Electronic Communication Intercepts, Legal Issues
Electronic Communication Intercepts, Legal Issues
█ MICHAEL J. O'NEAL
The legal issues surrounding the interception of electronic communications are many and varied, primarily because they arise in different contexts: criminal investigations, corporate espionage, employer-employee relationships, and the intelligence activities of the federal government conducted against foreign countries. In recent years, two primary issues have arisen. One, rapid changes in technology can sometimes outpace legislation designed to protect United States citizens from unwarranted electronic intercepts. Two, in response to the threat of terrorism against the United States, the federal government passed legislation that, in the eyes of some, weakened constitutional protections against unwarranted interception of electronic communications.
Electronic intelligence. Traditionally, intelligence-gathering operations have been divided into two broad categories: human and electronic. Human intelligence gathering, or what the intelligence community refers to as HUMINT, involves the use of on-the-scene human operatives who, for example, prepare maps, observe enemy troop movements, steal documents, recruit others to provide information, or physically eavesdrop on conversations.
HUMINT is a dangerous undertaking. The possibility always exists that the operative will be caught, forced to reveal information about his or her activities and purposes, and even imprisoned or executed. For this reason, intelligence agencies whenever possible have come to rely more on electronic intelligence gathering, or ELINT. Spy satellites and high-altitude planes such as the U2, for example, can be used to provide accurate and timely information about troop deployments or missile installations, while wiretaps and hidden microphones allow communications to be intercepted without placing an operative in danger. Further, ELINT can be conducted by those who have no particular training in spycraft (tradecraft) from positions thousands of miles away.
ELINT is divided into two types: trespassory and nontrespassory. As its name suggests, trespassory ELINT requires some sort of trespass; the target's physical premises have to be entered—to install a transmitter or microphone, for example. Non-trespassory ELINT, in contrast, does not require physical invasion of the target premises. Since the end of World War II and throughout the Cold War, the intelligence community has devised various forms of non-trespassory ELINT, enabling it to intercept information transmitted by satellite, radio, cell phone, and microwave transmissions. While ELINT was and is valuable for gathering foreign intelligence, Congress and the public were concerned about possible misuses of it in conducting criminal investigations against U.S. citizens. Accordingly, under Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (the "Wire Tap Statute"), trespassory interception of electronic communications in criminal investigations without a court order was made illegal. In 1986 the Electronic Communications Privacy Act amended Title III to include non-trespassory interception of e-mail, computer communications, and cell phones calls.
TEMPEST technology. The chief legal issue surrounding nontrespassory interception of electronic communications stems from the use of the word communication. Under the act, it would be illegal for authorities to, for example, tap a phone without a court order, because the purpose of a phone call is to communicate a message. But modern electronic devices emit all sorts of information that is never intended to be "communicated." They do so in the form of what are called emanated transient electromagnetic pulses (ETEP), which can be received and reconstructed. A computer screen, for example, displays information in the form of pixels that glow when they are struck by an electron beam. To keep the pixels on a computer screen lit, the electron beam fires perhaps 60 times per second. The beam's high-voltage electromagnetic emission can be intercepted and read from as far away as a kilometer using classified government technology called TEMPEST, which stands for Transient Electromagnetic Pulse Emanation Standard. Thus, information can be legally intercepted from a computer screen because it is not "communication"; it is merely incidental to the work that the machine is performing.
The potential for abuse is clear. A person or agency with the know-how could intercept from a business computer information that would be beneficial in, for example, making stock market transactions, or steal proprietary information about the development of a new product. But because the U.S. government uses TEMPEST technology to conduct intelligence on foreign governments and potentially to monitor the activities of terrorists, it currently prohibits nongovernment agencies or individuals from owning TEMPEST equipment, making it difficult to research ways to protect legitimate computer users from this modern form of "eavesdropping."
Echelon. In 1947, the United States and Great Britain agreed to join forces to form a "worldwide listening network," primarily to keep themselves apprised of the activities of the Soviet Union and its allies. In the United States, this agreement in 1971 evolved into Echelon, a global communications interception and surveillance system. In its early days, the U.S.-UK system and Echelon focused on phone and radio traffic. Later, the focus shifted to satellite and microwave communications. More recently, Echelon has also been used to monitor digital communication, principally on the Internet.
The workings of Echelon remain secret; the U.S. government barely acknowledges that it exists, and personnel who work for the agencies of foreign governments with access to Echelon (currently, Australia, Canada, Denmark, Germany, New Zealand, Norway, and Turkey) sign lifetime confidentiality agreements. Echelon functions by tapping numerous sources, including ground-based radio antennae, cable devices, satellites, equipment housed in the U.S. embassies of foreign nations, and the Internet. With regard to the Internet, Echelon can intercept e-mail and file transfers, and by using so-called sniffer devices, it can monitor Web browsing. It then uses a "dictionary" to filter information through key words and addresses, as well as to translate messages and even to interpret their content. It is estimated that Echelon can intercept three billion communications per day, including 90 percent of Internet and satellite traffic.
Echelon was formed for the purpose of conducting foreign intelligence operations. Under the Foreign Intelligence Surveillance Act, no proof of criminality has to be shown to conduct such operations; the only safeguard is the secret Foreign Intelligence Surveillance Court, which verifies that the target of an operation is an "agent of a foreign government" rather than a U.S. citizen (or permanent resident alien). Once again, though, the potential for abuse is clear. Many governments have pressured the United States to reveal information on surveillance targets and intelligence operations conducted through Echelon. They are concerned because of reports that economic and business information gathered through Echelon has been passed to American companies, giving them an advantage over their foreign competitors. In recent years, too, civil libertarians have expressed concern that Echelon could be used in a way that violates the Fourth Amendment, which preserves the right of American citizens to be free from unreasonable searches and seizures.
The USA Patriot Act. These developments—the pervasiveness of electronic intelligence-gathering capabilities, the existence of sophisticated surveillance technologies, the evolution of Echelon—all coalesced on October 26, 2001, when President George W. Bush signed into law the USA Patriot Act, more formally the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (Public Law 107–56; 115 Stat. 272). The act was passed in response to the terrorist attacks against the United States on September 11 that year. Its goal was to provide law enforcement and the intelligence community with tools to combat international terrorism.
Even before it was signed into law, the bill was controversial. Its supporters argued that it was necessary in an environment when attacks could emanate not only from recognized states with identifiable borders but also from loosely affiliated transnational groups such as militant Islamic extremists. These groups, it was pointed out, include American citizens and others living inside the United States, such as many of the September 11 hijackers. To communicate across national borders, launder money, and channel funds, these groups rely on phones, radio, and especially the Internet, and law enforcement's efforts to monitor their communications were shackled by legislation that restricted electronic intercepts. The bill's opponents argued that the act poses significant risk that civil liberties will be infringed and that it does not provide for legislative and judicial overview of the purposes for which such information is used.
The 342-page USA Patriot Act amends fifteen different statutes, including the Electronic Communications Privacy Act, the Computer Abuse and Fraud Act of 1986, and the Foreign Intelligence Surveillance Act. Many of the changes are scheduled to expire on December 31, 2005, unless they are extended by Congress. While many of the changes are minor, they collectively give the Federal Bureau of Investigation (FBI), the Central Intelligence Agency (CIA), other federal agencies, and local law enforcement sweeping new powers to conduct intelligence operations against terrorists inside the United States. For example, the government can now legally monitor Web surfing, including terms entered into search engines, by informing a judge that doing so could lead to information "relevant" to a terror investigation. Again, civil libertarians fear that a ten-year-old who innocently conducts a Web search for bomb or a student doing Internet research on Allah (the name of the deity in the Islamic faith) could actually attract the attention of the CIA—and never know it.
The act made other significant changes in the law. Both the FBI and the CIA had complained that earlier laws requiring a court order to tap a phone were unduly restrictive in the age of cell phones, when a user is not wired to a location and can easily use multiple phones while on the move. Under the USA Patriot Act, they have the authority to conduct roving wiretaps; instead of getting a court order to tap a phone, they now can get such an order to tap a person or organization. This means that if a terrorist suspect uses a cell phone, throws it away, then uses another phone, the government can monitor calls made and received on both phones rather than just one. Similarly, the new law makes it easier for the government to get so-called pen/trap orders, referring to "pen register" and "trap-and-trace device" orders. This change authorizes the collection of telephone numbers dialed to and from a particular communication device, including phones of course, but also computers with Internet connections.
Another change involves Internet service providers (ISPs). Previously, the government had to obtain a court order to access the records of an ISP. Now, the government can seek information from ISPs with just a subpoena. This information includes records of session times and durations, network addresses, and methods of payment. The law also authorizes the ISPs themselves to turn over information they believe suggests that a threat against American lives exists. This includes not only "noncontent" information (account numbers, phone numbers, credit card account numbers, and the like) but "content" information—that is, the actual content of messages that suggest a terrorist threat. Again, the purpose of all these changes is to enable law enforcement to monitor the "chatter" of terrorist groups and, on the basis of information gathered, warn the American public about impending threats, thwart terrorist attacks, and round up suspected terrorists.
█ FURTHER READING:
Ewing, Alphonse B. USA Patriot Act. Hauppauge, N.Y.: Nova Science Publishing, 2003.
Reams, Bernard D., Jr., and Christopher Anglim, ed. USA Patriot Act: A Legislative History of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act. Littleton, CO.: Fred B. Rothman, 2002.
Richelson, Jeffrey T. The Wizards of Langley. Boulder, CO.: Westview, 2001.
Electronic Frontier Foundation. "EFF Analysis of the Provisions of the USA PATRIOT Act that Relate to Online Activities," October 31, 2001 <http://www.eff.org/Privacy/Surveillance/Terrorism_militias/20011031_eff_usa_patriot_analysis.html.
Federation of American Scientists. "Echelon." <http://www.fas.org/irp/program/process/echelon.htm.
United Nations. "Echelon: Legal, Political, and Economic Issues of International Surveillance." <http://www.unesco.org/webworld/observatory/in_focus/290302_echelon.html.
Bugs (microphones) and Bug Detectors
Bush Administration (2001–), United States National Security Policy
Computer Fraud and Abuse Act of 1986
Computer Hardware Security
Counter-Terrorism Policy, United States
Foreign Intelligence Surveillance Act
Foreign Intelligence Surveillance Court of Review
HUMINT (Human Intelligence)
Internet Tracking and Tracing
Patriot Act, United States
Privacy: Legal and Ethical Issues
September 11 Terrorist Attacks on the United States
U-2 Spy Plane