Police blotter: Judge questions Patriot Act bugs

What: Federal prosecutors at the U.S. Justice Department asked a Massachusetts court to approve a specialized Patriot Act wiretap directed at an Internet service provider.

When: U.S. Magistrate Judge Robert B. Collings ruled on Oct. 21.

Outcome: Collings granted the Patriot Act wiretap but limited what information the Internet provider could disclose to police.

What happened: It's not entirely trivial for police to obtain a wiretap and listen in on phone calls: They need to argue there is "probable cause" to believe someone is engaging in unlawful activity.

But it is trivial for police to bug a phone and collect the phone numbers associated with incoming and outgoing calls. All they need to do is claim that the bug is somehow possibly "relevant" to a criminal investigation.

Those types of specialized wiretaps, called trap and trace devices and pen registers, have long been a staple of police surveillance of the traditional phone network. Then the Patriot Act extended them to the Internet four years ago.

In the Massachusetts case, prosecutors sought to record header information about all e-mail sent and received, the addresses of all Web and FTP pages visited, and so on, for four accounts at unnamed Internet service providers.

Judge Collings said he was worried that an ISP might, in its desire to please police, turn over more than is legally permitted under federal law.

For instance, Collings said, the "to" and "from" lines of e-mail messages were fair game, but the subject line discloses information about the conversation and requires probable cause: "The information contained in the 'Subject' would reveal the contents of the communication and would not be properly disclosed pursuant to a pen register or trap and trace device."

In the end, Collings granted the Justice Department's Patriot Act request. But he limited it by prohibiting the ISP from disclosing subject lines, along with "application commands, search queries, requested file names and file paths."

Excerpt from the court opinion: "If, indeed, the government is seeking only IP addresses of the Web sites visited and nothing more, there is no problem. However, because there are a number of Internet service providers, and their receipt of orders authorizing pen registers and trap and trace devices may be somewhat of a new experience, the court is concerned that the providers may not be as in tune to the distinction between 'dialing, routing, addressing or signaling information' and 'content' as to provide to the government only that to which it is entitled and nothing more.

"Some examples serve to make the point...A user could go to an Internet site and then type in a bank account number or a credit card number in order to obtain certain information within the site. While this may be said to be 'dialing, routing, addressing and signaling information,' it also is 'contents' of a communication not subject to disclosure to the government under an order authorizing a pen register or a trap and trace device.

"Second, there is the issue of search terms. A user may visit the Google site. Presumably the pen register would capture the IP address for that site. However, if the user then enters a search phrase, that search phrase would appear in the URL after the first forward slash. This would reveal content--that is, it would reveal, in the words of the statute, '...information concerning the substance, purport or meaning of that communication.' The 'substance' and 'meaning' of the communication is that the user is conducting a search for information on a particular topic.

"There may be other examples of instances in which 'dialing, routing, addressing and signaling information,' reveals the 'contents' of communications as 'contents' is defined. Due to time constraints and an acknowledged dearth of technological savvy on the part of the undersigned, the court will not at this time try to identify and discuss them."