ComputerWorld: U.S. police increasingly snoop at private email

Louis Mamakos louie at transsys.com
Tue Apr 19 17:01:44 CDT 2011 

This article sort of misses the point, as he's mixing very different sorts of legal instruments.  Requests for stored electronic information are essentially search warrants.  There are search warrants and court orders issued all the time for data and that there is no reporting of the volume of these might be a problem.  Some of these orders are not even via criminal court matter; I've seen orders by way of civil court cases (e.g., divorce proceedings) for stored electronic information like call detail records.

This is all very different from the interception of call signaling and call content, where the likelihood that irrelevant communications might be intercepted is higher.  That is, a "pen-register" order specified a telephone number and not a person.  If someone other than the target of the investigation uses that phone, their communications might be inadvertently intercepted and then discontinued when the content isn't subject to the court order.

The tenor of the article is still a bit off; you might have the impression that given an automation interface that, e.g., Sprint set up using a web server allows random inquires to happen.  Having spoken to the Sprint guys at conferences that deal with lawful intercept, it is the case that a court order still needs to exist to enable access to these systems.  The reality is different that CSI, etc. would lead you to believe.

It's a difficult situation.  I have first-person experience with (local, state and federal) law enforcement and implementing electronic intercepts for a service provider.  Without exception, all the officers and agents I've personally dealt with were trying very hard to do the right thing, but I suppose there are bad apples in every barrel and the potential for abuse exists.  Reporting and auditing are the ways to combat this, though I'd hope that the mechanisms extend beyond orders for stored electronic information to search warrants in general.

It's also difficult because of varying state and federal statutes and the inconsistency between them.  Here's a very real question that came up at a lawful intercept conference I participated in:  

 -  A carrier receives a "pen-register" order on March 1, 2011 valid for 90 days.
 -  30 days into the criminal investigation, they now have probable cause to seek a Title-III (content intercept) order for 90 days, effective April, 1 2011.
 -  What happens in June 2011 when the pen-register order expires?  Should they continue to provide content intercepts after ceasing to deliver call data (signaling) intercepts?  Is it even possible?

Some state laws combine these; where content intercepts are logically a superset that include call-data, while others do not.  I believe that federal orders have them distinct, though most orders I've received for call content also explicitly state call data should be included.  Much suffering and woe when reality and law conflict.

Heck, even jurisdictional questions in today's telecom world are interesting to ponder.  If you have a UK customer of US VoIP service provider with a Canadian phone number, physically located in Mexico, who gets to serve a court order to intercept his communications?  Another reason to be glad I'm now a lawyer, but I sure pondered that questions and variations from time to time.

Who pays for all the lawyers and staff to implement?  I know that carrier XYZ has at least as many staff processing these requests, and it's a cost center for them.  What do you when law enforcement don't pay their lawful intercept bills?  Montgomery County, MD is a well-known deadbeat in this regard, or at least they were a couple of years ago.  Do you refuse to implement the order, risking contempt of court by not complying with a lawful court order?  Do you get credits against future speeding tickets? :-)  XYZ was famous a few years ago when they blinked, but got a bunch of bad PR out of the mess.  Their solution was to just raise the price so that the other agencies would pick up the slack from the deadbeats.

louie
wa3ymh


On Apr 13, 2011, at 7:06 PM, Andre Kesteloot wrote:

> Computerworld Security: April 12, 2011
> ===============================================================
> 
> U.S. police increasingly snoop at private email, IM
> 
> Law enforcement organizations are making tens of thousands of requests for
> private electronic information from companies such as Sprint, Facebook and AOL,
> but few detailed statistics are available.
> http://cwonline.computerworld.com/t/7288133/875421059/479207/0/
> 
> _______________________________________________
> Tacos mailing list
> Tacos at amrad.org
> https://amrad.org/mailman/listinfo/tacos

More information about the Tacos mailing list