1 Bender on Privacy and Data Protection § 2.01[1] (2020)
Since its enactment in 1986, the ECPA has been one of the primary workhorse statutes of federal prosecutors seeking information from oral, wire, or electronic communications. The act comprises three distinct corpuses of law: the Wiretap Act, which focuses on interception of oral, wire, or electronic communications; the Stored Communication Act, which focuses on acquisition of wire or electronic messages in electronic storage; and the Pen Register Act, which deals with the installation and use of pen registers.
One of privacy law’s ongoing battles is the conflict between privacy and security. The conventional wisdom has it that London is the world’s most “surveilled” city, with thousands of police cameras positioned across the city to detect malfeasance. But with an increasing number of US federal laws permitting government surveillance, some enacted post-9/11 and some prohibiting notice to affected individuals, is the United States en route to becoming a “surveillance society”? Used properly, surveillance increases security. But surveillance also decreases privacy. In particular, has the US reaction to terrorism relegated privacy to a back seat? And if so, is that appropriate?
Wiretapping, e-mail interception, bugging, access to stored communications, and access to other communications records (
e.g., records of RFID devices used to pay tolls) are all used for law enforcement purposes. Today we have a number of federal statutes indicating how, where, and when various types of surveillance may properly be undertaken by law enforcement agencies. These statutes spell out a regime whereby government may use surveillance in an authorized manner. Unlawful surveillance by law enforcement agencies may result in exclusion of evidence so obtained (as well as evidence derived from that evidence),
1 and may also subject those engaged in the surveillance to civil and criminal sanctions. Some of these statutes also impose limits on the degree to which private parties may engage in surveillance.
Federal regulation of surveillance began at least as far back as the Federal Communications Act of 1934,
2 of which § 605 provided that, absent sender consent, it was unlawful to intercept a communication and disclose its content or existence. Title III of the Omnibus Crime Control and Safe Streets Act of 1968
3 had greater scope. It was directed to in-person communication as well as telephone calls. Title III was replaced by the Electronic Communications Privacy Act of 1986,
4 which was divided into three titles. Title I, the Wire and Electronic Communications Interception Act,
5 was directed to the interception of electronic communications. Title II, the Stored Wire and Electronic Communications Act,
6 deals with obtaining communications in electronic storage (such as e-mail or voice mail). And Title III, the Pen Register Act,
7 governs the use of “pen registers,” which are devices attached to a telephone line that disclose phone numbers dialed by a user of that line.
8In
Olmstead v. United States9 the Supreme Court permitted interception of telephone calls so long as there was no physical trespass against private property. At that time, numerous states had statutes prohibiting wiretapping. The initial federal statute to do so was § 605 of the Federal Communications Act of 1934. That statute had no exclusionary clause, but it did not take the courts long to read into the statute a prohibition against the admissibility in federal court of evidence obtained by federal agents in violation of that statute.
10 Reportedly, the federal government and some states engaged in widespread and long-term wiretapping, and it has been suggested that J. Edgar Hoover, the longtime Director of the Federal Bureau of Investigation, orchestrated a campaign of wiretapping abuses against those he disliked.
After
Katz v. United States11 overruled
Olmstead, § 605 gave way to the Omnibus Crime Control and Safe Streets Act of 1968,
12 Title III of which dealt with the interception of wire or oral communications, and in general required a court order on probable cause.
13 There was an exception for national security purposes which, after abuses directed at domestic “threats,” was interpreted to apply only to foreign threats to national security.
14 In 1978 the Foreign Intelligence Surveillance Act (“FISA”)
15 was passed, setting out procedures by which the government could establish surveillance for national security matters.
In 1986 Congress enacted the Electronic Communications Privacy Act of 1986, which (1) modified the wiretapping provisions (Title III) of the Safe Streets Act (the modified statute is the Wiretap Act),
16 and (2) added provisions dealing with (a) unauthorized access to stored communications (the Stored Communications Act),
17 and (b) the use of pen registers and trap-and-trace devices (the Pen Register Act).
18 One purpose of the ECPA was to focus on advancing technology, in particular the burgeoning use of computers, and the ECPA has been amended several times. The statute covers oral, wire, and electronic communications
19 while in transit and in storage. Further, in 1994 the Communications Assistance for Law Enforcement Act was enacted,
20 amending the ECPA to require telecom carriers and manufacturers of telecom equipment to modify and design their equipment, facilities and service so as to incorporate surveillance capabilities for law enforcement purposes. And in the wake of 9/11 the USA PATRIOT Act made many amendments to the ECPA.
Surveillance statutes reflect the tension between, on the one hand, the individual’s desire for privacy, and on the other, the government’s need for information in the battle against crime and terrorism, and the corporate world’s quest for competitive intelligence.
In
Suzlon v. Microsoft,
21 one issue was whether the ECPA applied to non-citizens of the United States. Suzlon filed a petition under
28 U.S.C.S. § 1782,
22 demanding that Microsoft, as an e-mail provider, produce documents from the defendant Sridhar’s account. Suzlon sought the emails for use in a civil fraud proceeding pending in Australia against Sridhar, who was a citizen of India imprisoned abroad. The e-mails were stored on a server in the United States, and the provider was a domestic corporation. The district court sustained Microsoft’s objection to production under the ECPA. On appeal, the Ninth Circuit affirmed, holding that the ECPA prohibited the provider from disclosing Sridhar’s e-mails. The ECPA’s protection extended to “users,” defined under
18 U.S.C.S. § 2510(13) as “any person” who made authorized use of an electronic communication service. Moreover, the court held that “any person” included non-citizens of the United States. The plain text of the ECPA placed no qualification on the term “any person,” and the statute as a whole confirmed that Congress intended the term to cover non-citizens. The court declared that the scope of the ECPA was not limited only to those persons entitled to protection under the
Fourth Amendment, nor was there an exception for documents used in civil litigation.
1 Bender on Privacy and Data Protection § 2.01[2] (2020)
U.S. federal surveillance law is an area controlled by detailed statutes, and is also a moving target, as those statutes are frequently amended. This area is also impacted significantly by the
Fourth Amendment,
23 whose application law keeps evolving, not only in response to existing situations, but also in response to the challenges provided by new technology. Along with
Fourth Amendment law, U.S. federal surveillance law is one of the relatively few areas of Privacy law that is mostly if not entirely within the province of criminal law. And as is the case with
Fourth Amendment law, the practitioner who becomes involved with U.S. federal surveillance law, in addition to staying apprised of developments in
Fourth Amendment law itself, must stay abreast of the amendments to the pertinent statutes, to cases decided under them, and to other aspects of criminal law, with regard to both procedure (federal or state as the case may be), and substance. This area is characterized by many criminal actions, but also has a significant number of civil actions for damages. Although the statutes explicitly create private causes of action, the cases suggest that it is not particularly easy for plaintiffs to win them.