Federal law enforcement in Seattle sought an average of one court order a day to disclose people’s sensitive information such as calling history in the first half of 2019 in order to investigate computer fraud and abuse, illegal drug possession or distribution, and flights to avoid prosecution or give testimony in interstate or foreign commerce violations, among other matters.
The report, which was produced as part of a two-year pilot program to ”daylight” non-warrant surveillance orders, emerged as a result of a lawsuit filed by the Electronic Frontier Foundation (EFF) and its client, the Seattle alternative newspaper known as The Stranger.
EFF’s analysis of the revealed report shows that the officials sought the vast majority of unwarranted orders—89—under the Pen Register Act, a law that allows investigators to collect details about who people communicate with via phone and Internet services, a process that can lead to the invasive practice known as contact chaining. Another 69 orders sought information under the Stored Communications Act, which can be used to disclose user account information and other non-content records from a communications service provider.
Investigators also sought 24 so-called “hybrid” orders in which the applications rely on both the Pen Register Act and Stored Communications Act to obtain information. Although the report does not provide details about what records the hybrid orders sought, EFF calls these requests inherently questionable because they are not explicitly authorized by federal law.
Moreover, the legal basis for using hybrid orders to obtain real-time location data is undercut by the Supreme Court’s decision in U.S. v. Carpenter, which required police to obtain a warrant before obtaining historic cell-site location data.
Another interesting facet of the newly released report is that, by EFF’s count, 46 of the orders law enforcement sought were in support of criminal investigations under the Computer Fraud and Abuse Act (CFAA). The reports states that one of the SCA orders used as part of CFAA investigation targeted 39 accounts and another targeted 44 accounts.
EFF has long advocated for fixing the CFAA because its undefined terms and onerous penalties can be used to target behavior that law enforcement and civil litigants do not like, rather than going after malicious hacking. So, the prevalence of CFAA investigations piqued our interest and we look forward to seeing whether a similar trend occurs in future reports released by the court.
EFF plans on comparing this first report with others that will be coming soon. [24×7]