UPDATED: August 2019 | SOURCE: GNI with support from Hogan Lovells
Provision of Real-time Lawful Interception Assistance
Real-Time Government Interception
There are three key United States federal statutes that authorize and govern interception: (1) the Omnibus Crime Control and Safe Streets Act of 1968 (the Wiretap Act”), as amended by the Electronic Communications Privacy Act of 1986 (“ECPA”); (2) the 1978 Foreign Intelligence Surveillance Act (“FISA”); and (3) the 1995 Communications Assistance for Law Enforcement Act (“CALEA”). Intelligence agencies also intercept communications under the authority granted by Executive Order (“EO”) 12333, as amended. See Exec. Order No. 12333 (Dec. 4, 1981). EO 12333 permits the collection, retention, and dissemination of “information obtained in the course of a lawful foreign intelligence, counterintelligence, international narcotics or international terrorism investigation” and of information “[i]ncidentally obtained . . . that may indicate involvement in activities that may violate federal, state, local or foreign laws.” EO 12333 Part 2.3(c), (i).
Title I of ECPA, which amended the 1968 Wiretap Act, authorizes the government to intercept electronic communications related primarily to criminal investigations. As amended by ECPA, the Wiretap Act first prohibits interception except as otherwise provided in the legislation. See 18 U.S.C. § 2511. These exceptions authorize certain government officials to approve interception of wire or oral communications to investigate specific crimes, including but not limited to espionage, treason, murder, kidnapping, robbery, extortion, bribery, certain financial crimes, obstruction, presidential assassination, interference with commerce by threats or violence, racketeering, certain types of theft, counterfeiting, bankruptcy fraud, narcotics, and conspiracy to commit such crimes. See 18 U.S.C. § 2511.2 The interception of electronic communications may be authorized more broadly for any situation involving any crime for which the maximum period of incarceration is a year or more. See 18 U.S.C. § 2511. Under the Fourth Amendment to the U.S. Constitution, there is a general right to be free from unreasonable search and seizure, and a warrant to conduct a search or seizure may be issued by a judge or magistrate only if it is supported by “probable cause” to believe that the information sought will contain evidence of a crime. The warrant must particularly describe the place to be searched or seized. The standard for obtaining an order under the Wiretap Act for interception of communications is exacting, and goes beyond proving probable cause: the requesting agency must provide a “full and complete statement of the facts and circumstances” justifying the order, and the judge issuing the order must determine that “normal investigative procedures have been tried and have failed or reasonably appear to be unlikely to succeed. . . .” See § 2518. ECPA also provides a mechanism by which the government can gain permission to record the numbers dialed by or to a telephone, although the recording does not capture the content of the communications of those calls. These “pen registers” and “trap and trace devices” may be installed after the government certifies to a court that “the information likely to be obtained by such installation and use is relevant to an ongoing criminal investigation.” § 3123. ECPA allows for interception without a warrant in certain emergencies involving death or serious bodily harm, threats against national security, and conspiratorial activities. See § 2518. Congress has amended ECPA through several pieces of legislation, including the 1994 Communications Assistance to Law Enforcement Act, the 1996 Antiterrorism and Effective Death Penalty Act, the 2001 USA PATRIOT Act and subsequent reauthorizations, the 2018 CLOUD Act, and FISA.
FISA authorizes the government to intercept foreign intelligence information for national defense and security purposes, including in instances where no criminal activity is involved. Under FISA, “foreign intelligence information” includes information relating to: real or potential attacks or other grave hostile acts against the United States, sabotage, international terrorism, proliferation of weapons of mass destruction, foreign intelligence services, or information otherwise related to the national defense and security of the United States or the conduct of foreign affairs of the United States. See 50 U.S.C. § 1801(e). FISA authorizes the government to target foreign powers, and agents of foreign powers, regardless of whether they are U.S. persons. “[F]oreign powers” include foreign governments and components thereof, factions of foreign nations, entities controlled by foreign governments, groups engaged in international terrorism, foreign-based political organizations, and entities engaged in the international proliferation of weapons of mass destruction. See § 1801(a). U.S. persons include U.S. citizens, permanent resident aliens, certain unincorporated associations, and U.S. corporations. See § 1801(i). During war, the president can authorize electronic surveillance without a court order to obtain foreign intelligence information. See § 1811. Congress significantly amended FISA through the 1995 Intelligence Authorization Act, the 1999 Intelligence Authorization Act, the 2001 USA PATRIOT Act, the USA PATRIOT Act Reauthorizations, and the 2008 FISA Amendments Act.
Section 702 of FISA, which the 2008 FISA Amendments Act added, permits the targeted surveillance of persons reasonably believed to be non-U.S. persons located outside of the United States. Unlike traditional FISA surveillance, Section 702 does not require that the FISA Court determine that there is probable cause that the target of surveillance is a foreign power or an agent of a foreign power. Section 702 surveillance now dwarfs traditional FISA surveillance: The government reported that for calendar year 2018, there were 1,833 estimated targets of traditional FISA surveillance, and 164,770 estimated targets of Section 702 surveillance. In 2018, Congress reauthorized Section 702 for six years.
FISA also authorizes the government to apply for a court order authorizing the installation of pen registers, and trap and trace devices, for the purpose of collecting foreign intelligence information. See 50 U.S.C. § 1842. The order is issued upon the applicant’s certification that the information likely to be obtained is foreign intelligence information not concerning a U.S. person, or is relevant to an ongoing investigation to protect against international terrorism or clandestine intelligence activities, provided that such investigation of a U.S. person is not conducted solely upon the basis of activities protected by the First Amendment to the U.S. Constitution.
CALEA compels telecommunication manufacturers and carriers to outfit telecommunications equipment, facilities and services with expeditious interception capabilities. Congress promulgated CALEA in response to a growing concern that new technologies would inhibit the government’s ability to intercept information. In 2004, the Federal Communications Commission (“FCC”) issued a “First Report and Order,” which found that telecommunication technologies included VoIP and broadband Internet, in addition to digital telephone networks. CALEA requires not only that carriers ensure the capability to intercept, but also that the carrier provides all reasonably available identifying information. See 47 U.S.C. § 1002. Additionally, those subject to interception must be unable to detect the interception. See § 1002.
Disclosure of Communications Data
Compelled Disclosure of Stored Communications Data
While the United States generally does not have compulsory data retention legislation, the government can demand the disclosure of stored communications data: (1) pursuant to the Stored Communications Act (“SCA”); (2) through the issuance of national security letters; and (3) through the issuance of orders under Section 215 of the USA PATRIOT Act.
The SCA provides that the government can demand that certain service providers disclose the “contents of a wire or electronic communication.” See 18 U.S.C. § 2703. Such communications include, but are not limited to, e-mail, instant messages, and text messages. The SCA establishes detailed rules for government access to customer and subscriber information and content data. The government may use a subpoena to get subscriber information, to include the name, address, local and long distance telephone connection records, or records of session times and durations; length of service (including start date) and types of service utilized; telephone or instrument number or other subscriber number or identity, including any temporarily assigned network address; and means and source of payment for such service (including any credit card or bank account number). The government generally can obtain a court order for other stored, non-content information (such as email headers without the subject line) by providing “specific and articulable facts showing that there are reasonable grounds to believe” the information sought is “relevant and material” to an ongoing criminal investigation. § 2703(d). Although the SCA provides a different level of privacy protections for email based on whether it was stored for 180 days or less, subsequent court decisions and U.S. Department of Justice policy generally require law enforcement to seek a judicial warrant, based on probable cause, to obtain the contents of electronic communications such as e-mail.
In Carpenter v. United States, 585 U.S. –, 138 S. Ct. 2206 (2018), the U.S. Supreme Court determined that a warrant issued by a judge or magistrate upon a showing of probable cause is required for law enforcement officers to obtain seven or more days of stored cell site location information. The Court has not yet determined whether a warrant is required for compelled disclosure of fewer days of such information, or whether compelled disclosure of location information in real time requires a showing of probable cause.
The remaining sections of the SCA provide various rules related to additional types of lawful disclosures, the preservation of communications, and national security letters. For example, electronic communication and remote computing service providers cannot disclose the contents of communications unless certain exceptions apply, such as Section 2703. See § 2701. The service providers also may divulge the communication: to the intended recipient, with lawful consent, to forward the communication to its destination; to the National Center for Missing and Exploited Children under certain conditions; and in certain emergency situations. See § 2702. Providers of electronic communication and remote computing services must preserve records for ninety days if requested by the government pending a court order. See § 2703(f). The government can also require service providers to create backup copies of “the contents of the electronic communications sought in order to preserve those communications.” See § 2704.
Finally, the SCA permits the Federal Bureau of Investigation to issue documents known as “national security letters” (“NSLs”). See § 2709. These NSLs can compel providers to disclose subscriber information such as name, address, length of service, and toll billing records, when those records are, or that information is, relevant to an investigation of international terrorism or clandestine intelligence activities. To compel the disclosure of traffic information, such as e-mail logs in those investigations, the FBI must apply for an order from the FISA Court under Section 215 of the USA PATRIOT Act. The order is issued if there are reasonable grounds to believe that the information sought is relevant to the investigation. See 50 U.S.C. § 1861.
On March 23, 2018, the United States enacted the Clarifying Lawful Overseas Use of Data Act (the “CLOUD Act”). Significantly, the CLOUD Act: (1) amends the SCA to make clear that U.S. legal process served on a cloud provider within the United States may be used to compel the production of customer data held outside the country; and (2) creates a new legal mechanism for the United States to enter bilateral executive agreements with other like-minded countries, in order for both sides to more rapidly obtain criminal- and terrorism-related data directly from cloud providers in the other country. See Consolidated Appropriations Act 2018, Pub. Law. No. 115- 141, at 2201-32.
The United States may also request information stored in other countries through intelligence sharing agreements, such as the “Five Eyes” agreement, through which Australia, Canada, New Zealand, the United Kingdom, and the United States share signals intelligence among themselves. Signals intelligence activities may include tapping phones and intercepting electronic communications. The United States also has entered into Mutual Legal Assistance Treaties (“MLATs”) with other nations which, in part, may be used to obtain or provide information relating to criminal law enforcement, including by requesting the receiving nation to take necessary steps for the surveillance of communications consistent with its domestic laws. Finally, U.S. law enforcement routinely shares information with, and receives information from, other countries when conducting joint law enforcement and intelligence investigations.
National Security and Emergency Powers
The United States has several overlapping emergency and national security powers with respect to electronic communications. National security powers regarding electronic communications primarily are governed by FISA and ECPA (discussed above in Section 1). Certain federal institutions may also exercise national security powers via the issuance of a national security letter (as discussed in Section 2 above). In addition, the War Powers of the President Act (“WPPA”) provides that, during war, the president can direct communications with “preference or priority with any carrier.” See 47 U.S.C. § 606. The WPPA further provides that the president may: “(1) suspend or amend the rules and regulations applicable to any or all facilities or stations for wire communication within the jurisdiction of the United States as prescribed by the Commission, (2) cause the closing of any facility or station for wire communication and the removal therefrom of its apparatus and equipment, or (3) authorize the use or control of any such facility or station and its apparatus and equipment by any department of the Government under such regulations as he may prescribe, upon just compensation to the owners.” Id. at § 606(d).
Emergency powers regarding electronic communications are governed primarily by the National Emergencies Act (“NEA”). The NEA establishes the presidential emergency power and dictates the process to exercise such power. The NEA authorizes the president to declare national emergencies. See 50 U.S.C. § 1621. Upon declaring an emergency, the president must “specif[y] the provisions of law under which he proposes that he, or other officers, will act.” See § 1631. The provision also provides that “[s]uch specification may be made either in the declaration of a national emergency, or by one or more contemporaneous or subsequent Executive orders published in the Federal Register and transmitted to the Congress.” Finally, following the September 11, 2001 attacks on the United States, the President invoked authority under Article II of the U.S. Constitution to conduct warrantless surveillance to prevent further catastrophic attacks on the homeland.
Oversight of the Use of Powers
Each of the three key statutes that govern lawful interception—the Wiretap Act as amended by ECPA, FISA and CALEA—provides various oversight procedures on lawful interception. First, the Wiretap Act and FISA authorize the judiciary to grant or deny applications for interception in non-emergency situations. In emergency situations under both the Wiretap Act and FISA, the Attorney General can authorize interception without judicial authorization. However, both laws require judicial authorization within a few days of commencement of emergency surveillance. Also, all institutions engaging in interception must submit reports to various agencies, depending on the circumstances for review. The agencies include, but are not limited to: the court that issued the approval, the Administrative Office of the United States Courts, the Permanent Select Committee on Intelligence, the Committee on the Judiciary of the House of Representatives, the Select Committee on Intelligence, the Committee on the Judiciary of the Senate, and, at times, Congress at large. Court orders for interception under the Wiretap Act extend initially for up to 30 days, and interception cannot continue lawfully beyond 30 days unless the court extends the order for additional periods no longer than 30 days. Court orders for interception under FISA can extend initially for a period of 90 days to a year depending on the nature of the target, and cannot continue lawfully beyond the authorized period unless the court extends the order. Generally, individuals subject to unlawful electronic surveillance by private entities—and not by the government—can seek civil remedy in the judicial system. Individuals subject to violations of certain provisions of FISA and of the Wiretap Act by the government can also file actions against the United States. Finally, while CALEA does not authorize interception, it does require that carrier equipment, facilities and services are able to offer interception capabilities. The Attorney General and the Comptroller General of the United States also must submit reports on this progress to Congress.
The SCA provides several oversight mechanisms with respect to the disclosure of electronic communications, whereas few mechanisms exist to oversee the use of national security letters and Section 215 of the USA PATRIOT Act. First, governmental entities wishing to require the disclosure of electronic communications under the SCA must apply for a warrant in a court of competent jurisdiction according to 18 U.S.C. § 2703. Further, according to Section 2707, individuals subject to violations of the disclosure rules by private entities can generally seek civil remedy in the judicial system. Individuals subject to violations by the government can commence an action against the United States pursuant to Section 2712. There are no reporting procedures established with respect to the disclosure of communications data. Second, legislation affords those subject to national security letters little protection. NSLs are issued without court authorization, and are based on a low evidentiary standard. While a recipient of a national security letter may challenge it in court, the grounds for challenge are limited. Section 215 orders for stored communications traffic information are issued by the FISA Court based on a low evidentiary standard of “relevance” to an investigation.
National Emergency and National Security Powers
National emergency and national security powers are subject to various forms of Congressional and judicial oversight. For example, Congress can enact a joint resolution to terminate an emergency—thereby removing the president’s emergency powers—pursuant to 50 U.S.C. § 1622. However, the president can still exercise the emergency powers if the emergency actions are: “not finally concluded,” “based on [prior] act[s],” or demanded by “rights or duties that matured” during the emergency. Furthermore, “each House of Congress shall meet to consider a vote on a joint resolution to determine whether that emergency shall be terminated” pursuant to Section 1622. In contrast, the national security powers—codified in FISA, ECPA and WPPA—are subject primarily to judicial oversight. The oversight of FISA and ECPA is discussed above in this Section. With respect to WPPA, those subject to the executive use and control of electronic communications facilities and stations are entitled to just compensation. Those who believe the compensation is unjust can file suit “in the manner provided by section 1346 or section 1491 of title 28,” according to 47 U.S.C. § 606.
In light of the First Amendment to the U.S. Constitution, the United States government possesses minimal power to censor electronic communications. The powers that it does possess are administered by the FCC. The FCC is an independent government agency overseen by Congress that regulates all domestic and international telecommunications. The governing legislation regarding telecommunication, the Telecommunications Act of 1996 (“Telecommunications Act”), primarily deregulated much of the telecommunications industry in an effort to promote competition. Two key statutes govern censorship of communications. First, the Telecommunications Act prohibits censorship and encroachments upon an individual’s First Amendment rights. Second, the 1996 Communications Decency Act (“CDA”) describes where communications are inappropriate and fineable. However, the First Amendment right to free speech significantly precludes the FCC from regulating such communications.
In general, there is a strong presumption against FCC regulation of content on telecommunications networks, with a few notable exceptions. Section 326 of the Telecommunications Act prohibits the FCC from prohibiting or compelling certain programming. The provision mandates that the FCC not be given the “power of censorship,” nor shall it promulgate any regulation or condition that “interfere[s] with the right of free speech.” See 47 U.S.C. § 326.
Obscenity and Indecency
While the statute generally prohibits censorship, the FCC does have policies prohibiting the deliberate suppression, slanting, and rigging of news,3 and the CDA outlines specific instances where the FCC is authorized to censor communications to enforce obscenity laws. See 47 U.S.C. 223. Additionally, 18 U.S.C. §1464, asserts that the broadcast of obscene, indecent or profane material is punishable by fine, imprisonment, or both. These prohibitions are designed to protect audiences, including young children, from material that is patently “coarse, vulgar, suggestive, or susceptible of indecent double meaning” and to uphold values that are “consistent with the public interest.” See Pacifica Foundation v. FCC, 556 F.2d 9 (D.C. Cir. 1978). Censorship of this type is most often seen with regard to profanity on broadcast television and content that “portrays sexual conduct in a patently offensive way, and which, taken as a whole does not have serious literary, artistic, political or scientific value.” Id.
In FCC v. Pacifica Foundation, 438 U.S. 726 (1978), the Supreme Court upheld the FCC’s order that the language in a comedy show broadcast in the mid-afternoon by a radio station was patently offensive. The Court found that the FCC’s action did not constitute a level of censorship that is forbidden under 47 U.S.C. § 326 because the statute does not limit the FCC’s authority to impose sanctions on licensees who engaged in obscene, indecent, or profane broadcasting. Id. at 738. The Court found the broadcasted speech at issue to be “indecent” under 18 U.S.C. § 1464.
Note, however, that the standards are different for broadcast than for the Internet. While the FCC continues to enforce obscenity laws as to broadcast television and radio, the FCC has no authority to regulate Internet content and cannot bring obscenity actions against cable and Internet providers. See Reno v. Am. Civil Liberties Union, 521 U.S. 844 (1997) (holding that CDA’s anti-indecency provisions, which applied to obscene or indecent content available to children via the Internet, violated the First Amendment). The Court’s reasoning takes into account the difference between broadcasting and the Internet, noting that broadcasting requires special treatment in part because of the government’s public interest in licensing scarce spectrum space. Pacifica Foundation, 438 U.S. at 731.
The Equal Opportunities Rule
The Equal Opportunities Rule, also known as the “Equal Time Rule,” is predominantly seen and enforced during a political election. It specifies that stations broadcasting over public airwaves— radio and television stations—must provide equivalent opportunity to any opposing political candidates who request it. The rule does not apply to documentaries, bona fide news interviews, scheduled newscasts, or on-the-spot news events.
Civil Asset Forfeiture
The United States government retains the power to seize domain names pointing to websites that engage in or otherwise further illicit activity. However, this power only extends to domains managed by American registries, such as domains ending in .com, .net, .org, and .us. Such seizure is achieved through a variety of U.S. civil asset forfeiture laws. For example, 18 U.S.C. § 2323 allows for the confiscation of domains used in furtherance of copyright infringement. In another example, Backpage.com was recently seized by the U.S. federal government under 18 U.S.C. § 921 for engaging in money laundering related to other illicit activity, including sex trafficking.
Oversight of the Use of Powers (Censorship-related)
Government censorship of communications is subject to judicial review. The U.S. Constitution’s First Amendment right to free speech serves as the main protection against government regulation. The First Amendment has been interpreted to limit federal and state governments’ ability to regulate the content and viewpoint of speech including, among other areas, to issue vague or overbroad regulations; to informally pressure or threaten private actors with a goal of censorship; or to issue prior restraints on speech and speakers, such as through the promulgation of blacklists or other lists of speech ‘disfavored’ by the government.” However, the content of broadcasts taking place over public airwaves is subject to some regulation by the FCC, which can fine broadcasters of indecent content. U.S. courts often review FCC enforcement actions for First Amendment concerns. In reviewing the FCC’s decisions, a court will weigh the government’s interest in shielding children from offensive language and protecting the privacy of the home from unwanted speech against the broadcaster’s right to free speech. Courts generally will defer to the FCC’s judgment, so long as the enforcement action is not arbitrary and capricious. This court deference is consistent with general U.S. law concerning federal agencies’ administrative decisions.
Publication of Laws and Aggregate Data
U.S. laws relating to lawful interception and communications data requests are published and are readily accessible online. For example, the Administrative Office of the United States Courts publishes an annual Wiretap Report that provides details about the interception of communications at the federal and state level, including the aggregate number of interceptions, the types of crimes for which interception was authorized, and the duration of the interceptions. This report is required by law. See 18 U.S.C. § 2519(3). There is no comparable reporting requirement for the compelled disclosure of stored communications, and there are no comparable reports for these disclosures.
The U.S. Department of Justice is required by law (18 U.S.C. § 3126) to report annually to Congress statistical information about the number of pen register and trap and trace devices applied for and authorized each year for criminal investigations, and the offenses for which they were used. However, this information, if faithfully reported to Congress, is only sporadically made available to the public.
The Office of the Director of National Intelligence is required by law (18 U.S.C. § 1873(b)) to report statistical information about “traditional” FISA orders, Section 702 surveillance, FISA pen register orders, demands made under Section 215 of the USA PATRIOT Act, and national security letters.
In addition, pursuant to the 2015 USA FREEDOM Act (18 U.S.C. § 1873(a)), the Administrative Office of the United States Courts also publishes an annual report on the number of “traditional” FISA applications submitted to and approved by the FISA Court.
Statistical information about interceptions made pursuant to Executive Order 12333 is not required to be reported, and is generally not reported.