The DEA Is Using A Law Created To Give It Access To Landline Records To Gather Data From Encrypted Messaging Services

from the more-things-change,-the-more-they-remain-the-same dept

Everything old is new again. New and still abusable. Thomas Brewster reports for Forbes that the Drug Enforcement Agency (DEA) is taking advantage of a nearly 40-year-old law to obtain information about WhatsApp users.

In Ohio, a just-unsealed government surveillance application reveals that in November 2021, DEA investigators demanded the Facebook-owned messaging company track seven users based in China and Macau. The application reveals the DEA didn’t know the identities of any of the targets, but told WhatsApp to monitor the IP addresses and numbers with which the targeted users were communicating, as well as when and how they were using the app. Such surveillance is done using a technology known as a pen register and under the 1986 Pen Register Act, and doesn’t seek any message content, which WhatsApp couldn’t provide anyway, as it is end-to-end encrypted.

Sadly, most people won’t care. First, the targets are foreigners, which diminishes (but doesn’t completely remove) constitutional protections. Second, the targets are suspected of trafficking in counterfeit drugs, which makes them as good as guilty in the general public’s mind. Third, the orders ask for communication metadata, not the communications themselves — something Brewster points out would be impossible to obtain no matter how the DEA asked for it.

But there are reasons to be concerned. The law is outdated. It was put in place when the primary means of communication was landlines. Since telcos needed connection information for billing, the law assumed phone users were fully aware their communications metadata (which was far more limited in those days) was being collected so they could be billed correctly for phone service.

Technology has changed but the law hasn’t. People communicate far more frequently than they did back in the days when it required more of an effort. And yet the law remains unchanged, allowing law enforcement to avoid having to approach anything resembling probable cause to collect metadata on communications.

And it’s not just a one-time collection. Orders can be handed out that require companies like WhatsApp to “trap and trace,” i.e., collect all metadata from targeted users for weeks or months on end. Law enforcement doesn’t have to provide the courts with much to obtain permission to do this. All it needs to do is show it has an interest in the targets and that the information is a third-party record — something that falls outside of the Fourth Amendment’s protections for the most part.

But users of messaging apps likely aren’t aware these platforms are collecting data on communications. They may assume entities like WhatsApp collect no info, given that they’ve been assured the content of their communications are encrypted.

Here’s all the government needs to hand over to secure a pen register order:

In the Ohio pen register application, the government wrote explicitly that it only needs to provide three facts to get approval to use a pen register, none of which provide any background on the relevant investigation. They include: the identity of the attorney or the law enforcement officer making the application; the identity of the agency making the application; and a certification from the applicant that “the information likely to be obtained is relevant to an ongoing criminal investigation being conducted by that agency.”

If this were a lawsuit, a court would admonish the plaintiff for making these sorts of conclusory statements without offering any support for them. But since it’s a pen register order, conclusory, unsupported statements are all that are needed to start rooting around in people’s metadata.

And while metadata may be far less revealing than the content of communications, it’s an absolute lie to say metadata is harmless and unrevealing. The first clue is the government’s interest in it. If it was useless data, the DEA wouldn’t be trying to obtain it. Gather enough communications metadata and you can start making plenty of inferences about social circles and daily habits. There’s an expectation of privacy in this data — one people assume already exists but has never been recognized by a US federal court. And when asked directly, courts tend to punt on the issue, assuming that if Congress meant to protect people from this level of government intrusion, surely it would have done so already.

The government still loves this law and has no desire to see it taken off the books or neutralized by Supreme Court precedent. And so it continues to exist, demanding nothing more from law enforcement than the ability to copy-paste boilerplate into a pen register request. The (drug) cops have it easier than they claim in public. Nothing stands between them and this metadata, and no one with the power to change it is in any hurry to do so.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “The DEA Is Using A Law Created To Give It Access To Landline Records To Gather Data From Encrypted Messaging Services”

Subscribe: RSS Leave a comment
9 Comments
ECA (profile) says:

Information not given.

"DEA investigators demanded the Facebook-owned messaging company track seven users based in China and Macau. The application reveals the DEA didn’t know the identities of any of the targets, "

USA DEA has little to do in other countries. But they Can report actions into the USA To those other countries agencies.

But a strange question comes to mind.
"suspected of trafficking in counterfeit drugs"
Who in the USA would care about this? There are so many Miracle Cures on FB, its abit ridiculous.

Would wonder Who gave those numbers to the DEA, or how they got them. Unless they know of the receiver, thats selling it.
Or, it could be the Pharma are abit upset about someone.
Is the USA still upset with Canada and generic drugs? They locked down the distribution of a common Diabetic drug to the USA.

Anonymous Coward says:

It was put in place when the primary means of communication was landlines. Since telcos needed connection information for billing, the law assumed phone users were fully aware their communications metadata (which was far more limited in those days) was being collected so they could be billed correctly for phone service.

Tim, perhaps you’re too young to remember, but that’s not really a valid justification. Local calls were neither billed nor (normally) tracked in 1986, and in fact were essentially untraceable before caller ID—which was regarded by some as a huge privacy invasion when it debuted in 1993. (Did you ever see those old movies where tracing a call was an elaborate time-consuming task? Not quite true by 1986, in areas with digital switches, but it wasn’t invented by scriptwriters to add tension.)

The "pen registers" referred to were often physical devices that had to be physically attached to the suspect’s line, and collected information the phone company often did not otherwise collect.

Raymondjoype (user link) says:

Топ 100 TikTok блогеров в России

Systematically visiting the four hands massage for clients, you guarantee himself excellent sexual relaxation.
Dear gentlemen!
Sensitive touch rasprekrasnoy girls will flow through your body, dipping in depth boundless the ocean pleasure. In the quiet slip, donating your skin kisses, prelestress envelops the warmth of one's body. You will be surprised at, which sea bliss today it is possible to feel fromnude massage in Midtown.
In school sensual massage women will hold erotic 4hands massage. Similar swedish massage, as in principle, and relaxation, influences on some area human body, this give a chance male gain strength.
The energy massage inSoho it today skill give away bliss. The Soapy massage – on the influence on clients is meant practically unlimited available opportunities actions on bodily, and consequently, and psychoemotional state of health friends.

<a href=https://618d013ed6479.site123.me/>Где вести блог если нет своего сайта 10 платформ для личного</a>
[—-]

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...