Pen register

Last updated

A pen register, or dialed number recorder (DNR), is an electronic device that records all numbers called from a particular telephone line. [1] The term has come to include any device or program that performs similar functions to an original pen register, including programs monitoring Internet communications.

Contents

The United States statutes governing pen registers are codified under 18 U.S.C., Chapter 206.

Definitions

Pen register manufactured by J. H. Bunnell & Co, Brooklyn, New York Pen Register.jpg
Pen register manufactured by J. H. Bunnell & Co, Brooklyn, New York

The term pen register originally referred to a device for recording telegraph signals on a strip of paper. Samuel F. B. Morse's 1840 telegraph patent described such a register as consisting of a lever holding an armature on one end, opposite an electromagnet, with a fountain pen, pencil or other marking instrument on the other end, and a clockwork mechanism to advance a paper recording tape under the marker. [2]

The term telegraph register came to be a generic term for such a recording device in the later 19th century. [3] Where the record was made in ink with a pen, the term pen register emerged. By the end of the 19th century, pen registers were widely used to record pulsed electrical signals in many contexts. For example, one fire-alarm system used a "double pen-register", [4] and another used a "single or multiple pen register". [5]

As pulse dialing came into use for telephone exchanges, pen registers had obvious applications as diagnostic instruments for recording sequences of telephone dial pulses. In the United States, the clockwork-powered Bunnell pen register remained in use into the 1960s. [6]

After the introduction of tone dialing, any instrument that could be used to record the numbers dialed from a telephone came to be defined as a pen register. Title 18 of the United States Code defines a pen register as:

a device or process which records or decodes dialing, routing, addressing, or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted, provided, however, that such information shall not include the contents of any communication, but such term does not include any device or process used by a provider or customer of a wire or electronic communication service for billing, or recording as an incident to billing, for communications services provided by such provider or any device or process used by a provider or customer of a wire communication service for cost accounting or other like purposes in the ordinary course of its business [7]

This is the current definition of a pen register, as amended by passage of the 2001 USA PATRIOT Act. The original statutory definition of a pen register was created in 1984 as part of the Electronic Communications Privacy Act, which defined a "Pen Register" as:

A device which records or decodes electronic or other impulses which identify the numbers called or otherwise transmitted on the telephone line to which such device is dedicated.

A pen register is similar to a trap and trace device. A trap and trace device would show what numbers had called a specific telephone, i.e., all incoming phone numbers. A pen register rather would show what numbers a phone had called, i.e. all outgoing phone numbers. The two terms are often used in concert, especially in the context of Internet communications. They are often jointly referred to as "Pen Register or Trap and Trace devices" to reflect the fact that the same program will probably do both functions in the modern era, and the distinction is not that important. The term "pen register" is often used to describe both pen registers and trap and trace devices. [8]

Background

In Katz v. United States (1967), the United States Supreme Court established its "reasonable expectation of privacy" test. It overturned Olmstead v. United States (1928) and held that warrantless wiretaps were unconstitutional searches, because there was a reasonable expectation that the communication would be private. From then on, the government was required to get a warrant to execute a wiretap.

Twelve years later the Supreme Court held that a pen register is not a search because the "petitioner voluntarily conveyed numerical information to the telephone company." Smith v. Maryland , 442 U.S. 735, 744 (1979). Since the defendant had disclosed the dialed numbers to the telephone company so they could connect his call, he did not have a reasonable expectation of privacy in the numbers he dialed. The court did not distinguish between disclosing the numbers to a human operator or just the automatic equipment used by the telephone company.

The Smith decision left pen registers completely outside constitutional protection. If there was to be any privacy protection, it would have to be enacted by Congress as statutory privacy law [ citation needed ]. [9]

Pen Register Act

The Electronic Communications Privacy Act (ECPA) was passed in 1986 (Pub. L. No. 99-508, 100 Stat. 1848). There were three main provisions or Titles to the ECPA. Title III created the Pen Register Act, which included restrictions on private and law enforcement uses of pen registers. Private parties were generally restricted from using them unless they met one of the exceptions, which included an exception for the business providing the communication if it needed to do so to ensure the proper functioning of its business.

For law enforcement agencies to get a pen register approved for surveillance, they must get a court order from a judge. According to 18 U.S.C. § 3123(a)(1), the "court shall enter an ex parte order authorizing the installation and use of a pen register or trap and trace device anywhere within the United States, if the court finds that the attorney for the Government has certified to the court that the information likely to be obtained by such installation and use is relevant to an ongoing criminal investigation". [10] Thus, a government attorney only needs to certify that information will "likely" be obtained in relation to an 'ongoing criminal investigation'. This is the lowest requirement for receiving a court order under any of the ECPA's three titles. This is because in Smith v. Maryland , the Supreme Court ruled that use of a pen register does not constitute a search. The ruling held that only the content of a conversation should receive full constitutional protection under the right to privacy; since pen registers do not intercept conversation, they do not pose as much threat to this right.

Some have argued that the government should be required to present "specific and articulable facts" showing that the information to be gathered is relevant and material to an ongoing investigation. This is the standard used by Title II of the ECPA with regard to the contents of stored communications. Others, such as Daniel J. Solove, Petricia Bellia, and Dierdre Mulligan, believe that probable cause and a warrant should be necessary. [11] [12] [13] Paul Ohm argues that standard of proof should be replaced/reworked for electronic communications altogether. [14]

The Pen Register Act did not include an exclusionary rule. While there were civil remedies for violations of the Act, evidence gained in violation of the Act can still be used against a defendant in court. There have also been calls for Congress to add an exclusionary rule to the Pen Register Act, as this would make it more analogous to traditional Fourth Amendment protections. The penalty for violating the Pen Register Act is a misdemeanor, and it carries a prison sentence of not more than one year. [15]

USA PATRIOT Act

Section 216 of the 2001 USA PATRIOT Act expanded the definition of a pen register to include devices or programs that provide an analogous function with Internet communications. Prior to the Patriot Act, it was unclear whether or not the definition of a pen register, which included very specific telephone terminology, [16] could apply to Internet communications. Most courts and law enforcement personnel operated under the assumption that it did, however, the Clinton administration had begun to work on legislation to make that clear, and one magistrate judge in California did rule that the language was too telephone-specific to apply to Internet surveillance.

The Pen Register Statute is a privacy act. As there is no constitutional protection for information divulged to a third party under the Supreme Court's expectation of privacy test, and the routing information for phone and Internet communications are divulged to the company providing the communication, the absence or inapplicability of the statute would leave the routing information for those communications completely unprotected from government surveillance.

The government also has an interest in making sure the Pen Register Act exists and applies to Internet communications. Without the Act, they cannot compel service providers to give them records or do Internet surveillance with their own equipment or software, and the law enforcement agency, which may not have very good technological capabilities, will have to do the surveillance itself at its own cost.

Rather than creating new laws regarding Internet surveillance, the Patriot Act simply expanded the definition of a pen register to include computer software programs doing Internet surveillance by accessing information. While not completely compatible with the technical definition of a pen register device, this was the interpretation that had been used by almost all courts and law enforcement agencies prior to the change. [16]

NSA call database controversy

When, in 2006, the Bush administration came under fire for having secretly collected billions of phone call details from regular Americans, ostensibly to check for calls to terror suspects, the Pen Register Act was cited, along with the Stored Communications Act, as an example of how such domestic spying violated Federal law. [17]

In 2013, the Obama Administration sought a court order "requiring Verizon on an 'ongoing, daily basis' to give the NSA information on all telephone calls in its systems, both within the US and between the US and other countries". The order was approved on April 25, 2013, by federal Judge Roger Vinson, member of the secret Foreign Intelligence Surveillance Court (FISC), which court had been created by the Foreign Intelligence Surveillance Act (FISA). The order gave the government unlimited authority to compel Verizon to collect and provide the data for a specified three-month period ending on July 19. This is the first time significant and top-secret documents have been revealed exposing the continuation of the practice on a massive scale under U.S. President Barack Obama.

According to The Guardian , "it is not known whether Verizon is the only cell-phone provider to be targeted with such an order, although previous reporting has suggested the NSA has collected cell records from all major mobile networks. It is also unclear from the leaked document whether the three-month order was a one-off or the latest in a series of similar orders". [18]

Hemisphere DEA call database controversy

On September 1, 2013, the DEA's Hemisphere Project was revealed to the public by The New York Times . In a series of PowerPoint slides acquired through a lawsuit, AT&T is revealed to be operating a call database going back to 1987 which the DEA has warrantless access to with no judicial oversight under "administrative subpoenas" originated by the DEA. The DEA pays AT&T to maintain employees throughout the country devoted to investigating call records through this database for the DEA. The database grows by 4 billion records per day, and presumably covers all traffic that crosses AT&T's network. Internal directives instructed participants never to reveal the project publicly, despite the fact that the project was portrayed as a "routine" part of DEA investigations; several investigations unrelated to drugs have been mentioned as using the data. When questioned on their participation, Verizon, Sprint, and T-Mobile refused to comment on whether they were part of the project, generating fears that pen registers and trap and trace devices are effectively irrelevant in the face of ubiquitous private-public-partnership surveillance with indefinite data retention. [19]

Information collected

Information that is legally collectible according to 2014 pen trap laws includes:

Phone

Email

Internet

See also

Related Research Articles

<span class="mw-page-title-main">United States Foreign Intelligence Surveillance Court</span> U.S. federal court

The United States Foreign Intelligence Surveillance Court (FISC), also called the FISA Court, is a U.S. federal court established under the Foreign Intelligence Surveillance Act of 1978 (FISA) to oversee requests for surveillance warrants against foreign spies inside the United States by federal law enforcement and intelligence agencies.

Telephone tapping is the monitoring of telephone and Internet-based conversations by a third party, often by covert means. The wire tap received its name because, historically, the monitoring connection was an actual electrical tap on the telephone line. Legal wiretapping by a government agency is also called lawful interception. Passive wiretapping monitors or records the traffic, while active wiretapping alters or otherwise affects it.

Computer and network surveillance is the monitoring of computer activity and data stored locally on a computer or data being transferred over computer networks such as the Internet. This monitoring is often carried out covertly and may be completed by governments, corporations, criminal organizations, or individuals. It may or may not be legal and may or may not require authorization from a court or other independent government agencies. Computer and network surveillance programs are widespread today and almost all Internet traffic can be monitored.

<span class="mw-page-title-main">Mass surveillance</span> Intricate surveillance of an entire or a substantial fraction of a population

Mass surveillance is the intricate surveillance of an entire or a substantial fraction of a population in order to monitor that group of citizens. The surveillance is often carried out by local and federal governments or governmental organizations, such as organizations like the NSA, but it may also be carried out by corporations. Depending on each nation's laws and judicial systems, the legality of and the permission required to engage in mass surveillance varies. It is the single most indicative distinguishing trait of totalitarian regimes. It is also often distinguished from targeted surveillance.

<span class="mw-page-title-main">Mobile phone spam</span> Unwanted communication through a mobile phone

Mobile phone spam is a form of spam, directed at the text messaging or other communications services of mobile phones or smartphones. As the popularity of mobile phones surged in the early 2000s, frequent users of text messaging began to see an increase in the number of unsolicited commercial advertisements being sent to their telephones through text messaging. This can be particularly annoying for the recipient because, unlike in email, some recipients may be charged a fee for every message received, including spam. Mobile phone spam is generally less pervasive than email spam, where in 2010 around 90% of email is spam. The amount of mobile spam varies widely from region to region. In North America, mobile spam steadily increased after 2008 and accounted for half of all mobile phone traffic by 2019. In parts of Asia up to 30% of messages were spam in 2012.

The Communications Assistance for Law Enforcement Act (CALEA), also known as the "Digital Telephony Act," is a United States wiretapping law passed in 1994, during the presidency of Bill Clinton.

<span class="mw-page-title-main">Carnivore (software)</span> Electronic communication monitor used by the FBI

Carnivore, later renamed DCS1000, was a system implemented by the Federal Bureau of Investigation (FBI) that was designed to monitor email and electronic communications. It used a customizable packet sniffer that could monitor all of a target user's Internet traffic. Carnivore was implemented in October 1997. By 2005 it had been replaced with improved commercial software.

<span class="mw-page-title-main">Electronic Communications Privacy Act</span>

The Electronic Communications Privacy Act of 1986 (ECPA) was enacted by the United States Congress to extend restrictions on government wire taps of telephone calls to include transmissions of electronic data by computer, added new provisions prohibiting access to stored electronic communications, i.e., the Stored Communications Act, and added so-called pen trap provisions that permit the tracing of telephone communications . ECPA was an amendment to Title III of the Omnibus Crime Control and Safe Streets Act of 1968, which was primarily designed to prevent unauthorized government access to private electronic communications. The ECPA has been amended by the Communications Assistance for Law Enforcement Act (CALEA) of 1994, the USA PATRIOT Act (2001), the USA PATRIOT reauthorization acts (2006), and the FISA Amendments Act (2008)

Customer proprietary network information (CPNI) is the data collected by telecommunications companies about a consumer's telephone calls. It includes the time, date, duration and destination number of each call, the type of network a consumer subscribes to, and any other information that appears on the consumer's telephone bill.

Email privacy is a broad topic dealing with issues of unauthorized access to, and inspection of, electronic mail, or unauthorized tracking when a user reads an email. This unauthorized access can happen while an email is in transit, as well as when it is stored on email servers or on a user's computer, or when the user reads the message. In countries with a constitutional guarantee of the secrecy of correspondence, whether email can be equated with letters—therefore having legal protection from all forms of eavesdropping—is disputed because of the very nature of email.Morrison, Steven R. "What the Cops Can't Do, Internet Service Providers Can: Preserving Privacy in Email Contents". Va. JL & Tech.</ref>

The USA PATRIOT Act was passed by the United States Congress in 2001 as a response to the September 11, 2001 attacks. It has ten titles, each containing numerous sections. Title II: Enhanced Surveillance Procedures granted increased powers of surveillance to various government agencies and bodies. This title has 25 sections, with one of the sections containing a sunset clause which sets an expiration date, December 31, 2005, for most of the title's provisions. This was extended twice: on December 22, 2005 the sunset clause expiration date was extended to February 3, 2006 and on February 2 of the same year it was again extended, this time to March 10.

A trap and trace device captures incoming phone calls to a particular number, similar to a how a pen register captures outgoing phone calls.

<span class="mw-page-title-main">Section summary of the Patriot Act, Title II</span>

The following is a section summary of the USA PATRIOT Act, Title II. The USA PATRIOT Act was passed by the United States Congress in 2001 as a response to the September 11, 2001 attacks. Title II: Enhanced Surveillance Procedures gave increased powers of surveillance to various government agencies and bodies. This title has 25 sections, with one of the sections containing a sunset clause which sets an expiration date, 31 December 2005, for most of the title's provisions. On 22 December 2005, the sunset clause expiration date was extended to 3 February 2006.

<span class="mw-page-title-main">MAINWAY</span> NSA database of US telephone calls

MAINWAY is a database maintained by the United States' National Security Agency (NSA) containing metadata for hundreds of billions of telephone calls made through the largest telephone carriers in the United States, including AT&T, Verizon, and T-Mobile.

Smith v. Maryland, 442 U.S. 735 (1979), was a Supreme Court case holding that the installation and use of a pen register by the police to obtain information on a suspect's telephone calls was not a "search" within the meaning of the Fourth Amendment to the United States Constitution, and hence no search warrant was required. In the majority opinion, Justice Harry Blackmun rejected the idea that the installation and use of a pen register constitutes a violation of the suspect's reasonable expectation of privacy since the telephone numbers would be available to and recorded by the phone company anyway.

Employee monitoring is the surveillance of workers' activity. Organizations engage in employee monitoring for different reasons such as to track performance, to avoid legal liability, to protect trade secrets, and to address other security concerns. This practice may impact employee satisfaction due to its impact on the employee's privacy. Among organizations, the extent and methods of employee monitoring differ.

Privacy law in Denmark is supervised and enforced by the independent agency Datatilsynet based mainly upon the Act on Processing of Personal Data.

A call detail record (CDR) is a data record produced by a telephone exchange or other telecommunications equipment that documents the details of a telephone call or other telecommunications transactions that passes through that facility or device. The record contains various attributes of the call, such as time, duration, completion status, source number, and destination number. It is the automated equivalent of the paper toll tickets that were written and timed by operators for long-distance calls in a manual telephone exchange.

The Email Privacy Act is a bill introduced in the United States Congress. The bipartisan proposed federal law was sponsored by Representative Kevin Yoder, a Republican from Kansas, and then-Representative Jared Polis, a Democrat of Colorado. The law is designed to update and reform existing online communications law, specifically the Electronic Communications Privacy Act (ECPA) of 1986.

Digital Search and Seizure refers to the ability of the United States Government to obtain and read an individual's private digital correspondence and material under The Fourth Amendment of the United States Constitution.

References

  1. Applegate, John, and Amy Grossman. "Pen Registers after Smith v. Maryland". Harv. CR-CLL.{{cite journal}}: CS1 maint: multiple names: authors list (link)
  2. Samuel F. B. Morse, Improvement in the Mode of Communicating Information by Signals by the Application of Electro-Magnetism, U.S. Patent 1647, June 20, 1840; see page 4 column 2
  3. See for example, Frank Wood's Telegraph Register, U.S. Patent 338,329, Mar. 23, 1886.
  4. William F. Singer, Electrical Automatic Fire-Alarm System, U.S. Patent 436,640, Sept. 16, 1890; see page 3 line 48
  5. Bernice J. Noyes, Electric Signalling Apparatus, U.S. Patent 534,908, Feb. 26, 1895; see page 1 lines 82-83.
  6. Bunnell Ink Writing Register (Pen Register), Bell System Practices, Section 030-340-701, 2 Sept 1961.
  7. 18 U.S.C.   § 3127(3)
  8. "Introduction to Government Investigations". cyber.harvard.edu. Retrieved 2020-10-23.
  9. Applegate, John, and Amy Grossman. "Pen Registers after Smith v. Maryland". Harv. CR-CLL.{{cite journal}}: CS1 maint: multiple names: authors list (link)
  10. "18 U.S. Code § 3123 – Issuance of an order for a pen register or a trap and trace device". LII / Legal Information Institute.
  11. Solove, Daniel J. (2004). "Reconstructing Electronic Surveillance Law". Geo. Wash. L. Rev. 72 (6): 1264–1305.
  12. Bellia, Patricia L. (2004). "Surveillance Law Through Cyberlaw's Lens". Geo. Wash. L. Rev. 72 (6): 1375–1458.
  13. Mulligan, Deirdre K. (2004). "Reasonable Expectations in Electronic Communications: A Critical Perspective on the Electronic Communications Privacy Act". Geo. Wash. L. Rev. 72 (6): 1557–1598.
  14. Ohm, Paul (2009). "Probably Probable Cause: The Diminishing Importance of Justification Standards" (PDF). Minn. L. Rev. 94 (3): 1514–1560.
  15. "18 U.S.C. § 3121(d)". cornell.edu.
  16. 1 2 Schwartz, Paul M. (2009-09-01). "Law and technologyKeeping track of telecommunications surveillance". Communications of the ACM. 52 (9): 24–26. doi:10.1145/1562164.1562175. ISSN   0001-0782. S2CID   8119299.
  17. "Privacy: An Overview of Federal Statutes Governing Wiretapping and Electronic Eavesdropping". www.everycrsreport.com. Retrieved 2020-11-21.
  18. Greenwald, Glenn (June 5, 2013). "NSA collecting phone records of millions of Verizon customers daily". The Guardian.
  19. Shane & Colin Moynihan, Scott (September 1, 2013). "Drug Agents Use Vast Phone Trove, Eclipsing N.S.A.'s". The New York Times.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.