Warrants. Wiretaps. PRTTs. Subpoenas. Section 702. 2703(d) order. National Security Letters. All Writs Act. Many in the infosec community are aware that the government has an array of legal authorities to use in investigating crimes which allow them access to user content and metadata, but few people could articulate the differences among these types of orders. This talk will review each type of legal process used by state and federal agencies to request access to various types of user data and content.

1. An Encyclopedia of
Wiretaps
Wendy Knox Everette
@wendyck
BSidesLV 2018
August 7, 2018

2. Who am I? Hacker lawyer. Has handled law enforcement
requests for companies.
I am a lawyer. I am very much not your
lawyer.

3. Surveillance law
101
● Is mostly statutes
● We refer to these by numbered
titles, like 18 USC 3233 or names,
like CALEA

4. 4th Amendment creates the
groundwork for this area
● Based on the “reasonable
expectation of privacy”
standard
● Most 4th Amendment law is
case law

5. Title III ⁃ The law that
created the modern
wiretap framework

6. Electronic Communications Privacy Act & Stored
Communications Act

7. CALEA
● telecom providers are required to assist law
enforcement
● fuzzy applicability to internet service companies

8. Foreign Intelligence
wiretaps and warrants
What is FISA, and how does legal process
involving foreign intelligence differ?

9. How do court orders work?
Law enforcement officer goes to a judge with an
authorization request. The judge then issues an
order, and this is sent to the company.

10. Classifying types of
lawful process

11. Content: body of a letter while Metadata: addresses on the letter
○ Content requires a warrant. Metadata requires a subpoena

12. Warrants require a judge to determine that there is
probable cause: reasonable basis for believing that a
crime may have been committed (for an arrest) or when
evidence of the crime is present in the place to be
searched

13. Stored Content
Warrants

14. Subpoenas

15. PRTTs: Pen Register
Trap & Trace

16. Anatomy of a PRTT order

20. 18 U.S.C. § 3121 to
collect URLs and IP
Addresses

21. Title III Wiretap

22. Necessity:
“full and complete
statement” describing all
other investigative
techniques that have been
tried and failed or
explaining why such
techniques are likely to be
unsuccessful or too
dangerous 18 U.S.C. §
2518(1)(c)

23. Particularity
“details” underlying the alleged offense and a
“particular description” of the nature and location
of the facilities or place to be wiretapped, the type
of communication to be intercepted, and the
persons committing the offense and whose
communications are to be intercepted 18 U.S.C. §
2518(1)(b)

24. Geographic Scope: Roving Wiretaps

25. Wiretap time period
● 30 days at most - down to the time of the
order (you check the timestamp the Judge
signed with)
● Starts at date of the order or within 10 days
● May be renewed

26. Anatomy of a Wiretap
order

27. 1. Must reference an application
under oath by a person qualified
to make the application
2. Must state that there is probable
cause
3. Must reference violations of a
crime specified in Title III that a
wiretap can be used to
investigate

29. 1. Must specify place
interception will occur
2. Must specific that other
investigative techniques
have been tried or are not
feasible
3. Must specify that
communications relate to
the offenses being
investigated
4. Must state that the LEAs
are authorized to intercept
communications
5. Termination clause

31. 1. Authorization applies to changed phone numbers, etc
2. Technical assistance clause

32. 1. Nondisclosure clause
2. Time period: 30 days
3. Termination of monitoring
4. Reports to the court

33. 1. Judge’s signature and date (often includes
time as well)

34. Consent based order: these are different
● For longer periods of time
● A target has granted law enforcement consent to
have an ISP or other provider monitor their
communications

35. Subscriber data/(d) Orders: 18 USC 2703(d)
● Usually tacked onto a wiretap
● Gets you subscriber data about the target
● Court order must use specific language:
○ “specific and articulable facts showing that there are
reasonable grounds to believe that the contents of a
wire or electronic communication, or the records or
other information sought, are relevant and material to
an ongoing criminal investigation”

36. National Security Letters
These received a lot of
attention a few years ago when
recipients were banned from
even consulting with attorneys
about them.
Extremely limited in data that
is returned
NSLs are a form of
administrative subpoena, and
do not require a judge’s order

37. First NSL in 1978 was an amendment to the Right
to Financial Privacy Act. Currently there are five
statutory bases of authority for NSLs:
● Section 1114(a)(5) of the Right to Financial
Privacy Act (codified at 12 U.S.C. 3414)
● Sections 626 and 627 of the Fair Credit
Reporting Act (codified at 15 U.S.C. 1681u,
1691v)
● Electronic Communications Privacy Act
(ECPA) §2709 (codified at 18 U.S.C. 2709)
● Section 802 of the National Security Act
(codified at 50 U.S.C. 3162)

38. 2016
● 12,150 NSLs resulted in 24,801 ROIs
2017
● 12,762 NSLs resulted in 41,579 ROIs
https://www.dni.gov/files/documents/icotr/2018-ASTR----CY2017----FINAL-for-Release-5.4.18.pdf

39. Section 702
● FISA Court orders for data in cases
involving foreign intelligence threats to
the US.
● A FISC judge approves requests after
reviewing targets and procedures meant
to minimize the amount of data collected
to avoid unnecessary or overly broad
data collection.
● Once approved, FBI agents can use
the court orders to access metadata or
content and perform electronic
surveillance.

42. Section 702:
● allows for targeted collection of content for targets outside the
United States and is accompanied by a nondisclosure provision
● “about” collection by the Government of communications
to/from/about a target
● Can extend up to three “hops” from the target
● “Backdoor” searches by the FBI are a concern
● number of targets subject to Section 702 in latest ODNI
transparency report: 129,080 individuals, groups, or entities

43. All Writs Act

45. Courts may issue all writs
necessary or appropriate in
aid of their respective
jurisdictions and agreeable
to the usages and
principles of law

46. United States v. New York Telephone Co.,
434 U.S. 159 (1977)

47. “We agree that the power of federal courts to impose
duties upon third parties is not without limits;
unreasonable burdens may not be imposed.”

48. Sources
● "National Security Investigations & Prosecutions, 2nd ed. (Vols. 1 & 2)," by David S. Kris and J.
Douglas Wilson
● US Attorney’s Manual, Section 9-7.000 - Electronic Surveillance,
https://www.justice.gov/usam/usam-9-7000-electronic-surveillance
● FBI Domestic Investigations and Operations Guide
https://vault.fbi.gov/FBI%20Domestic%20Investigations%20and%20Operations%20Guide%20%28D
IOG%29/FBI%20Domestic%20Investigations%20and%20Operations%20Guide%20%28DIOG%29
%202016%20Version
● DOJ CCIPs Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal
Investigations https://www.justice.gov/sites/default/files/criminal-
ccips/legacy/2015/01/14/ssmanual2009.pdf
● ODNI 2017 Transparency Report, https://www.dni.gov/files/documents/icotr/2018-ASTR----CY2017--
--FINAL-for-Release-5.4.18.pdf
● Lawfare blog, https://www.lawfareblog.com
● Hornbook on Criminal Procedure, by Wayne LaFave, Jerold Israel, Nancy King, Orin Kerr,
https://www.amazon.com/Hornbook-Criminal-Procedure-5th-Hornbooks/dp/0314199365