Electronic surveillance in an era of modern technology and evolving threats to national security.

• Author: Young, Mark D.

The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes, little bits of data. It's all just electrons. (1)

INTRODUCTION

Linking hundreds of individual computer networks has created a virtual space on which much of the world's commerce and communication now depends. Electronic mail, peer-to-peer data sharing, Voice-over-Internet Protocol (VoIP), and wireless networks are examples of the technology that enables almost unlimited access to information. This access comes with significant risk. Criminals, terrorists, hostile nation-states, and foreign industrial competitors share this ubiquitous access to information. In the industrial age, we protected ourselves with high walls and long-range weapons; in the digital age, the availability and rapid development of cyber weapons requires layers of defenses and improved awareness of adversarial capabilities and intentions.

Since the first Internet transmission on October 29, 1969 we have been deepening our dependence on digital communications. (2) There are almost two billion users of the Internet. (3) The United States economy depends on it; our critical infrastructure is controlled by it; and our national security is empowered by it, yet vulnerable because of it. Despite our digital dependence, our policy framework, our legal authorities, and our judicial precedent remain underdeveloped.

The cyber security legal landscape is a patchwork of federal and state statutes, federal regulation, and executive branch policy that evolved to address technologies that may no longer exist. Federal government "capabilities and responsibilities are misaligned within the U.S. government." (4) There is no shortage of threats to our information infrastructure. The media has reported that computer-controlled electric power grids are "plagued with security holes that could allow intruders to redirect power delivery and steal data...." (5) Other reports claim that the Chinese military is responsible for the highly sophisticated January 2010 attack against Google's corporate network that sought to access the company's source code. (6) According to the Congressional Research Service, "[t]hreats to the U.S. cyber and telecommunications infrastructure are constantly increasing and evolving as are the entities that show interest in using a cyber-based capability to harm the nation's security interests." (7)

This Article will review the history of electronic surveillance authorities, explain how these authorities are relevant to today's cyber security issues, identify the insufficiencies of the three specific laws on this topic, and recommend discrete amendments to these statutes. The text highlights the deficiencies in the authorities governing U.S. government action in cyberspace and argues that specific sections must be amended to enhance cyber security and enable information sharing between the public and private sector. This Article does not address the federal statutes that govern cybercrime. It focuses on cyber security authorities in the national security context, but the legislative changes recommended here will also benefit law enforcement operations.

1. EVOLUTION OF ELECTRONIC SURVEILLANCE AUTHORITIES

   The use of computer technology to gain intelligence or as a vector to deny, degrade, or disrupt an adversary's capabilities presents new questions for the laws of electronic surveillance, intelligence collection, and war. (8) In the context of the Fourth Amendment, Professor Orin Kerr of George Washington University Law School notes, "Courts have only recently begun to address these questions, and the existing legal scholarship is surprisingly sparse." (9) What is true of the scholarship in the Fourth Amendment criminal context is doubly true in the national security realm. Current scholarship is either "highly abstract or else focuses only on discrete doctrinal questions." (10)

   Since computers and networks are by nature electronic devices, electronic surveillance authorities play an important role in state surveillance for both law enforcement and national security investigations. The history of electronic surveillance law is relevant to understanding how specific statutes are inconsistent with privacy and state investigations. Although there are numerous statutes that regulate government electronic surveillance, (11) this analysis focuses on the Electronic Communications Privacy Act, the Stored Communications Act, and the Foreign Intelligence Surveillance Act:

   Electronic surveillance law in the United States is comprised primarily of two statutory regimes: (1) the Electronic Communications Privacy Act ("ECPA"), which is designed to regulate domestic surveillance; and (2) the Foreign Intelligence Surveillance Act of 1978 ("FISA"), which is designed to regulate foreign intelligence gathering. While other statutes provide additional protection, ECPA and FISA are the heart of electronic surveillance law. (12) The Fourth Amendment requires a particularized description of the places to be searched and the things to be seized. (13) Reasonableness is "the ultimate touchstone of Fourth Amendment legitimacy." (14) Because electronic surveillance authority is such a comprehensive investigatory power, the government's surveillance authority must be tightly controlled. Electronic surveillance records on-line behavior, social contacts, interests, and other activities that may extend beyond intended investigatory matters and for longer than is necessary for the investigatory purpose. The objective of electronic surveillance law is to limit government access to the electronic lives of U.S. citizens, while providing reasonable access for proper investigations. The law seeks to provide "oversight of government surveillance, accountability for abuses and errors, and limits against generalized forms of surveillance." (15)

   Eavesdropping has existed since before the founding of the United States. (16) Electronic communication resulted in the birth of a new form of eavesdropping: electronic surveillance. The U.S. Civil War saw extensive wiretapping of Union and Confederate telegraph wires. (17) On the first day of World War I, the British cable ship Telconia severed German transatlantic cables in the North Sea forcing Germany to communicate in ways that the United Kingdom could monitor.

   Germany was now forced to communicate with the world beyond the encircling nations of the United Kingdom, France, and Russia by radio or over cables controlled by enemies. Germany thus delivered into the hands of her foes her most secret and confidential plans, provided only that they could remove the jacket of code and cipher in which Germany had encased them. (18)

   It was during World War I that the U.S. Congress enacted the first temporary federal wiretap law to prohibit the tapping or disclosure of the contents of telegraph or telephone messages. (19) After the War, the Radio Act of 1927 prohibited the interception or disclosure of private radio messages. (20)

   In 1928, the first electronic surveillance case reached the U.S. Supreme Court. In Olmstead v. United States, (21) the Court held that the tapping of telephone wires by federal agents did not violate the Fourth Amendment since there was no "entry of the houses or offices of the defendants," and the agents only obtained the content of their conversations. In other words, no place was searched and no property was seized. Justice Brandeis was prescient in his dissent in Olmstead, noting:

   [t]he progress of science in furnishing the Government with means of espionage is not likely to stop with wire-tapping. Ways may someday be developed by which the Government, without removing papers from secret drawers, can reproduce them in court, and by which it will be enabled to expose to a jury the most intimate occurrences of the home. (22) In the wake of the Olmstead opinion, Congress expanded the protections in the Radio Act. With the Federal Communications Act of 1934, wire communications were now also protected. (23) It said nothing, however, about the use of mechanical devices to record in-person conversations. Without this prohibition, Fourth Amendment challenges to electronic surveillance greatly increased and the increasing inventory of court opinions began to erode the trespass reasoning in Olmstead. (24)

   In 1967, the trespass doctrine in Olmstead was replaced by the reasonable expectation of privacy doctrine from Katz v. United States. (25) It was then clear that "wiretapping and electronic eavesdropping are subject to the limitations of the Fourth Amendment." (26) A consequence of this decision is the attachment of the warrant requirement in investigations involving electronic surveillance. "To avoid constitutional problems and at the same time preserve wiretapping and other forms of electronic eavesdropping as a law enforcement tool, some of the states established a statutory system under which law enforcement officials could obtain a warrant, or equivalent court order, authorizing wiretapping or electronic eavesdropping." (27)

   However, in the same year, the New York Code of Criminal Procedure, which included detailed electronic surveillance warrant requirements, was struck down by the Supreme Court in Berger v. New York. (28) The Court found the statute unconstitutional because it failed to require a description of the place to be searched, the crime to which the search related, and a description of the conversation to be seized. Both Katz and Berger persuaded Congress to pass the Omnibus Crime Control and Safe Streets Act of 1968. (29) Title III of the Act generally prohibited wiretapping and electronic eavesdropping, but provided federal and state law enforcement authorities some authority for electronic surveillance, albeit under strict limitations.

   There was a national security exception in Title III, however. Section 2511 stated that nothing in the title

   shall limit the constitutional power of the President...