Field Guidance on New Authorities That Relate to Computer Crime and Electronic Evidence Enacted in the USA Patriot Act of 2001
Date: October 15, 2003Source: Computer Crime Research Center
NextIn recent years, some cable companies have refused to accept subpoenas
and court orders pursuant to the pen/trap statute and ECPA, noting the
seeming inconsistency of these statutes with the Cable Act’s harsh
restrictions. See In re Application of United States, 36 F. Supp. 2d 430
(D. Mass. Feb. 9, 1999) (noting apparent statutory conflict and ultimately
granting application for order under 18 U.S.C. 2703(d) for records from
cable company providing Internet service). Treating identical records
differently depending on the technology used to access the Internet made
little sense. Moreover, these complications at times delayed or ended
important investigations.
Amendment: Section 211 of the Act amends title 47, section 551(c)(2)(D),
to clarify that ECPA, the wiretap statute, and the trap and trace statute
govern disclosures by cable companies that relate to the provision of
communication services – such as telephone and Internet services.
The amendment preserves, however, the Cable Act’s primacy with respect
to records revealing what ordinary cable television programing a customer
chooses to purchase, such as particular premium channels or "pay
per view" shows. Thus, in a case where a customer receives both Internet
access and conventional cable television service from a single cable provider,
a government entity can use legal process under ECPA to compel the provider
to disclose only those customer records relating to Internet service.
(This section is not subject to the sunset provision in Section 224 of
the Act).
Previous law: Previous law relating to voluntary disclosures
by communication service providers was inadequate in two respects. First,
it contained no special provision allowing providers to disclose customer
records or communications in emergencies. If, for example, an Internet
service provider ("ISP") independently learned that one of its
customers was part of a conspiracy to commit an imminent terrorist attack,
prompt disclosure of the account information to law enforcement could
save lives. Since providing this information did not fall within one of
the statutory exceptions, however, an ISP making such a disclosure could
be sued civilly.
Second, prior to the Act, the law did not expressly permit a provider
to voluntarily disclose non-content records (such as a subscriber’s
login records) to law enforcement for purposes of self-protection, even
though providers could disclose the content of communications for this
reason. See 18 U.S.C. ยง 2702(b)(5), 2703(c)(1)(B). Yet the
right to disclose the content of communications necessarily implies the
less intrusive ability to disclose non-content records. Cf. United
States v. Auler, 539 F.2d 642, 646 n.9 (7th Cir. 1976) (phone company’s
authority to monitor and disclose conversations to protect against fraud
necessarily implies right to commit lesser invasion of using, and disclosing
fruits of, pen register device) (citing United States v. Freeman,
524 F.2d 337, 341 (7th Cir. 1975)). Moreover, as a practical matter, providers
must have the right to disclose to law enforcement the facts surrounding
attacks on their systems. For example, when an ISP’s customer hacks
into the ISP’s network, gains complete control over an e-mail server,
and reads or modifies the e-mail of other customers, the provider must
have the legal ability to report the complete details of the crime to
law enforcement.
Amendment: Section 212 corrects both of these inadequacies in
previous law. Section 212 amends subsection 2702(b)(6) to permit, but
not require, a service provider to disclose to law enforcement either
content or non-content customer records in emergencies involving an immediate
risk of death or serious physical injury to any person. This voluntary
disclosure, however, does not create an affirmative obligation to review
customer communications in search of such imminent dangers.
The amendments in Section 212 of the Act also change ECPA to allow providers
to disclose information to protect their rights and property. It accomplishes
this change by two related sets of amendments. First, amendments to sections
2702 and 2703 of title 18 simplify the treatment of voluntary disclosures
by providers by moving all such provisions to 2702. Thus, section 2702
now regulates all permissive disclosures (of content and non-content records
alike), while section 2703 covers only compulsory disclosures by providers.
Second, an amendment to new subsection 2702(c)(3) clarifies that service
providers do have the statutory authority to disclose non-content records
to protect their rights and property. All of these changes will sunset
December 31, 2005.
The pen register and trap and trace statute (the "pen/trap"
statute) governs the prospective collection of non-content traffic information
associated with communications, such as the phone numbers dialed by a
particular telephone. Section 216 updates the pen/trap statute in three
important ways: (1) the amendments clarify that law enforcement may use
pen/trap orders to trace communications on the Internet and other computer
networks; (2) pen/trap orders issued by federal courts now have nationwide
effect; and (3) law enforcement authorities must file a special report
with the court whenever they use a pen/trap order to install their own
monitoring device (such as the FBI’s DCS1000) on computers belonging
to a public provider. The following sections discuss these provisions
in greater detail. (This section is not subject to the sunset provision
in Section 224 of the Act).
Previous law: When Congress enacted the pen/trap statute in 1986,
it could not anticipate the dramatic expansion in electronic communications
that would occur in the following fifteen years. Thus, the statute contained
certain language that appeared to apply to telephone communications and
that did not unambiguously encompass communications over computer networks.3
Although numerous courts across the country have applied the pen/trap
statue to communications on computer networks, no federal district or
appellate court has explicitly ruled on its propriety. Moreover, certain
private litigants have challenged the application of the pen/trap statute
to such electronic communications based on the statute’s telephone-specific
language.
Amendment: Section 216 of the Act amends sections 3121, 3123,
3124, and 3127 of title 18 to clarify that the pen/trap statute applies
to a broad variety of communications technologies. References to the target
"line," for example, are revised to encompass a "line or
other facility." Such a facility might include, for example, a cellular
telephone number; a specific cellular telephone identified by its electronic
serial number; an Internet user account or e-mail address; or an Internet
Protocol address, port number, or similar computer network address or
range of addresses. In addition, because the statute takes into account
a wide variety of such facilities, amendments to section 3123(b)(1)(C)
now allow applicants for pen/trap orders to submit a description of the
communications to be traced using any of these or other identifiers.
Moreover, the amendments clarify that orders for the installation of
pen register and trap and trace devices may obtain any non-content information
– all "dialing, routing, addressing, and signaling information"
– utilized in the processing and transmitting of wire and electronic
communications. Such information includes IP addresses and port numbers,
as well as the "To" and "From" information contained
in an e-mail header. Pen/trap orders cannot, however, authorize the interception
of the content of a communication, such as words in the "subject
line" or the body of an e-mail. Agents and prosecutors with questions
about whether a particular type of information constitutes content should
contact the Office of Enforcement Operations in the telephone context
(202-514-6809)...
Add comment
Email to a Friend
| Discussion is closed - view comments archieve |
| 2005-09-02 05:27:51 - Very nice Anelia |
| Total 1 comments |
