Federal law enforcement in Seattle sought an average of one court order a day to disclose people’s sensitive information such as calling history in the first half of 2019, according to a report released this year.
The report, the first of its kind by the U.S. District Court for the Western District of Washington, shows that officials sought 182 applications and orders for electronic surveillance between January and June 2019. These types of surveillance orders do not require law enforcement to get a warrant and are directed to third parties like phone companies, email providers, and other online services to demand private and revealing information about their users
Although the report does not provide specifics on the services or individuals targeted by the surveillance orders, it does detail how federal law enforcement in the region are using various forms of surveillance. The report is a result of a lawsuit by EFF’s client The Stranger.
EFF’s review of the report shows that the officials sought the vast majority of the orders—89—under the Pen Register Act, a law that allows investigators to collect details about who people communicate with via phone and Internet services. Another 69 orders sought information under the Stored Communications Act, which can be used to disclose user account information and other non-content records from a communications service provider.
Investigators also sought 24 so-called “hybrid” orders in which the applications rely on both the Pen Register Act and Stored Communications Act to obtain information. Although the report does not provide details about what records the hybrid orders sought, these requests are inherently questionable because they are not explicitly authorized by federal law.
Around 2005, creative lawyers at the Department of Justice devised the concept of a hybrid order as a novel legal theory to track people’s real-time locations without a warrant, though a many federal magistrate judges ultimately rejected them. Moreover, the legal basis for using hybrid orders to obtain real-time location data is undercut by the Supreme Court’s decision in U.S. v. Carpenter, which required police to obtain a warrant before obtaining historic cell-site location data.
Although we do not know for certain what sort of information the hybrid orders in the Seattle report sought, it’s possible that they were used to map a target’s communications network by recording data about who they contact and obtaining basic information about those individuals, an invasive practice sometimes called contact chaining.
Another interesting facet of the newly released report is that, by EFF’s count, 46 of the orders law enforcement sought were in support of criminal investigations under the Computer Fraud and Abuse Act (CFAA). The reports states that one of the SCA orders used as part of CFAA investigation targeted 39 accounts and another targeted 44 accounts.
EFF has long advocated for fixing the CFAA because its undefined terms and onerous penalties can be used to target behavior that law enforcement and civil litigants do not like, rather than going after malicious hacking. So, the prevalence of CFAA investigations piqued our interest and we look forward to seeing whether a similar trend occurs in future reports released by the court.
The information disclosed in the report represents a crucial first step toward greater transparency about these types of non-warrant surveillance orders. Prior to EFF representing The Stranger in a 2017 lawsuit that sought to make these orders public, law enforcement was filing the requests in secret and no one, not even the court, could say how many applications had been filed.
As a result of The Stranger’s suit, federal prosecutors and the court agreed to start a two-year pilot program that changed how the court docketed these surveillance applications and orders so that they could be tracked. The agreement also required the court to publish a report every six months that provided basic information about the applications.
EFF thanks the court and federal prosecutors for creating greater transparency and we look forward to comparing this first report with the others that will be coming soon. We would also like to thank The Stranger for its efforts, as well as our co-counsel Geoffrey M. Godfrey, Nathan T. Alexander, David H. Tseng of Dorsey Whitney LLP’s Seattle, Washington office.
The Electronic Frontier Foundation is the leading nonprofit organization defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. We work to ensure that rights and freedoms are enhanced and protected as our use of technology grows. Visit https://www.eff.org