Wednesday, November 05, 2008

PCTDD & the 4th Amendment

Last year, I did a post in which I talked about the Supreme Court’s decision in Smith v. Maryland, 442 U.S. 735 (1979).

In Smith, the government put a pen register -- a device that captures the numbers dialed on a telephone -- on Smith’s home phone. They were investigating him for making harassing calls, and used the data collected by the pen register against him in a prosecution for doing so.

Smith argued that the use of the pen register was a 4th Amendment “search” because he had a reasonable expectation of privacy in the numbers he dialed from his home phone.

As I explained in an earlier post, to have a reasonable expectation of privacy in something (i) you must think it is private (subjective) and (ii) society must regard your expectation as “reasonable” (objective). The Court said Smith (a) could not have had a subjective expectation of privacy in that data because he knew he was giving it to the phone company and (b) even if he had such an expectation, it is not one society would accept as objectively reasonable because, the Court said, we all know that if we give information to a third party it is no longer private.

After Smith, Congress enacted a statute that establishes the procedure law enforcement officers must use to get a pen register. Basically, they have to certify “that the information likely to be obtained is relevant to an ongoing criminal investigation being conducted by” the agency for which they work. 18 U.S. Code § 3122. If the court to which such an application is submitted find that the government has shown this is, in fact, likely, it must issue the order allowing the pen register to be installed.

Technology has evolved since that statute was adopted so in 2001 the “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism,” Pub.L. No. 107-56, 115 Stat. 272, commonly known as the Patriot Act modernized the Pen/Trap Statute to accommodate wireless and internet-based technology. The Patriot Act updated the definition of pen register from “a device which records or decodes electronic or other impulses which identify the numbers dialed or otherwise transmitted on the telephone line” to “a device or process which records or decodes dialing, routing, addressing, or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted . . . .” 18 U.S.Code § 3127(3) (as amended).

The Patriot Act also added a clause at the end of the definition this definition: “provided, however, that such information shall not include the contents of any communication”. That operationalizes the distinction I noted in my earlier post – the distinction between the numbers dialed to initiate a phone call and the contents of the conversation. The latter is private under the 4th Amendment, so intercepting contents is, in fact, a “search.”

Last year, a New York federal district court was asked to decide whether a pen register can constitutionally be used to obtain what are called “post-cut-through dialed digits” or whether they fall within the scope of the 4th Amendment. The case is In re U.S. for Orders (1) Authorizing Use of Pen Registers and Trap and Trace Devices, 515 F.Supp.2d 325 (E.D.N.Y. 2007). I’m going to refer to it as In re U.S.

The issue arose because the U.S. Attorney for the Eastern District of New York filed an application for the installation of a pen register. “In the application, the Government requested access to all dialed digits, including post-cut-through dialed digits, even if such digits may contain the contents of a telephone communication.” The issue was whether the government could constitutionally obtain that information by using the pen register statute (instead of a search warrant or wiretap authorization, both of which comply with the 4th Amendment. This is how the court described the issue before it:
Telephone use has expanded rapidly since the constitutionality of pen registers was examined in 1979. Today, Americans regularly use their telephones not just to dial a phone number, but to manage bank accounts, refill prescriptions, check movie times, and so on.

Dialed digits can now be categorized in a number of ways. `Post-cut-through dialed digits’ (`PCTDD’), the subject of the instant application, “are any numbers dialed from a telephone after the call is initially setup or ‘cut-through.”’ . . . In most instances, any digit dialed after the first ten is a PCTDD. `Sometimes these digits transmit real information, such as bank account numbers, Social Security numbers, prescription numbers, and the like.’ . . . In such circumstances, PCTDD contain the `contents of communication.’ . . . At other times, PCTDD `are other telephone numbers, as when a party places a credit card call by first dialing the long distance carrier access number and then the phone number of the intended party,’ . . . or when an extension number is dialed. . . .

The Government contends that pen register authorization entitles it to all digits dialed from a target telephone, including PCTDD that may include content. The Government maintains that federal law requires it only to minimize the collection of content using reasonably available technology. If no technology exists that can sort content from non-content, the Government argues it is entitled to access all digits dialed subject only to Department of Justice (“DOJ”) guidelines, which forbid the use of content gathered with a pen register absent extenuating circumstances, and federal wiretap laws. . . . . For the sake of clarity, I will refer to the Government's position as the `minimization theory.’
In re U.S. supra.

The issue of minimization comes from a provision the 1994 Communications Assistance for Law Enforcement Act (CALEA) added to the pen register statute. CALEA was meant “to preserve the Government's ability . . . to intercept communications involving advanced technologies such as digital or wireless transmission modes, or features and services such as call forwarding, speed dialing and conference calling, while protecting the privacy of communications”.” H.R. Rep. 103-827(I), 103d Cong., 2d Sess. at 9 (Oct. 4, 1994). As the In re U.S. court noted, the new provision imposes a “limitation on the Government's use of a pen register.” It requires that a government “agency authorized to install . . . a pen register . . . use technology reasonably available to it that restricts the recording. . . to the dialing and signaling information utilized in call processing.” 18 U.S.Code § 3121(c). Here, as in other cases, the government said that since there is no technology that can distinguish PCTDD from the digits legitimately captured by a pen register, it is, by default, entitled to both.

Th In re U.S. court disagreed. It held, first of all, that we have a 4th Amendment, reasonable expectation of privacy in PCTDD:
While individuals may not have a reasonable expectation of privacy in the numbers they dial to connect a phone call, the content they communicate over a phone line in the form of PCTDD is different. Technology has transformed the way Americans use phone lines. Now, instead of a human operator, individuals are asked to relay information to a machine by way of PCTDD to process requests and obtain information. When this communication includes content, it is the functional equivalent of voice communication and is protected by Katz and its progeny as such. Moreover, the information is often transmitted via PCTDD is often sensitive and personal. Bank account numbers, pin numbers and passwords, prescription identification numbers, social security numbers, credit card numbers, and so on, all encompass the kind of information that an individual wants and reasonably expects to be kept private.
In re U.S. supra.

The court also held that we do not assume the risk of the government’s getting this information by sharing it, in effect, with the phone company. It essentially found that these numbers are different from the numbers we dial in order to place a call; the latter are a direct communication with the phone company for its own purposes. The others may go through the phone company, but they are not intended as a communication with the phone company. It also noted that allowing the government to obtain PCTDD would be “highly intrusive” on our privacy:
Government installed pen registers were held to be permissible warrantless searches in Smith because, by their nature (their inability to collect content), they were minimally intrusive. Today's pen registers, as advocated by the Government in the instant application, have the potential to be much more intrusive than when their constitutionality was first examined. The evolution of technology and the potential degree of intrusion changes the analysis.
In re U.S., supra. The court therefore denied the government’s application for access to all post-cut-through dialed digits, though it ackowledged the problem the government faces:
I am sympathetic to the Government's pleas of necessity. That there is no technology . . . that can sort content from non-content is unfortunate, but it is not for this Court to fashion a solution. Rather, this is an issue for Congress to address, particularly in light of sophisticated criminals who will soon be wise, if they are not already, to this investigative loophole. Despite the investigative benefit which would come from access to all PCTDD, the Government cannot bootstrap the content of communications, protected by the Fourth Amendment, into the grasp of a device authorized only to collect call-identifying information. Until the Government can separate PCTDD that do not contain content from those that do, pen register authorization is insufficient for the Government to obtain any PCTDD.
In re U.S. supra.

No comments: