which records or decodes dialing, routing, addressing, or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted, provided, however, that such information shall not include the contents of any communication . . . ." 18 U.S.C. § 3127(3).
A "trap and trace device" is defined as "a device or process which captures the incoming electronic or other impulses which identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication, provided, however that such information shall not include the contents of any communication." 18 U.S.C. § 3127(4).
"Because Internet headers contain both “to” and “from” information, a device that reads the entire header (minus the subject line in the case of email headers) is both a pen register and a trap and trace device, and it is commonly referred to as a pen/trap device." [Search Seizure 2009 p 154]
Transactional information does not reveal the message of the communication but more generally provides information that the communication took place. These are known as pen register, or trap and trace records. 18 U.S.C. §§ 3121-27.
Pen registers traditionally recorded "the number dialed on a telephone line" and trap and trace devices "capture incoming electronic impulses that identify the originating number." [Electronic Frontier] [Hill 1195-96] The Patriot Act clarified that law enforcement offices may also seek all "dialing, routing, addressing, or signaling information" including email addresses, inbound FTP connections, or the location from which a remote user is logging in. 18 U.S.C. § 3121(c). [DOJ US Attorney's Manual Title 9-7.500 Electronic Surveillance: Prior Consultation with the Computer Crime and Intellectual Property Section of the Criminal Division (CCIPS) for Applications for Pen Register and Trap and Trace Orders Capable of Collecting Uniform Resource Locators (URLs)] [H.R. Rep. No. 103-827, at 10, 17, 31] [Allen 409] [Forrester 9th Cir. 2007 (IP addresses covered)]
Transactional information would not include the subject line of an email. 18 U.S.C. § 2510(8).
In the old network, transactional information could be acquired by attaching a device to the network. In the new network, the Patriot Act made clear that a trap and trace device could be “attached or applied;” in other words, law enforcement officials can gain access to software and computer processing. [See Carnivore, CALEA]
- Smith v. Maryland, 442 U.S. 735, 743-44 (1979).
- US v. ULBRICHT, Court of Appeals, 2nd Circuit 2017 ("The Supreme Court has long held that a "person has no legitimate expectation of privacy in information he voluntarily turns over to third parties," including phone numbers dialed in making a telephone call and captured by a pen register. Smith v. Maryland, 442 U.S. 735, 743-44 (1979). This is so because phone users "typically know that they must convey numerical information to the phone company; that the phone company has facilities for recording this information; and that the phone company does in fact record this information for a variety of legitimate business purposes." Id. at 743.")
"The distinction between addressing information and content also applies to Internet communications. For example, when computers on the Internet communicate with each other, they break down messages into discrete chunks known as packets and then send each packet out to its intended destination. Every packet contains addressing information in the header of the packet (much like the "to" and "from" addresses on an envelope), followed by the payload of the packet, which contains the contents (much like a letter inside an envelope). The Pen/Trap statute permits law enforcement to obtain the addressing information of Internet communications much as it would addressing information for traditional phone calls. However, collecting the entire packet ordinarily implicates Title III. The primary difference between an Internet pen/trap device and an Internet Title III intercept device is that the former is designed to capture and retain only addressing information, while the latter is designed to capture and retain the entire packet." - Derived From: Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations Computer Crime and Intellectual Property Section, Criminal Division, DOJ p 152 (2009) (Remember: This is a rendition of the state of the law from law enforcement and reflects their views)
"The same distinction applies to Internet email. Every Internet email message consists of a set of headers that contain addressing and routing information generated by the mail program, followed by the actual contents of the message authored by the sender. The addressing and routing information includes the email address of the sender and recipient, as well as information about when and where the message was sent on its way (roughly analogous to the postmark on a letter). See United States v. Forrester, 512 F.3d 500, 510 (9th Cir. 2008) (email to/from addresses and IP addresses constitute addressing information). The Pen/Trap statute permits law enforcement to obtain the header information of Internet emails (except for the subject line, which can contain content) using a court order, just like it permits law enforcement to obtain addressing information for phone calls and individual Internet packets using a court order. Conversely, the interception of email contents, including the subject line, requires compliance with the strict dictates of Title III." - Derived From: Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations Computer Crime and Intellectual Property Section, Criminal Division, DOJ p 152 (2009) (Remember: This is a rendition of the state of the law from law enforcement and reflects their views)
- US v. ULBRICHT, Court of Appeals, 2nd Circuit 2017 ("Similarly, "e-mail and Internet users . . . rely on third-party equipment in order to engage in communication." United States v. Forrester, 512 F.3d 500, 510 (9th Cir. 2008). Internet users thus "should know that this information is provided to and used by Internet service providers for the specific purpose of directing the routing of information." Id.")
"In some circumstances, questions may arise regarding whether particular components of network communications contain content. See In re Application of United States, 396 F. Supp. 2d 45, 49 (D. Mass. 2005) (asserting that uniform resource locators ("URLs") may contain content); In re Pharmatrak, Inc. Privacy Litigation, 329 F.3d 9, 16 (1st Cir. 2003) (noting that user-entered search terms are sometimes appended to the query string of the URL for the search results page). Because of these and other issues, the United States Attorneys' Manual currently requires prior consultation with CCIPS before a pen/trap may be used to collect all or part of a URL. See United States Attorneys' Manual § 9- 7.500. Prosecutors who have other questions about whether a particular type of information constitutes contents may contact CCIPS for assistance ." - Derived From: Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations Computer Crime and Intellectual Property Section, Criminal Division, DOJ p 152 (2009) (Remember: This is a rendition of the state of the law from law enforcement and reflects their views)
"Addressing" covers IP numbers. Courts have found that IP numbers are the same as telephone numbers. The courts have also found that there is no expectation of privacy is a telephone number pursuant to the third party doctrine.
- US v. ULBRICHT, Court of Appeals, 2nd Circuit 2017 ("IP addresses are not merely passively conveyed through third party equipment, but rather are voluntarily turned over in order to direct the third party's servers." United States v. Christie, 624 F.3d 558, 574 (3d Cir. 2010) ...The recording of IP address information and similar routing data, which reveal the existence of connections between communications devices without disclosing the content of the communications, are precisely analogous to the capture of telephone numbers at issue in Smith. That is why the orders here fit comfortably within the language of a statute drafted with the earlier technology in mind. The substitution of electronic methods of communication for telephone calls does not alone create a reasonable expectation of privacy in the identities of devices with whom one communicates. Nor does it raise novel issues distinct from those long since resolved in the context of telephone communication, with which society has lived for the nearly forty years since Smith was decided. Like telephone companies, Internet service providers require that identifying information be disclosed in order to make communication among electronic devices possible. In light of the Smith rule, no reasonable person could maintain a privacy interest in that sort of information." )
- United States v. Forrester, 512 F.3d 500, 510 (9th Cir. 2008)
- Neither this nor any other circuit has spoken to the constitutionality of computer surveillance techniques that reveal the to/from addresses of e-mail messages, the IP addresses of websites visited and the total amount of data transmitted to or from an account. We conclude that the surveillance techniques the government employed here are constitutionally indistinguishable from the use of a pen register that the Court approved in Smith. First, e-mail and Internet users, like the telephone users in Smith, rely on third-party equipment in order to engage in communication. Smith based its holding that telephone users have no expectation of privacy in the numbers they dial on the users' imputed knowledge that their calls are completed through telephone company switching equipment. 442 U.S. at 742, 99 S.Ct. 2577. Analogously, e-mail and Internet users have no expectation of privacy in the to/from addresses of their messages or the IP addresses of the websites they visit because they should know that this information is provided to and used by Internet service providers for the specific purpose of directing the routing of information. Like telephone numbers, which provide instructions to the "switching equipment that processed those numbers," e-mail to/from addresses and IP addresses are not merely passively conveyed through third party equipment, but rather are voluntarily turned over in order to direct the third party's servers. Id. at 744, 99 S.Ct. 2577.
- Second, e-mail to/from addresses and IP addresses constitute addressing information and do not necessarily reveal any more about the underlying contents of communication than do phone numbers.
- United States v. Wheelock, 772 F.3d 825, 828 (8th Cir. 2014) (holding that the defendant "cannot claim a reasonable expectation of privacy in [the] government's acquisition of his subscriber information, including his IP address and name," because it had been "revealed to a third party" (internal quotation marks omitted))
- Christie, 624 F.3d at 573 (holding that there is no expectation of privacy in "subscriber information provided to an internet provider," such as an IP address (internal quotation marks omitted));
- Guest v. Leis, 255 F.3d 325, 336 (6th Cir. 2001) (holding that "computer users do not have a legitimate expectation of privacy in their [bulletin board] subscriber information because they have conveyed it to another person");
- United States v. Graham, 824 F.3d 421, 432 (4th Cir. 2016) (en banc) (noting that "third-party information relating to the sending and routing of electronic communications does not receive Fourth Amendment protection");
- United States v. Carpenter, 819 F.3d 880, 887 (6th Cir. 2016) ("[C]ourts have not (yet, at least) extended [Fourth Amendment] protections to the internet analogue to envelope markings, namely the metadata used to route internet communications, like . . . IP addresses.").
Transactional information may be obtained pursuant to a court order. 18 U.S.C. § 3123. [Search & Seizure Manual Appendix D] The law enforcement official must represent to the Court “that the information likely to be obtained by such installation and use is relevant to an ongoing criminal investigation.” 18 U.S.C. § 3123(a). Court orders shall specify
- The name of subscriber;
- The name of the person who is the target of the investigation and what the criminal offense is; and
- The identification of the communication to be watched, such as the phone number or other identifier.
18 U.S.C. § 3123(b)(1). A court order must specify the initial service provider but it need not specify subsequent providers. 18 U.S.C. § 3123(b)(1)(A). Subsequent providers may request certification that the order applies to that provider, and the law enforcement officer is obligated to provide it. 18 U.S.C. § 3123(a)(1).
Confused? So are we. Check out the What Gets What Chart.
"To obtain a pen/trap order, applicants must identify themselves, identify the law enforcement agency conducting the investigation, and then certify their belief that the information likely to be obtained is relevant to an ongoing criminal investigation being conducted by the agency. See 18 U.S.C. § 3122(b)(1)-(2)." [Search Seizure 2009 p 154]
DOJ has reported that it’s new pen register/trap and trace authority “was employed in the investigation of the murder of journalist Daniel Pearl to obtain information that proved critical to identifying some of the perpetrators.” [Jamie Brown]
Pen Registers for email have been found to be constitutional. [Forrester (9th Cir)]
See also Emergency Trap and Trace
Geographic Scope: Court orders issued by federal court may be executed anywhere in the United States. 18 U.S.C. § 3123(a)(1); 18 U.S.C. § 3127(2). Court orders issued by states are good only within that state. 18 U.S.C. § 3123(a)(2).
Time Limit: These Court orders are good for 60 days and can be extended for an additional sixty-day periods. 18 U.S.C. § 3123(c).
Gag Rule: A court order shall direct the service provider to keep it quiet. The service provider is not permitted to disclose “the existence of the pen register or trap and trace device or the existence of the investigation” unless directed to do so by the court. 18 U.S.C. § 3123(d).
Installation: The court order shall tell the service provider that they get to help the law enforcement officials out with the pen register or trap and trace. 18 U.S.C. § 3124. In instances where officers install their own device, they must use "technology reasonably available to it" in order to avoid intercepting the contents of the communication. 18 U.S.C. § 3121(c). [See Carnivore, CALEA]
"The government must also use "technology reasonably available to it" to avoid recording or decoding the contents of any wire or electronic communications. 18 U.S.C. § 3121(c). When there is no way to avoid the inadvertent collection of content through the use of reasonably available technology, DOJ policy requires that the government may not use any inadvertently collected content in its investigation. However, a few courts have gone beyond the statute's requirement that the government use technology reasonable available to it to avoid collecting content. Citing the exclusion of contents from the definitions of pen register and trap and trace device, these courts have stated or implied that the government cannot use pen/trap devices that might collect any content at all. See In re Application of the United States, 2007 WL 3036849, at *8-9 (S. D. Tex. 2007) ("[T]he Pen Register Statute does not permit the Government simply to minimize the effects of its collection of unauthorized content, but instead prohibits the collection of content in the first place."); In re Application of United States, 416 F. Supp. 2d 13, 17 (D.D.C. 2006) ("[T]he Government must ensure that the process used to obtain information about email communications excludes the contents of those communications."). Courts have been particularly likely to take this position in the context of phone pen/trap devices that would collect "post-cut-through dialed digits" because this data can include content that cannot be separated out using reasonably available technology. See In re Applications of United States, 515 F. Supp. 2d 325, 339 (E.D.N.Y. 2007); In re Application of United States, 441 F. Supp. 2d 816, 827 (S.D. Tex. 2006); In re Application of United States, 2007 WL 3036849, at *8-*9 (S. D. Tex. 2007). Because this area of the law is developing rapidly, prosecutors or agents may have questions about current trends, and they may direct any such questions to  CCIPS" [Search Seizure 2009 p 156]
Cost Recovery: Service providers shall be paid for their troubles. 18 U.S.C. § 3124(c). [But see CALEA]
Reporting Requirement: In instances where officers install their own device, the officers must comply with the reporting requirement, keeping a record of the officers who installed and have access to the device, the date and time the devices was installed and uninstalled, the configuration of the device, and the information collected by the device. 18 U.S.C. § 3123(a)(3). This information must be provided to the court under seal within 30 days of the termination of the order.
The Attorney General must also report to Congress annually on the number of pen register and trap and traces applied for. 18 U.S.C. § 3126
The Pen/Trap Statute and Cell-Site Information
Trap and Trace Order, Example
Derived From: Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations Computer Crime and Intellectual Property Section, Criminal Division, DOJ, p 235 (2009) (Remember: This is a rendition of the state of the law from law enforcement and reflects their views)
UNITED STATES DISTRICT COURT
[AUSA name], on behalf of the United States, has submitted an application pursuant to 18 U.S.C. §§ 3122 and 3123, requesting that the Court issue an Order pursuant to 18 U.S.C. § 3123, authorizing the installation and use of pen registers and trap and trace devices ("pen/trap devices") on the [service provider] email account [target email address], whose listed subscriber is [subscriber name].
The Court finds that the applicant is an attorney for the government and has certified that the information likely to be obtained by such installation and use is relevant to an ongoing criminal investigation being conducted by [law enforcement agency] of unknown individuals in connection with possible violations of [statutes].
IT IS THEREFORE ORDERED, pursuant to 18 U.S.C. § 3123, that pen/trap devices may be installed and used to record, decode, and/or capture dialing, routing, addressing, and signaling information associated with each communication to or from the [service provider] email account [target email address], including the date, time, and duration of the communication, and the following, without geographic limit:
IT IS FURTHER ORDERED, pursuant to 18 U.S.C. § 3123(c)(1), that the use and installation of the foregoing is authorized for sixty days from the date of this Order;
IT IS FURTHER ORDERED, pursuant to 18 U.S.C. §§ 3123(b)(2) and 3124(a)-(b), that [service provider] and any other person or entity providing wire or electronic communication service in the United States whose assistance may, pursuant to 18 U.S.C. § 3123(a), facilitate the execution of this Order shall, upon service of this Order, furnish information, facilities, and technical assistance necessary to install the pen/trap devices, including installation and operation of the pen/trap devices unobtrusively and with minimum disruption of normal service;
IT IS FURTHER ORDERED that [law enforcement agency] reasonably compensate [service provider] and any other person or entity whose assistance facilitates execution of this Order for reasonable expenses incurred in complying with this Order;
IT IS FURTHER ORDERED that [service provider] and any other person or entity whose assistance may facilitate execution of this Order notify [law enforcement agency] of any changes relating to the email account [target email account], including changes to subscriber information, and to provide prior notice to [law enforcement agency] before terminating service to the email account;
IT IS FURTHER ORDERED that [law enforcement agency] and the applicant have access to the information collected by the pen/trap devices as soon as practicable, twenty-four hours per day, or at such other times as may be acceptable to [law enforcement agency], for the duration of the Order;
IT IS FURTHER ORDERED, pursuant to 18 U.S.C. § 3123(d)(2), that [service provider] and any other person or entity whose assistance facilitates execution of this Order, and their agents and employees, shall not disclose in any manner, directly or indirectly, by any action or inaction, the existence of the application and this Order, the pen/trap devices, or the investigation to any person, except as necessary to effectuate this Order, unless and until otherwise ordered by the Court;
IT IS FURTHER ORDERED that the Clerk of the Court shall provide the United States Attorney's Office with three certified copies of this application and Order, and shall provide copies of this Order to [law enforcement agency] and [service provider] upon request;
IT ISFURTHER ORDERED that the application and this Order are sealed until otherwise ordered by the Court, pursuant to 18 U.S.C. § 3123(d)(1).
Date United States Magistrate Judge
© Cybertelecom ::
- Florin Vancea, Codruta Vancea, Daniela Elena Popescu, Doina Zmaranda, and Gianina Gabor, “Secure Data Retention of Call Detail Records,” International Journal of Computers, Communications & Control, December 2010
- Zack Whittaker, “Hackers are stealing years of call records from hacked cell networks,” TechCrunch, June 23, 2019
- Jon Porter, “Hackers steal call records from cell providers in ‘massive-scale’ espionage,” The Verge, June 25, 2019