文档详细内容(约69页)
NORTHWESTERN UNIVERSITY LAW REVIEW Notably, all four categories mirror the distinction between envelope and content information. The envelope provides addressing information, and the content provides the actual communication that the network will deliver to its destination B. Prospective Versus Retrospective Surveillance The next distinction considers the timing of the surveillance. Is the surveillance designed to capture future communications that have not yet been sent over the network("prospective " surveillance), or is it designed to look for stored records and past communications that may be retained in the network("retrospective"surveillance)? Wiretapping a telephone provides the classic example of prospective surveillance. When the FBI wiretaps a telephone line, it seeks to listen to the contents of future conversations. In the case of retrospective surveillance, in contrast, the government seeks to access stored records of past communications. The use of o.J. Simpsons telephone records in his murder trial furnishes a well-known example. 35 The Los Angeles Police Department obtained Simpsons phone records to show that Simpson had made several suspicious calls the night of his wifes murder. b This example illustrates retrospective surveillance of envelope information; the police used the phone company's stored business records lating to past communications to try to prove Simpson's guilt The law often distinguishes between prospective and retrospective sur veillance because they raise somewhat different privacy concerns. As Jus- tice Douglas noted in his concurrence in Berger v. New York, 8 prospective surveillance can at worst constitute a dragnet, sweeping in all conversation within its scope. 39 The surveilling party taps into the network at a given location and picks up traffic passing through, but cannot know in advance exactly what the traffic will be. Some of the traffic may prove relevant, but usually much of the traffic will not be. 40 Further, it can be technically diffi- cult(if not impossible) to filter the communications down to the relevant evidence before the government observes it. Accordingly, prospective sur- veillance tends to raise difficult questions of how the communications should be filtered down to the evidence the government seeks. 4 In con- trast, the scope of retrospective surveillance is generally more limited. The 35 See Michael Miller, Time of Phone Call a Key to O.J. Case, S F. EXAMINER, Aug. 13, 1994, at 36 38 388 U.S. 41, 64-68(1967)(Douglas, J, concurring) See scott v ur 436 U.S. 128, 145(1978)(Brennan, J, dissenting)("Because it is dif- ficult to know with of certainty whether a given communication is subject to interception prior to its interception sarily must be a margin of error permitted. See id. at 140-43(discussing difficulties of filtering the fruits of a wiretap) 616
N O R T H W E S T E R N U N I V E R S I T Y L A W R E V I E W 616 Notably, all four categories mirror the distinction between envelope and content information. The envelope provides addressing information, and the content provides the actual communication that the network will deliver to its destination. B. Prospective Versus Retrospective Surveillance The next distinction considers the timing of the surveillance. Is the surveillance designed to capture future communications that have not yet been sent over the network (“prospective” surveillance), or is it designed to look for stored records and past communications that may be retained in the network (“retrospective” surveillance)? Wiretapping a telephone provides the classic example of prospective surveillance. When the FBI wiretaps a telephone line, it seeks to listen to the contents of future conversations. In the case of retrospective surveillance, in contrast, the government seeks to access stored records of past communications. The use of O.J. Simpson’s telephone records in his murder trial furnishes a well-known example.35 The Los Angeles Police Department obtained Simpson’s phone records to show that Simpson had made several suspicious calls the night of his wife’s murder.36 This example illustrates retrospective surveillance of envelope information; the police used the phone company’s stored business records relating to past communications to try to prove Simpson’s guilt.37 The law often distinguishes between prospective and retrospective surveillance because they raise somewhat different privacy concerns. As Justice Douglas noted in his concurrence in Berger v. New York, 38 prospective surveillance can at worst constitute “a dragnet, sweeping in all conversation within its scope.”39 The surveilling party taps into the network at a given location and picks up traffic passing through, but cannot know in advance exactly what the traffic will be. Some of the traffic may prove relevant, but usually much of the traffic will not be.40 Further, it can be technically difficult (if not impossible) to filter the communications down to the relevant evidence before the government observes it. Accordingly, prospective surveillance tends to raise difficult questions of how the communications should be filtered down to the evidence the government seeks.41 In contrast, the scope of retrospective surveillance is generally more limited. The 35 See Michael Miller, Time of Phone Call a Key to O.J. Case, S.F. EXAMINER, Aug. 13, 1994, at A1. 36 See id. 37 See id. 38 388 U.S. 41, 64–68 (1967) (Douglas, J., concurring). 39 Id. at 65. 40 See Scott v. United States, 436 U.S. 128, 145 (1978) (Brennan, J., dissenting) (“Because it is difficult to know with any degree of certainty whether a given communication is subject to interception prior to its interception, there necessarily must be a margin of error permitted.”). 41 See id. at 140–43 (discussing difficulties of filtering the fruits of a wiretap)
97607(2003) Internet Surveillance Law After the Usa Patriot Act primary difference is that in most cases a substantial portion of the evidence will no longer exist.#2 Because retrospective surveillance involves access- ing records that have been retained in a network, the scope of surveillance ordinarily will be limited to whatever information or records may have been retained in the ordinary course of business. 43 Some records may be kept but others may not Retrospective surveillance also presents less formidable filtering chal- lenges than prospective surveillance because the process of storing records may itself help filter them. For example, retrospective surveillance of a computer network generally means accessing stored files; an individual will log on to a computer and look through logs and files that the system may have retained in a particular folder or storage location. In the case of emails, emails arriving at an Internet service provider will ordinarily be careened and deposited by the ISP's computer into individual accounts. +If law enforcement obtains an order compelling the iSP to divulge all stored emails in a particular email account, the Isp will be able to locate emails in the account without screening through other emails. 45 In contrast, prospec- tive surveillance means intercepting Internet packets as they cross the Inter- net, or installing a monitoring device that collects the information immediately before it is packetized and sent across the Internet or immedi- ately after it arrives at its destination and is depacketized. The latter will tend to pick up more information than the former The difference is merely one of degree, however. Filtering out unre nted files for materials targeted by a court order presents a constant chal lenge. #7 For example, in the case of retrospective surveillance of an email account, the government can obtain a search warrant to obtain evidence of rime in the form of stored emails. Someone must go through the stored emails in the account and separate the pertinent from the non-pertinent 42 See CCIPS MANUAL, supra note 15, at 137("In general, no law regulates how long network vice providers must retain account records in the United States. Some providers retain records for months others for hours, others not at all. " 44 See id at 82 e,e.g,United States v Lamb, 945 F Supp. 441, 458-59(N D. N.Y. 1996)(search warrant or- dering AOL to divulge"all stored files" in specific Internet accounts) See GRALLA, supra note 24, at 15. This may depend on the particular circumstances, however For example, a network may or may not have a"firewall"in place that records packet header informa- tion entering or exiting the network protected by the firewall. Absent a firewall, no record of these See Andresen v. Maryland, 427 U.S. 463, 482n 11(1976). The court noted us documents will be examined. at least rily, in order to determine whether they are, in fact, among those papers authorized to be seize oth kinds of searches, responsible officials, including judicial officials, must take care to assure that they are conducted in a manner that minimizes unwarranted intrusions upon 617
97:607 (2003) Internet Surveillance Law After the USA Patriot Act 617 primary difference is that in most cases a substantial portion of the evidence will no longer exist.42 Because retrospective surveillance involves accessing records that have been retained in a network, the scope of surveillance ordinarily will be limited to whatever information or records may have been retained in the ordinary course of business.43 Some records may be kept, but others may not. Retrospective surveillance also presents less formidable filtering challenges than prospective surveillance because the process of storing records may itself help filter them. For example, retrospective surveillance of a computer network generally means accessing stored files; an individual will log on to a computer and look through logs and files that the system may have retained in a particular folder or storage location. In the case of emails, emails arriving at an Internet service provider will ordinarily be screened and deposited by the ISP’s computer into individual accounts.44 If law enforcement obtains an order compelling the ISP to divulge all stored emails in a particular email account, the ISP will be able to locate emails in the account without screening through other emails.45 In contrast, prospective surveillance means intercepting Internet packets as they cross the Internet, or installing a monitoring device that collects the information immediately before it is packetized and sent across the Internet or immediately after it arrives at its destination and is depacketized. The latter will tend to pick up more information than the former.46 The difference is merely one of degree, however. Filtering out unrelated files for materials targeted by a court order presents a constant challenge.47 For example, in the case of retrospective surveillance of an email account, the government can obtain a search warrant to obtain evidence of crime in the form of stored emails. Someone must go through the stored emails in the account and separate the pertinent from the non-pertinent 42 See CCIPS MANUAL, supra note 15, at 137 (“In general, no law regulates how long network service providers must retain account records in the United States. Some providers retain records for months others for hours, others not at all.”). 43 See id. 44 See id. at 82. 45 See, e.g., United States v. Lamb, 945 F. Supp. 441, 458–59 (N.D.N.Y. 1996) (search warrant ordering AOL to divulge “all stored files” in specific Internet accounts). 46 See GRALLA, supra note 24, at 15. This may depend on the particular circumstances, however. For example, a network may or may not have a “firewall” in place that records packet header information entering or exiting the network protected by the firewall. Absent a firewall, no record of these packets would ordinarily be kept. 47 See Andresen v. Maryland, 427 U.S. 463, 482 n.11 (1976). The court noted: In searches for papers, it is certain that some innocuous documents will be examined, at least cursorily, in order to determine whether they are, in fact, among those papers authorized to be seized. Similar dangers, of course, are present in executing a warrant for the “seizure” of telephone conversations. In both kinds of searches, responsible officials, including judicial officials, must take care to assure that they are conducted in a manner that minimizes unwarranted intrusions upon privacy. Id
NORTHWESTERN UNIVERSITY LAW REVIEW files. 8 Nonetheless, retrospective surveillance usually presents a less se- vere filtering challenge than prospective surveillance. C. Powers of the Government Versus Powers of the Provider(Who) Having explored the types of information that the government may wish to monitor on a communications network. we can now look to the different types of legal rules that may regulate the surveillance. Legal rules governing surveillance of communications networks generally divide into two types les concerning government surveillance of the network for law enforcement purposes, and rules governing network providers who may conduct surveil lance of their own and wish to disclose the information to the government. 50 Of these two types of rules, the latter is less understood, but no less impor tant. In any communications network, a service provider will administer each 48 See, e.g, Lamb, 945 F Supp at 458-59(rejecting a Fourth Amendment challenge to a search arrant for stored email in which the warrant required AOL to divulge all stored files" in specif Internet accounts to the government, rather than only the evidence of crime). Justice White stated this point quite aptly in his Berger dissent: Petitioner suggests that the search is overbroad because the eavesdropper [ conducting prospective surveillance will overhe sations which do not relate to criminal (However, the same is true all searches of private property which the Fe mendment permits. In searching for seizable matters, the police must necessanly see or hear, and comprehend, items which do not relate to the purpose of the search. That this occurs, how er, does not render the search invalid, so long as it is authorized by a suitable search warrant and as the police, in executing that warrant, limit themselves to searching for items which may Berger, 388 U.S. at 108(White, J, dissenting). Notably, the technology of the Internet can blur the line between prospective and retrospective surveillance because transit from their origin to their destination can be temporarily stored at intermediary points, either for a few milliseconds, or for a longer period. Because the law draws a distinction between prospective Internet surveillance(governed by the Wiretap Act and the Pen Register Statute, 18 U.S.C.A.$8 2510-2522, 3121-3127(West Supp. 2002))and retrospective surveil- lance(governed by the Electronic Communications Privacy Act(ECPA), id $8 2701-2711), this creates ons as to where to draw the line between these two legal regimes. Compare Steve Jack- on Games, Inc v. United States Secret Serv., 36 F 3d 457, 460-63(5th Cir. 1994)(holding that a tem- porarily stored email file is governed by ECPA, not the Wiretap Act), with Konop v. Hawaiian Airlines, 236 F 3d 1035, 1048(9th Cir )(holding that a temporarily stored email file is governed by the wiretap Act in addition to ECPA), withdrawn, 262 F3d 972(9th Cir. 2001), rev d, 302 F 3d 868 (9th Cir. 2002) The Patriot Act helped clarify this line by removing the statutory language that past courts had used find that the prospective Wiretap Act governed temporarily stored contents. See 18 U.S.C.A. $2510(1) defining"wire communication); United States v. Smith, 155 F 3d 1051, 1058-59(9th Cir. 1998)(rely. ing on the pre-Patriot Act definition of"wire communication"to hold that the Wiretap Act applies to ored voicemail). The courts have not yet had the opportunity to draw the line post-Patriot Act. How er, presumably the courts will draw some kind of functional equivalence test, in which the functional of prospective surveillance is government by the Wiretap Act and Pen Register while a stored file in a way that is not the functional equivalent of prospective surveillance is gov- erned by ECPa Another possible category exists: rules concerning provider surveillance of the network at the re- quest of (or pursuant to a court order obtained by)law enforcement. However, I will consider these rules as a subset of the rules concerning government surveillance of the network. 618
N O R T H W E S T E R N U N I V E R S I T Y L A W R E V I E W 618 files.48 Nonetheless, retrospective surveillance usually presents a less severe filtering challenge than prospective surveillance.49 C. Powers of the Government Versus Powers of the Provider (“Who”) Having explored the types of information that the government may wish to monitor on a communications network, we can now look to the different types of legal rules that may regulate the surveillance. Legal rules governing surveillance of communications networks generally divide into two types: rules concerning government surveillance of the network for law enforcement purposes, and rules governing network providers who may conduct surveillance of their own and wish to disclose the information to the government.50 Of these two types of rules, the latter is less understood, but no less important. In any communications network, a service provider will administer each 48 See, e.g., Lamb, 945 F. Supp. at 458–59 (rejecting a Fourth Amendment challenge to a search warrant for stored email in which the warrant required AOL to divulge “all stored files” in specific Internet accounts to the government, rather than only the evidence of crime). Justice White stated this point quite aptly in his Berger dissent: Petitioner suggests that the search is inherently overbroad because the eavesdropper [conducting prospective surveillance] will overhear conversations which do not relate to criminal activity. . . . [However,] the same is true of almost all searches of private property which the Fourth Amendment permits. In searching for seizable matters, the police must necessarily see or hear, and comprehend, items which do not relate to the purpose of the search. That this occurs, however, does not render the search invalid, so long as it is authorized by a suitable search warrant and so long as the police, in executing that warrant, limit themselves to searching for items which may constitutionally be seized. Berger, 388 U.S. at 108 (White, J., dissenting). 49 Notably, the technology of the Internet can blur the line between prospective and retrospective surveillance because communications in transit from their origin to their destination can be temporarily stored at intermediary points, either for a few milliseconds, or for a longer period. Because the law draws a distinction between prospective Internet surveillance (governed by the Wiretap Act and the Pen Register Statute, 18 U.S.C.A. §§ 2510–2522, 3121–3127 (West Supp. 2002)) and retrospective surveillance (governed by the Electronic Communications Privacy Act (ECPA), id. §§ 2701–2711), this creates a series of questions as to where to draw the line between these two legal regimes. Compare Steve Jackson Games, Inc. v. United States Secret Serv., 36 F.3d 457, 460–63 (5th Cir. 1994) (holding that a temporarily stored email file is governed by ECPA, not the Wiretap Act), with Konop v. Hawaiian Airlines, 236 F.3d 1035, 1048 (9th Cir.) (holding that a temporarily stored email file is governed by the Wiretap Act in addition to ECPA), withdrawn, 262 F.3d 972 (9th Cir. 2001), rev’d, 302 F.3d 868 (9th Cir. 2002). The Patriot Act helped clarify this line by removing the statutory language that past courts had used to find that the prospective Wiretap Act governed temporarily stored contents. See 18 U.S.C.A. § 2510(1) (defining “wire communication”); United States v. Smith, 155 F.3d 1051, 1058–59 (9th Cir. 1998) (relying on the pre-Patriot Act definition of “wire communication” to hold that the Wiretap Act applies to stored voicemail). The courts have not yet had the opportunity to draw the line post-Patriot Act. However, presumably the courts will draw some kind of functional equivalence test, in which the functional equivalent of prospective surveillance is government by the Wiretap Act and Pen Register Statute, while access to a stored file in a way that is not the functional equivalent of prospective surveillance is governed by ECPA. 50 Another possible category exists: rules concerning provider surveillance of the network at the request of (or pursuant to a court order obtained by) law enforcement. However, I will consider these rules as a subset of the rules concerning government surveillance of the network
97607(2003) Internet Surveillance Law After the Usa Patriot Act segment of the network with responsibility for that portion of the network. A network can have a single provider like the United States Postal Service. The Postal Service enjoys a statutory monopoly over the United States postal mail system.52 Most networks are decentralized, however. The Internet provides a clear example of a highly decentralized network. No one owns the Internet as a whole. Instead, thousands of independent Internet service providers (IsPs) eac Rules governing provider surveillance are quite important because provid- each administer small corners of the network. 53 ers often need to surveil their comer of the network for a variety of business- related reasons. For example, the phone company may need to keep records of calls for long-distance billing(envelope surveillance or may need to listen to alls on occasion to combat telephone fraud or assess the quality of the line (content surveillance). 3 Similarly, ISPs may need to maintain email logs, or intercept communications in transit to determine the source of a network prob- lem or ferret out an unauthorized intruder 6 Providers may discover evidence of a crime on their own and wish to report it to law enforcement Over 1. Government Powers. -In categorizing the rules two features stand out as the most important. The first considers the legal threshold that the gov- ernment must satisfy before it can collect a particular type of information. The second considers the different rules that may apply depending on whether th government conducts the surveillance of the network itself, or the government obtains an order requiring the provider to monitor on the governments behalf. 7 a. Thresholds("When").-The first question asks: What type of threshold showing must the government make before it can acquire a cer tain type of information? For example, should the FBi be allowed to open postal mail without a court order, or must the FBI first obtain a search war ant? Can the local police require the phone company to provide a cus- tomer's long-distance records without a court order, or is some court order required, and if so, what kind of order? See Castells. 52 See air courier conference of Am Postal Workers Union, 498 U.S. 517, 519(1991) (Since its establishment, the United States Postal Service has exercised a monopoly over the carriage of letters in and from the United States. )."The postal monopoly is codified..[at18 U.S.C. s$ 1693- 1699and39USC.§§601-606.”ld See GRALLA, supra note 24, at5 See, e.g, Smith v. Maryland, 442 U.S. 735, 742(1979)(In fact, pen registers and similar devices are routinely used by telephone companies for the purposes of checking billing operations, detecting fraud and preventing violations of law. " (internal quotations omitted)) 56 See, e. g, CLIFF STOLL, THE CUCKOOs EGG(1989)(recounting how a system administrator con- ducted electronic surveillance of his network to trace a computer hacker) 57 Other questions include the role of judicial review in obtaining the order and later challenging it, as well as the remedy when the law has been violated. From a practical standpoint, these factors can be portant deteminants of how closely and consistently the laws are followed. For the sake of simplic. ity, however, I will skip these questions in the course of the analysis 619
97:607 (2003) Internet Surveillance Law After the USA Patriot Act 619 segment of the network with responsibility for that portion of the network.51 A network can have a single provider like the United States Postal Service. The Postal Service enjoys a statutory monopoly over the United States postal mail system.52 Most networks are decentralized, however. The Internet provides a clear example of a highly decentralized network. No one owns the Internet as a whole. Instead, thousands of independent Internet service providers (ISPs) each administer small corners of the network.53 Rules governing provider surveillance are quite important because providers often need to surveil their corner of the network for a variety of businessrelated reasons. For example, the phone company may need to keep records of calls for long-distance billing (envelope surveillance)54 or may need to listen to calls on occasion to combat telephone fraud or assess the quality of the line (content surveillance).55 Similarly, ISPs may need to maintain email logs, or intercept communications in transit to determine the source of a network problem or ferret out an unauthorized intruder.56 Providers may discover evidence of a crime on their own and wish to report it to law enforcement. 1. Government Powers.—In categorizing the rules, two features stand out as the most important. The first considers the legal threshold that the government must satisfy before it can collect a particular type of information. The second considers the different rules that may apply depending on whether the government conducts the surveillance of the network itself, or the government obtains an order requiring the provider to monitor on the government’s behalf.57 a. Thresholds (“When”).—The first question asks: What type of threshold showing must the government make before it can acquire a certain type of information? For example, should the FBI be allowed to open postal mail without a court order, or must the FBI first obtain a search warrant? Can the local police require the phone company to provide a customer’s long-distance records without a court order, or is some court order required, and if so, what kind of order? 51 See CASTELLS, supra note 11. 52 See Air Courier Conference of Am. v. Am. Postal Workers Union, 498 U.S. 517, 519 (1991) (“Since its establishment, the United States Postal Service has exercised a monopoly over the carriage of letters in and from the United States.”). “The postal monopoly is codified . . . [at] 18 U.S.C. §§ 1693– 1699 and 39 U.S.C. §§ 601–606.” Id. 53 See GRALLA, supra note 24, at 5. 54 See, e.g., Smith v. Maryland, 442 U.S. 735, 742 (1979) (“In fact, pen registers and similar devices are routinely used by telephone companies for the purposes of checking billing operations, detecting fraud and preventing violations of law.” (internal quotations omitted)). 55 See, e.g., Bubis v. United States, 384 F.2d 643 (9th Cir. 1967). 56 See, e.g., CLIFF STOLL, THE CUCKOO’S EGG (1989) (recounting how a system administrator conducted electronic surveillance of his network to trace a computer hacker). 57 Other questions include the role of judicial review in obtaining the order and later challenging it, as well as the remedy when the law has been violated. From a practical standpoint, these factors can be important determinants of how closely and consistently the laws are followed. For the sake of simplicity, however, I will skip these questions in the course of the analysis
NORTHWESTERN UNIVERSITY LAW REVIEW he different thresholds can be placed alo from the lowest threshold to the highest. A continuum based on thresholds nly found in current surveillance law might look something like this TABLE 2. LEGAL THRESHOLDS FOR GOVERNMENT SURVEILLANCE NO LEGAL PROCESS The government can acquire the informa tion without process or ord such as a grand jury subpoena duces tecum58or an administrative subpoena, be- fore acquiring the information. 9 The sub- poena compels the provider to disclose the information to the government. RELEVANCE COURT ORDER The government must obtain a court order before acquiring the information but can the order merely by certifying to court that the information likely to be ob tained is relevant to a law enforcement in ARTICULABLE FACTS The government must obtain a court order COURT ORDER before acquiring the information, and to ob- tain the order must offer specific and ar- ticulable facts establishing reasonable rounds to believe the information to be obtained is both relevant and material to an ongoing criminal investigation 6I 58 See, e. g, FED. R. CRIM. P. 6(granting subpoena power to federal grand jury) app. (2000)(authorizing administrative subpoenas pursuant to s 6(a)(4)of the Inspector General Act) 60 See, eg, 18 U.S.C.A. 8 3123(West Supp. 2002)(describing process for obtaining a pen register or trap and trace order). See, e.g,id$2703(d)(requiring government to obtain a court order before ordering an Intemet service provider to divulge records, and stating that the order must state"specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation") 620
N O R T H W E S T E R N U N I V E R S I T Y L A W R E V I E W 620 The different thresholds can be placed along a continuum, ranging from the lowest threshold to the highest. A continuum based on thresholds commonly found in current surveillance law might look something like this: TABLE 2: LEGAL THRESHOLDS FOR GOVERNMENT SURVEILLANCE NO LEGAL PROCESS The government can acquire the information without process or order. SUBPOENA The government must obtain a subpoena, such as a grand jury subpoena duces tecum58 or an administrative subpoena, before acquiring the information.59 The subpoena compels the provider to disclose the information to the government. RELEVANCE COURT ORDER The government must obtain a court order before acquiring the information but can obtain the order merely by certifying to the court that the information likely to be obtained is relevant to a law enforcement investigation.60 ARTICULABLE FACTS COURT ORDER The government must obtain a court order before acquiring the information, and to obtain the order must offer specific and articulable facts establishing reasonable grounds to believe the information to be obtained is both relevant and material to an ongoing criminal investigation.61 58 See, e.g., FED. R. CRIM. P. 6 (granting subpoena power to federal grand jury). 59 See, e.g., 5 U.S.C. app. (2000) (authorizing administrative subpoenas pursuant to § 6(a)(4) of the Inspector General Act). 60 See, e.g., 18 U.S.C.A. § 3123 (West Supp. 2002) (describing process for obtaining a pen register or trap and trace order). 61 See, e.g., id. § 2703(d) (requiring government to obtain a court order before ordering an Internet service provider to divulge records, and stating that the order must state “specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation”)
