certain information held by others, including credit12, education13, financial", cable15 and video records.16

In the area of communications, following Katz. Congress passed the Wiretap Act of 1968, which limits severely the government's ability to intercept and record communications.17 And, in 1986, Congress passed the Electronic Communications Privacy Act (ECPA) to update the Wiretap Act to cover the interception of new forms of electronic, non-aural communication.1* In addition, in ECPA Congress rejected the Supreme Court's conclusion in Smith v. Marvland that telephone toll records are not entitled to privacy protection.

ECPA provides that "no person may install or use a pen register or trap and trace device19 without first obtaining a

15 Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g (1974).

M Right to Financial Privacy Act, 12 U.S.C. § 3401 (1978) .

15 Cable Communications Policy Act, 47 U.S.C. § 551 (1984).

16 video Privacy Protection Act, 18 U.S.C. § 2710 (1988) .

17 The Omnibus Crime Control and Safe Streets Act of 1968, 18 U.S.C. 2510 et seq.

19 As Senator Leahy stressed in introducing ECPA, the 1968 Wiretap Act "is hopelessly out of date. . . [In 1968], Congress could not envision the dramatic changes in the telephone industry which we have witnessed in the last few years."

19 A trap a trace device is defined as a "device which captures the originating electronic or other impulses which identify the originating number of an instrument or device from which a wire or electronic communication was transmitted." 18 U.S.C. 3127(4).

court order" that certifies "that information likely to be

obtained is relevant to an ongoing criminal investigation being

conducted" by a particular law enforcement agency.20 This

general prohibition does not apply if used by a provider of:

electronic or wire communication service-

(1) relating to the operation, maintenance, and testing of a wire or electronic communication service or to the protection of the rights or property of such provider, or to the protection of users of that service from abuse of service or unlawful use of service; or

(2) to record the fact that a wire or electronic communication was initiated or completed in order to protect such provider, another provider furnishing services towards completion of the wire communication, or a user of that service, from fraudulent, unlawful, or abusive use of service; or

(3) where the consent of the user of that service has been obtained. *1

Although Congress did not consider specifically Caller ID in the

drafting of ECPA, the use of Caller ID as a trap and trace device

is clearly covered by the law.

III. CALLER ID AND CURRENT LAW

A serious question exists as to whether Caller ID, as a trap and trace device, is legal under current federal law.-As drafted, ECPA contemplates the use of trap and trace devices by only two parties — law enforcement, which must first obtain a court order, and telephone service providers, which must meet one of three exceptions. All other uses are prohibited.

Caller ID devices squarely fit the law's definition of a trap and device as one that "captures" and Identifies "the originating number... from which a wire or electronic communication was transmitted."22 Ecpa prohibits the use of a trap and trace device without a court order unless one of three exceptions are met. The three exceptions only apply to "providers" of telephone services. Thus, it appears that the use of a trap and trace device by a telephone subscriber is prohibited. The Congressional Research Service (CRS) arrived at the same conclusion. In an opinion issued last fall, CRS interpreted the exceptions to the general prohibition to apply only to the use of trap and trace devices by providers of communication services, and not users of the services.23 The language of ECPA and its legislative history are clear that the intent is to allow providers to use trap and trace devices primarily to verify billing, and to detect illegal activity. In addition, other sections of the law refer explicitly to both

22 18 U.S.ft. 3127(4).

a CRS, October 18, 1989, memo to House Judiciary Committee.

24 See 18 U.S.C. 3127(3) which authorizes both provider and customer use of a pen register for billing purposes. As originally introduced ECPA did not contain language on the use of trap and trace devices. However, earlier bills did include the proscriptions on the use of pen registers intended as a response to the Supreme Court's decision in Smith v. Marvland. The trap and trace language, added without altering substantially the pen register section, first appears in the Senate bill on September 27, 1986, less than one month before the Act's passage. The legislative history is silent on the intended impact of the change.

Even if it is determined that "providers" may provide Caller ID to telephone subscribers, none of the three exceptions apply to authorize its general, unrestricted use. The first exception applies to the use of a trap and trace device in the "operation, maintenance, and testing" of the service, or to "protect the rights or property of the provider" or to protect the users of that service from unlawful or abusive use of the service. The legislative history is clear that this first exception was intended to cover only use of a pen register by the phone company.a

The second exception authorizes a provider to use a trap and

trace device to protect providers and users from fraudulent,

unlawful or abusive use of service. Again, the second exception

is inapplicable to the everyday use of Caller ID by telephone

subscribers. In addressing the first two exceptions, CRS

concluded:

Any suggestion that either of these exceptions authorizes a user's employment of a trap and trace device to identify all incoming calls in order to avoid answering those from sources likely to be obscene or harassing overlooks the fact that permissible use is limited to providers.26

The third exception authorizes providers to use trap and trace devices "where the consent of the user of that service has

bill.

been obtained." At best, the scope of this exception is

ambiguous. First, is the user the caller or the receiver of a

phone call? Or is it the subscriber? Logically, since it is the

caller who takes the active step to initiate a phone call, and it

is his or her number that is being revealed, it follows that it

is the caller's consent that should be obtained prior to the

provider using a trap and trace device.

Even assuming that "the user" is found to be either party to

a phone call, in its analysis CRS interprets the third exception

to be:

restricted to consent to use a trap and trace in connection with a particular call where there is only a single user who may consent, as opposed to continuous use of a trap and trace device in connection with a particular line which might over the course of time have many users... The consent exception therefore cannot embody consent of a telephone subscriber to include a continuously operating trap and trace device as a feature of his or her telephone service.

We do know, though, that in 1986 the development of Caller

ID technology was in its infancy, and was not considered

explicitly by either the Congress or the various groups that

supported passage of ECPA. Nevertheless, Congress did intend

ECPA's scope to be elastic enough to cover the development of new

communications technologies. As the Chairman of this Subcommittee

and chief author of the House-passed version of ECPA stated:

The first principle [upon which ECPA is based] is that legislation which protects electronic communications from interception by either private parties or the Government should

user, whereas others sections of the law refer more generally to a. user.