The prohibitions on real-time interceptions and access to voice and electronic mail protect the contents of communications. But communications systems not only carry messages, they create records that reveal information about system users. Telephone toll billing records, for example, indicate what phone line was used to call what numbers, when, and for how long.
Prior to 1986, telephone toll billing records were not protected from disclosure under federal law and the federal government routinely gained access to telephone toll records without any judicial process. Indeed, in Smith v. Maryland, the Supreme Court held that toll records could be obtained without a search warrant because a caller had no "legitimate expectation of privacy" in the telephone numbers he or she dialed.109
In 1986 Congress enacted the Electronic Communications Protection Act (ECPA),110 which, among other things, extended protection to toll records.111 ECPA permits a government entity to obtain "a record or other information pertaining to a subscriber to or customer of such service" without the subscriber or customer's consent only with an administrative subpoena, grand jury subpoena, trial subpoena, search warrant, or a court order.112 In 1994, Congress passed the Communications Assistance for Law Enforcement Act (CALEA).113 Under CALEA, basic subscriber information can be obtained with a subpoena.114 Subscriber information includes the name, address, toll records, telephone number or other subscriber number or identity, a subscriber's length of service and the types of services the subscriber or customer utilized.115 To obtain other information (e.g., records of the addresses to which the subscriber has sent e-mail messages), the government must now obtain a search warrant or court order.116 In either case, law enforcement need not notify the data subject.117
Additionally, CALEA raised the level of proof required to obtain court orders. Pre-CALEA, the government had only to show that there was "reason to believe" that the information sought was "relevant to a legitimate law enforcement inquiry." Now, the government must present "specific and articulable facts showing that there are reasonable grounds to believe" that what they seek is "relevant and material to an ongoing criminal investigation."118
Although the ECPA specifically prevents electronic communications service providers from disclosing information to the government unless certain conditions are met, it does not preclude them from selling that same transactional data to non-governmental entities.119 Communications providers have access to a wide variety of telecommunications-related personal information (or TRPI).120 This transactional data may include routing data that indicates who communicated with whom at what time, day, and month, and for how long, as well as billing records and associated data. Other personal information may be available, including records of electronic purchases made over interactive networks, point-of-sale payments transacted electronically over networks, and even cable movies ordered and billed separately. Telecommunications service provides can automatically capture, monitor, and sell such information.
109. 442 U.S. 735, 744 (1979).
110. The Electronic Communications Privacy Act (ECPA), Pub. L. No. 99-508, 100 Stat. 1848, 18 U.S.C. §§ 1367, 2232, 2510-2511, 2701-2711, 3117, 3121-3127 (1994).
111. 18 U.S.C. § 2703.
112. 18 U.S.C. § 2703(c)(1)(C).
113. Pub. L. No. 103-414 Title II, 108 Stat. 4290, 18 U.S.C. § 2510 et seq. (scattered sections) (1994) (also known popularly as the Digital Telephony Bill). The Digital Telephony Bill, which was heavily debated, requires telecommunications carriers to design switches that will permit law enforcement personnel to (1) conduct court-authorized interceptions of wire and electronic communications handled by those carriers and, (2) obtain call set-up information (transactional data about the call).
114. 18 U.S.C. § 2703(c)(1)(C).
116. 18 U.S.C. § 2703(c)(1)(B)(ii).
117. 18 U.S.C. § 2703(c)(2).
118. 18 U.S.C. § 2703(d).
119. 18 U.S.C. § 2703(c)(1)(A).
120. TRPI is not message content. See National Telecommunications and Information Administration, U.S. Dep't of Commerce, Privacy and the NII: Safeguarding Telecommunication-related Personal Information (1995).