« PrécédentContinuer »
those in which the communication was "out in the clear”, where specific monitoring was easily achieved and where no reasonable expectation could be found.
The drafters of ECPA recognized that there were no bright line tests in this area. For example, the Committee reports of both the House and Senate recognized that radio equipment was available to the public that was capable of receiving cellular telephone conversations at the time the Act was passed. Because of the complexity of the cellular telephone system, however, including the number of channels and the ability to frequently change frequencies, the ability to monitor specific conversations was thought to be difficult-a judgment confirmed by law enforcement officials at the time. In contrast, cordless phones, because of the fixed location of the base unit and constant frequency, could be easily targeted and monitored. Thus, no protection was afforded to that technology.
The task force examined a host of new communications offerings which have been proposed to carry personal communications to determine whether they were in fact covered by the current definitions of the statute and if they were not, whether they should be protected both legally and technically against government and intentional private surveillance. A list of those technologies and the task force's analysis follows.
Cordless Telephone 2 (CT2; Telepoint): This technology utilizes a series of public base stations which can be accessed by a personal handset if the phone is within a short distance from the base station. Such systems are currently being deployed in the U.K., where they serve as an alternative to coin pay phones. Some experimental licenses have been issued in the U.S. They also can be used in public buildings such as hospitals, convention centers, etc., where users have the flexibility to roam within a prescribed area, but retain access to the phone system. Calls must be outgoing; incoming calls can not be received by the handset. The technology currently uses analog transmission but is moving towards digital transmission. Random monitoring of conversations would be possible with a receiver placed within 150 to 200 feet of the base stations. Targeted monitoring of specific conversations would be difficult. The task force was of the view that the technology could be found to fall within the ECPA's exception for cordless phones. The task force was of the view that such communications should be legally protected from unauthorized Interceptions by ECPA, and that the government should obtain a warrant before monitoring conversations.
Personal Communications Network (PCN/PCS): Still in an embryonic stage of development, the concept of PCN/PCS envisions the use of portable, pocket-sized handsets capable of initiating and receiving communications regardless of the user's location at any point in time. As a result of improvements in both telecommuni. cations and computer technology, the handset will be able to signal its location to the network so that incoming calls can be routed on a national, perhaps international, basis. The majority of experimental licenses issued by the Federal Communications Commission (FCC) anticipate the use of digital technology. Thus, interception of specific conversations will be difficult. The task force was of the view that this type of communication should be protected by ECPA, since the current generation of cellular technologies is protected. Some question remains, however, as to whether the law could be interpreted to permit BCN to fall within the exception from coverage for cordless phones. A clarification of the law to make certain that such communications are legally protected against unauthorized interception is recommended. Specialized Mobile
Radio (SMR) system operations: The FCC recently took action to allow an existing SMR operator (Fleet Call, Inc.) to proceed with its plans to construct and operate on a private carrier basis "enhanced” SMR systems in the top six markets in the U.S. As proposed, the new system configurations incorporate the basic design concepts embodied in the provision of public cellular mobile service, i.e. frequency re-use/call hand-off between transmitting cell sites. In addition, the systems will employ digital technology. As such, unauthorized monitoring of specific communications will be difficult. These systems will clearly fail outside the protections currently afforded to the public cellular systems under ECPA
because they will operate on private land mobile frequencies. See Section 2510 (16)(D). The task force concluded that no meaningful technological distinctions, which would warrant a different treatment of privacy rights under ECPA, exist between public carrier cellular systems and this new limited class of SMR cellular systems. if such systems are to be deployed, ECPA should treat cellular systems, whether provided by a common carrier or private system, as "not readily accessible to the general public."
Cordless Telephone 3 (CT3, radio PBX): Technology exists to construct office buildings with a mini-cellular switching system inside the building. Such a system can be utilized to avoid the costs of rewiring a building when the office structure is reconfigured. Such a system can provide businesses with flexibility and cost savings
when deploying telecommunications instruments. Under the current ECPA structure, however, such radio-based PBX systems would probably fall within the exception for cordless telephones, and therefore, a business or individual utilizing this technology could be legally unprotected from unauthorized interception of their communications. The task force Is of the view that such legal protection should be afforded.
Wireless Data Communications: Computer companies are experimenting with, and seeking FCC licenses for, "wireless” modems which can transmit data between computers without the computers being wired together, either directly or through phone lines. Such modems will have applications in several environments including the transmission of data from remote sites (a kind of cellular laptop computer) as well as within an office environment (wireless local area network or LAN). Under ECPA, the answer to the question whether such communications will be legally protected from unauthorized interception will depend on where, within its regulatory structure, the FCC decides to allocate spectrum for these uses and whether the communication is encrypted or the digital means used for such communications qualifies for protection under Section 2510(16)(B) relating to modulation techniques that are not readily accessible to the general public. Under current FCC proceedings, there is a likelihood that such communications will not be protected unless the user goes to the expense of full data encryption. The task force recommends appropriate amendments to legally protect digital communications of this type from unauthorized Interception.
Cordless Telephones: The discussion of these newer technologies led the task force to a lengthy discussion of the premise of the 1986 Act that "the radio portion of a cordless telephone communication that is transmitted between the cordless telephone handset and the base unit * * *” should be exempt from coverage of the Act.
The task force first considered some newer technological developments which make communication carried on cordless telephones somewhat more secure. Cordless phones have reduced the transmission power so that the phenomenon of having calls blast through on an FM radio receiver has been eliminated. Cordless phones also have begun to utilize technology which permits the call to be carried between the handset and base unit on more than one frequency. This feature can and is available to add security and privacy to the phone call. The next generation of phones will utilize digital transmission technology which will make unauthorized interception more difficult.
Perhaps the most important change since 1986, though, is not technological but societal. The cordless phone, far from being a novelty item used only at “poolside," has become ubiquitous. A leading telephone equipment supplier now sells as many cordless telephone units as wired sets. It is projected that cordless phones will be in use in 68 percent of American households by the end of the decade. More and more communications are being carried out by people in private, in their homes and offices, with an expectation that such calls are just like any other phone call. Given such technological changes and under such societal circumstances, the task force concluded that to relieve the government of the duty to obtain a warrant before monitoring such communications is to vitiate much of the protection which should be afforded to communications privacy by the federal wiretap law and the Fourth Amendment. Therefore, the task force recommends that consideration be given to elimination of the exemption for cordless phones, while preserving an exception for unintentional or accidental private party interception.
In recommending both the maintenance and extension of legal protection for “wireless” radio communications, the task force is aware that inexpensive, widely available scanners and other devices are available that make it possible to intercept radio communications. The task force strongly believes that such technologies should not defeat citizens' reasonable expectation of privacy against government intrusion and that government agents should conduct electronic surveillance of the technologies described above only under appropriate court authorization. At the same time, criminal sanctions could be overbroad in criminalizing inadvertent and unintentional interceptions of radio communications by persons with access who legally possess and use scanner and other devices that intercept radio communications. The existence of monitoring devices makes it difficult to rely solely on legal protection against third-party eavesdropping. The task force is aware that legal protections may not go far enough in affording citizens real privacy protection against intentional but undetected private surveillance. For example, concerns were expressed by a number of task force members that technical privacy enhancing features for radio-based systems should be more rapidly deployed by manufacturers and service providers.
To rectify this situation, the task force does not want to overcriminalize in this area, i.e., penalize unintentional conduct. The task force Is of the view that the
rights of private citizens using radio scanners can appropriately be addressed by clearly setting forth specific intent requirements in the Act, by tying the criminal penalty to targeted surveillance of specific communications and by further adjusting the civil and criminal penalty structure of the Act, rather than exempting whole categories of telephone technologies and thus making them fair game for monitoring by government agents without a warrant, corporate spies, or just plain snoops.
Second, in order to ensure that citizens both understand the vulnerability of particular radio technologies to private, intentional, illegal interception and to encourage industry to develop and market communications devices that are less vulnerable to intrusion, the task force endorses the concept that ECPA should be amended in such a way as to encourage the placement of warnings and notice of the vulnerability of customer premises telephone equipment on specific CPE and that manufacturers be encouraged to make consumers aware of the technical levels of privacy on different types of equipment. The task force believes this will encourage industry to compete with each other in developing devices which are more secure. The task force believes Congress should work with the FCC, Industry, and technical experts to further explore ways to enhance the security of different types of equipment and to further explore ways to enhance consumer awareness of the security of different types of equipment and laws pertaining to communications privacy. In particular, the task force recommends the examination of encryption technology and its potential impact on enhancing the privacy, security, and authenticity of electronic communications. The task force further encourages communications service providers to continue to explore the incorporation of encryption and other privacy enhancing features in new communications services, so as to improve communications privacy.
II. OUT-OF-BAND SIGNALLING Telephone transactional information caller I.D.
Prior to 1976, telephone calls were processed between telephone company offices using signaling information on the same trunk as the voice or talk path between the offices. This type of signaling is referred to as “in-band” because it is an inherent part of the path on which the call is carried. Part of the information contained in this signaling is Automatic Number Identification (ANI), which allows the automatic identification of a calling station for billing purposes. The use of ANI allows telephone subscribers to dial directly a toll call without operator involvement.
However, transmitting signaling information over voice circuits is inefficient. In order to improve network efficiency, a new interoffice signaling technology called Common Channel Interoffice Signaling (CCIS) was introduced. CCIS was the precursor of today's Common Channel Signaling 7 (CCS7). Instead of processing interoffice calls using a common path for both signaling and voice, the CCS7 network allows signaling information to be sent through a separate high speed data network before calls are connected between offices. This type of signaling is known as "outof-band" because it does not utilize the same facilities for the transmission of call processing, information as are used for connecting the call
. CCS7 signaling information contains routing information (where does the call go?), translations (does the dialed number equate to something else?, as is the case with an 800 number), billing, and calling party information (where did the call come from?). The calling party information is similar to ANI in that the calling party's number is automatically identified. However, unlike ANI, because the information is part of a data stream, CCS7 also has the capability to provide a “privacy indicator" to flow along with the other call processing information in the data stream. The privacy indicator makes it technically possible for calling parties to block the release or display of information outside the network. However, the information blocked can still be used within the network for billing and routing purposes.
CCS7 has the capability to provide blocking in two ways: per-call or per-line (also known as subscription blocking). Per-call blocking allows the calling party to dial a code, before a call is placed, to indicate that, for a particular call, the Calling Party Number (CPN) should not be disclosed to the called party. If per-line blocking is available, the calling party need not dial a code prior to the call; CPN is automatically withheld from the called party. Both options prevent CPN from being disclosed to the called party, but neither prevents delivery of billing information to the interexchange carriers (whether via ANI or CPN).
As CCS7 began to be deployed, phone companies began to offer a service known as Caller I.D., Caller I.D. allows telephone subscribers to see the telephone number of the person calling before they answer the phone. In order to have the number displayed, telephone company offices must be equipped with CCS7, customers must subscribe to the service, and customers must buy either a number display unit to connect to their existing telephone or a special Caller I.D. telephone. When a call
is delivered to the called party, the telephone number of the calling party is displayed on the screen.
ECPA prohibits “trapping and tracing” of information regarding the origination of electronic communications. A trap and trace device is defined (18 U.S.C. Section 3126(4)) as "a device which captures the incoming electronic or other impulses which identify the originating number of an instrument or device from which a wire or electronic communication was transmitted.” This prohibition has three exceptions.
Trapping and tracing is permitted in order to operate, maintain, and test the communications service; to record the beginning and end of communications for billing or other similar functions; and, in those instances "where the consent of the user of that service has been obtained." (18 U.S.C. 3121(b)).
There is a sharp division of views among task force members on whether Caller I.D. is a trap and trace device as defined in ECPA. The only court to rule on this question is the Commonwealth Court of Pennsylvania which held that Caller I.D. constituted a trap and trace device under state law which paralleled ECPA. There is a further division of views on the question of whether the customer or the service provider may employ a trap or trace device where the consent of the user has been obtained.
As phone companies began to market Caller I.D., privacy and consumer advocates argued that the right to control the disclosure of a subscriber's phone number should not be transferred to the telephone company. They said that the service violated ECPA, and they advised policy makers to require that phone companies provide free “blocking," on either a per-line or per-call basis.
Initially the Caller I.D. debate took place before state public utility commissions, as phone companies sought authorization to provide Caller I.D. through tariff actions. The policy decisions have varied widely from state to state. New Jersey permits phone companies to offer Caller I.D. without any call-blocking service. Neighboring New York is considering a PUG regulation which would require that all customers with unpublished numbers automatically be given a blocked line. D.C. permits Caller I.D. but requires that per-call blocking be made available to the calling party at no charge. California has enacted legislation authorizing Caller I.D. but requiring that per-call blocking be offered to calling parties.
In Pennsylvania, the Commonwealth Court found that Caller I.D. violated both the state wiretap statute, a law virtually identical to ECPA, and the state constitutional right to privacy. The Court also found that the proposal to provide a blocking service to particular phone subscribers lacked minimal due process standards and was therefore unconstitutional. (Barash v. Pennsylvania Public Utility Commission, Commonwealth Court of Pennsylvania No. 2270, May 30, 1990). That case is on appeal to the Pennsylvania Supreme Court.
The task force recognized that there were privacy interests of both calling and called parties that any public policy on Caller I.D. must recognize. The task force noted, however, that in calls to 800 and 900 subscribers, the called parties had no such privacy interest.
Consumer and privacy advocates said that Caller I.D. would undermine privacy as the right to control the disclosure of personal information was transferred from the phone subscriber to the phone company. They said that the benefits of Caller I.D. for residential phone subscribers had been greatly overstated, that answering machines were a less expensive, less intrusive, but far more effective way to screen incoming calls. They also said that the Call Trace service provides all the safety benefits of Caller I.D. without placing the subscriber in the dangerous position of responding directly to harassing phone callers. They said that "balancing" the privacy rights of call originators and call recipients was a false characterization of the service since the privacy rights of both parties could be easily accommodated.
Opponents of blocking, such as Bell Atlantic, believe that if Caller I.D. is available without blocking, it will achieve the greatest deterrent impact on anonymous, obscene, harassing, and threatening calls. Bell Atlantic has presented congressional testimony supporting the deterrent value in the availability of Caller I.D., a benefit which accrues even to those who do not subscribe to Caller I.D.. Bell Atlantic states that Caller I.D. broadly serves the public's right to be let alone and gives recipients of telephone calls the same information that callers have—the number of the person to whom they are speaking. They further argue that there are ways other than blocking to address the unique needs of groups with a need to prevent identification, i.e., domestic violence and law enforcement agencies, etc., and telephone companies have worked with these groups and have successfully provided alternatives, other than blocking. The task force was split among four different viewpoints. The
first group was comprised of some of the consumer and privacy rights advocates. This group was of the
89-499 - 95 - 7
opinion that, taken as a whole, the Caller I.D. service would greatly reduce the privacy rights of all phone subscribers and should not be encouraged. This group believes that phone subscribers should not take any additional steps to protect their current expectation of privacy, and that therefore free, per-line blocking should be available and that should be the rule unless the calling party chooses to disclose his number.
The second group was comprised of other consumer and privacy advocates, as well as those members who generally represent businesses that are not telephone companies but which use the telecommunications network for marketing and other purposes. This group is of the opinion that provision of per-call blocking should be mandatory and that there should be federal legislation establishing this protection as a floor. Some advocates of per call blocking believe that federal preemption may be desirable in order to have a national standard that would minimize customer confusion. They believe that per line blocking may well inhibit the development and deployment of new services and encourage caller rejection schemes, reducing the utility of the telecommunications network.
The third group, comprised of a number of phone company representatives, holds the view that per-call blocking is the appropriate policy option, but that no federal legislation is necessary, that this issue is being adequately handled by the states.
The fourth group, comprised of the remaining phone company representatives, favor unrestricted Caller I.D. because they believe that it restores full accountability when using the public telephone network. Some are of the view that federal legislation is not appropriate because each state should be free to adopt the regulatory policies which it believes are best suited to the needs of its residents, and that in fact Caller I.D. has been offered successfully in five states without blocking. Studies based on those experiences show that it reduces unwanted calls for all customers, not just those who subscribe to the service. Others have the view that if Congress decides to adopt blocking legislation, then per-call is preferable, with federal preemption of stricter state regulation.
Conclusion: The task force studied the new signaling technologies, discussed the issue in depth, examined the law, yet was unable to reach any consensus on what, If any, legislative change is necessary.
III. 800 AND 900 SERVICES The task force was particularly concerned about the use of services that disclose Calling Party Number in the commercial setting, such as the use of ANI for 800 and 900 services. The task force noted that while an 800 or 900 service has a business interest in the calling party number (from both a financial and productivity perspective), it also has an obligation to respect the privacy of the calling party. The task force further recognized that few consumers were aware that a call to an 800 or 900 service would result in the electronic disclosure of the caller's identity.
Some consumer advocate members of the task force were of the view that there was no necessary business reason for the compelled disclosure of the caller's identity since this information could be obtained, with the knowledge of the caller, by simply asking for it.
Various members of the task force observed that services provided through 800 and 900 numbers may differ in significant respects (such as who pays for the call) and, accordingly, that some distinctions might appropriately be made with respect to the relative need of providers of such services for information regarding the identity of the calling party.
The task force spent considerable time discussing privacy concerns raised by the disclosure of the calling party's number to businesses and services utilizing 800 and 900 telephone number technology. Many 800 and all 900 line service users lease lines from inter-exchange carriers. When a call is completed by some interexchange carriers to an 800 or 900 service, the call may be handed off to the service with information necessary for call completion, i.e. either CPN or ANI. The calling party's number is thus mechanically disclosed to the 800 or 900 number service, where it can be used for billing and routing, account management and security purposes. The task force's discussion focused on the appropriateness of 800 and 900 services using that information disclosed for one purpose (call completion and billing) for other purposes (generally marketing) without the consent of the calling party. In the future, CSS7 will allow the caller's identity and his privacy preference to be disclosed.
As signalling system 7 (SS7) is implemented through the country, by both local exchange and inter-exchange carriers, Calling Party Number and the ability to block will be available for long distance and 800 and 900 numbers. Task force members have a wide variety of opinions on whether, and under what conditions, blocking