TSCM and Eavesdropping Detection Services
New York area headquarters
Services available worldwide

800-635-0811
+1-908-832-7900


Information Protection and Privacy Assurance
for Business, Government
and at-risk Individuals


Home

     •
Introduction

     • FAQs

     • Estimate Worksheet

     • Contact

About Us

     • Qualifications

     • Instrumentation

     • Subcontracting

     • Innovations

     • Staff

     • Client Reviews

     • Comparison Chart

     • Operating Policy

General Information

     • Downloads

     • Insider Tips

     • Ask questions

     • 100+ Spybuster Tips

     • One Minute TSCM Quiz

     • MoviesCartoons

     • Books

     • Eavesdropping History

Spy News from New York
Kevin's Security Scrapbook


This appears if user doesn't have JavaScript enabled, or doesn't have the required Flash Player version.




Eavesdropping Detection and Counterespionage Consulting enquiries are invited from corporate, government and professional security entities.

TSCM Eavesdropping Detection and TSCM Services US FlagFor federal procurement purposes, U.S. Government regulations classify Murray Associates Counterespionage as a Small Business, Professional Consulting Firm.

Registered Vendor:
• National Security Agency (NSA ARC)
• DoD - CCR
• Exostar SourcePass
• Jones Lang LaSalle
• ISNetworld
• Ariba

Spybusters, LLC dba
Murray Associates
PO Box 668
Oldwick, NJ 08858
(USA)




Certified Protection Professional CPP TSCM


Certified Information Security Manager - CISM TSCM


Certified Fraud Examiner CFE TSCM


International Association of Professional Security Consultants - IAPSC TSCM


American Society for Industrial Security ASIS TSCM


HTCIA logo


InfraGard Logo


Use of this site indicates acceptance of Terms of Use, Linking, and Privacy Statements.

Copyright 1996-2014, Spybusters, LLC (140209)

Eavesdropping Detection Banner - Jam

WIRETAP LAWS AND PROCEDURES...
WHAT HAPPENS WHEN
THE US GOVERNMENT TAPS A LINE

(Dated, but still very informative.)


Donald P. Delaney, Senior Investigator
New York State Police

Dorothy E. Denning, Professor and Chair
Computer Science Department, Georgetown University

John Kaye, County Prosecutor
Monmouth County, New Jersey

Alan R. McDonald, Special Assistant to the Assistant Director
Technical Services Division, Federal Bureau of Investigation

September 23, 1993



1. Introduction

Although wiretaps are generally illegal in the United States, the federal government and the governments of thirty seven states have been authorized through federal and state legislation to intercept wire and electronic communications under certain stringent rules which include obtaining a court order. These rules have been designed to ensure the protection of individual privacy and Fourth Amendment rights, while permitting the use of wiretaps for investigations of serious criminal activity and for foreign intelligence.

This article describes the legal requirements for government interceptions of wire and electronic communications and some of the additional procedures and practices followed by federal and state agencies. The legal requirements are rooted in two pieces of federal legislation: the Omnibus Crime Control and Safe Streets Act (Title III of the Act (hereafter "Title III")), passed in 1968, and the Foreign Intelligence Surveillance Act (FISA), passed in 1978. Title III established the basic law for federal and state law enforcement interceptions performed for the purpose of criminal investigations, while FISA established the law for federal-level interceptions performed for intelligence and counterintelligence operations. We will first describe Title III interceptions and then describe FISA interceptions.

2. Title III Interceptions
Title III, as amended (particularly by the Electronic Communications Privacy Act of 1986), is codified at Title 18 USC, Sections 2510-2521. These statutes provide privacy protection for and govern the interception of oral, wire, and electronic communications. Title III covers all telephone communications regardless of the medium, except that it does not cover the radio portion of a cordless telephone communication that is transmitted between the handset and base unit. The law authorizes the interception of oral, wire, and electronic communications by investigative and law enforcement officers conducting criminal investigations pertaining to serious criminal offenses, i.e., felonies, following the issuance of a court order by a judge. The Title III law authorizes the interception of particular criminal communications related to particular criminal offenses. In short, it authorizes the acquisition of evidence of crime. It does not authorize noncriminal intelligence gathering, nor does it authorize interceptions related to social or political views.

Thirty seven states have statutes permitting interceptions by state and local law enforcement officers for certain types of criminal investigations. All of the state statutes are based upon Title III from which they are derivative. These statutes must be at least as restrictive as Title III, and in fact most are more restrictive in their requirements. In describing the legal requirements, we will focus on those of Title III since they define the baseline for all wiretaps performed by federal, state, and local law enforcement agencies.

In recent years, state statutes have been modified to keep pace with rapid technological advances in telecommunications. For example, New Jersey amended its electronic surveillance statute in 1993 to include cellular telephones, cordless telephones, digital display beepers, fax transmissions, computer-to-computer communications, and traces obtained through "caller-ID".

Wiretaps are limited to the crimes specified in Title III and state statutes. In New Jersey, the list includes murder, kidnapping, gambling, robbery, bribery, aggravated assault, wrongful credit practices, terrorist threats, arson, burglary, felony thefts, escape, forgery, narcotics trafficking, firearms trafficking, racketeering, and organized crime.

Most wiretaps are large undertakings, requiring a substantial use of resources. In 1992, the average cost of installing intercept devices and monitoring communications was $46,492. Despite budget constraints and personnel shortages, law enforcement conducts wiretaps as necessary, but obviously, because of staffing and costs, judiciously.

2.1 Application for a Court Order.
All government wiretaps require a court order based upon a detailed showing of probable cause. To obtain a court order, a three-step process is involved. First, the law enforcement officer responsible for the investigation must draw up a detailed affidavit showing that there is probable cause to believe that the target telephone is being used to facilitate a specific, serious, indictable crime.

Second, an attorney for the federal, state, or local government must work with the law enforcement officer to prepare an application for a court order, based upon the officer's affidavit. At the federal level, the application must be approved by the Attorney General, Deputy Attorney General, Associate Attorney General, any Assistant Attorney General, any acting Assistant Attorney General, or any Deputy Assistant Attorney General in the Criminal Division designated by the Attorney General. At the state and local level, the application must be made and approved by the principal prosecuting attorney of the state (State Attorney General) or political subdivision thereof (District Attorney or County Prosecutor). The attorney must be authorized by a statute of that state to make such applications.

Third, the attorney must present the approved application ex parte (without an adversary hearing) to a federal or state judge who is authorized to issue a court order for electronic surveillance. A state or local police officer or federal law enforcement agent cannot make an application for a court order directly to a judge.

Typically, a court order is requested after a lengthy investigation and the use of a "Dialed Number Recorder" (DNR). The DNR is used to track the outgoing calls from the suspect's phone in order to demonstrate that the suspect is communicating with known criminals.

Title III requires that an application for a court order specify:
(a) the investigative or law enforcement officer making the application and the high-level government attorney authorizing the application;

(b) the facts and circumstances of the case justifying the application, including details of the particular offense under investigation, the identity of the person committing it, the type of communications sought, and the nature and location of the communication facilities;

(c) whether or not other investigative procedures have been tried and failed or why they would likely fail or be too dangerous;

(d) the period of time for the interception (at most 30 days - extensions may be permitted upon reapplication);

(e) the facts concerning all previous applications involving any of the same persons or facilities;

(f) where the application is for the extension of an order, the results thus far obtained from the interception.

The process of making an application for a court order is further restricted by internal procedures adopted by law enforcement agencies to ensure that wiretaps conform to the laws and are used only when justified. The following describes the process for the FBI and the New York State Police.

2.1.1 FBI Applications
In order for an FBI agent to conduct an interception, the agent must follow procedures that go well beyond the legal requirements imposed by Title III and which involve extensive internal review. In preparing the affidavit, the FBI agent in the field works with the field office principal legal advisor and also with an attorney in the local US Attorney's Office, revising the documentation to take into account their comments and suggestions. After the documents are approved by field office management, they are submitted to the Department of Justice's Office of Enforcement Operations (OEO) in the Criminal Division and to the FBI Headquarters (HQ). At FBI HQ, the documents go to the Legal Counsel Division (LCD) and the Criminal Investigative Division (CID). Within the CID, they are sent to the program manager of the criminal program unit relating to the type of violation under investigation, e.g., organized crime. The program manager determines whether the subjects of the proposed interception are worthy targets of investigation and whether the interception is worth doing. Attorneys in the FBI's LCD and the DOJ's OEO further refine the documents.

After the documents are approved by the DOJ's OEO and by FBI HQ, they are referred to the Deputy Assistant Attorney General (or above), who reviews the documents and signs off on them. At this point, the DOJ authorizes the local US Attorney's Office to file the final version of the documents (application, affidavit, court order, and service provider order) in court. The US Attorney's Office then submits the documents and the DOJ authorization to a federal judge. The entire process can take as long as a month.

The following summarizes the people and organizations involved in the preparation or approval of the application and the issuance of a court order:

1. FBI agent
2. FBI field office attorney (principal legal advisor)
3. FBI field office management
4. Attorney in local US Attorney's office
5. DOJ Office of Enforcement Operations (OEO)
6. FBI HQ Legal Counsel Division (LCD)
7. FBI HQ Criminal Investigative Division (CID)
8. DOJ Deputy Assistant Attorney General (or higher)
9. Federal District Court judge

2.1.2 New York State Police Applications
Within the New York State Police, electronic surveillance is conducted by Senior Investigators in the Bureau of Criminal Investigation (BCI). In preparing an affidavit, the investigator works with the District Attorney's Office (or, in the case of a federal investigation, the US Attorney's office) and with the BCI Captain of the investigator's troop. (Wiretap applications can be made and approved by the State Attorney General, but this is unusual.) The Captain assesses whether review by Division Headquarters is necessary and confers with the Assistant Deputy Superintendent (ADS) or Headquarters Captain for final determination. If Headquarters review is deemed necessary, then all documentation is sent to the ADS along with a memorandum, endorsed by the Troop Unit Supervisor and the Troop or Detail Commander, requesting approval. If Headquarters review is deemed unnecessary, then the memo is sent without the documentation. Once the ADS and District Attorney (DA) approve the application, the DA submits the application to a judge who grants or denies the court order.

2.2 Issuance of a Court Order
Not all judges have the authority to grant court orders for wiretaps. In New Jersey, for example, only eight judges are designated as "wiretap judges" for the entire state. These judges are given special training to be sensitive to personal rights of privacy and to recognize the importance of telephone intercepts for law enforcement.

Before a judge can approve an application for electronic surveillance and issue a court order, the judge must determine that:

(a) there is probable cause for belief that an individual is committing, has committed, or is about to commit an offense covered by the law;

(b) there is probable cause for belief that particular communications concerning that offense will be obtained through such interception;

(c) normal investigative procedures have been tried and have failed or reasonably appear unlikely to succeed or to be too dangerous;

(d) there is probable cause for belief that the facilities from which, or the place where the communications are to be intercepted are being used, or are about to be used, in connection with the commission of such offense, or are leased to, listed in the name of, or commonly used by such person.

In addition to showing probable cause, one of the main criterion for determining whether a court order should be issued is whether normal investigative techniques have been or are likely to be unsuccessful (criterion (c) above). Electronic surveillance is a tool of last resort and cannot be used if other methods of investigation could reasonably be used instead. Such normal investigative methods usually include visual surveillance, interviewing subjects, the use of informers, telephone record analysis, and DNRs. However, these techniques often have limited impact on an investigation. Continuous surveillance by police can create suspicion and therefore be hazardous; further, it cannot disclose the contents of telephone conversations. Questioning identified suspects or executing search warrants at their residence can substantially jeopardize an investigation before the full scope of the operation is revealed, and information can be lost through interpretation. Informants are useful and sought out by police, but the information they provide does not always reveal all of the players or the extent of an operation, and great care must be taken to ensure that the informants are protected. Moreover, because informants are often criminals themselves, they may not be believed in court. Telephone record analysis and DNRs are helpful, but do not reveal the contents of conversations or the identities of parties. Other methods of investigation that may be tried include undercover operations and stings. But while effective in some cases, undercover operations are difficult and dangerous, and stings do not always work.

If the judge approves the application, then a court order is issued specifying the relevant information given in the application, namely, the identity of the person (if known) whose communications are to be intercepted, the nature and location of the communication facilities, the type of communication to be intercepted and the offense to which it relates, the agency authorized to perform the interception and the person authorizing the application, and the period of time during which such interception is authorized. A court order may also require that interim status reports be made to the issuing judge while the wiretap is in progress.

2.3 Emergencies
In an emergency situation where there is immediate danger of death or serious physical injury to any person, or conspiratorial activities threatening national security or characteristic of organized crime, Title III permits any investigative or law enforcement officer specially designated by the Attorney General, the Deputy Attorney General, or the Associate Attorney General, or by the principal prosecuting attorney of any state or subdivision thereof, to intercept communications provided an application for a court order is made within 48 hours. In the event a court order is not issued, the contents of any intercepted communication is treated as having been obtained in violation of Title III.

In New York State, even an emergency situation requires a court order from a judge. However, the judge may grant a temporary court order based on an oral application from the District Attorney. The oral communication must be recorded and transcribed, and must be followed by a written application within 24 hours. The duration of a temporary warrant cannot exceed 24 hours and cannot be renewed except through a written application.

2.4 Execution of a Court Order.

2.4.1 Installation of a Wiretap
To execute a court order for a wiretap, the investigative or law enforcement officer takes the court order or emergency provision to the communications service provider. Normally, the service provider is the local exchange carrier. When served with a court order, the service provider (or landlord, custodian, or other person named) is mandated under Title III to assist in the execution of the interception by providing all necessary information, facilities, and technical assistance. The service provider is compensated for reasonable expenses incurred. In light of rapid technological developments including cellular telephones and integrated computer networks, the New Jersey statute also requires the service provider to give technical assistance and equipment to fulfill the court order. This requirement has not yet been tested in court.

Normally, the government leases a line from the service provider and the intercepted communications are transmitted to a remote government monitoring facility over that line. In many cases, the bridging connection is made within the service provider's central office facility. Alternatively, a law enforcement agency may request the service provider to give the "pairs and appearances" (a place to connect to the suspect's line) in the "local loop" for the suspect's phone. A law enforcement technician then makes the connection.

When a suspect's telephone is subject to change (e.g., because the person is attempting to evade or thwart interception), then a "roving" wiretap, which suspends the specification of the telephone, may be used. In this case, prior to intercepting communications, the officer must use some other method of surveillance in order to determine the exact location and/or telephone number of the facility being used. Once determined, the location or telephone number is given to the service provider for coordination and prompt assistance. The officer may not intercept communications randomly in order to track a person (random or mass surveillance is not permitted under any circumstances).

2.4.2 Minimization
Once any electronic surveillance begins, the law enforcement officer must "minimize" -- that is, attempt to limit the interception of communications to the specified offenses in the court order. Prior to the surveillance, a federal or state attorney holds a "minimization meeting" with the investigators who will be participating in the case to ensure that the rules are followed.

Minimization is normally accomplished by turning off the intercept and then performing a spot check every few minutes to determine if the conversation has turned to the subject of the court order. This avoids picking up family gossip. Special problems may arise where criminals communicate in codes that are designed to conceal criminal activity in what sounds like mundane household discussion. If an intercepted communication is in a code or foreign language, and if someone is not reasonably available to interpret the code or foreign language, then the conversation can be recorded and minimization deferred until an expert in that code or language is available to interpret the communication. Should a wiretap fail to meet the minimization parameters, all of the evidence obtained from the wiretap could be inadmissible.

2.4.3 Recording
All intercepted communications are to be recorded when possible. As a practical mater, law enforcement officers make working copies of the original tapes. In many instances at the state and local level, the originals are delivered to the prosecutor's office and maintained in the prosecutor's custody. The copies are screened by the case officer for pertinent conversations (e.g., "I'll deliver the dope at 8:00 pm."). A compilation of the relevant conversations, together with the corroboratory surveillances often provides the probable cause for search warrants and/or arrest warrants.

2.4.4 Termination of Electronic Surveillance.
Electronic surveillance must terminate upon attainment of the objectives, or in any event within 30 days. To continue an interception beyond 30 days, the officer, through a government attorney, must apply for and be granted an extension based upon a new application and court order.

When the period of a court order, or extension thereof, expires, the original tapes must be made available to the issuing judge and sealed under court supervision. The tapes must be maintained in such fashion for 10 years.

2.5 Notification and Use of Intercepted Communications as Evidence
Upon termination of an interception, the judge who issued the court order must notify the persons named in the order that the interception took place. Normally, this must be done within 90 days, but it may be postponed upon showing of good cause. If the judge determines that it would be in the interest of justice to make portions of the intercepted communications available to the subjects, the judge may do so.

The contents of the communications may not be used as evidence in any trial or hearing unless each party has received a copy of the application and court order at least 10 days in advance of the trial, and has been given the opportunity to move to suppress the evidence. A motion to suppress the evidence may be made on the grounds that it was not obtained in complete conformance with the laws.

2.6 Reports
Within 30 days after the expiration or denial of a court order, Title III requires that the judge provide information about the order to the Administrative Office of the United States Courts (AO). Each year the Attorney General (or a designated Assistant Attorney General) must report, on behalf of the federal government, to the AO a summary of all orders and interceptions for the year; reports for state and local jurisdictions are made by the principal prosecuting attorney of the jurisdiction. The AO then integrates these summaries into an annual report: "Report on Applications for Orders Authorizing or Approving the Interception of Wire, Oral, or Electronic Communications (Wiretap Report)" covering all federal and state electronic surveillance, including wiretaps. The 1992 report is about 200 pages and includes information about each interception authorized in 1992, update information for interceptions authorized in 1982-1991, and summary statistics. The summary statistics include the following data (numbers in parenthesis are the 1992 figures):

(1) number of interceptions authorized (919), denied (0), and installed (846)
(2) average duration (in days) of original authorization (28) and extensions (30)
(3) the place/facility where authorized (303 single family dwelling, 135 apartment, 3 multi-dwelling, 119 business, 4 roving, 66 combination, 289 other)
(4) major offenses involved (634 narcotics, 90 racketeering, 66 gambling, 35 homicide/ assault, 16 larceny/theft, 9 kidnapping, 8 bribery, 7 loansharking/usury/extortion, 54 other)
(5) average number of (a) persons intercepted (117), (b) interceptions (1,861), and (c) incriminating intercepts (347) per order where interception devices were installed
(6) average cost of interception ($46,492)
(7) type of surveillance used for the 846 interceptions installed (632 telephone, 38 microphone, 113 electronic, 63 combination)
(8) number of persons arrested (2,685) and convicted (607) as the result of 1992 intercepts
(9) activity taking place during 1992 as the result of intercepts terminated in years 1982-1991, including number of arrests (1211), trials (280), motions to suppress that are granted (14), denied (141), and pending (37), and convictions (1450) (there is a lag between interceptions, arrests, and convictions, with many arrests and most convictions associated with a wiretap that terminated in one year taking place in subsequent years)

Most of the above data is broken down by jurisdiction. Of the 919 authorized intercepts, 340 (37%) were federal. New York State had 197, New Jersey 111, Florida 80, and Pennsylvania 77. The remaining 114 intercepts were divided among 18 states, none of which had more than 17 intercepts. During the past decade, the average number of authorized intercepts per year has been about 780.

Individual law enforcement agencies also require internal reports. For example, the New York Sate Police requires that each week, the Troop or Detail Captain prepare a report summarizing the status of all eavesdropping activity within the unit, including the productivity and plans for each electronic surveillance installation and a brief synopsis of pertinent activity. This is sent to the New York State Police Division Headquarters Captain who prepares a report summarizing the status of all eavesdropping installations.

One of the reasons for the significant amount of post wiretap reporting is to provide a substantial record for legislatures when considering whether or not to reenact or modify wiretap statutes.

3. FISA Interceptions
Title 50 USC, Sections 1801-1811, the Foreign Intelligence Surveillance Act (FISA) of 1978, covers electronic surveillance for foreign intelligence purposes (including counterintelligence and counterterrorism). It governs wire and electronic communications sent by or intended to be received by United States persons (citizens, aliens lawfully admitted for permanent residence, corporations, and associations of US persons) who are in the US when there is a reasonable expectation of privacy and a warrant would be required for law enforcement purposes; nonconsensual wire intercepts that are implemented within the US; and radio intercepts when the sender and all receivers are in the US and a warrant would be required for law enforcement purposes. It does not cover intercepts of US persons who are overseas (unless the communications are with a US person who is inside the US). Electronic surveillance conducted under FISA is classified.

FISA authorizes electronic surveillance of foreign powers and agents of foreign powers for foreign intelligence purposes. Normally, a court order is required to implement a wiretap under FISA. There are, however, two exceptions. The first is when the communications are exclusively between or among foreign powers or involve technical intelligence other than spoken communications from a location under the open and exclusive control of a foreign power; there is no substantial risk that the surveillance will acquire the communications to or from a US person; and proposed minimization procedures meet the requirements set forth by the law. Under those conditions, authorization can be granted by the President through the Attorney General for a period up to one year. The second is following a declaration of war by Congress. Then the President, though the Attorney General, can authorize electronic surveillance for foreign intelligence purposes without a court order for up to 15 days.

Orders for wiretaps are granted by a special court established by FISA. The court consists of seven district court judges appointed by the Chief Justice of the United States. Judges serve seven-year terms.

3.1 Application for a Court Order.
Applications for a court order are made by Federal officers and require approval by the Attorney General. Each application must include:
(1) the Federal officer making the application;
(2) the Attorney General's approval;
(3) the target of the electronic surveillance;
(4) justification that the target is a foreign power or agent of a foreign power (except no US person can be considered a foreign power or agent thereof solely based on activities protected by the First Amendment) and that the facilities or places where the surveillance is be directed will be used by the same;
(5) the proposed minimization procedures, which must meet certain requirements to protect the privacy of US persons;
(6) the nature of the information sought and type of communications subjected to surveillance;
(7) certification(s) by the Assistant to the President for National Security Affairs or other high-level official in the area of national security or defense (Presidential appointee subject to Senate confirmation) that the information sought is foreign intelligence information and that such information cannot reasonably be obtained by normal investigative methods;
(8) the means by which the surveillance will be effected;
(9) the facts concerning all previous applications involving the same persons, facilities, or places;
(10) the period of time for the interception (maximum 90 days or, when the target is a foreign power, one year);
(11) coverage of all surveillance devices to be employed and the minimization procedures applying to each.

Some of the above information can be omitted when the target is a foreign power.

Within the FBI, the process of applying for a court order under FISA is as exacting and subject to review as under Title III. The main differences are that under FISA, the FBI Intelligence Division is involved rather than the Criminal Investigative Division, the DOJ Office of Intelligence Policy and Review (OIPR) is involved rather than either the US Attorney's Office or the DOJ Criminal Division, and the application is approved by the Attorney General (or Acting Attorney General) rather than by a lower DOJ official.

3.2 Issuance of a Court Order
Before a judge can approve an application, the judge must determine that the authorizations are valid; that there is probable cause to believe that the target of the electronic surveillance is a foreign power or agent of a foreign power and that the facilities or places where the surveillance is be directed will be used by the same; and that the proposed minimization procedures meet the requirements set forth in the law. If the judge approves the application, an order is issued specifying the relevant information from the application and directing the communication carrier, landlord, custodian, or other specified person to furnish all necessary information, facilities, and technical assistance and to properly maintain under security procedures any records relating to the surveillance.

3.3 Emergencies
In an emergency situation, the Attorney General or designee can authorize the use of electronic surveillance provided the judge is notified at the time and an application is made to the judge within 24 hours. If such application is not obtained, then the judge notifies any US persons named in the application or subject to the surveillance, though such notification can be postponed or forgone upon showing of good cause.

3.4 Use of Intercepted Communications as Evidence
Like Title III, FISA places strict controls on what information can be acquired through electronic surveillance and how such information can be used. No information can be disclosed for law enforcement purposes except with the proviso that it may only be used in a criminal proceedings under advance authorization from the Attorney General. If the government intends to use such information in court, then the aggrieved person must be notified in advance. The person may move to suppress the evidence.

3.5 Reports
Each year, the Attorney General must give the Administrative Office of the United States Courts (AO) a report of the number of FISA applications and the number of orders and extensions granted, modified, or denied. In 1992, there were 484 orders. Since 1979, there has been an average of a little over 500 FISA orders per year.

Because intercepts conducted under FISA are classified, detailed information analogous to that required under Title III is not reported to the AO, nor made available to the public. However, records of Attorney General certifications, applications, and orders granted must be held for at least 10 years, and the Attorney General must inform two Congressional oversight committees of all surveillance activity on a semiannual basis. These committees are the House Permanent Select Committee on Intelligence and the Senate Select Committee on Intelligence.

Acknowledgements
We are grateful to Geoffrey Greiveldinger for many helpful suggestions on an earlier draft of this report.


SSL Certificates