Order Code RL31730
Report for Congress
Received through the CRS Web
Privacy: Total Information Awareness
Programs and Related Information Access,
Collection, and Protection Laws
Updated February 14, 2003
Gina Marie Stevens
Legislative Attorney
American Law Division
Congressional Research Service ˜ The Library of Congress
The author wishes to thank Attorneys Maureen Murphy and Charles Doyle of the
American Law Division for their substantial contributions to this report.
Privacy: Total Information Awareness Programs and
Related Information Access, Collection and Protection
Laws
Summary
This report describes the Total Information Awareness (TIA) programs in the
Defense Research Projects Agency (DARPA) of the Department of Defense, and
related information access, collection, and protection laws. TIA is a new technology
under development that plans to use data mining technologies to sift through personal
transactions in electronic data to find patterns and associations connected to terrorist
threats and activities. Data mining technologies are currently used by federal
agencies for various purposes. DARPA has underway a five year research project to
develop and integrate information technologies into a prototype system or systems
to identify foreign terrorists for use by the intelligence, counterintelligence, law
enforcement, and homeland security communities. Recent increased awareness about
the existence of the TIA project provoked expressions of concern about the potential
for the invasion of privacy of law-abiding citizens by the Government, and about the
direction of the project by John Poindexter, a central figure in the Iran-Contra affair.
While the law enforcement and intelligence communities argue that more
sophisticated information gathering techniques are essential to combat today’s
sophisticated terrorists, civil libertarians worry that the Government’s increased
capability to assemble information will result in increased and unchecked
government power, and the erosion of individual privacy. A coalition of public
interest groups has asked Congress to intervene.
Significant information policy and legal issues are raised by the government’s
TIA plans. Chief among them are privacy issues involving questions of access to,
and use and disclosure of personal information by the federal government. This
report describes current laws and safeguards to protect the privacy of personal
information, the required legal process for officials who seek access to information,
and the provisions currently in place that permit access and dissemination of
information for law enforcement, intelligence, and terrorism purposes. Federal laws
currently protect government, credit, communications, education, bank, cable, video,
motor vehicle, health, telecommunications, children’s, and financial information;
generally carve out exceptions for disclosure of personal information; and authorize
use of warrants, subpoenas, and court orders to obtain information.
Some Members of Congress seek additional Congressional oversight of TIA
programs. Legislation has been introduced in the 108th Congress regulating TIA
programs. On January 23, 2003 the Senate passed amendment S.Amdt. 59 to
H.J.Res. 2, the Omnibus Appropriations Act for Fiscal Year 2003, imposing
limitations on the unfolding Total Information Awareness programs, and requiring
a detailed report to Congress. On February 13, 2003, both the House and Senate
approved the Fiscal Year 2003 omnibus spending bill including, with slight
modifications, the language from S.Amdt. 59. For more information, see CRS
Congressional Distribution Memorandum on Funding for Total Information
Awareness programs by Amy Belasco. This report will be updated as warranted.
Contents
Total Information Awareness Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Data Mining . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Legal Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Federal Laws Governing Federal Government Access to Information . . . . . 4
Federal Government Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
The Privacy Act . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Education Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
The Family Educational Rights and Privacy Act of 1974 . . . . . . . 8
Telecommunications Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
The Cable Communications Policy Act of 1984 . . . . . . . . . . . . . . 9
The Video Privacy Protection Act of 1988 . . . . . . . . . . . . . . . . . . 9
Telecommunications Act of 1996 . . . . . . . . . . . . . . . . . . . . . . . . . 9
Health Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
The Health Insurance Portability and Accountability
Act of 1996 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Motor Vehicle Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Driver’s Privacy Protection Act of 1994 . . . . . . . . . . . . . . . . . . . 11
Communications and Communications Records . . . . . . . . . . . . . . . . . 11
Title III of the Omnibus Crime Control and Safe Streets
Act of 1968 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
The Foreign Intelligence Surveillance Act of 1978 . . . . . . . . . . . 12
The Electronic Communications Privacy Act of 1986 . . . . . . . . 12
The USA PATRIOT Act of 2001 . . . . . . . . . . . . . . . . . . . . . . . . 13
The Homeland Security Act of 2002 . . . . . . . . . . . . . . . . . . . . . . 13
Financial Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
The Fair Credit Reporting Act of 1970 . . . . . . . . . . . . . . . . . . . . 14
The Right to Financial Privacy Act of 1978 . . . . . . . . . . . . . . . . 15
The Gramm-Leach-Bliley Act of 1999 . . . . . . . . . . . . . . . . . . . . 15
Other Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Children’s Online Privacy Protection Act of 1998 . . . . . . . . . . . 15
Attorney General’s Guidelines on General Crimes,
Racketeering Enterprise and Domestic Security/Terrorism
Investigations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Miscellaneous Provisions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Legal Requirements for Warrants, Subpoenas, Court Orders,
and Requests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Congressional Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
List of Tables
Laws Relating to Federal Government Access to Personal
Financial Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Laws Relating to Federal Government Access to Information Pursuant to the
Fourth Amendment, the Federal Wiretap Statute, and the
Foreign Intelligence Surveillance Act . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Privacy: Total Information Awareness
Programs and Related Information Access,
Collection, and Protection Laws
Total Information Awareness Programs
The September 11th terrorist attacks increased government awareness of the
inadequacies of its information gathering techniques, its information technology, and
its information holdings. To remedy this situation various federal agencies are
addressing issues that may possibly have a direct bearing on the balance between the
government’s need for information and an individual’s expectation of privacy in their
information. This report describes the Total Information Awareness (TIA) programs
underway in the Department of Defense (DOD) which may develop prototype
research and development technologies for information gathering and analysis
capabilities that could be used by DOD and other agencies. It will then discuss
current laws and safeguards to protect the privacy of personal information, the
provisions currently in place that permit access and dissemination of information for
law enforcement, intelligence, and terrorism purposes, and the required legal process
for officials who seek access to information.
The TIA program is being developed by the Defense Advanced Research
Projects Agency (DARPA) of the Department of Defense in the Information
Awareness Office (IAO)1 as an experimental prototype system that integrates three
types of technologies — machine translation of languages; data search and pattern
recognition; and advanced collaborative and decision support.2 DARPA “aspires to
create the tools that would permit analysts to data-mine an indefinitely expandable
universe of databases” “to analyze, detect, classify and identify foreign terrorists –
and decipher their plans – and thereby enable the U.S. to take timely action to
successfully preempt and defeat terrorist acts.”3 The TIA system is designed to be
a tool in the war against terrorism that “would, among other things, help analysts
1 The Total Information Awareness program will integrate some or all of the R&D efforts
that are managed by the Information Awareness Office, including Project Genoa, Project
Genoa II, Genisys, Evidence Extraction and Link Discovery, Wargaming the Asymmetric
Environment, Translingual Information Detection, Extraction and Summarization, Human
Identification at a Distance, Bio-Surveillance, Communicator, and Babylon, as well as
possibly other R&D developed by DARPA, DOD, other federal agencies, and the private
sector See CRS Congressional Distribution Memorandum on Funding for Total Information
Awareness programs by Amy Belasco.
2 See Defense Advanced Research Projects Agency’s Information Awareness Office and
Total Information Awareness Project at [http://www.darpa.mil/iao/programs.htm].
3 [http://www.darpa.mil/iao/TIASystems.htm].
CRS-2
search randomly for indications of travel to risky areas, suspicious emails, odd fund
transfers and improbable medical activity, such as the treatments of anthrax sores.”4
The goal of the TIA program is “to create a counter-terrorism information system
that: (i) increases the information coverage . . . ; (ii) provides focused warnings
within an hour after a triggering event occurs or an evidence threshold is passed;
[and] (iii) can automatically cue analysts based on partial pattern matches and
analytical reasoning, and information sharing . . . .”5 DARPA’s five year research
project to develop and integrate information technologies into a prototype system for
use by the intelligence, counterintelligence and law enforcement communities intends
to exploit R&D efforts that have been underway for several years in DARPA and
elsewhere, as well as private sector data mining technology.6
DARPA envisions a database “of an unprecedented scale, [that] will most likely
be distributed, must be capable of being continuously updated, and must support both
autonomous and semi-automated analysis.”7 Extensive existing databases from both
private and public sector information holdings will be used to obtain transactional
and biometric data.8 Transactional data for the TIA database could include financial
(e.g., banks, credit cards, and money transmitters, casinos and brokerage firms),
educational, travel (e.g., airlines, rail, rental car), medical, veterinary, country entry,
place/event entry, transportation, housing, critical resources, government, and
communications (e.g., cell, landline, Internet) data. Biometric data for the database
could include face, finger prints, gait, and iris data.9 The TIA system could seek
access to databases to discover connections between “passports; visas; work permits;
driver’s license; credit card; airline tickets; rental cars; gun purchases; chemical
purchases – and events – such as arrest or suspicious activities and so forth.”10
Data Mining
A key component of the TIA program is the deployment of data mining
technologies to sift through data and transactions to find patterns and associations to
discover and track terrorists. The idea is that “if terrorist organizations are going to
plan and execute attacks against the United States, their people must engage in
transactions and they will leave signatures in this information space. . . .”11 TIA
plans to mine transaction data for terrorism-related indicators to uncover terrorists
4 Robert O’Harrow, U.S. Hopes to Check Computers Globally; System Would Be Used to
Hunt Terrorists, Washington Post A4 (Nov. 12, 2002).
5 [http://www.darpa.mil/body/NewsItems/pdf/DARPAfactfile.pdf].
6 [http://www.darpa.mil/iao/BAA02-08.pdf].
7 [http://www.darpa.mil/iao/TIASystems.htm].
8 [http://www.darpa.mil/iao/solicitations.htm].
9 See John Woodward, Jr., Rand Corporation, Superbowl Surveillance: Facing Up to
Biometrics (2001) available at [http://www.rand.org/publications/IP/IP209/IP209.pdf].
10 Solicitations, supra note 8.
11 [http://www.darpa.mil/DARPATech2002/presentations/iao_pdf/speeches/POINDEXT.
pdf].
CRS-3
plans or attacks. Data mining is the search for significant patterns and trends in large
databases using sophisticated statistical techniques and software.12 The widespread
use of computers, and the large amount of information maintained in databases
means that there exists a vast repository of information useful for antiterrorism
purposes. Today, “it is a rare person in the modern world who can avoid being listed
in numerous databases.”13 Data mining technologies facilitate the use of information.
Data mining technologies are currently used by federal agencies for various
purposes, and plans exist for considerable expansion of this technology. For
example, the Department of Justice is engaged in data mining projects that utilize
computer technology to analyze information to reveal patterns of behavior consistent
with terrorist activities. Utilizing law enforcement and intelligence information as
well as public source data, the Foreign Terrorist Tracking Task Force employs risk
modeling algorithms, link analysis, historic review of past patterns of behavior, and
other factors to distinguish persons who may pose a risk of terrorism from those who
do not.14 The Transportation Security Administration’s Computer- Assisted
Passenger Profiling System is widely employed by the airlines.15 The National
Strategy for Homeland Security includes several initiatives to integrate terrorist-
related information from the databases of all government agencies responsible for
homeland security. Under this initiative, the Department of Homeland Security,
Department of Justice, FBI, and numerous state and local law enforcement agencies
would have access to information analysis, using advanced data-mining techniques
to reveal patterns of criminal behavior and detain suspected terrorists before they
act.16 Additionally, on January 28, 2003 President Bush proposed to establish a new
Terrorism Threat and Integration Center to merge and analyze terrorist-related
information collected domestically and abroad.17
DOD recently announced plans to form an internal TIA oversight board to
establish policies and procedures for use of TIA within and outside of DoD, and to
establish an external federal advisory committee to advise the secretary of Defense
on policy and legal issues raised by TIA technologies.18
12 Carol Pickering, They’re Watching You: Data-Mining Firms Are Watching Your Every
Move - - and Predicting the Next One, Business 2.0 (Feb. 2000) at
[http://www.business2.com].
13 Whitfield Diffie and Susan Landau Diffie, Privacy on the line: the Politics of Wiretapping
and Encryption at119 (1998).
14 The White House Office of Homeland Security, The National Strategy for Homeland
Security at 39 (July 2002) at [http://www.whitehouse.gov/homeland/book/index.html].
15 Section 307 of the Federal Aviation Reauthorization Act of 1996 (P.L. 104-264, 110 Stat.
3253) directed FAA to assist airlines in developing a computer-assisted passenger profiling
system in conjunction with other security measures and technologies. See
[http://www.house.gov/transportation/aviation/02-27-02/02-27-02memo.html].
16 Supra note 14.
17 [http://www.whitehouse.gov/news/releases/2003/01/20030128-12.html].
18 Available at [http://www.defenselink.mil/news/Feb2003/t02072003_t0207atl.html].
CRS-4
Legal Issues
Government access to and mining of information on individuals held in a
multiplicity of databases, public and private, raises a plethora of issues – both legal
and policy. To what extent should the government be able to gather and mine
information about individuals to aid the war against terrorism?19 Should unrestricted
access to personal information be permitted? Should limitations, if any, be imposed
on the government’s access to information? In resolving these issues, the current
state of the law in this area may be consulted. The rest of this report describes
current laws and safeguards to protect the privacy of personal information, the
required legal process for officials who seek access to information, and the provisions
currently in place that permit access and dissemination of information for law
enforcement and intelligence gathering purposes. Following is a description of
selected information access, collection, and disclosure laws and regulations.
Federal Laws Governing Federal Government Access to
Information
Generally there are no blanket prohibitions on federal government access to
publicly available information (e.g., real property records, liens, mortgages, etc.).
Occasionally a statute will specifically authorize access to such data. The USA
PATRIOT Act, for example, in transforming the Treasury Department’s Financial
Crimes Enforcement Network (FinCEN) from an administratively established bureau
to one established by statute, specified that it was to provide government-wide
access to information collected under the anti-money laundering laws, records
maintained by other government offices, as well as privately and publicly held
information. Other government agencies have also availed themselves of computer
software products that provide access to a range of personal information. The FBI
reportedly purchases personal information from ChoicePoint Inc, a provider of
identification and credential verification services, for data analysis.20
As previously discussed the federal government seeks access to publicly and
privately held databases in order to build a centralized database to detect and deter
against terrorist threats and attacks. This section of the report describes existing legal
safeguards for the protection of personal information. It covers applicable federal
laws; a discussion of state laws is beyond its scope. In the United States there is no
19 The Markle Foundation Task Force on National Security in the Information Age recently
proposed guidelines to allow the effective use of information (including the use of data
mining technologies) in the war against terrorism while respecting individuals’ interests in
the use of private information. The Markle Foundation Task Force on National Security in
the Information, Protecting America’s Freedom in the Information Age at 32 - 34 (October
2002) at [http://www.markle.org/news/NSTF_Part_1.pdf].
20 Glenn R. Simpson, “Big Brother-in-Law: If the FBI Hopes to Get The Goods on You, It
May Ask ChoicePoint — U.S. Agencies’ Growing Use Of Outside Data Suppliers Raises
Privacy Concerns” Wall Street Journal, April 13, 2001 (The company “specialize[s] in
doing what the law discourages the government from doing on its own– culling, sorting and
packaging data on individuals from scores of sources, including credit bureaus, marketers
and regulatory agencies.”)
CRS-5
omnibus statute or constitutional provision that provides comprehensive legal
protection for the privacy of personal information, but rather an assortment of laws
regulate information deemed to be of sufficient importance to be afforded some level
of protection. The U.S. Constitution, federal statutes and regulations, and state law
combine to govern the collection, use, and disclosure of information. The
Constitution provides certain privacy protections, but does not explicitly protect
information privacy.21 Its protections extend only to the protection of the individual
against government intrusions, and its guarantees are not applicable unless “state
action” has taken place. In other words its guarantees extend to government
intrusions rather than private sector abuses. The Fourth Amendment search-and-
seizure provision protects a right of privacy by requiring warrants before government
may invade one’s internal space or by requiring that warrantless invasions be
reasonable.22 That amendment protects individual privacy against certain kinds of
governmental intrusion. The Supreme Court has interpreted this language as
imposing a warrant requirement on all searches and seizures predicated upon
governmental authority, and has ruled that violations of this standard will result in
the suppression in any criminal proceeding of any material or information derived
therefrom. The Court has also recognized exceptions to the warrant requirement.
Finally, an individual has no Fourth Amendment rights with respect to information
held by third parties.23
There is no comprehensive federal statute that protects the privacy of personal
information held by the public sector and the private sector. Instead federal law tends
to employ a sectoral approach to the regulation of personal information. Historically,
the individual’s privacy interests have been balanced with the government’s
information needs.24 Examples of this balancing of personal and governmental
interests can be found in the numerous privacy-related enactments of the past twenty-
five years. Federal laws protect government, credit, communications, education,
bank, cable, video, motor vehicle, health, telecommunications, children’s, and
financial information. These laws generally carve out exceptions for the disclosure
of personally identifiable information to law enforcement officials, and authorize
access to personal information through use of search warrants, subpoenas, and court
orders. Notice requirements vary according to statute.
Federal Government Information.
The Privacy Act. The Privacy Act of 1974, 5 U.S.C. § 552a, was
implemented to protect the privacy of individuals identified in information systems
maintained by federal executive branch agencies, and to control the collection, use,
and sharing of information. The Act restricts disclosure of personally identifiable
21 Whalen v. Roe, 429 U.S. 589 (1977).
22 “The right of the people to be secure in their persons, houses, papers, and effects, against
unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but
upon probable cause, supported by Oath or affirmation, and particularly describing the place
to be searched, and the persons or things to be seized.” U.S. Const. Amend. IV.
23 United States v. Miller, 425 U.S. 435 (1976).
24 Privacy Protection Study Commission, Personal Privacy in an Information Society (1977).
CRS-6
records maintained by agencies; grants individuals increased rights of access to
agency records maintained on themselves; grants individuals the right to seek
amendment of agency records maintained on themselves upon a showing that the
records are not accurate, relevant, timely or complete; and establishes a code of "fair
information practices" which requires agencies to comply with statutory norms for
collection, maintenance, and dissemination of records.
The general exemptions of the Privacy Act, which are agency and function-
oriented, permit the Central Intelligence Agency25 and federal criminal law
enforcement agencies to exempt certain systems of records from some of the Act’s
requirements.26 The general exemption for the CIA covers all of its files. The general
exemption for federal criminal law enforcement agencies covers identification
information, criminal investigative materials, and reports compiled between the
stages of arrest and release from criminal agency supervision. An agency which has
law enforcement, prosecution, or probation activities can use this general exemption.
In addition specific exemptions permit an agency to exempt a system of records from
specified Privacy Act requirements if the system of records is: national security
information which would be protected from mandatory disclosure by FOIA;27 law
enforcement material which falls outside the criminal law enforcement general
exemption; Secret Service files; Census material and other matter required by law to
be kept only as a statistical record; confidential sources of government background
investigation information; test materials of the civil service selection and promotion
process; and confidential evaluations of military and naval personnel.28
The general disclosure rule under the Privacy Act is that unless a statutory
exception applies, no federal executive branch agency shall disclose any record
which is contained in a system of records to any person or to another agency except
pursuant to a written request by, or with prior written consent of the individual to
whom the record pertains.29 Disclosure includes dissemination within the executive
branch from one agency to another or from one large segment of an agency to another
segment.30 This rule would appear to prohibit the sharing of personal information
collected by one agency with other agencies for purposes other than for which it was
originally collected. In reality, though, the Act’s many exemptions and exceptions
ease this prohibition. Many of the exceptions – as well as specific laws authorizing
25 32 CFR Part 109.
26 5 U.S.C. § 552a(j).
27 5 U.S.C. § 552(b)(1). Exemption 1 of the FOIA protects from disclosure national security
information concerning the national defense or foreign policy, provided that it has been
properly classified in accordance with the requirements of an executive order.
28 5 U.S.C. § 552a(k).
29 5 U.S.C. § 552a(b).
30 Office of Management and Budget, Guidelines for Implementing Section 552a of Title 5,
at 6 (1975).
CRS-7
sharing of records – permit an agency to disclose or share personal information with
other agencies.31
Several of the statutory exemptions are relevant to the information collection
and sharing activities of the Total Information Awareness system, and would appear
to authorize the disclosure of personal information in federal records systems without
the individual’s consent.32 The routine use exemption allows an agency to share,
without consent, an individual’s personal information with other agencies if that
sharing is listed as a routine use for that agency in the Federal Register and is
compatible with the purpose of the initial information gathering.33 The January 2003
publication by the Transportation Security Administration of a notice to amend the
“Aviation Security Screening Records” system of records illustrates how broadly
records can be disclosed pursuant to the routine use exemption, without the consent
of the subject of the record, for agency purposes.34 The exemption for civil and
31 5 U.S.C. § 552a(b).
32 See Sean Fogarty and Daniel R. Ortiz, “Limitations Upon Interagency Information
Sharing: The Privacy Act of 1974" in The Markle Foundation Task Force Report, National
Security in the Information Age at 127 - 132 (October 2002).
33 5 U.S.C. § 552a(b)(3). The OMB guidelines state that the “compatibility” concept
encompasses functionality equivalent uses, and other uses that are necessary and proper.
34 Records in the system include passenger name records (PNRs) and associated data;
reservation and manifest information of passenger carriers and, in the case of individuals
who are deemed to pose a possible risk to transportation security, record categories may
include: risk assessment reports; financial and transactional data; public source information;
proprietary data; and information from law enforcement and intelligence sources. Data are
retrievable by the name or other identifying information of the individual, such as flight
information. Information may be disclosed from this system as follows (routine uses of
records): (1) to appropriate Federal, State, territorial, tribal, local, international, or foreign
agencies responsible for investigating or prosecuting the violations of, or for enforcing or
implementing, a statute, rule, regulation, order, or license, . . . . (2) to contractors, grantees,
experts, consultants, agents and other non-Federal employees performing or working on a
contract, service, grant, cooperative agreement, or other assignment from the Federal
government for the purpose of providing consulting, data processing, clerical, or other
functions to assist TSA . . . . (3) to Federal, State, territorial, tribal, and local law
enforcement and regulatory agencies--foreign, international, and domestic--in response to
queries regarding persons who may pose a risk to transportation or national security; a risk
of air piracy or terrorism or a threat to airline or passenger safety; or a threat to aviation
safety, civil aviation, or national security. (4) to individuals and organizations, in the course
of enforcement efforts, to the extent necessary to elicit information pertinent to the
investigation, prosecution, or enforcement of civil or criminal statutes, rules, regulations or
orders regarding persons who may pose a risk to transportation or national security; a risk
of air piracy or terrorism or a threat to airline or passenger safety; or a threat to aviation
safety, civil aviation, or national security. (5) to a Federal, State, or local agency, where such
agency has requested information relevant or necessary for the hiring or retention of an
individual, or issuance of a security clearance, license, contract, grant, or other benefit. (6)
to the news media . . . . (7) to the Department of State, or other Federal agencies concerned
with visas and immigration, and to agencies in the Intelligence Community, to further those
agencies' efforts with respect to persons who may pose a risk to transportation or national
security; a risk of air piracy or terrorism or a threat to airline or passenger safety; or a threat
(continued...)
CRS-8
criminal law enforcement activities permits the disclosure of personal information
for legally authorized activities.35 This exemption would allow the disclosure of
information to an intelligence agency for the prevention of terrorist acts. The
exemption for foreign counterintelligence in the Computer Matching and Privacy
Protection Act of 1988,36 which amended the Privacy Act, legitimizes information
sharing through data matching among agencies for national security purposes.37
Agencies are required to make reasonable efforts to serve notice on an
individual when any record on such individual is made available to any person under
compulsory legal process when such process becomes a matter of public record.
Education Information.
The Family Educational Rights and Privacy Act of 1974. FERPA
governs access to and disclosure of personally identifiable information in educational
records held by federally funded educational institutions and agencies.38 Disclosure
requires prior consent of the student’s parents unless done pursuant to federal grand
jury subpoena, administrative subpoena, or court order for law enforcement purposes.
Upon good cause shown, the court shall order that the existence or contents of a
subpoena or the information furnished not be disclosed. The USA PATRIOT Act of
2001 amended FERPA to authorize the Justice Department to obtain a court order to
collect education records relevant to a terrorism-related offense or an act of domestic
or international terrorism.39 The order can only be issued if a court finds that the
records are relevant to a terrorism investigation. The amendment also protects
educational institutions from liability for complying with such order.
34 (...continued)
to aviation safety, civil aviation, or national security. (8) to international and foreign
governmental authorities in accordance with law and . . international agreements. (9) in
proceedings before any court, administrative, adjudicative, or tribunal body before which
TSA appears, . . . provided, however, that in each case, TSA determines that disclosure of
the records in the proceeding is a use of the information contained in the records that is
compatible with the purpose for which the records were collected. (10) to airports and
aircraft operators . . .. (11) to the National Archives and Records Administration . . . . 68
Fed. Reg. 2101 (Jan. 15, 2003).
35 5 U.S.C. § 552a(b)(7).
36 P.L. 100-503, 5 U.S.C. § 552a note.
37 5 U.S.C. 552a(a)(8)(B)(vi).
38 20 U.S.C. § 1232g. See CRS Report RL31482, The Family Educational Rights and
Privacy Act of 1974: Recent Developments in the Law.
39 P.L. 107-56, 20 U.S.C. § 1232g(j). See CRS Report RL31377: The USA PATRIOT Act:
A Legal Analysis.
CRS-9
Telecommunications Information.
The Cable Communications Policy Act of 1984. Limits the disclosure
of cable television subscriber names, addresses, and utilization information.40 Cable
companies are prohibited from disclosing personally identifiable information
concerning a cable subscriber to the government except pursuant to a court order.
The order can only be issued if a court finds clear and convincing evidence that the
customer was suspected of engaging in a crime and that the information sought was
material evidence in the case; and the subject was afforded the opportunity to appear
and contest the government’s claim. The USA PATRIOT Act of 2001 amended the
Cable Act’s privacy provision to clarify that it applies only to information about a
customer’s cable TV service, but not to information about a customer who receives
Internet or telephone service from a cable provider. When the government is
requesting information about a customer receiving Internet or telephone service from
a cable provider, the federal electronic surveillance statutes apply.
The Video Privacy Protection Act of 1988. Regulates the treatment of
personally identifiable information collected in connection with video sales and
rentals.41 The Act prohibits videotape service providers from disclosing their
customers’ names, addresses, and specific videotapes rented or purchased except
pursuant to customer consent, or pursuant to a federal or state search warrant, grand
jury subpoena, or court order issued to a law enforcement agency. The order can only
be issued if a court finds that there is probable cause to believe that the records or
other information sought are relevant to a legitimate law enforcement inquiry.
Issuance of court orders requires prior notice to the customer. A court may quash or
modify such order if the information or records requested are unreasonably
voluminous or if compliance would cause an unreasonable burden on the provider.
Telecommunications Act of 1996. Limits the use and disclosure of
customer proprietary network information (CPNI) by telecommunications service
providers.42 The statute does not include specific provisions for the disclosure of
CPNI to law enforcement or government officials. Except as required by law or with
customer consent, a telecommunications carrier must only use, disclose, or permit
access to individually identifiable customer proprietary network information in
providing the telecommunications service. Upon customer request, a
telecommunications carrier may disclose that customer’s proprietary network
information to any person designated by the customer. Customer proprietary network
information is information that relates to the quantity, technical configuration, type,
destination, and amount of use of a telecommunications service subscribed to by any
customer of a telecommunications carrier, and that is made available to the carrier
by the customer solely by virtue of the carrier-customer relationship, and includes
information contained in the bills pertaining to telephone exchange service or
telephone toll service, but does not include subscriber list information.
40 47 U.S.C. § 551.
41 18 U.S.C. § 2710.
42 47 U.S.C. § 222. See CRS Report RL30671, Personal Privacy Protection: The
Legislative Response.
CRS-10
Health Information.
The Health Insurance Portability and Accountability Act of 1996.
HIPAA required publication of a medical privacy rule by the Department of Health
and Human Services (HHS) in the absence of a congressional enactment.43 The final
privacy rule, “Standards for the Privacy of Individually Identifiable Health
Information,” was published in December 2000 and modified in August 2002.44
Enforcement of the rule goes into effect for the majority of covered entities April
2003. The rule establishes privacy protections for individually identifiable health
information held by health care providers, health care plans, and health care
clearinghouses. It establishes a series of regulatory permissions for uses and
disclosures of individually identifiable health information.45 Individually identifiable
health information is health information created or received by a covered entity
(health care provider, health plan, or health care clearinghouse) that relates to past,
present, or future physical or mental health or a condition of an individual; the
provision of health care to an individual; or the past, present, or future payment for
the provision of health care to an individual; and identifies the individual or there is
a reasonable basis to believe that the information can be used to identify the
individual. The rule excludes education records covered by FERPA, and
employment records held by a covered entity in its role as employer.
The medical privacy rule establishes new procedures and safeguards to restrict
the circumstances under which a covered entity may give such information to law
enforcement officers. For example, the rule limits the type of information that
covered entities may disclose to law enforcement, absent a warrant or other prior
process, when law enforcement is seeking to identify or locate a suspect. It
specifically prohibits disclosure of DNA information for this purpose, absent some
other legal requirements such as a warrant. Where state law imposes additional
restrictions on disclosure of health information to law enforcement, those state laws
continue to apply. This rule sets a national floor of legal protections. In those
circumstances when disclosure to law enforcement is permitted by the rule, the
privacy rule does not require covered entities to disclose any information. In the
event that some other federal or state law requires a disclosure, the privacy rule does
not interfere with the operation of those other laws. However, unless the disclosure
is required by some other law, covered entities are to use their professional judgment
to decide whether to disclose information.
For law enforcement purposes the rule permits disclosure without consent or
authorization pursuant to process, and as otherwise required by law.46 A covered
entity may disclose protected health information as required by law;47 or in
43 P.L. 104-191 § 264, 42 U.S.C. 1320d note.
44 Standards for the Privacy of Individually Identifiable Health Inforamtion,45 CFR Parts
160 and 164 at [http://www.hhs.gov/ocr/combinedregtext.pdf].
45 See CRS Report RS20934, A Brief Summary of the Medical Privacy Rule.
46 45 CFR § 164.512(f).
47 Required by law means a mandate contained in law that compels a covered entity to make
(continued...)
CRS-11
compliance with the requirements of (i) a court order or court-ordered warrant, a
judicial subpoena or summons, (ii) a grand jury subpoena, or (iii) an administrative
request, including an administrative subpoena or summons, a civil or authorized
investigative demand, or similar process authorized under law, provided that the
information sought is relevant and material to a legitimate law enforcement inquiry;
the request is specific and limited in scope; and de-identified information could not
reasonably be used. Covered entities are also permitted to disclose protected health
information in the course of judicial and administrative proceedings, and limited
information for identification purposes. They are also permitted to disclose
information to a law enforcement official about an individual who has died if there
is reason to believe the death may have resulted form criminal conduct. A covered
entity may disclose protected health information to authorized federal officials for the
conduct of lawful intelligence, counter-intelligence, and other national security
activities authorized by the National Security Act and implementing authority.48
Motor Vehicle Information.
Driver’s Privacy Protection Act of 1994. Regulates the use and disclosure
of personal information from state motor vehicle records.49 Personal information is
defined as information that identifies an individual, including an individual's
photograph, Social Security number, driver identification number, name, address,
telephone number, and medical or disability information, but does not include
information on vehicular accidents, driving violations, and driver's status. Personal
information contained in a motor vehicle record may be disclosed for use by any
government agency, including any court or law enforcement agency, in carrying out
its functions, or to any private person or entity acting on behalf of a Federal, State,
or local agency; and for use in connection with any civil, criminal, administrative, or
arbitral proceeding in any Federal, State, or local court or agency or before any self-
regulatory body, or pursuant to a Federal, State, or local court order.
Communications and Communications Records.
Title III of the Omnibus Crime Control and Safe Streets Act of 1968.
The federal wiretapping and electronic eavesdropping statute permits federal and
state law enforcement officers to use wiretapping and electronic eavesdropping under
strict limitations.50 18 U.S.C. 2510 et seq. The federal and state courts may issue
interception orders upon applications approved by senior Justice Department or state
prosecutors. The applications must demonstrate probable cause to believe that the
proposed interceptions will result in the capture of evidence of one or more of
statutorily designated crimes. The orders are crafted to minimize the capture of
innocent conversations. Officers may share information secured under the orders
47 (...continued)
a use or disclosure or protected health information an that is enforceable in a court of law.
48 45 CFR § 164.512(k).
49 18 U.S.C. § 2721.
50 See CRS Report 98-326, Privacy: An Overview of Federal Statutes Governing
Wiretapping and Electronic Eavesdropping.
CRS-12
with other law enforcement or with intelligence officials in connection with the
performance of their official duties. Senior Justice Department and state prosecutors
may authorize emergency interceptions for 48 hours while an application for a court
order is being prepared and presented. Unless postponed by the court for cause, the
targets and anyone whose conversations have been captured are entitled to
notification within 90 days of the expiration of the order. There are criminal, civil,
and administrative sanctions for illegal interception, and evidence secured through
an unlawful interception may be declared inadmissible in subsequent judicial or
administrative proceedings. See table on “Laws Relating to Federal Government
Access to Information Pursuant to the Fourth Amendment, the Federal Wiretap
Statute, and the Foreign Intelligence Surveillance Act.”
The Foreign Intelligence Surveillance Act of 1978. FISA governs the
use of wiretapping to collect “foreign intelligence” which is defined as “information
relating to the capabilities, intentions, or activities of foreign governments or
elements thereof, foreign organizations, or foreign persons, or international terrorist
activities.”51 50 U.S.C. §§ 1861 et seq. The eleven judges of a special court, whose
members are assigned from the federal bench, may authorize surveillance upon
applications approved by the Attorney General asserting probable cause to belief that
the effort will yield foreign intelligence. FISA court surveillance orders are crafted
to minimize the capture of conversations not related to foreign intelligence. Officers
may share the results with law enforcement officials for the performance of their
duties. The Attorney General may authorize emergency surveillance for 72 hours
while a FISA order is being secured. The President may authorize surveillance
without a court order during time of war or for communications between or among
foreign powers. If the government intends to use the results as evidence in judicial
proceedings it must inform the parties to the intercepted conversations. Challenges
to the legality of the surveillance may be considered ex parte upon petition of the
Attorney General. Unlawful surveillance is subject to criminal, civil, and
administrative sanctions, and evidence illegally secured may be suppressed.
FISA also empowered judges of the FISA court to issue physical search orders
under limitations similar to FISA surveillance orders. In foreign intelligence cases,
FISA likewise tracks the procedure used in criminal cases for the installation and use
of pen register and trap and trace devices under court order. Finally, it called for
FISA orders for the production of tangible items in foreign intelligence and
international terrorism investigations. See table on “Laws Relating to Federal
Government Access to Information Pursuant to the Fourth Amendment, the Federal
Wiretap Statute, and the Foreign Intelligence Surveillance Act.”
The Electronic Communications Privacy Act of 1986. ECPA amended
and augmented Title III. It regulates government access to ongoing and stored wire
and electronic communications (such as voice mail or electronic mail), transactional
records access, and the use of pen registers, and trap and trace devices.52 After its
51 See CRS Report RL30465, The Foreign Intelligence Surveillance Act: An Overview of the
Statutory Framework.
52 18 U.S.C. §§ 2510 et seq. See CRS Report 98-326, Privacy: An Overview of Federal
(continued...)
CRS-13
modifications the surreptitious capture of e-mails and other electronic
communications in transit enjoy the coverage of Title III and may be accomplished
under a Title III court order. When voice mail, e-mails and other electronic
communications have been in storage for less than 180 days, they can be seized under
a search warrant based on probable cause. Those in storage for 180 days or more can
be secured under a court order upon a showing of relevancy and materiality, under
a subpoena, or under a search warrant.
ECPA also authorized court orders for the installation and use of pen registers
as well as trap and trace devices, which identify source and address of
communications, but not the contents of the conversation. These orders may be
issued on the basis of relevancy to a criminal investigation and their results need not
be disclosed to the individuals whose communications are their targets. Perhaps
because in the case of Internet communications header information is more revealing
than the mere identification of source and addressee telephone numbers, results of
such orders must be reported to the issuing court under seal.
Finally, ECPA established a procedure for government access to the customer
records of telephone company or other communications service providers. Here too,
access may be had by search warrant, subpoena, or court order (on a showing of
relevancy). See “Laws Relating to Federal Government Access to Information
Pursuant to the Fourth Amendment, the Federal Wiretap Statute, and the Foreign
Intelligence Surveillance Act.”
The USA PATRIOT Act of 2001. The Act substantively amended Title III
of the Omnibus Crime Control and Safe Streets Act, the Electronic Communications
Privacy Act, and the Foreign Intelligence Surveillance Act of 1978.53 The USA
PATRIOT Act authorized the disclosure of wiretap and grand jury information to
“any federal, law enforcement, intelligence, protective, immigration, national
defense, or national security official” for the performance of his duties.54 It permitted
use of FISA surveillance orders when foreign intelligence gathering is “a significant”
reason for the order rather than “the” reason. It brought e-mail and other forms of
electronic communications within the pen register and trap and trace procedures
under both ECPA and FISA. Finally, it authorized FISA orders for access to any
tangible item rather than only business records held by lodging, car rental, and locker
rental businesses. See table on “Laws Relating to Federal Government Access to
Information Pursuant to the Fourth Amendment, the Federal Wiretap Statute, and the
Foreign Intelligence Surveillance Act.”
The Homeland Security Act of 2002. The Act amended Title III of the
Omnibus Crime Control and Safe Streets Act, the Electronic Communications
52 (...continued)
Statutes Governing Wiretapping and Electronic Eavesdropping.
53 P.L. 107-56. See CRS Report 98-326, Privacy: An Overview of Federal Statutes
Governing Wiretapping and Electronic Eavesdropping.
54 P.L. 107-56, § 202.
CRS-14
Privacy Act, and the Foreign Intelligence Surveillance Act of 197855 to authorize
sharing the results of the federal government’s information gathering efforts under
those statutes with relevant foreign, state and local officials. See table on “Laws
Relating to Federal Government Access to Information Pursuant to the Fourth
Amendment, the Federal Wiretap Statute, and the Foreign Intelligence Surveillance
Act.”
Financial Information.
This section provides a description of the Fair Credit Reporting Act, the Right
to Financial Privacy Act, and the Gramm-Leach-Bliley Act. The table appended to
this report on “Laws Relating to Federal Government Access to Personal Financial
Information” also includes the Bank Secrecy Act of 1970, the U.S.A. Patriot Act
provisions related to the Financial Crimes Enforcement Network (FinCEN), and
relevant provisions of the Tax Reform Act of 1976.
The Fair Credit Reporting Act of 1970. FCRA sets forth rights for
individuals and responsibilities for consumer “credit reporting agencies” in
connection with the preparation and dissemination of personal information in a
consumer report. Under the FCRA, consumer reporting agencies are prohibited from
disclosing consumer reports to anyone who does not have a permissible purpose.56
FCRA covers information gathered by consumer reporting agencies on consumers
to evaluate qualifications for credit, employment, insurance, and other transactions;
covered information may include identifying (name, address, employer and former
address and employer), credit (transactions, etc.), and public record information as
well as information on entities seeking credit reports on the consumer. A limited
amount of identifying information from a credit bureau’s file on a consumer (i.e.,
“header information” – name, address, employment and previous address) may be
disclosed upon request. No notice is required. Consumer reports and any other
information in a consumer’s file can be disclosed pursuant to a court order or grand
jury subpoena; or in connection with the application for a license or for determining
eligibility for a government benefit or license. The FBI, for foreign
counterintelligence investigative purposes, may obtain names and addresses of
financial institutions at which consumers maintain or have maintained accounts,
provided the request is signed by an appropriate official who has certified that the
investigation is not conducted solely on the basis of activity protected under the First
Amendment. The USA PATRIOT Act amended the FCRA to authorize the
disclosure of consumer reports and any other information in a consumer’s file upon
request in writing from any government agency authorized to conduct international
terrorism investigations, or intelligence or counterintelligence activities related
thereto, stating that such information is necessary for the agency’s conduct of that
activity and signed by an appropriate supervisor. No notice is required. See table on
“Laws Relating to Federal Government Access to Personal Financial Information.”
55 P.L. 107-296. See CRS Electronic Briefing Book, Terrorism – Wiretapping Authority.
56 15 U.S.C. § 1681 et seq. See CRS Report RL31666, Fair Credit Reporting Act: Rights
and Responsibilities.
CRS-15
The Right to Financial Privacy Act of 1978. The RFPA was enacted in
response to the 1976 decision of the Supreme Court in United States v. Miller,57
which ruled that individuals have no Fourth Amendment “expectation of privacy” in
records maintained by their banks. The RFPA sets forth procedures for the federal
government’s access to financial institution customer records.58 RFPA covers the
records of individuals who are customers of banks, thrifts, credit unions, credit card
issuers, and consumer finance companies. The Act requires the government to
present administrative subpoenas or summons based upon reason to believe the
information is relevant to a legitimate law enforcement inquiry. In criminal
investigations, judicial search warrants based on probable cause must be obtained.
Notice to the customer is required except upon issuance of a court order finding the
existence of certain exigent circumstances. However, these restrictions do not apply
to foreign intelligence activities and investigations related to international terrorism.59
See “Laws Relating to Federal Government Access to Personal Financial
Information.”
The Gramm-Leach-Bliley Act of 1999. Requires financial institutions to
disclose their privacy policies to their customers.60 Title V of the Act regulates non-
publically available personally identifiable customer (or applicant) information held
by “financial institutions,” a term that is broadly defined to include anyone in the
business of providing services that are financial in nature, including banking,
securities, insurance, accounting, tax preparation, asset management, real estate
leasing and settlement services. GLBA provides exceptions for law enforcement to
the law’s general prohibition against “financial institution” sharing of personally
identifiable customer information with non-affiliated third parties. Exceptions permit
sharing of such information in response to judicial process; as permitted or required
under other provisions of law, and in accordance with the Right to Financial Privacy
Act; and to provide information to law enforcement agencies, or for an investigation
on a matter of public safety. No notice of disclosure to the customer is necessary,
except as required pursuant to other law. See table on “Laws Relating to Federal
Government Access to Personal Financial Information.”
Other Information.
Children’s Online Privacy Protection Act of 1998. Requires website
operators and online service providers to obtain parental consent to collect a child’s
personal information, and requires sites collecting information from children to
disclose how they plan to use the data.61 Parental consent is not required for the
operator of such a website or online service to collect, use, or disclose such
information to respond to judicial process; or to provide information, to the extent
57 425 U.S. 435 (1976).
58 12 U.S.C. § 3401 et seq. See CRS Report RS20185, Privacy Protection for Customer
Financial Information.
59 12 U.S.C. § 3414.
60 P.L. No. 106-202, 113 Stat. 1338. See, CRS Report RS20185, Privacy Protection for
Customer Financial Information.
61 15 U.S.C. § 6501.
CRS-16
permitted under other laws, to law enforcement agencies or for an investigation on
a matter related to public safety.62
Attorney General’s Guidelines on General Crimes, Racketeering
Enterprise and Domestic Security/Terrorism Investigations. Revised
guidelines were issued by Attorney General Ashcroft in May 2002 which removed
prohibitions on the Federal Bureau of Investigation’s use of publicly-available
sources of information – e.g., libraries or the Internet– except as part of an
investigation. The 2002 guidelines authorize the FBI to engage in general topical
research, which includes conducting online searches and accessing online sites and
forums on the same terms and conditions as members of the public. This will allow
the FBI to examine public records, monitor the Internet, survey periodicals and
newspapers and commercial databases (like Google or Experian) – not incident to a
criminal investigation.63
Miscellaneous Provisions. Numerous federal statutes include provisions
that regulate the use and disclosure of certain types of information held by the
government. For example, the confidentiality and disclosure of tax returns and return
information is governed by section 6103 of the Internal Revenue Code,64 the
disclosure of Census data is governed, in part, by 13 U.S.C. § 9 which prohibits the
use, publication, or examination of any information collected by the Census Bureau,
other than for the statistical purpose for which the information was supplied; records
pertaining to the issuance or refusal of visas to enter the United States are governed
by 8 U.S.C. 1202(f); release of passport information in passport files is subject to the
provisions of the Freedom of Information Act and the Privacy Act, and handled in
accordance with the regulations in 22 CFR Part 171 and 172.
Legal Requirements for Warrants, Subpoenas, Court Orders,
and Requests
Federal statutes that limit access to records held by third parties often specify
the process that the federal government must use to gain access to these records.
While the TIA program appears to envision real-time access, if not concurrent access,
none of the means currently available to the government for accessing data appear to
afford such an open-ended virtual appropriation of databases, either public or private.
Leaving aside the question of whether there is sufficient authority for TIA’s
continuous monitoring of databases, what follows is a description of common tools
available to the government to gain access to information.
62 Children’s Online Privacy Protection Rule, 64 Fed. Reg. 59888 (Nov. 13, 1999) at
[http://www.ftc.gov/os/1999/9910/64fr59888.pdf]. See CRS Report RL31408 Internet
Privacy: Overview and Pending Legislation.
63 Department of Justice, Attorney General’s Guidelines on General Crimes, Racketeering
Enterprise and Domestic Security/Terrorism Investigations at VI(B). (May 2002).
Available at [http://www.usdoj.gov/olp/generalcrimes2.pdf].
64 26 U.S.C. § 6103.
CRS-17
Law enforcement officials who seek access to information in records held by
third-party custodians have several procedural alternatives that include warrants,
grand jury subpoenas, administrative subpoenas, court orders, written requests and
oral requests. The complexity of the legal requirements for obtaining warrants,
subpoenas, and court orders may be such that TIA would opt for other more
expedient avenues of access.65
The term “warrant” ordinarily refers to a court document, issued by a judge or
magistrate pursuant to the demands of the Fourth Amendment, upon the request of
a law enforcement officer and without affording other parties an opportunity to object
to the issuance or execution of the warrant. A search warrant authorizes a search for
evidence in connection with a criminal investigation. Officers seeking a warrant
must present sworn statements establishing probable cause to believe that the
requested search will result in the discovery of evidence of a crime.66 After the fact,
a property owner is entitled to notice that a search has occurred and to an inventory
of any property seized.67 Notice is limited to those who have a reasonable
expectation of privacy and under some circumstances this will not include records
concerning an individual in a third party’s computerized records whose claim to
confidentiality has been weakened by making them available to others.68
Grand jury subpoena – In the context of its investigation of potential
corruption or crime, usually at the request of the prosecuting attorney, the grand jury
will issue a subpoena duces tecum – if documents are requested – requiring the
record custodian’s appearance with the requested documents or records. When
subpoena duces tecum are served on record custodians, the government is usually
under no obligation to bring the subpoena to the attention of the subject, but the
custodian is usually free to do so.
Administrative subpoena – In the context of a civil investigation, an agency
pursuant to its statutory authority and in accordance with its rules, may issue a
request for information or production of documents, reasonably related to a matter
within the jurisdiction of the agency. Generally the subpoena may be challenged in
court based on lack of relevance, breadth, or lack of particularity. Often there is no
requirement that the subject of the records be notified of the government’s request.
Court orders – Generally, parties to litigation have the prerogative of seeking
the assistance of the court, through the issuance of an order to produce documents or
records or information, to facilitate the discovery process in litigation. In the context
of government access to the kinds of information that might be desired for TIA
programs two types pf specific court orders, the standards for which are outlined in
65 John Markoff and John Schwartz, Bush Administration to Propose System for Wide
Monitoring of Internet at A22, New York Times (Dec. 20, 2002).
66 “Probable cause” means “a fair probability that contraband or evidence of a crime will be
found in a particular place,” Illinois v. Gates, 462 U.S. 213, 238 (1983).
67 United States v. Ramirez, 523 U.S. 65 (1998).
68 Cf., United States v. Miller, 425 U.S. 435 (1976)(no customer expectation of privacy in
bank records).
CRS-18
statutes, are particularly relevant: (1) a court ordered electronic surveillance order
under the federal wiretap statute, and (2) a surveillance order under the Foreign
Intelligence Surveillance Act (FISA). The first may be issued by any federal court,
provided the statutory procedures are complied with, including approval by senior
federal officials. The second may only be issued by the FISA court. The suspicion
threshold varies according to the situation. For example, the federal wiretap statute
uses a “probable cause plus” standard,69 while the court order authorizing installation
of a pen register and trap and trace device calls for a finding that the “investigative
officer has certified to the court that the information likely to be obtained by such
installation and use is relevant to an ongoing criminal investigation.”70 The breadth
of access varies from statute to statute as well. Often, the standard of suspicion
required for issuance of the order coupled with the type of information sought will
define the range of access. In some instances, however, Congress has imposed
further limitations. Under the federal wiretap statute, for instance, the authority
under the court order terminates as soon as the objectives for which the order was
sought have been realized.71 As noted above, “court order” statutes sometimes limit
the manner in which officers may use or disclose such evidence. A few statutes
expect court orders to be issued following an adversarial hearing;72 in others the
subject of the records receives notice only after the fact;73 and in still others there are
special provisions for extended postponement of notice under some circumstances.74
The statute that creates the special court order procedure may indicate the grounds
and procedure, if any, under which the subject of a record may seek to bar law
enforcement access or use. Some may require prior notice.75 Where the order is
issued and access granted prior to notice, the subject may be limited to the exclusion
69 18 U.S.C. 2518(3)(the order may be issued “if the judge determines on the basis of the
facts submitted by the application that—(a) there is probable cause for belief that an
individual is committing, has committed, or is about to commit a particular offense
enumerated in [18 U.S.C. 2516]; (b) there is probable cause for belief that particular
communications concerning that offense will be obtained . . . (c) normal investigative
procedures have been tried and have failed or reasonably appear to be unlike to succeed if
tried or to be too dangerous; [and] (d) . . . there is probable cause for belief that the facilities
from which, or the place where the . . . communications are to be intercepted are being used,
or are about to be used, in connection with the commission of such offense . . .”).
70 18 U.S.C. 3123(a); see also, 18 U.S.C. 2703(d)(e-mail records may be disclosed pursuant
to a court order when the government “offers specific and articulable facts showing . . .
reasonable grounds to believe that the . . . records . . . are relevant and material to an
ongoing criminal investigation”).
71 18 U.S.C. 2518(5).
72 42 U.S.C. 290dd-2; 42 C.F.R. §2.64 (disclosure of substance abuse treatment records).
73 18 U.S.C. 2518(9)(d)(notice of wiretapping under the federal wiretap statute must be
given within 90 days of termination of the tap unless postponed by the court).
74 18 U.S.C. 2705 not only permits the court to delay notification of the subject whose e-mail
records have been disclosed to the government but empowers the court to forbid the e-mail
service provider from tipping off the subject.
75 42 C.F.R. §2.64 (substance abuse treatment records).
CRS-19
of evidence or civil remedies to the extent that the application, order, execution of
the order, or use of the information fail to meet the requirements of the statute.76
An oral or written request may procure access based on the consent of the
third party information custodian. Issuance of such a request would depend upon the
rules and procedures governing the operations of the agent making the request.
Congressional Response
The 108th Congress is likely to reexamine existing federal law in terms of
barriers to government access to information necessary to prevent and respond to acts
of terrorism; while at the same time insuring that information is maintained in a
manner that insures its most effective use, protects against its loss, against
inappropriate use or disclosure; ensures public and Congressional scrutiny as a form
of checks and balances; and otherwise guarantees individual privacy consistent with
the Constitution.
According to Senator Shelby of the Senate Intelligence Committee, “[h]ow
broadly it [TIA] will ultimately be used is a matter for policymakers to decide if and
when the program bears fruit.”77 On January 13, 2003 Senator Harkin requested that
the Defense Appropriations Subcommittee hold hearings on the Total Information
Awareness (TIA) project. On January 16, 2003, Senator Russ Feingold introduced
S. 188, the Data-mining Moratorium Act, which would limit the use of data mining
technology by the Defense Department and by the new Department of Homeland
Security without Congressional approval and appropriate civil liberties protections.
On January 23, 2003 the Senate passed amendment S.Amdt. 59 (introduced by
Senator Wyden) to H.J.Res. 2, the Omnibus Appropriations Act for Fiscal Year 2003,
imposing limitations on implementation of Total Information Awareness programs,
and requiring a detailed report to Congress. Both the House and Senate approved the
FY03 omnibus spending bill, H.J.Res. 2, on February 13, 2003. It includes in section
111, with slight modifications, the language from S.Amdt 59 regarding the
Department of Defense’s Total Information Awareness (TIA) program. The bill
allows the Administration, 90 days after the bill is enacted to submit a report to
Congress on the TIA program, instead of 60 days as proposed by the Senate. The
provision has also been modified to clarify that the TIA program may be deployed
in the United States to assist in the conduct of lawful U.S. foreign intelligence
activities against non-United States persons.
Section 111, Limitation on Use of Funds for Research and Development on
Total Information Awareness Program, of H. J. Res. 2 imposes limitations on the use
of funds for Total Information Awareness programs. It expresses the sense of
Congress that the program should not be used to develop technologies for use in
conducting intelligence activities or law enforcement activities against United States
76 E.g., the federal wiretap statute, 18 U.S.C. 2518(10)(suppression of evidence), 2520 (civil
damages).
77 September 11 and the Imperative of Reform in the U.S. Intelligence Community:
Additional Views of Senator Richard C. Shelby Vice Chairman, Senate Select Committee
on Intelligence at 42 (December 10, 2002), [http://intelligence.senate.gov/shelby.pdf].
CRS-20
persons without appropriate consultation with Congress, or without clear adherence
to principles to protect civil liberties and privacy. It reiterates the primary DOD focus
of the Defense Advanced Research Projects Agency. The amendment provides that
no funds appropriated or otherwise made available to the Department of Defense,
Defense Advanced Research Projects Agency, or to any other department, agency,
or element of the Federal Government may be obligated or expended on research and
development on the Total Information Awareness program unless a written report,
prepared by the Secretary of Defense, the Attorney General, and the Director of
Central Intelligence, is submitted to Congress within 90 days after passage of the
omnibus spending bill; or the President certifies to Congress in writing that
submission of the report to Congress within 90 days is not practicable, and that the
cessation of research and development on the Total Information Awareness program
would endanger the national security of the United States.
The report to Congress must include a detailed explanation for each project and
activity of the Total Information Awareness program – the actual and intended use
of funds; the schedule for proposed research and development; and target dates for
deployment. It must assess the likely efficacy of systems such as the Total
Information Awareness program; the likely impact of the implementation of the Total
Information Awareness program on privacy and civil liberties; and provide a list of
the laws and regulations that govern the information to be collected by the Total
Information Awareness program, and a description of any modifications required to
use the information in the manner proposed. The report must include the Attorney
General’s recommendations for practices, procedures, regulations, or legislation on
the deployment, implementation, or use of the Total Information Awareness program
to eliminate or minimize adverse affects on privacy and civil liberties.
The amendment prohibits the deployment, implementation, or transfer of the
TIA program or a component thereof to any department, agency, or element of the
federal government until the Secretary of Defense notifies Congress; and receives
from Congress specific authorization for the deployment and a specific appropriation
of funds. This limitation does not apply with respect to the deployment or
implementation of the Total Information Awareness program, or a component of
such program, in support of the lawful military operations of the United States
conducted outside the United States, and in support of lawful foreign intelligence
activities conducted wholly against non-United States persons.
Another issue that has arisen is whether the Homeland Security Act of 2002
authorizes TIA programs in the newly created Department of Homeland Security
(DHS). Although the Homeland Security Act does not expressly authorize Total
Information Awareness programs, Congress authorized $500 million for a DHS
entity with a name similar to DARPA, Homeland Security Advanced Research
Projects Agency (HSARPA). The new law also includes language that authorizes the
utilization of data mining and other advanced analytical tools by the new
department.78 Representative Armey, sponsor of the Homeland Security bill (H.R.
5005), remarked that “references in the bill to data-mining are intended solely to
authorize the use of advanced techniques to sift through existing intelligence data,
78 P.L. 107-296 §201(d)(14), 116 Stat. 2135, 2147.
CRS-21
not to open a new method of intruding into lawful, everyday transactions of
American citizens.”79
79 148 Cong. Rec. H9113 (Nov. 22, 2002).
inancial
t to F
h
ig
stances.
80
the existence of certain
otice Requirement
N
ct.
.
A
S
R
, such as the R
acy
ent circum
riv
No notice–except pursuant to other
law
P
Notice required–except upon court
order finding
exig
NA
t
of
h
ig
ate
st
u
e
er
itim
istribution of C
of
itted or
D
it sharing
isions of
ith the R
aw
.
islation’s
ainst
affiliated third
ct; and (3) to
A
atter of public
ited to a 3-
ant to a leg
ation–which m
acy
erican L
Process
ation to law
encies, or for an
m
ith non-
riv
e subpoena or
ent inquiry
ation: (1) in response to
udicial officer
ent to the leg
identifiable custom
ent ag
a j
ation w
ation on a m
er authoriz
.
ons–upon reason to believ
ation is relev
in the A
ides exceptions for law
inistrativ
, and in accordance w
inancial P
ide inform
estig
m
2
onth period.
2
eneral prohibition ag
Prov
enforcem
g
“financial institution” sharing
personally
inform
parties. Exceptions perm
such inform
judicial process; (2) as perm
required under other prov
law
to F
prov
enforcem
inv
safety
Adm
sum
inform
law enforcem
Custom
be specific and is lim
m
Search warrant upon probable cause
issued by
ttorney
ccess to Personal Financial Information
e A
CRS-
ativ
and
isl
rnment A
ices that
, Leg
e
anies.
one in the
serv
p
“financial
that is broadly
on Sought
er (or applicant)
ailable personally
s, thrifts, credit
“
“
iding
iduals who are
av
ices.
, tax preparation, asset
Informati
ent, real estate leasing
, securities, insurance,
ation held by
er finance com
em
ent serv
ers of bank
publically
ing
M. Maureen Murphy
anag
Non-
identifiable custom
inform
institutions,” a term
defined to include any
business of prov
are financial in nature, including
bank
accounting
m
settlem
Records of indiv
custom
unions, credit card issuers, and
consum
Relating to Federal Gov
liley
s
B
ct – 12
A
Law
each-
-L
acy
m
riv
is chart was prepared by
“
“
h
ram
et seq.
T80
Statutory Provision
inancial P
t to F
h
itle V of the G
ig
T
Act of 1999, 15 U.S.C. §§ 6801et
seq.
R
U.S.C. §§ 3401
otice Requirement
N
No notice.
No notice.
s
ree
ay
oney
m
m
ice
h deg
s, thrifts,
al
serv
ities reports
laws;
ailable
reasury
aintained of
federal, state,
inates the
av
e a “hig
inal, tax, or
elop anti-
es.
oney
inform
ation; records
zes this
encies; and other
ations or
.S.C. § 1829b.
be subpoenaed.
s. Bank
ay
Process
ram
n ag
of the T
lations to insure that
st dev
laundering
t analy
u
estig
u
inform
inv
s.” 12 U
prog
oney
aintained by
s such as hawalas); casinos
m
flow
and publicly
’s).
ation. I
ation and dissem
latory
u
st file suspicious activ
R
ately
3
e Secretary
ese records m
stitutions m
u
A
ainst financial crim
2
h
h
T
prescribe reg
adequate records are m
transactions that hav
of usefulness in crim
reg
proceeding
T
In
laundering
and credit unions; m
businesses (including
network
and card clubs; and securities firm
m
(S
FinCEN collects data reported under
the anti-
currency
and data m
local and foreig
priv
inform
inform
results and supports and fosters
federal and international efforts
ag
CRS-
,
n
or
ing
ers,
be
ence
ay
erg
es,
the
anies,
and
p
.
possible
ent
s, thrifts,
oney
terrorism
currency
ide data
ine em
potential
oney
ation to aid in
ated by
ited area and
w
m
that is defined
n
orders m
on Sought
ent, and foreig
reasury
ent-
ence initiativ
enting
anies, insurance
p
anies, m
eting
that threshold
, support
laundering
enforcem
p
ity
es, support intellig
ewelers, pawnbrok
businesses, and any
for a lim
ernm
ith inform
v
o
ice to identify
laws, determ
oney
Informati
transactions of “financial
of the T
and prev
to include bank
encies, loan com
itting
ations, identify
tiable instrum
anies, j
raph com
n transactions is $10,000;
raphic targ
o
p
el ag
inal activ
reshold for reporting
e.
estig
h
eog
iolations of the anti-
Reports and records of cash,
neg
currency
institutions,” a term
broadly
credit unions, securities dealers,
credit card com
com
trav
teleg
transm
other business desig
Secretary
T
foreig
g
issued lowering
considerably
tim
This is a g
access serv
crim
inv
v
laundering
trends in m
financial crim
or counter intellig
and furnish law
authorities w
detecting
r
f
ajo
Act,
d
III o
1959, and
itle
clude
ent
and
n
for the
s). T
t i
Ac
t, 31 U.S.C. §
Act of 1970, 12
5322 (the anti-
law
T
).
5322, and its m
IO
ents to this
Ac
N
E
R
T
authority
es Enforcem
IO
endm
rim
R
inC
Statutory Provision
Secrecy
ransactions Reporting
(F
n T
laundering
PAT
ork
ponent, the Currency
e Bank
islation.
h
oney
e USA PAT
arious am
etw
T
U.S.C. §§ 1829b and 1951-
31 U.S.C. 5311-
com
Foreig
31 U.S.C. §§ 5311-
m
th
v
leg
USA-
310. Statutory
Financial C
N
otice Requirement
N
o notice.
N
er
rand
ency
er or
ent benefit
ining
ernm
for the
v
o
to produce its
Process
ency
cause a consum
ission, as the
ay
m
ency
FTC v. Manager, Retail
for a g
ent ag
ag
ers pursuant to an ag
lete files on a consum
subpoena.
ibility
p
4
ry
connection with the application for
islation, m
2
rade Com
Upon request.
Pursuant to a court order or g
ju
In
a license or for determ
elig
or license.
One court has ruled that the Federal
T
enforcem
leg
reporting
com
consum
subpoena.
CRS-
inal
ation,”
ious
e,
ation from
other
er’s file.
ent to a
m
on Sought
.
ation–nam
ent and prev
m
ploy
es, and other crim
ency
ount of inform
inform
ploy
Informati
ent ag
.
er–i.e., “header inform
ing
er reports and any
ation in a consum
ity
ited am
ernm
v
o
financial crim
activ
Lim
credit bureau’s file on a
consum
identify
address, em
address and em
g
Consum
inform
.
.
er
.C
ing
.C
.S
er
.S
ers to
ation on
ct, 15 U
consum
er and form
ct, 15 U
A
A
ploy
er), credit
include identify
ell as inform
ay
ploy
credit reports on the
eporting
athered by
encies on consum
ing
eporting
Statutory Provision
et seq.
ag
ent, insurance, other
er.
.
redit R
ation g
m
ation as w
redit R
e, address, em
ploy
air C
form
aluate qualifications for credit,
air C
F
§§ 1681
In
reporting
ev
em
transactions; m
(nam
address and em
(transactions, etc.), and public record
inform
entities seek
consum
F
§ 1681v
st be
u
e the
period during
aiting
challeng
a w
ay
otice Requirement
N
ed by
ons in court.
m
otice is required and m
No notice.
N
follow
which the persons whose records are
requested m
sum
e
e
ation
ons.
m
ativ
any
ed to
an
es and
ided the
’s conduct
ence or
estig
ent.
from
ities related
protected
ed by
ency
n
ice sum
n
aintain or hav
appropriate
ity
endm
riting
authoriz
isor.
Process
ence inv
obtain nam
ers m
ed by
ency
ence activ
that such inform
and sig
ay
n
for the ag
ity
enue Serv
, 515 F. 2d 988 (D.C. Cir.
ent ag
I, for foreig
ation is not conducted solely
ations, or intellig
it Co.
B
estig
ernm
estig
5
ed
aintained accounts, prov
pon request in w
v
ternal Rev
2
o
Cr
1975).
The F
counterintellig
purposes, m
addresses of financial institutions at
which consum
m
request is sig
official who has certified that the
inv
on the basis of activ
under the First Am
U
g
conduct international terrorism
inv
counterintellig
thereto, stating
is necessary
of that activ
appropriate superv
In
CRS-
.,
iduals
er
other
er’s file.
on Sought
eepers, e.g
al entities that are held
encies, accountants, and
record k
Informati
er reports and any
ag
ation in a consum
party
ers, accountants, consum
financial institutions, and other
Consum
inform
Confidential records of indiv
and other leg
by
third-
lawy
reporting
credit card issuers.
,
T
ended
IO
R
ct, as
.
A
and Fiscal
ct of 1982, 26
A
eporting
the USA PAT
Act of 1976, as am
Statutory Provision
ax Equity
redit R
ended by
air C
ax Reform
the T
esponsibility
F
am
Act, 15 U.S.C. § 1681v
T
by
R
U.S.C. §§ 7602, 7609, and 7610.
ent
e
ure.
poraneous
ed in som
otice Requirem
elay
isclosure
N
Contem
notice of seiz
D
instances.
D
prohibited.
an
endment, the Federal
the
m
ing
ision of CRS.
81
v
t
c
w Di
purposes.
be eased under special
La
ay
upon probable cause.
terrorism
erican
eillance A
rocess
P
ents m
ed application specify
, Am
aw
istrate order for access, following
ent warrant, probable cause, and
ag
approv
ence or anti-
ublic L
endm
isor-
notice requirem
stances.
n intellig
6
erican P
superv
2
m
SA court or m
Judicial search warrant issued
Fourth Am
possibly
circum
FI
FBI
foreig
CRS-
list in A
or
tal
inal
.
ent
ation
ence
en
.S
ation to
m
rn
n
a U
idence of a
ve
ing
ities.
ccess to Information Pursuant to the Fourth A
ainst
ev
lv
g go
stances (crim
stances, etc.).
foreig
ence inform
o
le, Senior Specia
ing
e.
in
ing
y
) activ
o
Purpose for Access
ary
idence, inspections,
eek
Seek
crim
V
purposes and
circum
ev
border search, exig
circum
S
intellig
(not inv
person) or inform
protect ag
international terrorism
clandestine intellig
(spy
arles D
rnment A
h
e
).
s,
ect
C
book
et of the
ports
ents, and
Wiretap Statute, and the Foreign Intelligence Surv
ill protect
inal
“
overage
(i.e., one that
ent case law
C
ation and data in
ation) has
ate expectation
acy
ourth
as prepared by
ible
endm
s–including
form
ich the targ
estig
itim
h
ith F
m
In
w
search (i.e., the subj
of the crim
inv
leg
of priv
the courts w
because it com
w
A
Tang
item
records, docum
papers.
is chart w
h
ent:
ence
T
ct
81
Relating to Federal Gov
s
endm
“
tellig
n
n I
Law
eillance A
A), 50 U.S.C.
Applicable Law
reig
o
rv
S
u
Fourth Am
F
S
(FI
1861.
.
ent
e if
ines
a
in
tim
. intends
ide
ill use it.
interests do
idence
ent.
ent.
.S
ed prior to
ttorney
sical search, it
st prov
riev
ich it w
otice Requirem
eneral determ
u
g
h
.S. persons
N
U.S. persons whose
residences were
searched are
notified any
the A
G
that national
security
not require secrecy
If the U
to use ev
obtained from
phy
m
notification to the
ag
the proceeding
w
No statutory
requirem
No statutory
requirem
U
e
.
ay
ry
u
ating
f
in
ures
ed by
ize
inj
ed by
estig
inim
be used
on their
eneral for
ear.
of seiz
SA court to
ay
G
al and only
ed to m
ality
h this process m
tion approv
n
eg
the Attorney
the FI
ttorney
ent and owner of the
probable cause to believ
ed by
ts.
atters of U.S. persons and
h
sical search for up to 15
ent authorities inv
ade within 72 hours. I
al, results m
eted based solely
h the A
rocess
on procedures sent under seal
P
upon application approv
be issued by
General’s approv
ent rig
izati
n power or ag
ay
st be m
u
st be approv
e throug
.
enforcem
u
order a phy
not to targ
endm
inim
.
ay
e of declared war.
ect to standards desig
idence obtained throug
a threat of death or serious bodily
ay
ity
Am
General showing
intrusions into m
SA court approv
ing
st
; ev
ith law
orders m
court.
a tim
lv
A
et is a foreig
o
IS
its on duration of the order. L
ency
court order issued upon applica
7
inal activ
erg
with the Attorney
s during
A
2
SA court order issued
e President m
residential directiv
h
IS
FI
the Attorney
that targ
searched property
Process is subj
unnecessary
to lim
under this process is to be tested in an ex parte
proceeding
be shared w
crim
Em
General, which m
which application m
there is no FI
only
cases inv
U.S. persons m
exercise of 1
P
searches without a court order for up to one y
Certification of m
to the F
T
day
F
CRS-
e
ation,
be
ativ
n
ible or
s (no
itted).
s for
ence
s for
ence
e of war.
n
estig
ible or
ible or
tang
foreig
ence inform
tang
tang
foreig
ible item
ible item
n intellig
ible item
n intellig
ing
er needs to be sole
inal inv
ing
ing
ing
Purpose for Access
eek
easurable purpose with
eek
eek
eek
S
intellig
including
intang
long
purpose; need only
m
crim
purposes perm
S
intang
foreig
purposes.
S
intang
foreig
purposes in tim
S
ely
ation
exclusiv
overage
n powers.
C
unications using
sical searches.
sical searches
sical searches.
m
m
o
Phy
Phy
directed at inform
or property
of foreig
Phy
C
ence
ct of
ence
ct of
ence
ct of
ence
tellig
tellig
tellig
tellig
n
n
n
n
n I
n I
n I
n I
eillance A
1828.
eillance A
eillance A
Applicable Law
reig
rv
reig
rv
reig
rv
o
u
o
u
o
u
F
S
1978, 50 U.S.C.
1821-
F
S
1978, 50 U.S.C.
1822.
F
S
1978, 50 U.S.C.
1829.
Foreig
e
.
ent
tim
ines
a
in
. intends
ide
ill use it.
interests do
idence
ent.
ent.
.S
ed prior to
ttorney
ected to
eillance are
sical search, it
st prov
riev
ich it w
otice Requirem
eneral determ
u
g
h
N
subj
surv
notified at any
the A
G
that national
security
not require secrecy
If the U
to use ev
obtained from
phy
m
notification to the
ag
the proceeding
w
No statutory
requirem
No statutory
requirem
No notice required.
e
.
ry
u
s
f
in
ize
inj
ear.
inim
on their
be used
eneral for
of
h this process
SA court to
ay
G
al and only
ed to m
ality
n
eg
the Attorney
the FI
ttorney
ent.
ent authorities
unication.
m
probable cause to believ
ed by
ts.
atters of U.S. persons and
.
h
ade within 72 hours. I
al, results m
eted based solely
eillance for up to 15 day
ar.
h the A
rocess
ity
on procedures sent under seal
P
enforcem
be issued by
General’s approv
ent rig
izati
n power or ag
st be m
idence obtained throug
ay
u
e throug
to the com
inal activ
st be approv
endm
order surv
inim
; ev
ith law
u
not be targ
ay
ect to standards desig
a threat of death or serious bodily
ay
Am
ithout a court order for up to one y
General showing
intrusions into m
crim
SA court approv
st
orders m
ing
e of declared w
court.
lv
A
et is a foreig
o
ating
IS
its on duration of the order. L
ency
resident m
a tim
8
eillance under this process is to be tested in an ex
be shared w
erg
with the Attorney
eillance w
2
estig
ay
residential directiv
the Attorney
that targ
Process is subj
unnecessary
to lim
surv
parte proceeding
m
inv
Em
General, which m
which application m
there is no FI
only
cases inv
U.S. persons m
exercise of 1
The P
during
P
surv
Certification of m
to the F
Consent of one party
CRS-
e
ation
be
ativ
itted).
s for
ence
e of war.
s for
ence
estig
ible or
ible or
idence of a
er need to sole
ence inform
tang
tang
ev
ible item
n intellig
ible item
n intellig
inal inv
ing
ing
ing
e.
Purpose for Access
easurable purpose with
eek
eek
intellig
(no long
purpose; need only
m
crim
purposes perm
S
intang
foreig
purposes in tim
S
intang
foreig
purposes.
Seek
crim
or
ong
n powers
am
overage
C
ely
unications using
unications
m
m
wire or radio
ire or radio facilities.
ire or radio facilities.
w
Com
w
Com
exclusiv
between foreig
using
facilities.
Wire (phone), oral (face
to face), or electronic
).
ct of
ence
ct of
ence
ct of
III”
tellig
tellig
n
n
itle
n I
n I
eillance A
1810.
eillance A
eillance A
Applicable Law
rv
reig
rv
reig
rv
u
o
u
o
u
S
1978, 50 U.S.C.
1801-
F
S
1978, 50 U.S.C.
1811.
F
S
1978, 50 U.S.C.
1802.
18 U.S.C. 2510-
2522 (“T
ent
e
the
ithin 90
bar
bar
ing
ay
er under
ay
stances.
er under
stances.
ets of the
ersations hav
s after
eillance, unless
ent
ent
otice Requirem
arg
N
T
interception and
those whose
conv
been captured are
notified w
day
expiration of the
court order
authoriz
surv
the court postpones
notification for
cause.
Court m
notice to the
custom
exig
circum
Court m
notice to the
custom
exig
circum
f
ing
;
ize the
ersations.
s to use the
, trial, or
issible.
inim
ent or
ry
u
.
ance of their
the court to
ed m
n
ent seek
e proceeding
senior prosecutorial
rand j
ancy
ited list of predicate
enforcem
ed by
ernm
e related) conv
v
ed by
; or g
ade within 48 hours. I
obable cause.
obable cause; court order
torial authorities show
o
inistrativ
rocess
im
ith law
the perform
P
to a lim
be issu
al, results are inadm
st be approv
st be m
u
ateriality
s if the g
ay
u
eillance under this process is tested in
ect to standards desig
ich m
and m
udicial or adm
be shared w
h
senior prosecu
e subpoena upon relev
ay
orders m
ancy
of surv
ed by
ence authorities for
ency
9
ality
erg
inistrativ
2
idence m
Federal or state court order issued on application
approv
probable cause pertaining
offenses.
Process is subj
capture of unrelated (not cr
Leg
suppression hearing
resulted in a j
ev
intellig
duties.
Em
authorities, w
which applications m
there is no court approv
Search warrant issued upon pr
Search warrant issued upon pr
upon relev
adm
CRS-
idence of a
idence of a
idence of a
ev
ev
ev
ing
e.
ing
e.
ing
e.
Purpose for Access
Seek
crim
Seek
crim
Seek
crim
ice).
ice.
eillance
eillance
re than
o
overage
e less than 180
e m
C
s.
erbal) surv
ersations captured
unications content
unications content
achine or dev
erbal) surv
ersations captured
achine or dev
m
m
m
m
s.
(nonv
(conv
by
Wire (phone), oral (face
to face), or electronic
(nonv
(conv
by
Wire and electronic
com
in storag
day
Wire and electronic
com
in storag
180 day
.
to
to
III)
itle
unications
unications).
unications
unications).
m
m
m
m
Applicable Law
18 U.S.C. 2510-
2522 (T
18 U.S.C. 2701-
2711(relating
com
records and stored
com
18 U.S.C. 2701-
2711(relating
com
records and stored
com
ent
er
ision.
ay
ay
bar
encies is
ay
notice
ent.
prov
er under
stances.
ent
otice Requirem
cept for access
e court m
e court m
x
h
h
N
Court m
notice to the
custom
exig
circum
No notice;
disclosure outside
federal ag
forbidden.
E
based on custom
consent, no
statutory
requirem
T
forbid disclosure;
otherwise no
statutory
T
forbid disclosure,
;
the
ice
ry
ice
u
ister
ancy
ing
e
, trial, or
serv
st be
ry
u
u
ination.
puters.
.
approv
ered by
ay
rand j
ancy
ternet m
n
e cases, national
).
s on com
ice related or serv
ices on the basis of
discov
obable cause; court order
; or g
I officials certify
B
threat of serious inj
encies.
the I
ed crim
rocess
ritten request concerning
ing
officials m
P
ertently
ices on the basis of relev
lv
o
ent
aniz
ateriality
); w
senior F
e inadv
and m
to federal ag
e subpoena upon relev
er consent; for serv
fraud (records only
, or in org
ancy
ry
s (renewable).
installation and use (for 48 hours pending
u
eting
stice Departm
cy.
u
cases, or felonious attack
n
ark
ency
0
inistrativ
ider protection purposes;
ider (content only
3
erg
ister and/or trap and trace dev
isclosure only
idence of crim
SA court order for the installation and use of pen
Search warrant issued upon pr
upon relev
adm
Written request from
releva
D
With custom
prov
ev
prov
telem
Court order for the installation and use of pen reg
and/or trap and trace dev
for 60 day
The results in cases inv
reported to the court under seal after term
Senior J
em
application for a court order) in the face of threats of
serious inj
security
FI
reg
CRS-
or
n spy
ation
ation on
idence of a
idence of a
idence of a
or foreig
ev
inform
ations.
ev
ev
inform
ing
e.
ing
ant to international
ing
e.
ing
e.
ing
Purpose for Access
estig
eek
eek
Seek
crim
S
relev
terrorism
inv
Seek
crim
Seek
crim
S
international terrorism
ire
ire
overage
C
unications
unications
unications content
ation for w
unications.
ation for w
m
m
m
m
Wire and electronic
com
records.
Wire and electronic
com
records.
Wire and electronic
com
or records.
Source/address
inform
and electronic
com
Source/address
inform
to
ence
to
isters;
isters;
to
unications
unications).
unications
unications
unications).
m
m
m
m
m
Applicable Law
ices).
18 U.S.C. 2701-
2711(relating
com
records and stored
com
18 U.S.C. 2709
(relating
counterintellig
access to
com
records.
18 U.S.C. 2701-
2711(relating
com
records and stored
com
18 U.S.C. 3121-
3127 (pen reg
trap and trace
dev
50 U.S.C. 1841-
1846 (pen reg
ent
d
st be
u
ieve
ent intends
ent.
ggr
ernm
otice Requirem
t a
v
idence.
N
u
o
b
persons m
notified if the
g
to use the results as
ev
No statutory
requirem
s
inal
ize
;
on their
crim
inim
be shared
ency
the application
of this
ay
ating
erg
ed to m
ality
n
eg
estig
e em
ice for up to 15 day
ts.
able).
eted based solely
h
aters of U.S. persons and
ities inv
ar.
rocess
approv
P
ay
h this process m
ent rig
s (renew
not to targ
endm
ent author
order installation and use of a pen
ay
ay
ect to standards desig
General m
Amst
intrusions into m
e of declared w
for 90 day
enforcem
.
a tim
ancy
its on duration of the order. L
ity
1
3
e Attorney
e President m
ister and/or a trap and trace dev
h
idence obtained throug
ith law
h
relev
T
installation and use (for 48 hours pending
for a court order).
U.S. persons m
exercise of 1
Process is subj
unnecessary
to lim
process is to be tested in an ex parte proceeding
ev
w
activ
T
reg
during
CRS-
n spy
ities.
ation
activ
or foreig
inform
ations.
n spy
ing
ant to international
Purpose for Access
estig
eek
foreig
S
relev
terrorism
inv
ire
overage
C
unications.
ation for w
unications.
m
m
and electronic
com
Source/address
inform
and electronic
com
ence
ct of
tellig
n
n I
eillance A
Applicable Law
ices).
reig
rv
o
u
trap and trace
dev
F
S
1978, 50 U.S.C.
1845.