文档详细内容(约69页)
97:607(2003) Internet Surveillance Law After the Usa Patriot Act ent networks. As the framework illustrates the basic contours of surveil ance law for any communications network involves only a small number of questions, which correspond to the"what, "who, "when, and"how"of thea cting evidence from the network. What kind of information exists in network? Who collects it how and under what circumstances? By illustrating these principles in the context of three network tech- nologies-the Internet, the telephone system, and the postal system-this Part demonstrates that similar surveillance issues arise in each network in- tly of the technology involved. Different technologies may merit different answers to these questions, of course, but the basic questions main the same. 6 The analysis starts with the "what, "moves next to the who. turns to the "when " and then concludes with the "how A. Envelope Information Versus Content Information("What") The fundamental purpose of a communications network is to send and receive communications. As a result, every communications network fea tures two types of information: the contents of communications, and the ddressing and routing information that the networks use to deliver the con- tents of communications The former is"content information and the lat ter is"envelope information The essential distinction between content and envelope information remains constant across different technologies, from postal mail to email With postal mail, the content information is the letter itself, stored safely in side its envelope. The envelope information is the information derived from the outside of the envelope, including the mailing and return ad dresses, the stamp and postmark, and the size and weight of the envelope when sealed 17 Similar distinctions exist for telephone conversations. The content in- formation for a telephone call is the actual conversation between partici pants that can be captured by an audio recording of the call. 8 The envelope information includes the number the caller dials the number from which the caller dials, the time of the call, and its duration. This calling informa- tion is not visible in the same way that the envelope of a letter is, but it equates roughly with the information derived from the envelope of a letter In both cases, the envelope information contains to-and-from addressin data about the time the communication was sent and information about th I7 See 39.F R.8 233.3(ck1)(2002)(articulating an administrative procedure for obtaining cover, which is defined as"the process by which a nonconsensual record is made of any data on the outside cover of any sealed or unsealed class of mail matter, or by which a record is ma contents of any unsealed class of mail matter as allowed by law) See 18 U.S.C.A.$ 2510(8)(West Supp. 2002)(defining the"contents"of a on"as"any information concerning the substance, purport, or meaning of that communication") 611
97:607 (2003) Internet Surveillance Law After the USA Patriot Act 611 ent networks. As the framework illustrates, the basic contours of surveillance law for any communications network involves only a small number of questions, which correspond to the “what,” “who,” “when,” and “how” of collecting evidence from the network. What kind of information exists in the network? Who collects it, how, and under what circumstances? By illustrating these principles in the context of three network technologies—the Internet, the telephone system, and the postal system—this Part demonstrates that similar surveillance issues arise in each network independently of the technology involved. Different technologies may merit different answers to these questions, of course, but the basic questions remain the same.16 The analysis starts with the “what,” moves next to the “who,” turns to the “when,” and then concludes with the “how.” A. Envelope Information Versus Content Information (“What”) The fundamental purpose of a communications network is to send and receive communications. As a result, every communications network features two types of information: the contents of communications, and the addressing and routing information that the networks use to deliver the contents of communications. The former is “content information,” and the latter is “envelope information.” The essential distinction between content and envelope information remains constant across different technologies, from postal mail to email. With postal mail, the content information is the letter itself, stored safely inside its envelope. The envelope information is the information derived from the outside of the envelope, including the mailing and return addresses, the stamp and postmark, and the size and weight of the envelope when sealed.17 Similar distinctions exist for telephone conversations. The content information for a telephone call is the actual conversation between participants that can be captured by an audio recording of the call.18 The envelope information includes the number the caller dials, the number from which the caller dials, the time of the call, and its duration. This calling information is not visible in the same way that the envelope of a letter is, but it equates roughly with the information derived from the envelope of a letter. In both cases, the envelope information contains to-and-from addressing, data about the time the communication was sent, and information about the 16 See Joseph H. Sommer, Against Cyberlaw, 15 BERKELEY TECH. L.J. 1145, 1147 (2000). 17 See 39 C.F.R. § 233.3(c)(1) (2002) (articulating an administrative procedure for obtaining a “mail cover,” which is defined as “the process by which a nonconsensual record is made of any data appearing on the outside cover of any sealed or unsealed class of mail matter, or by which a record is made of the contents of any unsealed class of mail matter as allowed by law”). 18 See 18 U.S.C.A. § 2510(8) (West Supp. 2002) (defining the “contents” of a “wire communication” as “any information concerning the substance, purport, or meaning of that communication”)
NORTHWESTERN UNIVERSITY LAW REVIEW communication's size and length. i9 These principles translate to the Internet quite readily in the case of email. The content information for an email is the message in the body of the email itself, much like the phone conversation or the letter in the enve ope. The email also carries addressing information in a"mail header. Mail headers are digital postmarks that accompany every email and carry information about the delivery of the mail. 20 Many email programs show users only some of this information by default, but can be configured to veal the full mail header. A full mail header looks something like this FIGURE 1: FULL MAIL HEADER Received: from SpoolDir by NLCMAIN (Mercury 1. 48): 25 Oct 01 20: 56: 41 EST/EDT Return-path:<eck@panix.com> Received: from mail2 panix com(166.84.0.213)by main. nIc.gwu.edu(Mer cury 1.48)with ESMTP 25 Oct 01 20: 56: 40 EST/EDT Receivedfrompanix3.panix.com(panix3.panix.com[166.84.1.3d by mail2 panix com(Postfix)with ESMTP id 272278F14 for <oker @ main. nIc. gwu. edu; Thu, 25 Oct 2001 20: 56: 01-0400 (EDT) Received: (from eck @localhost) bypanix3.panix.com(8.11.3nb1/8.8.8/panixn1.0)idf9q0ulD15 for oker(@main nlc gwu. edu; Thu, 25 Oct 2001 20: 56: 01-0400(EDT) From<eck@panix.com Message-ld:<200110260056.f9q0ulD15137@panix3.panix.com> To: oker @main. nIc. gwu. edu(Kerr, Orin) Date:Thu,25Oct200120:51:01-0400(EDT) In-Reply-To:<20011026005212.5D2F1487A8@maill.panix.com>fror Kerr. Orin"'at Oct 25. 08: 47: 28 PM X-Mailer: ELM [version 2.5 PL61 MIME- Version: 1.0 Content-Transfer-Encoding: 7bit X-PMFLAGS: 3512742401 Y08B38 CNM his information is generally known as"pen register"and"trap and trace"information. See infra no 20 See ADAM GAFFIN, THE BIG DUMMY's GUIDE TO THE INTERNET ch 6("Just as the postal service es99-104 puts its marks on every piece of mail it handles, so do Net postal systems. Only it's called a " header steadofapostmark.),athttp://www.cs.indiana.edu/docproject/bdgtti/bdgtti6.html(lastvisitedFeb 612
N O R T H W E S T E R N U N I V E R S I T Y L A W R E V I E W 612 communication’s size and length.19 These principles translate to the Internet quite readily in the case of email. The content information for an email is the message in the body of the email itself, much like the phone conversation or the letter in the envelope. The email also carries addressing information in a “mail header.” Mail headers are digital postmarks that accompany every email and carry information about the delivery of the mail.20 Many email programs show users only some of this information by default, but can be configured to reveal the full mail header.21 A full mail header looks something like this: FIGURE 1: FULL MAIL HEADER Received: from SpoolDir by NLCMAIN (Mercury 1.48); 25 Oct 01 20:56:41 EST/EDT Return-path: <eck@panix.com> Received: from mail2.panix.com (166.84.0.213) by main.nlc.gwu.edu (Mercury 1.48) with ESMTP; 25 Oct 01 20:56:40 EST/EDT Received: from panix3.panix.com (panix3.panix.com [166.84.1.3]) by mail2.panix.com (Postfix) with ESMTP id 272278F14 for <okerr@main.nlc.gwu.edu>; Thu, 25 Oct 2001 20:56:01 -0400 (EDT) Received: (from eck@localhost) by panix3.panix.com (8.11.3nb1/8.8.8/PanixN1.0) id f9Q0u1d15137 for okerr@main.nlc.gwu.edu; Thu, 25 Oct 2001 20:56:01 -0400 (EDT) From: <eck@panix.com> Message-Id: <200110260056.f9Q0u1d15137@panix3.panix.com> Subject: To: okerr@main.nlc.gwu.edu (Kerr, Orin) Date: Thu, 25 Oct 2001 20:51:01 -0400 (EDT) In-Reply-To: <20011026005212.5D2F1487A8@mail1.panix.com> from “Kerr, Orin” at Oct 25, 2001 08:47:28 PM X-Mailer: ELM [version 2.5 PL6] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-PMFLAGS: 35127424 0 1 Y08B38.CNM 19 This information is generally known as “pen register” and “trap and trace” information. See infra notes 99–104. 20 See ADAM GAFFIN, THE BIG DUMMY’S GUIDE TO THE INTERNET ch. 6 (“Just as the postal service puts its marks on every piece of mail it handles, so do Net postal systems. Only it’s called a ‘header’ instead of a postmark.”), at http://www.cs.indiana.edu/docproject/bdgtti/bdgtti_6.html (last visited Feb. 4, 2003). 21 See id
97:607(2003) Internet Surveillance Law After the Usa Patriot Act This gobbledygook is a mail header that was generated from an email sent to my George Washington University email account on October 25, 2001 from theemailaddresseck@panix.com.Eachofthelinesinthemailheaderhas d together, tells a story about the how it was processed, and how and when the network directed it from its ori- to the routing information in other communication network acs tain a in to its destination 22 notice that the mail header above does not contain a subject line: although subject lines appear in the mail header, they are gener ally recognized as content. 23 Viewed as a whole, the email header subject line) provides information about the email that is roughly analogous However there is much more to Internet surveillance than email. In fact, only a small fraction of the Internets traffic involves human-to-human communications such as email messages. most Internet communications are communications between humans and computers, such as World-Wide-Web pages in transit, commands sent to remote servers, and file transfers. 24 Many others are computer-to-computer communications, such as network adminis- trative traffic that keeps the Internet running smoothly. These communica tions can provide evidence of crime in the same manner as email. For example, the government may wish to monitor a computer hacker by watch- ng and recording the commands he sends to the computers he has hacked These commands do not involve email. but instead consist of commands sent directly to the victim computer. A complete understanding of Internet sur- veillance must go beyond email surveillance to encompass the surveillance of human-to-computer and computer-to-computer communications To understand how the envelope-content distinction applies to human- to-computer and computer-to-computer communications, it helps to under stand a few details about how the Internet works. The Internet is a"packet switched"network, which means that every communication sent over the Internet is broken down into individual packets. These packets are the cy ber equivalent of letters between two computers, each containing about one page of information and are sent across the Internet to their destination. of information across the Internet, 2g other by sending and receiving packets For example, the email was sent at 8: 51 p. m and was received at 8: 56 p. m. For more on how to reademailheaderssee,forexampleReadingEmailHeadersathttp://www.stopspam.org/emai headers/headers. html (last visited Feb. 4, 2003). 23 See CCIPS MANUAL, supra note 15, at 148 See PRESTON GRALLA, How THE INTERNET WORks( Greg Wiegand et al. eds, 1999) See id. at 13 device can be used to monitor commands entered by a computer hacker unauthorized to use a network). See GRALLA, supra note 24, at 13 See id at 14-15(explaining the packet-based nature of Internet communications). Consider web surfing. When an Internet user types in a website address into a browser, the computer sends out pack- 613
97:607 (2003) Internet Surveillance Law After the USA Patriot Act 613 This gobbledygook is a mail header that was generated from an email sent to my George Washington University email account on October 25, 2001 from the email address “eck@panix.com.” Each of the lines in the mail header has specific meaning, and when read together, tells a story about the message, how it was processed, and how and when the network directed it from its origin to its destination.22 Notice that the mail header above does not contain a subject line: although subject lines appear in the mail header, they are generally recognized as content.23 Viewed as a whole, the email header (minus the subject line) provides information about the email that is roughly analogous to the routing information in other communication networks. However, there is much more to Internet surveillance than email. In fact, only a small fraction of the Internet’s traffic involves human-to-human communications such as email messages. Most Internet communications are communications between humans and computers, such as World-Wide-Web pages in transit, commands sent to remote servers, and file transfers.24 Many others are computer-to-computer communications, such as network administrative traffic that keeps the Internet running smoothly.25 These communications can provide evidence of crime in the same manner as email. For example, the government may wish to monitor a computer hacker by watching and recording the commands he sends to the computers he has hacked. These commands do not involve email, but instead consist of commands sent directly to the victim computer.26 A complete understanding of Internet surveillance must go beyond email surveillance to encompass the surveillance of human-to-computer and computer-to-computer communications. To understand how the envelope-content distinction applies to humanto-computer and computer-to-computer communications, it helps to understand a few details about how the Internet works. The Internet is a “packet switched” network, which means that every communication sent over the Internet is broken down into individual packets.27 These packets are the cyber equivalent of letters between two computers, each containing about one page of information and are sent across the Internet to their destination.28 Computers communicate with each other by sending and receiving packets of information across the Internet.29 22 For example, the email was sent at 8:51 p.m. and was received at 8:56 p.m. For more on how to read email headers, see, for example, Reading Email Headers, at http://www.stopspam.org/email/ headers/headers.html (last visited Feb. 4, 2003). 23 See CCIPS MANUAL, supra note 15, at 148. 24 See PRESTON GRALLA, HOW THE INTERNET WORKS (Greg Wiegand et al. eds., 1999). 25 See id. at 13. 26 See, e.g., United States v. Seidlitz, 589 F.2d 152, 154–55 (4th Cir. 1978) (explaining how a recording device can be used to monitor commands entered by a computer hacker unauthorized to use a network). 27 See GRALLA, supra note 24, at 13. 28 See id. 29 See id. at 14–15 (explaining the packet-based nature of Internet communications). Consider web surfing. When an Internet user types in a website address into a browser, the computer sends out pack-
NORTHWESTERN UNIVERSITY LAW REVIEW Surveilling the Internet at the packet level provides a second way of conducting Internet surveillance that can be considered distinct from email surveillance. Like other forms of surveillance, packet surveillance divides into envelope information and content information. When a computer sends information across the Internet. it breaks the communication into ackets and creates a"packet header"30 to direct the packet to its destina- on. The packet header contains addressing information, such as the to and from Internet addresses of the two computers, often referred to as the Inter net Protocol addresses, or simply IP addresses, I as well as information it is(e.g, part of a web page, part of a pictur file). 3 When the packet arrives at its destination, the receiving computer discards the packet header and keeps the original message. At the packet level, this message is the content information in the packet, generally re- ferred to as the packets"payload. 33 Some communications, such as web pages in transit, typically are packetized only once: the host computer creates the packets, and the destination computer discards the packet head ers and reassembles the original file when the packets arrive. Other com- munications can be packetized several times over in the course of delivery For example, an email may be broken down into packets and reassembled into the original email a few times on its trip from sender to receiver While I don' t wish to lose technophobic readers, it helps to understand the basic relationship between email surveillance and packet surveillance Email surveillance is a subset of packet surveillance, in that while an email travels across the Internet, both the envelope and content information of emails travel across the Internet as payloads of individual packets. Obtaining content information at the packet level for a packet that happens to carry an email message may yield either envelope information for the email (the email header), or content information(the email itself), or both(in the case of short email that can fit the entire header and message on one packet). Con- sider a medium-length email that is divided into three packets. The first ets to the remote computer that hosts the website. These packets contain requests for the remote com- uter to send back the contents of the website. See id. at 140-45(explaining how web pages work) he remote computer then sends back several packets that together contain the contents of the web page, and the user's computer reassembles them and presents him with the web page requested. Although it appears to the user as though he is"visiting" the website, the computers achieve this appearance throug a complex exchange of packets across th 30 See id at 34-38 3I See BRENDAN P. KEHOE, ZEN AND THE ART OF THE INTERNET 5(4th ed. 1996)(explaining IP ad- dresses). IP addresses consist of a set of four numbers, each from 0 to 255, linked with a period IP address might be 123.9. 232.87. See id 32 See VINCENzo MEDILLO ET AL, A GUIDE TO TCP/IP NETWORKING (1996)( "lP's job is simply to find a route for the datagram and get it to the other end. In order to allow routers or other intermediate ystems to forward the datagram, it adds its own header. The main things in this header are the source http://www.ictp.triesteit/-radionet/nuc1996/ref/tcpip/(lastvisitedFeb.4,2003) 614
N O R T H W E S T E R N U N I V E R S I T Y L A W R E V I E W 614 Surveilling the Internet at the packet level provides a second way of conducting Internet surveillance that can be considered distinct from email surveillance. Like other forms of surveillance, packet surveillance divides into envelope information and content information. When a computer sends information across the Internet, it breaks the communication into packets and creates a “packet header”30 to direct the packet to its destination. The packet header contains addressing information, such as the to and from Internet addresses of the two computers, often referred to as the Internet Protocol addresses, or simply IP addresses,31 as well as information about what kind of packet it is (e.g., part of a web page, part of a picture file).32 When the packet arrives at its destination, the receiving computer discards the packet header and keeps the original message. At the packet level, this message is the content information in the packet, generally referred to as the packet’s “payload.”33 Some communications, such as web pages in transit, typically are “packetized” only once: the host computer creates the packets, and the destination computer discards the packet headers and reassembles the original file when the packets arrive. Other communications can be packetized several times over in the course of delivery. For example, an email may be broken down into packets and reassembled into the original email a few times on its trip from sender to receiver. While I don’t wish to lose technophobic readers, it helps to understand the basic relationship between email surveillance and packet surveillance. Email surveillance is a subset of packet surveillance, in that while an email travels across the Internet, both the envelope and content information of emails travel across the Internet as payloads of individual packets. Obtaining content information at the packet level for a packet that happens to carry an email message may yield either envelope information for the email (the email header), or content information (the email itself), or both (in the case of a short email that can fit the entire header and message on one packet). Consider a medium-length email that is divided into three packets. The first ets to the remote computer that hosts the website. These packets contain requests for the remote computer to send back the contents of the website. See id. at 140–45 (explaining how web pages work). The remote computer then sends back several packets that together contain the contents of the web page, and the user’s computer reassembles them and presents him with the web page requested. Although it appears to the user as though he is “visiting” the website, the computers achieve this appearance through a complex exchange of packets across the Internet. 30 See id. at 34–38. 31 See BRENDAN P. KEHOE, ZEN AND THE ART OF THE INTERNET 5 (4th ed. 1996) (explaining IP addresses). IP addresses consist of a set of four numbers, each from 0 to 255, linked with a period. So, for example, an IP address might be 123.9.232.87. See id. 32 See VINCENZO MEDILLO ET AL., A GUIDE TO TCP/IP NETWORKING (1996) (“IP’s job is simply to find a route for the datagram and get it to the other end. In order to allow routers or other intermediate systems to forward the datagram, it adds its own header. The main things in this header are the source and destination IP address, the protocol number, and another checksum.”), available at http://www.ictp.trieste.it/~radionet/nuc1996/ref/tcpip/ (last visited Feb. 4, 2003). 33 See id
97607(2003) Internet Surveillance Law After the Usa Patriot Act packet will start with the packet header, which is needed to deliver the packet to the recipients server, and then will contain a payload that consists of both the mail header and then the beginning of the email's contents. The second packet then starts with its own packet header, followed by a payload that con- sists of the next portion of the emails contents. The third packet comes last. and consists of a packet header and then the last portion of the email. When the email arrives at its destination, the server will shed the packet headers and reassemble the email into the mail header and the contents of the email The following table summarizes the envelope and content information for the four types of communications network surveillance TABLE 1: ENVELOPE AND CONTENT INFORMATION FOR POSTAL MAIL TELEPHONE CALLS. EMAILS AND INTERNET PACKETS SURVEILLANCE ENVELOPE CoNTENT TYPE INFORMATION INFORMATION Postal maill D)To, from mailing The contents of the letter 3)Color, size, weight of pa package Telephone )To, from telephone The contents of the numbers for a call ) To, from email The contents of the ress for 2)Mail header info (length of email digital postmarks) minus the subject line Internet Packets 1)To, from IP Payload of the packet (the contents of a 2)Remaining packet communication between header information two computers) (length of packet type of traffic) Notably, each packet includes its own number, so that the different packets can arrive at different times to their destination and the computer at the destination will be able to reassemble them into the original communication. See GRALLA, supra note 24, at 13 615
97:607 (2003) Internet Surveillance Law After the USA Patriot Act 615 packet will start with the packet header, which is needed to deliver the packet to the recipient’s server, and then will contain a payload that consists of both the mail header and then the beginning of the email’s contents. The second packet then starts with its own packet header, followed by a payload that consists of the next portion of the email’s contents. The third packet comes last, and consists of a packet header and then the last portion of the email.34 When the email arrives at its destination, the server will shed the packet headers and reassemble the email into the mail header and the contents of the email. The following table summarizes the envelope and content information for the four types of communications network surveillance: TABLE 1: ENVELOPE AND CONTENT INFORMATION FOR POSTAL MAIL, TELEPHONE CALLS, EMAILS, AND INTERNET PACKETS 34 Notably, each packet includes its own number, so that the different packets can arrive at different times to their destination and the computer at the destination will be able to reassemble them into the original communication. See GRALLA, supra note 24, at 13. SURVEILLANCE TYPE ENVELOPE INFORMATION CONTENT INFORMATION Postal Mail 1) To, from mailing address of a letter 2) Postmark, stamp 3) Color, size, weight of package The contents of the letter Telephone 1) To, from telephone numbers for a call The contents of the telephone Email 1) To, from email address for an email 2) Mail header info (length of email, digital postmarks) minus the subject line The contents of the email, including the subject line Internet Packets 1) To, from IP addresses 2) Remaining packet header information (length of packet, type of traffic) Payload of the packet (the contents of any communication between two computers)
