[142205] in cryptography@c2.net mail archive
Re: feds try to argue touch tone content needs no wiretap order
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Sun Jan 11 13:20:43 2009
Date: Sat, 10 Jan 2009 12:50:41 -0500
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: "Perry E. Metzger" <perry@piermont.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <87fxjs0xsf.fsf@snark.cb.piermont.com>
On Fri, 09 Jan 2009 20:12:16 -0500
"Perry E. Metzger" <perry@piermont.com> wrote:
>
> Just about everyone knows that the FBI must obtain a formal
> wiretap order from a judge to listen in on your phone calls
> legally. But the U.S. Department of Justice believes that police
> don't need one if they want to eavesdrop on what touch tones you
> press during the call.
>
> Those touch tones can be innocuous ("press 0 for an operator"). Or
> they can include personal information including bank account
> numbers, passwords, prescription identification numbers, Social
> Security numbers, credit card numbers, and so on--all of which
> most of us would reasonably view as private and confidential.
>
> That brings us to New York state, where federal prosecutors have
> been arguing that no wiretap order is necessary. They insist that
> touch tones cannot be "content," a term of art that triggers legal
> protections under the Fourth Amendment.
>
> http://news.cnet.com/8301-13578_3-10138074-38.html?part=rss&tag=feed&subj=News-PoliticsandLaw
>
It's very much worth reading the whole article; the author, Declan
McCullagh, does a good job with the historical background. I'll add
one more historical tidbit: in the late 1980s, New York courts outlawed
pen register taps, because the same equipment was used to detect touch
tones as was used to record full content, and thus there was no
protection against law enforcement agents exceeding the court's
authority.
If I may wax US-legal for a moment... According to a (U.S.) Supreme
Court decision (Katz v U.S. 389 US 347 (1967)), phone call content is
private, which therefore brings into play the full protection of the
Fourth Amendment -- judges, warrants, probable cause, etc. However,
under a later ruling (Smith v Maryland 442 US 735 (1979)), the numbers
you call are information that is "given" to the phone company, and
hence is no longer private. Accordingly, the Fourth Amendment does not
apply, and a much easier-to-get court order is all that's needed,
according to statute. (I personally regard the reasoning in Smith as
convoluted and tortuous, but there have been several other, similar
rulings: data you voluntarily give to another party is no longer
considered private, so the Fourth Amendment doesn't apply.)
The legitimate (under current law) problem that law enforcement would
like to solve involves things like prepaid calling cards. Suppose I
use one to call a terrorist friend, via some telco. The number of the
calling card provider is available to law enforcement, under a pen
register order, per Smith and 18 USC 3121, the relevant legislation.
The telco will help law enforcement get that number. I next dial my
account number; this is in effect a "conversation" between me and the
calling card provider. Getting that number requires yet a different
kind of court order, I believe, but I'll skip that one for now. I next
dial the number of my terrorist friend. That's the number they now
want -- and per Smith, they're entitled to it, since it's a dialed
number via a telecommunications provider. There is no doubt they could
go to that provider and ask for such a number. However, they want to
ask the telco for it -- but the telco doesn't know what is a phone
number, what is an account number, what is a password for an online
bank account, and what is a password for an adult conference bridge.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com