US v. Councilman and VOIP Communications, 8/11/2005.

US v. Councilman and VOIP Communications

August 11, 2005. The facts of U.S. v. Councilman involve the accessing of e-mail communications by service providers. The briefing addresses e-mail. The Court's opinions address e-mail. However, there is also the related issue of accessing voice over internet protocol (VOIP) communications.

Circuit switched analog voice communications, or old fashioned phone calls, do not involve storage. The Wiretap Act was written with these calls in mind. As the Department of Justice (DOJ) pointed out in its August 2004 brief [PDF], this has changed with digital switches.

In addition, there is now packet switching by internet protocol (IP). One of the applications that rides over the internet is voice over IP (VOIP). This DOJ brief does not mention VOIP communications. And, the court did not address VOIP communications.

Two attributes of VOIP technology are notable at this time for the purpose of analyzing the law pertaining to intercepting or accessing VOIP communications. First, the technology facilitates user storage of conversations and data. Second, the nature of IP communications involves transient caching of packets by service providers. Thus, the question arises as to whether law enforcement authorities (LEAs) can access cached or stored VOIP packets under the Stored Communications Act (SCA), or whether the LEAs must proceed under the Wiretap Act, as they are required for old fashioned phone calls, and pursuant to the just issued opinion in U.S. v. Councilman, for e-mail.

It is important to note that e-mail is a Ї 2510(14) "electronic communication", while phone calls and VOIP calls involve "aural transfer", and hence, are a Ї 2510(1) "wire communication". The Court construed the meaning of "electronic communication", not "wire communication".

That the DOJ prosecuted Bradford Councilman, and submitted the arguments that it did regarding "electronic communications", may suggest that the DOJ would extend the same analysis to "wire communications". However, the DOJ has conspicuously passed up many opportunities to state this.

Ї 209 of the PATRIOT Act and Wire Communications. VOIP communications are an "aural transfer" within the meaning of Ї 2510(1), and hence, are a "wire communication". Thus, an "intercept" of a VOIP call falls under the Wiretap Act.

The PATRIOT Act in 2001 contained an amendment that deleted the clause "and such term includes any electronic storage of such communication" from the Ї 2510(1) definition of "wire communication". Moreover, the 2001 amendment added the word "wire" to Ї 2703 regarding government access to store communications. Ї 2703 now provides, in part, that "A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication ..."

Thus, the argument exists the while VOIP communications in transit are covered by the Wiretap Act, VOIP communications in storage, including transient caching by service providers, and systematic caching, now fall under the SCA provisions.

Peter Swire, a law professor at Ohio State University, testified at the House Judiciary Committee's Subcommittee on Crime's hearing on the PATRIOT Act on April 21, 2005. He argued that Ї 2703 is now quite broad. He wrote in his prepared testimony [12 pages in PDF] that "Section 209 sweeps far more broadly than has been publicly discussed. What if the contents of ordinary telephone calls become stored as a matter of routine? This storage is likely to become far more common with the imminent growth of Voice over Internet Protocol ("VoIP") telephone calls. VoIP uses the packet-switching network of the Internet to connect telephone calls rather than the traditional circuit-switching used by established phone systems."

Swire also wrote that "A second technological change with VoIP is the likelihood that there will be systematic ``caching,ДД or storage, of telephone communications at the network level. One existing product, for instance, is called ``CacheEnforcer.ДД CacheEnforcer stores communications for a group of users, such as for a company or a network operated by a university."

Laura Parsky, a Deputy Assistant Attorney General in the DOJ's Criminal Division, testified at the same hearing. She could have addressed the issues raise by Swire. But she did not, either in her prepared testimony, or in response to questions from the Subcommittee. Rep. Howard Coble (R-NC) and Rep. Bill Delahunt (D-MA) both questioned her about the issues raise by Swire. However, she provided evasive non-responsive answers.

See also, story titled "House Crime Subcommittee Holds Hearing on Ї 209 of PATRIOT Act, Stored Communications and VOIP" in TLJ Daily E-Mail Alert No. 1,125, April 29, 2005.

Also, Patrick Rowan of the DOJ spoke at a panel discussion on Capitol Hill on June 30, 2004, titled "The Patriot Act and E-Surveillance". He said nothing about surveillance of VOIP communications. TLJ spoke with Rowan after the event, and asked him questions regarding Ї 209 of the PATRIOT Act and accessing VOIP communications under the Wiretap Act and the SCA. He stated he had no answers for any of these questions.

TLJ spoke with Peter Swire on August 12. He said that the just issued en banc opinion in the Councilman case clarifies the definition of "electronic communication". In contrast, "Ї 209 of the PATRIOT Act involves ``wire communicationДД. That means communications involving the human voice." He added that "the lower standards of the PATRIOT Act still apply to stored wire communications", and that "nothing in Councilman explicitly protects stored voice communications".

Perhaps the DOJ has not yet formed at opinion regarding the legal consequences of Ї 209.

Perhaps the DOJ plans to use the SCA to access cached VOIP communications, but does not wish to publicly disclose this prior to the extension of the sunsetted provisions.

Perhaps the DOJ has no intent to use the SCA to access VOIP, but wishes to protect itself from allegations of violations of the Wiretap Act for its legitimate, non VOIP related, exercise of authority under the SCA. That is, the FBI could obtain an order under the SCA to obtain from a service provider records stored by a person under surveillance. But, there could be an audio file among, or attached to, these stored files. And, the FBI wishes to be able to assert Ї 209 to avoid the conclusion that it violated the Wiretap Act.

Whatever the case, the DOJ has on several occasions conspicuously avoided revealing what its understanding of, and plans for, Ї 209 are.

Back in April, Laura Parsky uttered the phrase, "much ado about technology". This is an allusion to the title of a play attributed to William Shakespeare, "Much Ado About Nothing". Perhaps she meant to suggest that Swire's testimony, and articles such as this, are much ado about nothing.

PATRIOT Act Extension. Both the House and Senate have approved bills that permanently extend Ї 209, without modification. The Senate approved S 1389 on July 29, 2005. The House approved HR 3199 on July 21, 2005. See also, story titled "House Approves PATRIOT Act Extension Bill" in TLJ Daily E-Mail Alert No. 1,180, July 22, 2005.

House Judiciary Committee staff met with reporters on Monday afternoon, July 11, 2004 to discuss HR 3199, the "USA PATRIOT and Intelligence Reform Reauthorization Act of 2005", which had just been introduced. The full Committee amended and approved this bill on Wednesday, July 13. The full House further amended and approved this bill on July 21. HR 3199 permanently extends Ї 209 of the PATRIOT Act, without modification.

TLJ asked HJC staff about the deliberations regarding Ї 209. A Committee staff member stated that HR 3199 does not amend Ї 209 because that would involve writing legislation regarding issues involved in the Councilman case, and the Committee does not legislate on matter under review in the courts.

The Councilman case involves interpretation of the "electronic communication" definition in the Wiretap Act. And, this affects e-mail. In contrast, Ї 209 of the PATRIOT Act involves the "wire communication" definition in the Wiretap Act. And, this affects voice communications, including VOIP. Yet the statement by HJC staff suggests that the HJC staff understands that the two issues are related.

What Difference Does it Make Whether LEAs Use the Wiretap Act or the SCA? For an LEA to intercept or access communications under the Wiretap Act or the SCA, it must first obtain an order from a judge upon a finding of probable cause.

However, there are additional things that are required for a Wiretap Act order that are not required for a SCA order. A wiretap order can only be issued if the investigation involves one of the enumerated crimes that can serve as a predicate for the issuance of a wiretap order. Although, this is a huge and growing list. Also, a wiretap order also requires the involvement of a high ranking official of the DOJ.

There is also the matter of suppression of evidence illegally obtained. That is, 18 U.S.C. Ї 2515, titled "Prohibition of use as evidence of intercepted wire or oral communications", applies to wiretaps, but not to the accessing of stored communications.

Ї 2515 provides that "Whenever any wire or oral communication has been intercepted, no part of the contents of such communication and no evidence derived therefrom may be received in evidence in any trial, hearing, or other proceeding in or before any court, grand jury, department, officer, agency, regulatory body, legislative committee, or other authority of the United States, a State, or a political subdivision thereof if the disclosure of that information would be in violation of this chapter."

This not only provides some protection to people whose communications have been intercepted or accessed. It also provides legal clarity. That is, legal clarity comes when judges write opinions construing statutes. Many of these opinions are written because there a motion to suppress evidence has been filed. There are many opinions construing the Wiretap Act because of the suppression statute.

Finally, it should be noted that the statutory provisions regarding stored communications also draw distinctions between read and unread e-mail and between newer and older e-mail, and provide that some access is available with a mere subpoena.

What Difference Does it Make Whether Service Providers' Access to Stored VOIP Communications Falls Under the Wiretap Act or the SCA? There is also the matter of internet service providers and VOIP service providers accessing cached VOIP communications. Ї 2701(c) of the SCA exempts service providers.

Hence, if the Criminal Code, as amended by Ї 209, takes the accessing of stored wire communications, including VOIP, by service providers, out from under the Wiretap Act, and regulates such access only under the SCA, then service providers are free to eavesdrop on their customers, provided that they access only stored or cashed files.

And perhaps, there is a issue regarding how, as a practical matter, such an interpretation would interact with the Ї 212 provision of the PATRIOT Act regarding "Emergency disclosure of electronic communications to protect life and limb".

Such an interpretation would appear to eviscerate the Wiretap Act's protection for voice communications, just as the three judge panel's opinion in the Councilman case eviscerated the historic protection for e-mail. And the courts may find such an interpretation untenable. However, for now, the court and the DOJ have remained silent on this issue.