The Electronic Frontier Foundation (EFF) has created this Surveillance Self-Defense site to educate the American public about the law and technology of government surveillance in the United States, providing the information and tools necessary to evaluate the threat of surveillance and take appropriate steps to defend against it.
Surveillance Self-Defense (SSD) exists to answer two main questions: What can the government legally do to spy on your computer data and communications? And what can you legally do to protect yourself against such spying?
After an introductory discussion of how you should think about making security decisions — it's all about risk management — we'll be answering those two questions for three types of data:
First, we're going to talk about the threat to the data stored on your computer posed by searches and seizures by law enforcement, as well as subpoenas demanding your records.
Second, we're going to talk about the threat to your data on the wire — that is, your data as it's being transmitted — posed by wiretapping and other real-time surveillance of your telephone and Internet communications by law enforcement.
Third, we're going to describe the information about you that is stored by third parties like your phone company and your Internet service provider, and how law enforcement officials can get it.
In each of these three sections, we're going to give you practical advice about how to protect your private data against law enforcement agents.
In a fourth section, we'll also provide some basic information about the U.S. government's expanded legal authority when it comes to foreign intelligence and terrorism investigations.
Finally, we've collected several articles about specific defensive technologies that you can use to protect your privacy, which are linked to from the other sections or can be accessed individually. So, for example, if you're only looking for information about how to securely delete your files, or how to use encryption to protect the privacy of your emails or instant messages, you can just directly visit that article.
Risk Management
Security Means Making Trade-Offs to Manage Risks
Security isn't having the strongest lock or the best anti-virus software — security is about making trade-offs to manage risk, something we do in many contexts throughout the day. When you consider crossing the street in the middle of the block rather than at a cross-walk, you are making a security trade-off: you consider the threat of getting run over versus the trouble of walking to the corner, and assess the risk of that threat happening by looking for oncoming cars. Your bodily safety is the asset you're trying to protect. How high is the risk of getting run over and are you in such a rush that you're willing to tolerate it, even though the threat is to your most valuable asset?
That's a security decision. Not so hard, is it? It's just the language that takes getting used to. Security professionals use four distinct but interrelated concepts when considering security decisions: assets, threats, risks and adversaries.
Assets
What You Are Protecting
An asset is something you value and want to protect. Anything of value can be an asset, but in the context of this discussion most of the assets in question are information. Examples are you or your organization's emails, instant messages, data files and web site, as well as the computers holding all of that information.
Threats
What You Are Protecting Against
A threat is something bad that can happen to an asset. Security professionals divide the various ways threats can hurt your data assets into six sub-areas that must be balanced against each other:
- Confidentiality is keeping assets or knowledge about assets away from unauthorized parties.
- Integrity is keeping assets undamaged and unaltered.
- Availability is the assurance that assets are available to parties authorized to use them.
- Consistency is when assets behave and work as expected, all the time.
- Control is the regulation of access to assets.
- Audit is the ability to verify that assets are secure.
Threats can be classified based on which types of security they threaten. For example, someone trying to read your email (the asset) without permission threatens its confidentiality and your control over it. If, on the other hand, an adversary wants to destroy your email or prevent you from getting it, the adversary is threatening the email's integrity and availability. Using encryption, as described later in this guide, you can protect against several of these threats. Encryption not only protects the confidentiality of your email by scrambling it into a form that only you or your intended recipient can descramble, but also allows you to audit the emails — that is, check and see that the person claiming to be the sender is actually that person, or confirm that the email wasn't changed between the sender and you to ensure that you've maintained the email's integrity and your control over it.
Risk
The Likelihood of a Threat Actually Occuring
Risk is the likelihood that a particular threat against a particular asset will actually come to pass, and how damaged the asset would be. There is a crucial distinction between threats and risks: threats are the bad things that can happen to assets, but risk is the likelihood that specific threats will occur. For instance, there is a threat that your building will collapse, but the risk that it will really happen is far greater in San Francisco (where earthquakes are common) than in Minneapolis (where they are not).
People often over-estimate and thus over-react to the risk of unlikely threats because they are rare enough that the worst incidents are well publicized or interesting in their unusualness. Similarly, they under-estimate and under-react to more common risks. The most clichéd example is driving versus flying. Another example: when we talk to individuals about government privacy intrusions, they are often concerned about wiretapping or searches, but most people are much more at risk from less dramatic measures, like subpoenas demanding records from you or your email provider. That is why we so strongly recommend good data practices — if it's private, don't give it to others to hold and don't store it, but if you do store it, protect it — while also covering more unusual circumstances, like what to do when the police show up at your door or seize your laptop.
Evaluating risk is necessarily a subjective process; not everyone has the same priorities or views threats in the same way. Many people find certain threats unacceptable no matter what the risk, because the mere presence of the threat at any likelihood is not worth the cost. In other cases, people disregard high risks because they don't view the threat as a problem. In a military context, for example, it might be preferable for an asset to be destroyed than for it to fall into enemy hands. Conversely, in many civilian contexts, it's more important for an asset such as email service to be available than confidential.
In his book Beyond Fear, security expert Bruce Schneier identifies five critical questions about risk that you should ask when assessing proposed security solutions:
- What assets are you trying to protect?
- What are the risks to those assets?
- How well does the security solution mitigate those risks?
- What other risks does the security solution cause?
- What costs and trade-offs does the security solution impose?
Security is the art of balancing the value of the asset you are trying to protect against the costs of providing protection against particular risks. Practical security requires you to realistically judge the actual risk of a threat in order to decide which security precautions may be worth using to protect an asset, and which precautions are absolutely necessary.
In this sense, protecting your security is a game of tradeoffs. Consider the lock on your front door. What kind of lock — or locks — should you invest in, or should you lock the door at all? The assets are invaluable — the privacy of your home and control over the things inside. The threat level is very high — you could be financially wiped out, and all of your most valuable and private information exposed, if someone broke in. The critical question then becomes: how serious is the risk of someone breaking in? If the risk is low, you probably won't want to invest much money in a lock; if the risk is high, you'll want to get the best locks that you can.
Adversaries
Who Poses a Threat?
A critical part of assessing risk and deciding on security solutions is knowing who or what your adversary is. An adversary, in security-speak, is any person or entity that poses a threat against an asset. Different adversaries pose different threats to different assets with different risks; different adversaries will demand different solutions.
For example, if you want to protect your house from a random burglar, your lock just needs to be better than your neighbors', or your porch better lit, so that the burglar will choose the other house. If your adversary is the government, though, money spent on a better lock than your neighbors' would be wasted — if the government is investigating you and wants to search your house, it won't matter how well your security compares to your neighbors. You would instead be better off spending your time and money on other security measures, like encrypting your valuable information so that if it's seized, the government can't read it.
Here are some examples of the kinds of adversaries that may pose a threat to your digital privacy and security:
- U.S. government agents that follow laws which limit their activities
- U.S. government agents that are willing and able to operate without legal restrictions
- Foreign governments
- Civil litigants who have filed or intend to file a lawsuit against you
- Companies that store or otherwise have access to your data
- Individual employees who work for those companies
- Hackers or organized criminals who randomly break into your computer, or the computers of companies that store your data
- Hackers or organized criminals that specifically target your computer or the computers of the companies that store your data
- Stalkers, private investigators or other private parties who want to eavesdrop on your communications or obtain access to your machines
This guide focuses on defending against threats from the first adversary — government agents that follow the law — but the information herein should also provide some help in defending against the others.
Putting it All Together
Which Threats from Which Adversaries Pose the Highest Risk to Your Assets?
Putting these concepts together, you need to evaluate which threats to your assets from which adversaries pose the most risk, and then decide how to manage the risk. Intelligently trading off risks and costs is the essence of security. How much is it worth to you to manage the risk? For example, you may recognize that government adversaries pose a threat to your webmail account, because of their ability to secretly subpoena its contents. If you consider that threat from that adversary to be a high risk, you may choose not to store your email messages with the webmail company, and instead store it on your own computer. If you consider it a low risk, you may decide to leave your email with the webmail company — trading security for the convenience of being able to access your email from any internet-connected computer. Or, if you think it’s an intermediate risk, you may leave your email with the webmail company but tolerate the inconvenience of using encryption to protect the confidentiality of your most sensitive emails. In the end, it’s up to you to decide which trade-offs you are willing to make to help secure your assets.
A Few Parting Lessons
Now that we've covered the critical concepts, here are a few more basic lessons in security-think that you should consider before reading the rest of this guide:
Knowledge is Power. Good security decisions can't be made without good information. Your security tradeoffs are only as good as the information you have about the value of your assets, the severity of the threats from different adversaries to those assets, and the risk of those attacks actually happening. We're going to try to give you the knowledge you need to identify the threats to your computer and communications security that are posed by the government, and judge the risk against possible security measures.
The Weakest Link. Think about assets as components of the system in which they are used. The security of the asset depends on the strength of all the components in the system. The old adage that "a chain is only as strong as its weakest link" applies to security, too: The system as a whole is only as strong as the weakest component. For example, the best door lock is of no use if you have cheap window latches. Encrypting your email so it won't get intercepted in transit won't protect the confidentiality of that email if you store an unencrypted copy on your laptop and your laptop is stolen.
Simpler is Safer and Easier. It is generally most cost-effective and most important to protect the weakest component of the system in which an asset is used. Since the weak components are much easier to identify and understand in simple systems, you should strive to reduce the number and complexity of components in your information systems. A small number of components will also serve to reduce the number of interactions between components, which is another source of complexity, cost, and risk.
More Expensive Doesn't Mean More Secure. Don't assume that the most expensive security solution is the best, especially if it takes away resources needed elsewhere. Low-cost measures like shredding trash before leaving it on the curb can give you lots of bang for your security buck.
There is No Perfect Security — It's Always a Trade-Off. Set security policies that are reasonable for your organization, for the risks you face, and for the implementation steps your group can and will take. A perfect security policy on paper won't work if it's too difficult to follow day-to-day.
What's Secure Today May Not Be Secure Tomorrow. It is also crucially important to continually re-evaluate the security of your assets. Just because they were secure last year or last week doesn't mean they're still secure!
Data Stored on Your Computer
Search, Seizure and Subpoenas
In this section, you'll learn about how the law protects — or doesn't protect — the data that you store on your own computer, and under what circumstances law enforcement agents can search or seize your computer or use a subpoena to demand that you turn over your data. You'll also learn how to protect yourself in case the government does attempt to search, seize, or subpoena your data, with a focus on learning how to minimize the data that you store and use encryption to protect what you do store.
Data on the Wire
Electronic Surveillance and Communications Privacy
In this section, you'll learn about what the government can do — technically and legally — when it wants to conduct real-time surveillance of your communications, whether by planting a "bug" to eavesdrop on your face-to-face conversations, "wiretapping" the content of your phone calls and Internet communications, or using "pen registers" and "trap and trace devices" to track who you communicate with and when. We'll also discuss what steps you can take to defend against this kind of surveillance, with a focus on how to use encryption to protect the privacy of your communications.
What Can the Government Do?
When the government wants to record or monitor your private communications as they happen, it has three basic options, all of which we'll cover in-depth: it can install a hidden microphone or "bug" to eavesdrop on your conversation; it can install a "wiretap" to capture the content of your phone or Internet communications as they happen; or it can install a "pen register" and a "trap and trace device" to capture dialing and routing information indicating who you communicate with and when. In this section, we'll lay out the legal rules for when the government can conduct these types of surveillance, and look at some statistics to help you gauge the risk of having your communications targeted.
Wiretapping
Wiretapping By The Government is Strictly Regulated
When it comes to secretly eavesdropping on your conversations — whether you're talking in private or public, on the phone or face to face, by email or by instant messenger — no one's got better funding, equipment or experience than the government. They are capable of "bugging" you by using tiny hidden microphones that they've installed in your home, office, or anywhere else that you have private conversations. They can also bug you from long distances or through windows using high-powered microphones, or even laser microphones that can hear what you say by sensing the vibrations of your voice on the window's glass. They can put a "wire" or a small hidden microphone on an informant or undercover police officer to record their conversations with other people. Or they can conduct a "wiretap," where they tap into your phone or computer communications.
Use of these investigative techniques is regulated by very strong laws that protect the privacy of your communications against any eavesdropper, including law enforcement, and we'll describe those below. (Another set of laws regulating surveillance for foreign intelligence and national security purposes will be discussed later.)
However, it's important to note at the outset that the government has been known to break these laws and spy on communications without going to a judge first, usually in the name of national security. Indeed, as was first revealed in December 2005, since 9/11 the National Security Agency (NSA) has been conducting a massive and illegal program to wiretap the phone calls and emails of millions of ordinary Americans without warrants, hoping to discover terrorists by sifting through the mounds of data using computers (for more details, see EFF's NSA Spying page and the Beyond FISA section of this guide).
One might hope that the information collected as part of the NSA's dragnet surveillance will only be used against real terrorists, but there's no guarantee, particularly when there's no court oversight. And we don't have any hard data about how the NSA actually uses that information, with whom it is shared, or how long it is stored. So, although communications that have been illegally wiretapped by the NSA are unlikely to be used against you in a criminal trial — the Fourth Amendment's exclusionary rule would likely disallow it — there's no knowing whether it might be used against you in the future in some other way.
Therefore, regardless of the strengths of the laws described below, you should consider wiretapping to be a high risk, unless and until the NSA program is stopped by Congressional action or a successful lawsuit. EFF is currently suing the government and the individual officials responsible for the NSA program (see http://www.eff.org/cases/jewel), as well as AT&T, one of the companies assisting in the illegal surveillance (see http://www.eff.org/nsa/hepting), to try and stop the surveillance.
Wiretapping Law Protections
Wiretapping Law Protects "Oral," "Wire," and "Electronic" Communications Against "Interception"
Before 1967, the Fourth Amendment didn't require police to get a warrant to tap conversations occurring over phone company lines. But that year, in two key decisions (including the Katz case), the Supreme Court made clear that eavesdropping — bugging private conversations or wiretapping phone lines — counted as a search that required a warrant. Congress and the states took the hint and passed updated laws reflecting the court's decision and providing procedures for getting a warrant for eavesdropping.
The federal wiretap statute, originally passed in 1968 and sometimes called "Title III" or the Wiretap Act, requires the police to get a wiretap order — often called a "super-warrant" because it is even harder to get than a regular search warrant — before they monitor or record your communications. One reason the Fourth Amendment and the statute give us more protection against government eavesdropping than against physical searches is because eavesdropping violates not only the targets' privacy, but the privacy of every other person that they communicate with.
The Supreme Court has also said that since eavesdropping violates so many individuals' privacy, the police should only be allowed to bug or wiretap when investigating very serious crimes. So, the Wiretap Act contains enumerated offenses — that is, a list of crimes — that are the only ones that can be investigated with a wiretap order. Unfortunately, Congress has added so many crimes to that list in the past 30 years that now practically any federal felony can justify a wiretap order.
The Wiretap Act requires the police to get a wiretap order whenever they want to "intercept" an "oral communication," an "electronic communication," or a "wire communication." Interception of those communications is commonly called electronic surveillance.
An oral communication is your typical face-to-face, in-person talking. A communication qualifies as an oral communication that is protected by the statute (and the Fourth Amendment) if it is uttered when you have a reasonable expectation that your conversation won't be recorded. So, if the police want to install a microphone or a "bug" in your house or office (or stick one outside of a closed phone booth, like in the Katz case), they have to get a wiretap order. The government may also attempt to use your own microphones against you — for example, by obtaining your phone company's cooperation to turn on your cell phone's microphone and eavesdrop on nearby conversations.
A wire communication is any voice communication that is transmitted, whether over the phone company's wires, a cellular network, or the Internet. You don't need to have a reasonable expectation of privacy for the statute to protect you, although radio broadcasts and other communications that can be received by the public are not protected. If the government wants to tap any of your phone calls — landline, cellphone, or Internet-based — it has to get a wiretap order.
An electronic communication is any transmitted communication that isn't a voice communication. So, that includes all of your non-voice Internet and cellular phone activities like email, instant messaging, texting and websurfing. It also covers faxes and messages sent with digital pagers. Like with wire communications, you don't need to have a reasonable expectation of privacy in your electronic communications for them to be protected by the statute.
Privacy tip: Voice communications have more legal protection.Under the Wiretap Act, although a wiretap order is needed to intercept your email and other electronic communications, only your oral and wire communications — that is, voice communications — are covered by the statute's exclusionary rule. So, for example, if your phone calls are illegally intercepted, that evidence can't be introduced against you in a criminal trial, but the statute won't prevent the introduction of illegally intercepted emails and text messages.
An interception is any acquisition of the contents of any oral, wire, or electronic communication using any mechanical or electronic device — for example, using a microphone or a tape recorder to intercept your oral communications, or using computer software or hardware to monitor your Internet and phone communications. Wiretap law does not protect you from government eavesdroppers that are just using their ears.
Although the government may get a super-warrant to "intercept" your communications, it is not allowed to prevent your communications from occurring. For example, the government can't prevent your calls from being connected, block your emails and their attachments, or otherwise interfere with your communications based on an intercept order. In fact, if their goal is to gather intelligence on you by tapping your communications, it will not be in their best interest to interfere in your communications and possibly tip you off to their surveillance, which might prompt you to use another communications method that may be more difficult to tap.
According to the Wiretap Act, it's a crime for anyone that is not a party to a communication — anyone that isn't one of the people talking, listening, writing, reading, or otherwise participating in the communication — to intercept the communication, unless at least one of the parties to the communication has previously consented to (agreed to) the interception. Many state wiretap laws require all parties to consent, but those laws control state and local police, not the feds. If the police want to intercept an oral, wire, or electronic communication to which they are not a party and for which they have no consent, they have to get a wiretap order. Of course, an undercover police officer or informant that is talking to you while wearing a wire is a party to the conversation and has consented to the interception.
Privacy tip: Wiretapping and public websites, newsletters, and message boardsThe police do not need to get a wiretap order to read your organization's website, sign up for your email newsletter, visit your public MySpace or Facebook profile or pose as a member in an Internet chat room. Since those are all open to the public, you're allowing the police to become a party to those communications.
The requirements for getting a wiretap order from a judge are very strict. The Wiretap Act (and similar state statutes) requires law enforcement to submit a lengthy application that contains a full and complete statement of facts about (1) the crime that has been, is being, or is about to be committed and (2) the place, like your house or office, and/or the communications facilities, like those of your phone company or ISP, from which the communications are to be intercepted. The government must also submit a particular description of (3) the communications sought to be intercepted and (4) the identity of the persons committing the crime (if known) and of the persons whose communications are to be intercepted. Finally, the government must offer 5) a full and complete statement of whether other investigative procedures have been tried and have failed or why they appear unlikely to succeed or are too dangerous, (6) a full and complete statement of the period of time for which the interception is to be maintained, and (7) a full and complete statement about all previous wiretap applications concerning any of the same persons, facilities, or places.
The court can then issue the wiretap order only if it finds probable cause to believe that (1) a person is committing an enumerated offense (one of the crimes listed in the Wiretap Act); (2) communications concerning that crime will be obtained through the interception; and (3) the facilities from which the communications are to be intercepted are being used in connection with the commission of the offense. The court must also find that normal investigative techniques have failed, appear unlikely to succeed, or would be too dangerous.
The wiretap order, if issued, will almost always require the cooperation of some other person for it to be carried out. For example, the police can make your landlord let them into your apartment to install a bug, or, more often, force your ISP or phone company to help them intercept your phone or Internet communications. The wiretap order will include a "gag order" prohibiting anyone who cooperated with the police from telling you — or anyone else — about the wiretap.
It's important to note that when it comes to tapping your Internet or phone communications, third parties like your ISP or your phone company can act as an important check on police abuse. In general, the police need their cooperation, and most will not cooperate unless there is a valid wiretap order requiring them to (otherwise, they could be violating the law themselves). However, as AT&T and other companies' cooperation in the NSA's illegal wiretapping shows, these companies can never be a perfect check against government abuse, particularly when the government cites national security as its goal.
Although law enforcement can intercept your communications without your knowledge, they generally have to tell you about it when they are done. A wiretap order initially lasts for 30 days, and investigators can obtain additional 30-day renewals from the court if they need more time. But after the interception is completed and the wiretap order expires, an inventory must be issued to the person(s) named in the wiretap order and, as the judge may require, to other persons whose communications were intercepted.
A wiretap is an incredibly powerful surveillance tool. A single wiretap can invade the privacy of dozens or even hundreds of people. Fortunately, wiretaps in criminal investigations are pretty rare. Here are some numbers to keep in mind when calculating the risk of government wiretaps to you or your organization, according to the 2007 Wiretap Report to Congress from the Administrative Office of U.S. Courts:
In conclusion, although the annual Wiretap Report is no longer as useful a gauge as it once was due to the Department of Justice's recent withholding of information, it's still clear that unless you're suspected of dealing drugs (or targeted for foreign intelligence surveillance), the chances of you or your organization's phone lines being tapped are fairly low, and the chances of your Internet communications being tapped are even lower. But remember, you don't have to be a suspect to end up having your communications intercepted. So, for example, if your organization serves a client population arguably connected to criminal activity, or if you personally associate with "shady characters," your risk goes up.
There's a particular type of communications surveillance that we haven't discussed yet and that's not included in the above numbers: surveillance using pen registers and/or trap & trace devices ("pen/trap taps"). Pen registers record the phone numbers that you call, while trap & trace devices record the numbers that call you. The Supreme Court decided in 1979, in the case of Smith v. Maryland, that because you knowingly expose phone numbers to the phone company when you dial them (you are voluntarily handing over the number so the phone company will connect you, and you know that the numbers you call may be monitored for billing purposes), the Fourth Amendment doesn't protect the privacy of those numbers against pen/trap surveillance by the government. The contents of your telephone conversation are protected, but not the dialing information.
Luckily, Congress decided to give us a little more privacy than the Supreme Court did — but not much more — by passing the Pen Register Statute to regulate the use of "pen/trap" devices. Under that statute, the police do have to go to court for permission to conduct a pen/trap tap and get your dialing information, but the standard for getting a pen/trap order is much lower than the probable cause standard used for normal wiretaps. The police don't even have to state any facts as part of the Electronic Communications Privacy Act of 1986 — they just need to certify to the court that they think the dialing information would be relevant to their investigation. If they do so, the judge must issue the pen/trap order (which lasts for sixty days rather than a wiretap order's thirty days). Also, unlike normal wiretaps, the police aren't required to report back to the court about what they intercepted, and aren't required to notify the targets of the surveillance when it has ended.
With a pen/trap tap on your phone, the police can intercept:
That information is revealing enough on its own. But pen/traps aren't just for phones anymore — thanks the USA PATRIOT Act, the government can now use pen/trap orders to intercept information about your Internet communications as well. By serving a pen/trap order on your ISP or email provider, the police can get:
(If you are confused by terms like "IP addresses" and "communications ports and protocols", you may want to take a quick look at our very basic explanation of how the Internet works.)
Pen/trap taps enable what the security experts call traffic analysis. That's when an attacker tries to discover information about an asset by analyzing how it moves. For example, if your organization is working with another organization and you need to keep the relationship confidential, traffic analysis of your Internet communications could reveal the connection and show who you emailed, who you instant messaged with, what web sites you visited, and what online forums you posted to. It could also show when those communications occurred and how big they were.
For the government, the usual goal of a pen/trap tap is to identify who you are communicating with and when. In particular, individuals can often be identified based on the IP address assigned to their computer. IP addresses are generally allotted in batches, semi-permanently, to institutions such as universities, Internet service providers (ISPs), and businesses. Depending how the institution distributes its IP address allotment, it may be more or less difficult to link specific computers, and users, to certain IP addresses. It is often surprisingly easy. ISPs often keep detailed logs about IP address allotment, and as we'll discuss later, those logs are easy for the government to get using a subpoena. Similarly, if the government is collecting email addresses with a pen/trap, it's easy for them to go to the email provider and subpoena the identity of the person who registered that address.
Another purpose of pen/trap taps is to access information about your cell phone's location in real-time. When your handset is powered on, it connects to nearby cell towers to signal its proximity, so that the towers can rapidly route a call when it comes through. Law enforcement can use pen/trap devices to monitor these connections, or "pings", to pinpoint the physical location of the handset, sometimes within a few meters. And although Congress has made clear that pen/trap orders alone cannot be used to authorize this sort of location surveillance, it hasn't yet clarified what type of court order would suffice. So, although many courts have chosen to require warrants for location tracking, others have not, and the government has routinely been able to get court authorization for such tracking without probable cause.
As already noted, court authorization for a pen/trap tap is much easier to get than a wiretap order. We don't know how many pen/trap orders get issued every year — unfortunately, there is no annual report on pen/trap surveillance like there is for wiretapping — but we have heard unofficial numbers that reach into the many tens of thousands. Therefore, the risk of being subjected to pen/trap surveillance is higher than the risk of being wiretapped.
Getting a Court Order Authorizing a Wiretap
It Isn't Easy
The requirements for getting a wiretap order from a judge are very strict. The Wiretap Act (and similar state statutes) requires law enforcement to submit a lengthy application that contains a full and complete statement of facts about (1) the crime that has been, is being, or is about to be committed and (2) the place, like your house or office, and/or the communications facilities, like those of your phone company or ISP, from which the communications are to be intercepted. The government must also submit a particular description of (3) the communications sought to be intercepted and (4) the identity of the persons committing the crime (if known) and of the persons whose communications are to be intercepted. Finally, the government must offer 5) a full and complete statement of whether other investigative procedures have been tried and have failed or why they appear unlikely to succeed or are too dangerous, (6) a full and complete statement of the period of time for which the interception is to be maintained, and (7) a full and complete statement about all previous wiretap applications concerning any of the same persons, facilities, or places.
The court can then issue the wiretap order only if it finds probable cause to believe that (1) a person is committing an enumerated offense (one of the crimes listed in the Wiretap Act); (2) communications concerning that crime will be obtained through the interception; and (3) the facilities from which the communications are to be intercepted are being used in connection with the commission of the offense. The court must also find that normal investigative techniques have failed, appear unlikely to succeed, or would be too dangerous.
The wiretap order, if issued, will almost always require the cooperation of some other person for it to be carried out. For example, the police can make your landlord let them into your apartment to install a bug, or, more often, force your ISP or phone company to help them intercept your phone or Internet communications. The wiretap order will include a "gag order" prohibiting anyone who cooperated with the police from telling you — or anyone else — about the wiretap.
It's important to note that when it comes to tapping your Internet or phone communications, third parties like your ISP or your phone company can act as an important check on police abuse. In general, the police need their cooperation, and most will not cooperate unless there is a valid wiretap order requiring them to (otherwise, they could be violating the law themselves). However, as AT&T and other companies' cooperation in the NSA's illegal wiretapping shows, these companies can never be a perfect check against government abuse, particularly when the government cites national security as its goal.
Although law enforcement can intercept your communications without your knowledge, they generally have to tell you about it when they are done. A wiretap order initially lasts for 30 days, and investigators can obtain additional 30-day renewals from the court if they need more time. But after the interception is completed and the wiretap order expires, an inventory must be issued to the person(s) named in the wiretap order and, as the judge may require, to other persons whose communications were intercepted.
How Big is The Risk?
A wiretap is an incredibly powerful surveillance tool. A single wiretap can invade the privacy of dozens or even hundreds of people. Fortunately, wiretaps in criminal investigations are pretty rare. Here are some numbers to keep in mind when calculating the risk of government wiretaps to you or your organization, according to the 2007 Wiretap Report to Congress from the Administrative Office of U.S. Courts:
- In 2007, according to the report, 2,208 applications for wiretap orders were submitted to state and federal courts. 457 were in federal cases, the rest state. The courts granted every application, and of the 2,208 authorized wiretaps, 2,119 of them were installed.
- Although it may appear that the number of federal wiretaps has been steadily dropping since 2004, in contrast to the sharp rise in state wiretaps, the truth is much more troubling. According to the latest report, the U.S. Department of Justice has in recent years declined to provide information about all of its wiretap activity for the report, in order to protect "sensitive and/or sealed" information. The Department of Justice admits that if it did provide all of that information, however, the 2007 report "would not reflect any decrease in the use of court-approved electronic surveillance" by U.S. agencies. So, the feds aren't wiretapping any less — they're just being even more secretive about it — and presumably the number of federal wiretaps is growing at the same rate as the state number.
- On average, according to the report, each installed wiretap intercepted over 3,000 separate communications.
- On average, according to the report, each installed wiretap intercepted the communications of 94 different people. In other words, the 2,119 installed wiretaps reported in 2007 intercepted the communications of nearly two hundred thousand people!
- "Roving" wiretap orders are especially powerful. Instead of being limited to particular phone lines or Internet accounts, these orders allow the police to tap any phone or computer that the suspect uses, even if it isn't specified in the order itself. In 2007, 21 roving wiretap orders were reported by state authorities, mostly in narcotics cases. The federal authorities didn't report any roving wiretaps, but that doesn't mean they didn't use them; the Department of Justice likely thinks all of its roving wiretaps were in cases too "sensitive" to warrant reporting.
- Over 80% of all reported wiretap orders in 2007 were issued in drug investigations.Wiretap orders by crime:
- Nearly 95% of the 2,119 wiretap installations reported in 2007 were for the interception of wire communications — that is, taps on phones — rather than for interception of electronic communications. It's doubtful that the federal authorities have been fully forthcoming on this point — they reported only one (!) wiretap of electronic communications and only three wiretaps that collected a combination of wire and electronic communications — but it's clear that telephone wiretaps are still much more prevalent than Internet wiretaps. One major reason for this is that the government has another way of getting at your Internet communications, under less strict legal requirements: by obtaining stored copies of your communications from your ISP or your email provider, as described in the next section, Information Stored By Third Parties. Oral intercepts — through the bugging of your home or car or office, for example — are also quite rare. You're more likely to have your oral conversations intercepted by an undercover agent or informant wearing a hidden microphone, since such conduct does not require a wiretap order.Wiretaps by type of communication intercepted:
In conclusion, although the annual Wiretap Report is no longer as useful a gauge as it once was due to the Department of Justice's recent withholding of information, it's still clear that unless you're suspected of dealing drugs (or targeted for foreign intelligence surveillance), the chances of you or your organization's phone lines being tapped are fairly low, and the chances of your Internet communications being tapped are even lower. But remember, you don't have to be a suspect to end up having your communications intercepted. So, for example, if your organization serves a client population arguably connected to criminal activity, or if you personally associate with "shady characters," your risk goes up.
"Pen Registers" and "Trap and Trace Devices"
Less Powerful Than a Wiretap But With Much Weaker Privacy Safeguards
There's a particular type of communications surveillance that we haven't discussed yet and that's not included in the above numbers: surveillance using pen registers and/or trap & trace devices ("pen/trap taps"). Pen registers record the phone numbers that you call, while trap & trace devices record the numbers that call you. The Supreme Court decided in 1979, in the case of Smith v. Maryland, that because you knowingly expose phone numbers to the phone company when you dial them (you are voluntarily handing over the number so the phone company will connect you, and you know that the numbers you call may be monitored for billing purposes), the Fourth Amendment doesn't protect the privacy of those numbers against pen/trap surveillance by the government. The contents of your telephone conversation are protected, but not the dialing information.
Luckily, Congress decided to give us a little more privacy than the Supreme Court did — but not much more — by passing the Pen Register Statute to regulate the use of "pen/trap" devices. Under that statute, the police do have to go to court for permission to conduct a pen/trap tap and get your dialing information, but the standard for getting a pen/trap order is much lower than the probable cause standard used for normal wiretaps. The police don't even have to state any facts as part of the Electronic Communications Privacy Act of 1986 — they just need to certify to the court that they think the dialing information would be relevant to their investigation. If they do so, the judge must issue the pen/trap order (which lasts for sixty days rather than a wiretap order's thirty days). Also, unlike normal wiretaps, the police aren't required to report back to the court about what they intercepted, and aren't required to notify the targets of the surveillance when it has ended.
With a pen/trap tap on your phone, the police can intercept:
- The phone numbers you call
- The phone numbers that call you
- The time each call is made
- Whether the call was connected, or went to voicemail
- The length of each call
- Most worrisome, we've heard some reports of the government using pen/trap taps to intercept content that should require a wiretap order: specifically, the content of SMS text messages, as well as "post-cut-through dialed digits" (digits you dial after your call is connected, like your banking PIN number, your prescription refill numbers, or your vote for American Idol).
That information is revealing enough on its own. But pen/traps aren't just for phones anymore — thanks the USA PATRIOT Act, the government can now use pen/trap orders to intercept information about your Internet communications as well. By serving a pen/trap order on your ISP or email provider, the police can get:
- All email header information other than the subject line, including the email addresses of the people to whom you send email, the email addresses of people that send to you, the time each email is sent or received, and the size of each email that is sent or received.
- Your IP (Internet Protocol) address and the IP address of other computers on the Internet that you exchange information with, with timestamp and size information.
- The communications ports and protocols used, which can be used to determine what types of communications you are sending using what types of applications.
- Although we don't think the statute allows it, the police might also use pen/trap taps to get the URLs (web addresses) of every website you visit, allowing them to track what you are reading when you surf the web. The Department of Justice's apparent policy on this score is to collect information about what site you are visiting — e.g., "www.eff.org" — using pen/trap taps, but to obtain a wiretap order before collecting information about what particular page or file you are visiting — e.g., "www.eff.org/nsa". However, there's no way to confirm that federal authorities actually follow this policy in all cases, and serious doubt as to whether state authorities do.
(If you are confused by terms like "IP addresses" and "communications ports and protocols", you may want to take a quick look at our very basic explanation of how the Internet works.)
Pen/trap taps enable what the security experts call traffic analysis. That's when an attacker tries to discover information about an asset by analyzing how it moves. For example, if your organization is working with another organization and you need to keep the relationship confidential, traffic analysis of your Internet communications could reveal the connection and show who you emailed, who you instant messaged with, what web sites you visited, and what online forums you posted to. It could also show when those communications occurred and how big they were.
For the government, the usual goal of a pen/trap tap is to identify who you are communicating with and when. In particular, individuals can often be identified based on the IP address assigned to their computer. IP addresses are generally allotted in batches, semi-permanently, to institutions such as universities, Internet service providers (ISPs), and businesses. Depending how the institution distributes its IP address allotment, it may be more or less difficult to link specific computers, and users, to certain IP addresses. It is often surprisingly easy. ISPs often keep detailed logs about IP address allotment, and as we'll discuss later, those logs are easy for the government to get using a subpoena. Similarly, if the government is collecting email addresses with a pen/trap, it's easy for them to go to the email provider and subpoena the identity of the person who registered that address.
Another purpose of pen/trap taps is to access information about your cell phone's location in real-time. When your handset is powered on, it connects to nearby cell towers to signal its proximity, so that the towers can rapidly route a call when it comes through. Law enforcement can use pen/trap devices to monitor these connections, or "pings", to pinpoint the physical location of the handset, sometimes within a few meters. And although Congress has made clear that pen/trap orders alone cannot be used to authorize this sort of location surveillance, it hasn't yet clarified what type of court order would suffice. So, although many courts have chosen to require warrants for location tracking, others have not, and the government has routinely been able to get court authorization for such tracking without probable cause.
As already noted, court authorization for a pen/trap tap is much easier to get than a wiretap order. We don't know how many pen/trap orders get issued every year — unfortunately, there is no annual report on pen/trap surveillance like there is for wiretapping — but we have heard unofficial numbers that reach into the many tens of thousands. Therefore, the risk of being subjected to pen/trap surveillance is higher than the risk of being wiretapped.
Legal disclaimer: This guide is for informational purposes only and does not constitute legal advice. EFF's aim is to provide a general description of the legal and technical issues surrounding you or your organization's computer and communications security, and different factual situations and different legal jurisdictions will result in different answers to a number of questions. Therefore, please do not act on this legal information alone; if you have any specific legal problems, issues, or questions, seek a complete review of your situation with a lawyer licensed to practice in your jurisdiction.
Links to Wikipdia: Malware, Privacy, Surveillance, Uberveillance
More articles about Uberveillance
More articles about Privacy
Posts
Geen opmerkingen:
Een reactie posten