National Academies Press: OpenBook

Cryptography's Role in Securing the Information Society (1996)

Chapter: D - An Overview of Electronic Surveillance: History and Current Status

« Previous: C - A Brief Primer on Cryptography
Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 396

D An Overview of Electronic Surveillance: History and Current Status

D.1 THE LEGAL FRAMEWORK FOR DOMESTIC LAW ENFORCEMENT SURVEILLANCE

D.1.1 The General Prohibition on Electronic Surveillance

The U.S. Code, in Section 2511 of Title 18 and Sections 1809-1810 of Title 50, provides specific criminal and civil penalties for individuals (law enforcement officials and private citizens alike) who conduct electronic or wire surveillance of communications (defined below) in a manner that is not legally authorized.1 Legal authorization for such surveillance is provided for specific circumstances in law enforcement and foreign intelligence collection as described below.

D.1.2 Title III of the Omnibus Crime Control and Safe Streets Act of 1968 and the Electronic Communications Privacy Act of 19862

Congress established the statutory authority for law enforcement in-

1 18 U.S.C. Section 2511(4), (5); 50 U.S.C. Section 1809(c); and 50 U.S.C. Section 1810.

2 The discussion in this subsection summarizes the relevant provisions. A more detailed treatment is given in Clifford S. Fishman, Wiretapping and Eavesdropping, The Lawyers Cooperative Publishing Co., Rochester, N.Y., 1978; and Clifford S. Fishman, Wiretapping and Eavesdropping: Cumulative Supplement, Clark Boardman Callaghan, Deerfield, III., November 1994. See also Donald P. Delaney, Dorothy E. Denning, John Kaye, and Alan R. McDonald, "Wiretap Laws and Procedures: What Happens When the U.S. Government Taps a Line," September 1993, available on-line at http://snyside.sunnyside.com/cpsr/privacy/communications/wire-tap/denning_wiretap_procedure_paper.txt and other sites.

Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 397

terception of communications in Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (Title III). In 1986, the Electronic Communications Privacy Act (ECPA) made significant additions and amendments. Title III, as amended by ECPA, defines three categories of communications—oral, wire, and electronic—and provides varying degrees of legal protection against their unauthorized interception. Oral communications are spoken words carried by sound waves through the air. Electronic surveillance of oral communications is performed with listening devices, known as bugs. Wire communications are human speech carried over a wire or wire-like cable, including optical fiber. They may be intercepted with a wiretap. (Interception of one end of a conversation by bugging the room in which a telephone is placed is a case of oral interception.) Electronic communications are defined—with minor exceptions such as toneonly pagers—as every other form of electronically transmitted communication, including various forms of data, text, audio, and video. The legislative history of ECPA specifically mentions electronic mail, paging systems, bulletin board systems, and computer-to-computer communications, among other technologies the act was intended to address.3

ECPA defines radio communications, including voice conversations, as electronic, with the exception that voice conversations carried in part over radio and in part through wires or switches (such as cellular telephone calls) are treated as wire communications.4 Some radio communications may be intercepted without penalty. Courts have found, and ECPA affirms, that if a radio transmission is readily accessible to anyone with an appropriate receiver, it does not meet the Fourth Amendment test of a "reasonable expectation of privacy" and is therefore unprotected.5 However, ECPA specifies several forms of radio communication that are not "readily accessible" and therefore are protected from interception. These include, among others, encrypted or scrambled transmissions (digital modulation alone does not meet this standard, unless the protocols have been deliberately concealed from the public to maintain privacy); common-carrier paging services (except tone-only services); and private microwave services. In practice, unprotected radio transmissions generally relate to radio broadcasting, dispatching, public-safety radio (police, fire, etc.), amateur radio, citizens band, and similar services. In the radio

3 Fishman, Cumulative Supplement, 1994, sections 7.31-7.49.

4 Fishman, Cumulative Supplement, 1994, sections 7.4, 7.5, 7.21-7.28. See also James G. Carr, The Law of Electronic Surveillance, Clark Boardman Callaghan, Deerfield, III., September 1994, section 3.2.

5 By similar reasoning, messages are unprotected if posted in electronic bulletin board systems that are configured to make such messages readily accessible to the general public. Fishman, Cumulative Supplement, 1994, section 7.67.

Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 398

arena and others, the advance of communications technology, including encryption and decryption, and the development of new services will inevitably create the need for further interpretation of Title III and the ECPA by the courts and/or revision of the federal statutes.6

Like all searches and seizures in circumstances where a person normally has a reasonable expectation of privacy, electronic surveillance requires a warrant granted by a judge.7 To obtain a physical search warrant (e.g., to search a person's home), officials must provide certain information. This includes a statement of facts demonstrating probable cause to believe a crime has been or will be committed; the identity of the person or place to be searched; and a particular description of the object of the search. Evidence obtained in violation of these requirements may be challenged by the defendant in a trial and may be subject to suppression. Violations leading to suppression may include errors or omissions in the application for a warrant; warrants that should not have been issued, for example, for lack of probable cause; and failure to execute the search in accordance with the terms of the warrant.8

In Title III, Congress added significant, new requirements specific to the electronic interception of oral and wire communications. These additional requirements, which are discussed below, set a higher standard than the physical search and seizure standard of the Fourth Amendment. They are enforced by criminal and civil penalties, as well as by a statutory exclusionary rule, which states that violations of these requirements may lead to suppression of evidence in a later trial. This suppression may throw out evidence from electronic surveillance that would ordinarily meet a Fourth Amendment test.9

By law, only certain, serious felonies may be investigated with Title III surveillance of oral and wire communications. These include murder, kidnapping, child molestation, organized crime, narcotics offenses, and crimes against national security, among others.10 Before performing electronic surveillance, investigators must obtain a special type of warrant

6 Clifford Fishman, personal communication, January 23, 1995. This process can be seen, for example, in the Law Enforcement Communications Act of 1994's extension to cordless telephones of the same Title III protection that applies to cellular telephones.

7 Surveillance with the consent of one of the parties to a communication (e.g., an informant wearing a hidden microphone) does not require an intercept order (On Lee v. United States, 343 U.S. 747 (1952)). See Wayne R. LaFave and Jerold H. Israel, Criminal Procedure, 2nd ed., West Publishing, St. Paul, Minn., 1992, pp. 248, 254-255, 258-259.

8 Stephen Patrick O'Meara, "On Getting Wired: Considerations Regarding Obtaining and Maintaining Wiretaps and 'Bugs'," Creighton Law Review, Volume 26, 1993, pp. 729-749.

9 See LaFave and Israel, Criminal Procedure, 1992, pp. 248-256, for a discussion of Title III and the Fourth Amendment.

10 18 U.S.C. Section 2516(1); and Carr, The Law of Electronic Surveillance, 1994, section 4.2.

Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 399

called an "intercept order."11 To obtain an intercept order, an applicant must show that other investigative methods, such as informants or visual surveillance, have been tried unsuccessfully or would be dangerous or unlikely to obtain the desired evidence. The applicant must also provide specific information, such as the identity of the requesting officer; facts of the case showing probable cause; period of time that surveillance will be in effect (up to 30 days, with extensions requiring another application); surveillance procedures to be followed, including plans for keeping the interception of irrelevant communications to a minimum; history of previous intercept applications concerning the same person or location; and results of the ongoing interception, if the application is for an extension of an order.12 These requirements are somewhat flexible; not every impropriety in a surveillance results in suppression of all the evidence gathered. Numerous court decisions have found, for example, that incriminating conversations involving persons or crimes other than those identified in the warrant are admissible in a trial, as long as the warrant was valid for the purpose originally intended.13

Title III requires that intercept orders be requested and granted by higher-ranking officers and judges than warrants for physical searches. In federal investigations, applications must be authorized by a Department of Justice official at or above the level of Deputy Assistant Attorney General. Only federal district courts and courts of appeals may issue orders (in contrast to search warrants, which may also be issued by federal magistrates). State electronic surveillance laws must designate responsible state officials and courts of comparable stature. In addition to the Title III provisions, the Federal Bureau of Investigation (FBI) and most state enforcement agencies have detailed, internal approval procedures that officers must follow before they (or rather, a U.S. attorney acting on their behalf) may approach a court with an intercept request.14

11 Requirements are detailed in 18 U.S.C. Section 2518. Emergency intercepts may be performed without first obtaining a warrant in certain circumstances, such as physical danger to a person or conspiracy against the national security. An application for a warrant must subsequently be made within 48 hours. There has been virtually no use of the emergency provision, and its constitutionality has not been tested in court. See LaFave and Israel, Criminal Procedure, 1992, p. 254.

12 For a concise description of the application procedure, see Delaney et al., "Wiretap Laws and Procedures," 1993.

13 In general, the Supreme Court has significantly diminished the strictness of the statutory identification provisions. Potential telephone users may be listed in the application as "others, as yet unknown." Evidence obtained in a valid wiretap about crimes other than the one specified in the application is also admissible. See Fishman, Cumulative Supplement, 1994, sections 49-50, 55-56.

14 Ronald Goldstock and Clifford Fishman, briefings before the Committee to Study National Cryptography Policy, Irvine, Calif., February 10, 1995. For a description of FBI and New York State Police procedures, see Delaney et al., "Wiretap Laws and Procedures," 1993, section 2.1.

Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 400

Upon receipt of a court order, communications service providers are required by law to assist law enforcement officials. The service provider must furnish information, facilities, and technical assistance necessary to accomplish the interception "unobtrusively and with a minimum of interference" with the subject's services.15 The provider is entitled to reimbursement of expenses and is immune from any civil or criminal penalties for assisting in court-ordered surveillance.

One of the more intrusive aspects of electronic surveillance, in comparison to physical search and seizure, is the fact that the invasion of privacy continues over a period of time and is likely to intercept many communications that are irrelevant to the investigation. To restrict this invasion of privacy, Title III requires law enforcement officials to perform a procedure known as minimization. In the context of a wiretap or bug, minimization requires real-time monitoring of the surveillance device. When conversations are intercepted concerning irrelevant subjects, such as family gossip, monitoring officers must turn off the device. At intervals thereafter, they must turn on the device to spot-check for relevant communications, which may then be recorded. Minimization procedures must be described in the application for the intercept order. Failure to minimize properly may result in suppression of evidence.16

In certain cases, minimization may be postponed. Foreign-language conversations may be recorded in their entirety and minimized later, when a translator is available.17 Similar guidelines would presumably apply to encrypted communications—they would be minimized after decryption. ECPA established that electronic communications, like oral and wire communications, are subject to minimization requirements; however, some differences in the procedures apply. For example, a text communication such as an electronic mail message clearly cannot be "turned off and on" during interception, since it is read on a full computer screen. Minimization in this

15 18 U.S.C. Section 2518(4). See Fishman, Cumulative Supplement, 1994, section 118. See also Chapter 6 of this report for a discussion of how the Communications Assistance to Law Enforcement Act codifies specific obligations for carriers to assist authorized surveillance.

16 The Supreme Court has interpreted minimization criteria to permit some interception of irrelevant communications. For example, monitoring of a high percentage of all calls early in the surveillance operation is permissible, provided that officers observe emerging patterns of conversations with innocent parties and adjust accordingly. See O'Meara, "On Getting Wired," 1993, p. 743. In addition, judges rarely respond to minimization failures by suppressing the entire body of evidence gathered throughout the surveillance. More typically, they suppress only the specific conversations or other interceptions that should have been minimized and were not. Clifford Fishman, briefing to the Committee to Study National Cryptography Policy, Irvine, Calif., February 10, 1995.

17 Carr, The Law of Electronic Surveillance, 1994, section 5.7(c).

Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 401

case would consist of deleting irrelevant sections of text and retaining only the relevant portions for further use.18

Following the completion of an interception, the minimized tapes of the surveillance must be sealed and delivered to the custody of the court. This provision of Title III is intended to ensure that evidence used in a subsequent trial is authentic and has not been altered. After the intercept order terminates, the issuing judge must notify the persons named in the order within 90 days that they have been subject to surveillance, unless good cause is shown for postponement.19 For evidence to be used in a trial, the defendant must receive an inventory listing the date of the intercept order, period of surveillance, and whether any communications were intercepted. The defendant may move to receive transcripts of the interceptions, as well as the underlying application and court order. Failure to provide notice and inventory may serve as a basis for suppression of evidence if the defendant can demonstrate prejudice having been shown as a result.20

The procedures discussed above apply to oral and wire intercepts (bugs and wiretaps). ECPA applied most of the same procedures and restrictions to surveillance of electronic communications. It also extended Title III criminal and civil penalties for unlawful interception to electronic communications.21 However, it did not set the same standard of protection for these communications. For example, any federal felony may be investigated through electronic interception, and a federal attorney of any rank may request an electronic communications intercept order.22

In addition, the statutory exclusionary rule of Title III for oral and wire communications does not apply to electronic communications. Evidence may be subject to suppression according to Fourth Amendment standards (such as probable cause), but ECPA expressly omits electronic communications from the provision that evidence obtained outside Title III procedures is suppressible in court.23 As in the case of oral and wire surveillance, however, state statutes must apply protection at least as stringent as the federal statute. The states of Florida and Kansas impose the same requirements on electronic communications intercepts as on oral and wire intercepts.24

18 See Fishman, Cumulative Supplement, 1994, sections 151-159.

19 Delaney et al., "Wiretap Laws and Procedures," 1993, sections 2.4-2.5.

20 Fishman, Wiretapping and Eavesdropping, 1978, section 203; and Fishman, Cumulative Supplement, 1994, section 211.

21 Fishman, Cumulative Supplement, 1994, section 7.58.

22 Fishman, Cumulative Supplement, 1994, sections 7.32, 42.1, 53.1.

23 LaFave and Israel, Criminal Procedure, 1992, pp. 256-257.

24 Fishman, Cumulative Supplement, 1994, section 42.1.

Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 402

Title III, when first enacted, regulated only the interception of contents of communications. However, ECPA added new  regulations on traffic analysis—the use of devices to collect information about origins and destinations of communications (particularly, telephone calls) without intercepting their contents.25 Traffic analysis is performed with the aid of pen registers, which record the numbers dialed from a target telephone, and trap-and-trace devices, which identify telephone numbers from which calls are placed to the target telephone.26 ECPA provides that use of these devices is a criminal offense except when performed by a law enforcement official with a court order, by a communication service provider for specified business purposes, or with the consent of the service user.

With respect to law enforcement, ECPA codified the existing judicial record on traffic analysis. Because the Supreme Court has ruled that traffic analysis information is not protected by the Fourth Amendment, evidence obtained improperly or without a warrant is not suppressible in a trial.27 Under ECPA, a pen register or trap-and-trace order may be requested by any federal attorney and granted by any federal district judge or magistrate. States may designate comparable authorities for requesting and approving orders. If the request meets the statutory requirements, the court must grant the order. (By contrast, interception orders are subject to the judge's discretion.) The application need not present a statement of facts showing probable cause, but merely the applicant's certification that probable cause exists. In practice, one purpose of obtaining an order is to compel the cooperation of communications service providers and to protect those providers from civil and criminal liability.28

ECPA also governs access to stored wire and electronic communications, such as backup copies of voice mail and electronic mail messages.29 ECPA provides criminal and civil penalties for accessing and obtaining or altering stored communications without permission of the communications service provider or subscriber. With a search warrant (for which the requirements are much less stringent than for a Title III intercept order),

25 Fishman, Cumulative Supplement, 1994, sections 28-29.

26 Dialed number recorders combine the functions of pen registers and trap-and-trace devices.

27 In Smith v. Maryland, 442 U.S. 735 (1979), the Supreme Court ruled that a person placing a call has no "reasonable expectation of privacy" that the telephone company will not reveal the fact of the call to third parties; therefore, no warrant was required. See Fishman, Cumulative Supplement, 1994, section 28.

28 Fishman, Cumulative Supplement, 1994, section 28.2.

29 See Fishman, Cumulative Supplement, 1994, sections 7.27, 7.39, and 7.46. Definitions, procedures, and penalties related to accessing stored oral, wire, and electronic communications are given at 18 U.S.C. Sections 2701-2710.

Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 403

law enforcement authorities may require a service provider to divulge stored communications without prior notice to the service subscriber or customer. The details of ECPA's applicability to electronic mail and similar communications are somewhat controversial and have yet to be tested extensively in court.30  For example, ECPA  may make it possible for investigators to obtain, with a search warrant, electronic mail messages in temporary storage at an on-line service that the customer has not yet downloaded or deleted at the time of the investigation. However, requiring the service provider to copy and divulge all of the electronic mail addressed to a subscriber over a period of time likely involves a Title III intercept order.31

Tables D.1 and D.2 provide quantitative data on the scope and scale of electronic surveillance in the United States in recent years.

D.1.3 The Foreign Intelligence Surveillance Act

In the mid-1970s, Congress undertook several public investigations of controversial domestic surveillance activities by U.S. intelligence agencies, such as the Central Intelligence Agency.32 Title III explicitly recognized presidential authority to take measures to protect national security, and in a 1972 case, United States v. United States District Court (often called the Keith case), the Supreme Court ruled that it is reasonable and necessary in some circumstances to weigh Fourth Amendment rights against the constitutional responsibility of the executive branch to maintain national security.33 In order to achieve a balance among these conflicting demands, Congress passed the Foreign Intelligence Surveillance Act of 1978 (FISA). FISA concerns surveillance for gathering foreign intelligence

30 The most significant court decision yet made on the subject, itself open to various interpretations, is Steve Jackson Games v. United States Secret Service (1993, W.D. Tex.), 816 F. Supp. 432, 442. On appeal, the U.S. Court of Appeals, Fifth Circuit (36 F. 3d 457), examined the question of whether "seizure of a computer used to operate an electronic bulletin board system, and containing private electronic mail which had been sent . . . but not read (retrieved) by the intended recipients, constituted an unlawful intercept under [ECPA]" and affirmed the lower court's decision that it did not.

31 The Wall Street Journal reported that one of the first publicized instances of law enforcement use of a Title III intercept order to monitor a suspect's electronic mail occurred in December 1995, when a CompuServe Information Services customer was the subject of surveillance during a criminal investigation. See Wall Street Journal, January 2, 1996, p. B16.

32 For a brief history of the Foreign Intelligence Surveillance Act's origins, see James E. Meason, "The Foreign Intelligence Surveillance Act: Time for Reappraisal," International Lawyer, Volume 24(4), Winter 1990, pp. 1043-1058.

33 407 U.S. 297 (1972). See Allan N. Kornblum and Lubomyr M. Jachnycky, "America's Secret Court: Listening in on Espionage and Terrorism," The Judge's Journal, Summer 1985, pp. 15-19.

Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 404

TABLE D.1 Court-ordered Electronic Surveillance Authorized Under Title III, 1994

 

Total

Federal

States

No. of orders authorizeda

1,154

554

600

No. of orders denieda

0

0

0

No. of intercepts installedb

1,100

549

551

No. of extensions authorizeda

861

458

403

Average duration of orders (days)a

     

Original authorization

29

30

nac

Extensions

29

30

nac

Total days in operationb

44,500

25,148

19,352

Main offense specified in ordera

     

Narcotics

876

435

441

Racketeering

88

68

20

Gambling

86

8

78

Homicide and assault

19

4

15

Other

85

39

46

Type of interceptb

     

Telephone wiretap

768

397

371

Microphone eavesdrop

52

42

10

Electronic

208

71

137

Combination

72

39

33

Average no., per installed order, intercepted:b

     

Persons

84

112

56

Conversations

2,139

2,257

2,021

Incriminating conversations

373

374

372

Average cost per orderb

$49,478

$66,783

$32,236

No. of arrestsb,d

2,852

1,601

1,251

No. of convictionsb,d

772

325

447

a As reported by federal and state judges issuing surveillance orders.

b As reported by prosecuting officials for orders actually installed.

c Not available.

d Additional arrests and convictions associated with surveillance authorized in 1994 can  be expected to occur in 1995 and later years. For more complete arrest and conviction  results from past years, see Table D.3.

SOURCE: Administrative Office of the U.S. Courts, Wiretap Report for the Period January 1,  1994 to December 31, 1994, U.S. Government Printing Office, Washington, D.C., 1995.

information, as opposed to law enforcement. Nevertheless, many of its procedures parallel those of Title III, and evidence gathered properly through FISA surveillance may, in some circumstances, be used in a trial.

Like Title III, FISA provides statutory procedures for authorizing electronic surveillance within the United States. Executive Order 12333 specifically states that no foreign intelligence collection may be undertaken for the purpose of acquiring information concerning the domestic activi-

Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 405

ties of U.S. persons,34,35 and FISA surveillance may be performed only against foreign powers or their agents. FISA regulates signals intelligence collection conducted in the United States and signals intelligence collection directed at a known U.S. person located in the United States; Executive Order 12333 regulates signals intelligence collection directed at a known U.S. person located outside the United States.36 (See Table D.3 for a description of what approvals are required for electronic surveillance of communications in various circumstances.) To conduct surveillance of a U.S. person within the United States, the executive branch must demonstrate to a special court, the Foreign Intelligence Surveillance Court (discussed below), probable cause to conclude that the U.S. person is an ''agent of a foreign power." The phrase includes persons who engage in, or aid or abet individuals who engage in, espionage, terrorism, or sabotage.37 Each FISA warrant application is signed, under oath, by the applicant, certified by the Secretary of Defense or Deputy Secretary of Defense that it is directed against a bona fide "foreign power" or "agent of a foreign power," reviewed by the Department of Justice and endorsed by the Attorney General, and approved by a judge of the Foreign Intelligence Surveillance Court.38 The warrant application must also identify the type of foreign intelligence information sought; communication media, facilities, and persons to be monitored; devices and procedures to be used, including those for minimization; duration of the order, up to 90 days (or 1 year if the target is a foreign power); review of previous surveillance

34 Executive Order 12333, Section 2.3(b).

35"U.S. persons" are defined by FISA and by Executive Order 12333 to include U.S. citizens, permanent resident aliens, corporations incorporated in the United States, and unincorporated associations substantially composed of U.S. citizens or U.S. persons. See 50 U.S.C. Section 1801(i) and E.O. 12333, Section 3.4(i).

36 Interception of communications taking place entirely outside the United States, whether or not the participants include U.S. persons, is not governed by FISA, Title III, or any other statute. Executive Order 12333 requires that the Attorney General approve the use for intelligence purposes, against a U.S. person located abroad, of any technique for which a warrant would be required if undertaken for law enforcement purposes. In each case, the Attorney General must find probable cause to conclude that the individual is an agent of a foreign power before collection may begin.

37 50 U.S.C. Section 1801(b).

38 Surveillance may take place without a court order for up to 1 year if the Attorney General certifies that there is very little likelihood of intercepting communications involving U.S. persons and the effort will target facilities used exclusively by foreign powers. Under limited circumstances, emergency surveillance may be performed before a warrant is obtained (Fishman, Cumulative Supplement, 1994, sections 361, 366).

For a discussion of FISA's applicability in various circumstances, see Fishman, Cumulative Supplement, 1994, sections 348-358.

Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 406

TABLE D.2 Court-ordered Electronic Surveillance, 1984 to 1994

1984

1985

1986

1987

1988

1989

1990

1991

1992

1993

1994

No. of orders authorizeda

802

786

756

673

740

763

872

856

919

976

1,154

Federal (%)

36

31

33

35

40

41

37

42

37

46

48

State (%)

64

69

67

65

60

59

63

58

63

54

52

No. of orders denieda

1

2

2

0

2

0

0

0

0

0

0

No. of intercepts installedb

773

722

676

634

678

720

812

802

846

938

1,100

Total days in operationb (thousands)

20.9

22.1

20.8

19.8

26.4

27.8

28.8

30.0

32.4

39.8

44.5

Main offense (%)a

Narcotics

60

55

46

56

59

62

60

63

69

70

76

Racketeering

7

8

13

9

11

12

10

13

10

10

8

Gambling

23

26

25

20

17

15

13

11

7

10

7

Homicide and assault

4

3

5

3

2

3

2

2

4

3

2

Other

6

8

11

12

11

8

15

11

10

7

7

Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 407

Average no., per order, intercepted:b

                     

Persons

102

105

119

104

129

178

131

121

117

100

84

Conversations

1,209

1,320

1,328

1,299

1,251

1,656

1,487

1,584

1,861

1,801

2,139

Incriminating conversations

298

275

253

230

316

337

321

290

347

364

373

Average cost per orderb ($ thousands)

45.0

36.5

35.6

36.9

49.3

53.1

45.1

45.0

46.5

57.3

49.5

No. arrestsb,c

3,719

4,178

3,830

3,244

3,859

4,222

3,250

2,459

3,668

2,428

2,428

No. convictionsb,c

2,429

2,617

2,449

1,983

2,469

2,368

1,580

2,564

1,952

1,325

772

Conviction rate (%)

65

63

64

61

64

56

48

98

49

39

27

a As reported by federal and state judges issuing surveillance orders.

b As reported by prosecuting officials for orders actually installed.

c Entry for each year shows arrests and convictions arising both during and after that year from surveillance authorized during that year. The large majority of arrests and convictions occur within 4 years of the surveillance. Thus, the relatively low numbers in 1993-1994 can be expected to increase over time.

SOURCE: Administrative Office of the U.S. Courts, Wiretap Report for the Period January 1, 1993 to December 31, 1993, U.S. Government Printing Office, Washington, D.C., 1994.

Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 408

TABLE D.3 Approval Requirements for Foreign Intelligence Surveillance of Various Parties Variously Located (Under FISA in the United States and Executive Order 12333 Outside the United States)

Party

In the United States

Outside the United States

U.S. person may be targeted for wire intercepts

Only if known to be an agent of a foreign power and a FISA warrant is approved

Only with the approval of the Attorney General

Non-U.S. person may be targeted for wire intercepts

Only if a FISA warrant is approved

Without restriction

related to the same target; and certification that the information cannot be obtained through normal investigative methods.39

Electronic surveillance governed by FISA includes interception of wire, radio, and other electronic communications. Interception of these communications is regulated only if they take place under conditions of a reasonable expectation of privacy, in which a warrant would be required for law enforcement surveillance. It addresses only communications occurring at least partly within the United States (wholly, in the case of radio communications), although listening stations used by investigating officers may be located elsewhere. FISA also covers the use of pen registers and trap-and-trace devices.

The purpose of FISA surveillance is to obtain foreign intelligence information. FISA defines this in terms of U.S. national security, including defense against attack, sabotage, terrorism, and clandestine intelligence activities, among others. The targeted communications need not relate to any crime, although surveillance for counterespionage and counterterrorism purposes clearly has the potential to yield evidence for criminal prosecution. FISA surveillance actions are implemented operationally by the FBI—sometimes on behalf of other intelligence agencies of the U.S. government.

FISA established a special court with sole authority to review applications and grant intercept orders. The Foreign Intelligence Surveillance Court (FISA court) consists of seven U.S. district court judges appointed by the Chief Justice of the Supreme Court. The FISA court meets in secret

39 50 U.S.C. Section 1805. See Delaney et al., "Wiretap Laws and Procedures," 1993, section 3.1. Some of this information may be omitted if the target is a foreign power.

Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 409

twice yearly in Washington, D.C., although the court acts through a single judge who is always available.40 One of the seven judges has always been a judge in the Washington, D.C., area to ensure local availability, and the other six judges rotate through Washington, D.C. FISA also provides for an appeals court. However, the FISA court has never denied a request for an order, and the appeals court has never met. One interpretation of this history is that the FISA court is a rubber stamp for government requests for foreign intelligence surveillance. A second interpretation is that the authorities who request such surveillance do so only when surveillance is truly necessary and prepare their cases with such thoroughness that the FISA court has never found sufficient fault with a request to deny it. Without a detailed independent review of all requests (a task beyond the scope of the committee), it is impossible to choose definitively between these two interpretations. Members of the committee having personal experience with the FISA process prefer the second interpretation. Since 1979, there has been an average of more than 500 FISA orders per year. In 1994, 576 were issued. Other information about FISA intercepts is classified.41

Unlike Title III, FISA does not require that the target of surveillance ever be notified that communications have been intercepted. Evidence gathered under a FISA order may be used in a trial, with the approval of the Attorney General. A defendant whose communications were intercepted then receives a transcript and may move to suppress such evidence if it was gathered unlawfully. However, the defendant is denied access to the application and FISA court order if the Attorney General certifies that national security would be harmed by release of these documents. In this case, the appropriate federal district court reviews and rules on the legality of the warrant ex parte, in camera (without adversarial representation, in secret). This may severely restrict the defendant's ability to obtain suppression.42

Finally, signals intelligence activities may incidentally generate information to, from, or about U.S. persons even when they are directed at foreign individuals. Information so derived is regulated by one of two sets of minimization procedures. One set is statutorily mandated by FISA.

40 See Kornblum and Jachnycky, "America's Secret Court," 1985, for a description of the Foreign Intelligence Surveillance Court, a list of its members, and a review of the judicial record on the constitutionality of the court and its procedures.

41 Benjamin Wittes, "Inside America's Most Secretive Court," Legal Times, February 19, 1996, p. 1.

42 LaFave and Israel, Criminal Procedure, 1992, pp. 260-261.

Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 410

Every FISA surveillance approval is subject to those minimization procedures. The procedures prescribe how information about U.S. persons acquired during the course of a FISA surveillance may be processed, retained, and disseminated.43 The other set is mandated by Executive Order 12333 and regulates all other signals intelligence collection, processing, retention, and dissemination involving information on U.S. persons. This set is approved by the Secretary of Defense and the Attorney General. Copies are provided to the Senate and House Intelligence committees prior to implementation.

D.2 HISTORICAL OVERVIEW OF ELECTRONIC SURVEILLANCE

The right to privacy of communications from electronic surveillance (such as bugging and wiretapping) is protected by several federal and state statutes and by the Fourth Amendment to the Constitution. This was not always the case. Electronic surveillance of communications first came before the U.S. Supreme Court in 1927. In Olmstead v. United States,44 the Court ruled by a 5-4 vote that interception of telephone conversations by federal law enforcement officials using a wiretap did not constitute a search or seizure, because nothing tangible was seized and no premises were entered and searched. The Court concluded that wiretapping was not subject to Fourth Amendment protection against unreasonable search and seizure.

New legislation, however, soon removed the wiretap from the repertoire of evidence-gathering tools. The Communications Act of 1934 made it a crime for anyone, including law enforcement officials, to intercept and subsequently divulge telephone, telegraph, or radio communications without the consent of the sender. The statute did not state specifically that evidence obtained through wiretaps was inadmissible in a trial. Subsequent court rulings held, however, that wiretap evidence gained without consent could not be used because to divulge it in court would be against the law.45 Federal officials continued to conduct warrantless wiretaps, mainly against suspected foreign agents under the President's constitutional authority to protect national security.46 (These activities were

43 50 U.S.C. Section 1801(h).

44 277 U.S. 438 (1928). Much of the following discussion of the evolution of electronic surveillance law is based on the work of LaFave and Israel, Criminal Procedure, 1992, pp. 246-256.

45 For example, Nardone v. United States, 308 U.S. 338 (1939). The court also excluded evidence obtained as a result of information gained in a wiretap. See LaFave and Israel, Criminal Procedure, 1992, p. 246.

46 See LaFave and Israel, Criminal Procedure, 1992, pp. 259-260.

Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 411

later regulated with the passage of FISA in 1978.) State law enforcement agencies also continued to wiretap, where permitted by state laws and not associated with federally regulated interstate commerce.

Technological advances led to the development of other means of electronic surveillance that continued, for a time, to be accepted by the courts. In particular, electronic bugs were not restricted by the Fourth Amendment, by the same principle that applied in Olmstead—they seized nothing tangible. Nor were they subject to the Communications Act prohibition on divulgence of intercepted communications because they intercepted only sound waves, not wire or radio signals. In Goldman v. United States,47 the Supreme Court found that federal officers could legally use a listening device placed against the wall of a room adjoining the one occupied by the target of an investigation. As long as no physical trespass took place, the Fourth Amendment did not apply and no search warrant was needed. In other cases, the Court also supported the practice of "wiring" a consenting party to the communication—such as an undercover agent or informant—with a device to record or transmit conversations in the hearing of the person wearing the wire.48

Over time, however, a series of decisions eroded the legal framework for bugging. In Silverman v. United States,49 for example, the Court rejected agents' use of a "spike mike" driven through an adjacent wall into the heating ducts of a target's house as a Fourth Amendment violation, even though agents did not physically enter the premises. Finally, in the 1967 case of Katz v. United States,50 the Court found that federal agents' bugging of a public telephone booth known to be used regularly by a particular suspect was a search and seizure protected by the Fourth Amendment. A person using a phone booth was found to have a reasonable expectation of privacy, which may not be infringed without a valid warrant based on probable cause to believe that a crime has been or will be committed. In this ruling, the Court explicitly overturned Olmstead and Goldman and determined that Fourth Amendment protection applies to persons, not merely to places that can be entered and searched.

With the Katz decision, law enforcement officials were left with neither bugs nor wiretaps as viable tools for gathering evidence. Their absence was significant, particularly since these tools were thought to have great potential usefulness for investigating and prosecuting conspirato-

47 316 U.S. 129 (1942). See discussion in LaFave and Israel, Criminal Procedure, 1992, p. 248.

480n Lee v. United States, 343 U.S. 747 (1952). See LaFave and Israel, Criminal Procedure, 1992, pp. 248, 258-259.

49 365 U.S. 505 (1961). See LaFave and Israel, Criminal Procedure, 1992, p. 248.

50 389 U.S. 347 (1967). See LaFave and Israel, Criminal Procedure, 1992, p. 248.

Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 412

rial activities such as organized crime, a high-profile social and political issue in the late 1960s. The judicial record made it clear that electronic surveillance with a court order would not be prohibited by the Constitution, but new legislation was needed to define and regulate court-ordered surveillance.51 At the same time, existing statutes such as the Communications Act inadequately protected communications from malicious interception and use by private citizens acting outside a law enforcement capacity.52

Congress took action in 1968 to give law enforcement the tools of electronic surveillance, subject to constitutional and statutory controls, and to outlaw electronic interception of communications in most other circumstances. Title III of the Omnibus Crime Control and Safe Streets Act of 1968 created the first specific legal framework for electronic surveillance of oral and wire (telephone) communications. It made an exception to the Communications Act's divulgence prohibition for law enforcement officers with a court-issued warrant, thus bringing wiretapping back into legal use. To guard against abuse of these politically charged, highly intrusive techniques, Congress imposed special procedures for obtaining a warrant and other restrictions beyond those required under the Fourth Amendment. These are discussed in detail in Section D.1.2. Title III also specified civil and criminal penalties for anyone intercepting private communications outside these approved circumstances. In addition, it required state statutes to be at least as restrictive as Title III.53 Currently, 37 states and the District of Columbia have electronic surveillance statutes.54

At the time the Omnibus Crime Control and Safe Streets Act was passed in 1968, President Johnson strongly objected to Title III, warning that it could lead to governmental abuses of civil liberties.55 However, after an initial flurry of court challenges, a rough consensus has emerged in the nation that wiretapping under the jurisdiction of Title III represents a reasonable compromise between the rights of individuals and the law enforcement needs of the state.

In 1986, Congress passed the Electronic Communications Privacy Act. One of the act's main purposes was to update Title III. The advance of

51 See Carr, The Law of Electronic Surveillance, 1994, section 2.3(d).

52 LaFave and Israel, Criminal Procedure, 1992, p. 248.

53 Fishman, Wiretapping and Eavesdropping, 1978, section 5; and Fishman, Wiretapping and Eavesdropping: Cumulative Supplement, 1994, section 5.

54 Administrative Office of the United States Courts, Wiretap Report for the Period January 1, 1994 to December 31, 1994, U.S. Government Printing Office, Washington, D.C., 1995, p. 3.

55 Congressional Quarterly Almanac, Congressional Quarterly Inc., Washington, D.C., 1968, p. 225.

Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 413

technology after 1968 brought new forms of communication into common use. Many of these stretched the framework of Title III. Electronic mail, data interchange, medical records, and fund transfers are examples of potentially confidential communications that did not fit within the original Title III definitions of oral and wire communications. With respect to personal (as opposed to broadcast) radio communications, which grew rapidly with the advent of cellular and other mobile telephone services, neither Title III nor the Communications Act provided guidance for law enforcement surveillance. Treatment of video images associated with teleconferencing was also unclear.56

ECPA added a new category, electronic communications, to Title III's protection of oral and wire communications. In general, electronic communications are communications carried by wire (including optical fiber) or radio that do not involve the human voice; rather, they convey information such as text, images, and numerical data. Many of these communications were protected by ECPA for the first time, with both criminal and civil penalties defined for infringing on their privacy. As discussed in Section D.1.2, however, the privacy of electronic communications with respect to law enforcement was set at the Fourth Amendment standard of protection, rather than the additional level of protection given by Title III to oral and wire communications. This reflected a political compromise among several factors, including the interests of law enforcement, the telecommunications industry, and civil liberties; judicial precedent; and the judgment of Congress that bugging and telephone wiretapping are inherently more sensitive than interception of electronic communications.57 As discussed in Section D.1.2, ECPA also created new regulations for traffic analysis and for retrieval of stored communications.

56 For a detailed analysis of ECPA's additions to electronic surveillance law, see Fishman, Cumulative Supplement, 1994, sections 7.21-7.28, 7.32.

57 Fishman, Cumulative Supplement, 1994, section 5.1; and Computer Science and Telecommunications Board staff communication with Clifford Fishman, January 23, 1995.

Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 396
Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 397
Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 398
Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 399
Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 400
Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 401
Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 402
Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 403
Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 404
Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 405
Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 406
Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 407
Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 408
Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 409
Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 410
Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 411
Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 412
Suggested Citation:"D - An Overview of Electronic Surveillance: History and Current Status." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 413
Next: E - A Brief History of Cryptography Policy »
Cryptography's Role in Securing the Information Society Get This Book
×
Buy Hardback | $80.00 Buy Ebook | $64.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

For every opportunity presented by the information age, there is an opening to invade the privacy and threaten the security of the nation, U.S. businesses, and citizens in their private lives. The more information that is transmitted in computer-readable form, the more vulnerable we become to automated spying. It's been estimated that some 10 billion words of computer-readable data can be searched for as little as $1. Rival companies can glean proprietary secrets . . . anti-U.S. terrorists can research targets . . . network hackers can do anything from charging purchases on someone else's credit card to accessing military installations. With patience and persistence, numerous pieces of data can be assembled into a revealing mosaic.

Cryptography's Role in Securing the Information Society addresses the urgent need for a strong national policy on cryptography that promotes and encourages the widespread use of this powerful tool for protecting of the information interests of individuals, businesses, and the nation as a whole, while respecting legitimate national needs of law enforcement and intelligence for national security and foreign policy purposes. This book presents a comprehensive examination of cryptography—the representation of messages in code—and its transformation from a national security tool to a key component of the global information superhighway. The committee enlarges the scope of policy options and offers specific conclusions and recommendations for decision makers.

Cryptography's Role in Securing the Information Society explores how all of us are affected by information security issues: private companies and businesses; law enforcement and other agencies; people in their private lives. This volume takes a realistic look at what cryptography can and cannot do and how its development has been shaped by the forces of supply and demand. How can a business ensure that employees use encryption to protect proprietary data but not to conceal illegal actions? Is encryption of voice traffic a serious threat to legitimate law enforcement wiretaps? What is the systemic threat to the nation's information infrastructure? These and other thought-provoking questions are explored.

Cryptography's Role in Securing the Information Society provides a detailed review of the Escrowed Encryption Standard (known informally as the Clipper chip proposal), a federal cryptography standard for telephony promulgated in 1994 that raised nationwide controversy over its "Big Brother" implications. The committee examines the strategy of export control over cryptography: although this tool has been used for years in support of national security, it is increasingly criticized by the vendors who are subject to federal export regulation.

The book also examines other less well known but nevertheless critical issues in national cryptography policy such as digital telephony and the interplay between international and national issues. The themes of Cryptography's Role in Securing the Information Society are illustrated throughout with many examples—some alarming and all instructive—from the worlds of government and business as well as the international network of hackers. This book will be of critical importance to everyone concerned about electronic security: policymakers, regulators, attorneys, security officials, law enforcement agents, business leaders, information managers, program developers, privacy advocates, and Internet users.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!