Two District Courts see NSA very differently

The seal of the U.S. National Security Agency....

(Photo credit: Wikipedia)

On the last day of 2013, the federal district court for the Southern District of New York handed the Obama Administration a sweeping endorsement of the NSA’s bulk telephony metadata collection program. Unlike the decision in Klayman v. Obama, the district court in ACLU V. Clapper began with the terrorist attacks of 9/11 to frame the power of the government to defend national security.

The September 11th terrorist attacks revealed, in the starkest terms, just how dangerous and interconnected the world is. While Americans depended on technology for the conveniences of modernity, al-Qaeda plotted in a seventh-century milieu to use that technology against us. It was a bold jujitsu. And it succeeded because conventional intelligence gathering could not detect diffuse filaments connecting al-Qaeda. …

The Government learned from its mistake and adapted to confront a new enemy: a terror network capable of orchestrating attacks across the world. It launched a number of counter-measures, including a bulk telephony metadata collection program—a wide net that could find and isolate gossamer contacts among suspected terrorists in an ocean of seemingly disconnected data.

This blunt tool only works because it collects everything. …

If reasonableness stands as the constitutional framework for First Amendment rights of association and Fourth Amendment Rights to be free from governmental searches and seizures, then the reasonable government reaction to terrorism can well be understood to depend on the magnitude of the threat to determine the reasonableness of the government’s response to that threat. As the court highlighted, “[t]he natural tension between protecting the nation and preserving civil liberty is squarely presented by the Government’s bulk telephony metadata collection program.”

Unlike the Klayman decision, this opinion relies not upon the search and seizure doctrines of Smith v. Maryland442 U.S. 745 (1979) as the distinct powers of the government to conduct foreign and domestic security in United States v. U.S. Dist. Court for East. Dist. of Mich., 407 U.S. 297 (1972).

The court quoted a recent decision interpreting Keith to provide for wide latitude in reviewing surveillance powers.

 Although the Keith opinion expressly disclaimed any ruling ‘on the scope of the President’s surveillance power with respect to the activities of foreign powers,’ it implicitly suggested that a special framework for foreign intelligence surveillance might be constitutionally permissible.

 Clapper v. Amnesty Int’l USA, 133 S. Ct. 1138, 1143 (2013) (quoting Keith407 U.S. at 322– 23) (internal citations omitted).

Klayman and Clapper diverge quickly because they begin at very different points. Klayman emphasized the importance of being the first court to provide a non-secret review of the bulk telephony program. Clapper, in contrast, offers great deference both to Congress and to the FISA judges who have reviewed the secret process. The court notes that “[f]ifteen different FISC judges have found the metadata collection program lawful a total of thirty-five times since May 2006.”

Clapper also sites evidence of success from the program:

The effectiveness of bulk telephony metadata collection cannot be seriously disputed. Offering examples is a dangerous stratagem for the Government because it discloses means and methods of intelligence gathering. Such disclosures can only educate America’s enemies. Nevertheless, the Government has acknowledged several successes in Congressional testimony and in declarations that are part of the record in this case. In this Court’s view, they offer ample justification:

  • In September 2009, NSA discovered that an al-Qaeda-associated terrorist in Pakistan was in contact with an unknown person in the United States about efforts to perfect a recipe for explosives. NSA immediately notified the FBI, which investigated and identified the al-Qaeda contact as Colorado-based Najibullah Zazi. The NSA and FBI worked together to identify other terrorist links. The FBI executed search warrants and found bomb-making components in backpacks. Zazi confessed to conspiring to bomb the New York subway system. Through a section 215 order, NSA was able to provide a previously unknown number of one of the co­conspirators—Adis Medunjanin.[1]
  • In January 2009, while monitoring an extremist in Yemen with ties to al- Qaeda, the NSA discovered a connection with Khalid Oazzani in Kansas City. NSA immediately notified the FBI, which discovered a nascent plot to attack the New York Stock Exchange. Using a section 215 order, NSA queried telephony metadata to identify potential connections. Three defendants were convicted of terrorism offenses.
  • In October 2009, while monitoring an al-Qaeda affiliated terrorist, the NSA discovered that David Headley was working on a plot to bomb a Danish newspaper office that had published cartoons depicting the Prophet Mohammed. He later confessed to personally conducting surveillance of the Danish newspaper office. He was also charged with supporting terrorism based on his involvement in the planning and reconnaissance for the 2008 hotel attack in Mumbai. Information obtained through section 215 orders was utilized in tandem with the FBI to establish Headley’s foreign ties and put them in context with U.S. based planning efforts.

These successes are helpful to begin to understand the program. They do not, however, provide context into the efforts of anti-terrorist activities or explain whether a more focused program would provide equal or greater protections without affecting millions of individuals who have a right to be free from data searching.

Or perhaps the Clapper court is correct that national security is different from criminal investigations and more needs to be done to codify the distinction articulated in Keith. The constitutional question remains what his reasonable under the circumstances. Neither decision has been able to answer that question because too much information and power is left to the discretion of the executive branch and secret proceedings.

Investigations need to be clandestine, but there is no reason that the nature of constitutional protections is not fully understood and debated.

I do not know if the geographic location of the court is relevant, but the shape and culture of lower Manhattan has been transformed by 9/11 in a manner that makes it part of its zeitgeist. Having by coincidence visited the site of the 9/11 memorial with my family the day the Clapper decision was handed down, I was overwhelmed by the thousands of visitors who spoke all languages and came from towns across the world to remember and reflect. The meaning of reasonable takes on different aspects in the shadow of such history. Whether it should do so must also be part of our national debate.

The tension between Klayman and Clapper should lead to a healthier understanding regarding terrorism and surveillance, but only if the two starting points of the two decisions can be understood and reconciled. Liberty is protection from oppression. Oppression can come from the government, its enemies, or the unchecked, mob-like will of the majority. Oppression cannot be stopped with more oppression, only with more liberty.

Klayman and Clapper cannot be reconciled, but the two decisions have the potential to help us find the right path. The lessons of each decision are best understood as part of a dialogue rather than discrete declarations. That dialogue has only begun.


[1] The court explains the Section 215 order as follows:

In 1998, Congress amended FISA to allow for orders directing common carriers, public accommodation facilities, storage facilities, and vehicle rental facilities to provide business records to the Government. See Intelligence Authorization Act for Fiscal Year 1999, Pub. L. 105-272, § 602, 112 Stat. 2396, 2410 (1998). These amendments required the Government to make a showing of “specific and articulable facts giving reason to believe that the person to whom the records pertain is a foreign power or an agent of a foreign power.” §602.

After the September 11th attacks, Congress expanded the Government’s authority to obtain additional records. See USA PATRIOT Act of 2001, Pub. L. 107-56, § 215, 115 Stat. 272, 287 (2001) (codified as amended at 50 U.S.C. § 1861) (“section 215”).’ Section 215 allows the Government to obtain an order “requiring the production of any tangible things (including books, records, papers, documents, and other items),” eliminating the restrictions on the types of businesses that can be served with such orders and the requirement that the target be a foreign power or their agent. The Government invoked this authority to collect virtually all call detail records or “telephony metadata.” See infra, Part II. See generally David S, Kris, On the Bulk Collection of Tangible Things, 1 Lawfare Res. Pap. Ser. 4 (2013).

Advertisements

Commission report warns U.S. is losing the spy race from lack of R&D, STEM-education

On Nov. 5, 2013, The National Commission for the Review of the Research and Development Programs of the United States Intelligence Community released an unclassified version of its assessment of U.S. research and development programs, finding that the U.S. is falling behind and highly uncoordinated. [The Report can be found here.]

The Commission making the review was originally constituted at the 9-11 Commission (properly The National Commission on Terrorist Attacks Upon the United States. In 2010, the Commission was reauthorized to serve more broadly on the Intelligence Community readiness.

The New York Times described the report as “blistering … charging that the intelligence world’s research-and-development efforts are disorganized and unfocused.”

The Commission said the lack of investment, coordination, infrastructure and foresight is putting the nation at risk.

U.S. technological superiority is diminishing in important areas, and our adversaries’ investments in [Science and Technology]—along with their theft of our intellectual property, made possible in part by insufficient cyber protection and policies—are giving them new, asymmetric advantages. The United States faces increasing risk from threats against which the IC could have severely limited warning, deterrence, or agility to develop effective countermeasures.

The report is not primarily an intelligence report. The Commission was not focused on the failures associated with the NSA massive – and in some cases unconstitutional – spying campaign. Nor was it tied to the Edward Snowden disclosures and the global embarrassment triggered by those disclosures.

Instead, the report identifies the need to treat intelligence as a global issue that needs broad reforms, such as STEM education and immigration/workforce reform. It identifies a wide range of concerns about the lack of investment in intelligence and the failure to be prepared.

The report calls for much greater data analytics, which will likely be the platform used by the NSA to justify its ongoing activities. Even a pro-intelligence report such as this, however, identifies the need for intelligent data analytics rather than the massive, undifferentiated and largely counter-productive methods currently highlighted by the NSA disclosures. Not surprisingly, the admonitions also demand better coordination, including “development of a new joint program plan between the Director of Science and Technology and the Deputy Director of National Intelligence for Intelligence Integration for Enhanced Integrated Intelligence, which it will use to track, prioritize, and coordinate Enhanced Integrated Intelligence R&D across the [intelligence community].”

“Exacerbating these challenges are U.S. policies that weaken the U.S. R&D talent base,” the report warned.  “As scientific and technical knowledge and the resulting economic growth spread around the world, the competition for R&D talent is increasingly global.”

This is just one of many reports highlighting the continued disarray of the intelligence community, an infrastructure struggling to keep up with cyber-threats and embarrassing the U.S. with political follies.

The report opens with a powerful juxtaposition of quotes that should help guide future discussions:

Failure to properly appraise the extent of scientific developments in enemy countries may have more immediate and catastrophic consequences than failure in any other field of intelligence.

—Task Force Report on National Security Organization (the Eberstadt Report) (1948)

Failure to properly resource and use our own R&D to appraise, exploit, and counter the scientific and technical developments of our adversaries—including both state and non-state actors—may have more immediate and catastrophic consequences than failure in any other field of intelligence.

—National Commission for the Review of the Research and Development Programs of the United States Intelligence Community (2013)

Report of the National Commission for the Review of the Research and Development Programs of the United Sta…

Industrial Internet reshapes the “Internet of Things”

In a term coined in 1999, the Internet of Things, relates to a world in which all objects are connected wirelessly to the Internet and therefore to each other. The model requires each device to have RFID or other near field communications technology to communicate, sharing information about the identity, status, activities, and other attributes of the device. Partnered with big data analytics, the information from these devices can paint a robust picture of how objects interact in the world and how people interact with them.

This week, the model was supercharged. According to a report in the New York Times, General Electric hopes to transform this model with what it terms the “Industrial Internet.”

The so-called Industrial Internet involves putting different kinds of sensors, sometimes by the thousands, in machines and the places they work, then remotely monitoring performance to maximize profitability. G.E., one of the world’s biggest makers of equipment for power generation, aviation, health care, and oil and gas extraction, has been one of its biggest promoters. … The executive in charge of the project for G.E. … said that by next year almost all equipment made by the company will have sensors and Big Data software.

Emerging technology allows devices to distribute usage and telemetry data, to receive instructions, to interact with other equipment, and to serve as the communications bridge extending network coverage so that the devices themselves expand the network on which the equipment communicates. The implications are quite interesting.

Perhaps the most important aspect of the development affects critical infrastructure – the fundamental systems operating our water, power, rail, and telecom infrastructure. Properly secured and interactive, the elements of our aging infrastructure could begin to trouble-spot and eventually provide small repairs without the need for 24-hour crews.

GE’s present equipment tends to be large devices, ranging from jet engines to MRI machines. But the concept could well extend to automobiles, bicycles, phones, cameras, and even clothing. Equipped automobiles, for example, could report mechanical efficiency for every system in the car. They could also share vehicle telemetry, providing a real-time map of how each car was driving in relation to every other car driving on the road. The information could be used to alert a driver to road hazards, to dangerous weather conditions, or to the driver’s weaving. The information could alert police to the same conditions and behaviors.

In the workplace, the Industrial Internet will improve atomization, which helps retain U.S. manufacturing but probably at the cost of fewer workers doing more specialized work. It should also be employed to improve worker safety but could easily be adapted to create a workplace in which every movement was tracked. With Industrial Internet name badges, doors would lock and unlock in response to the presence of authorized personnel, but the data analytics would also be able to see which employees spent the most time with which of their peers, and correlate such interactions with post-interaction productivity. Schools could similarly track student movements and behaviors, identifying which resources and faculty were actually utilized and which of those impacted learning outcomes – for better or worse.

Existing rules for workplace and education environments do not take the pervasive nature of the Industrial Internet into account. Assumptions that privacy is a zone around one’s home and person has little relevance to a cloud of data points broadcasting a picture of each person and how that person interacts.

The FTC has taken small steps to explore these issues and regulate obvious abuses, but legislators need to do much more. Absent legislation, current NSA practices will vacuum this data into its Orwellian data trove.

The Industrial Internet promises to translate the Internet of Things into very practical, valuable industrial improvements. Safer planes, smarter cars, more efficient homes all improve people’s lives. Proper regulation will encourage those uses while protecting civil liberties, privacy, and overreach. Perhaps we can craft the policies to avoid the outrage rather than in response to it.

Copyright review hearings end first phase as DOC Copyright Green Paper is released

On April 24, 2013, House Judiciary Chairman Bob Goodlatte (R-Va.) announced that the Subcommittee on Courts, Intellectual Property, and the Internet would “conduct a comprehensive review of U.S. copyright law over the coming months.” The first set of those hearings have just concluded.

The first of the hearings featured a panel of experts who participated in the Copyright Principles Project led by Professor Pamela Samuelson of Berkeley Law School.[1] The second panel, in contrast, emphasized representatives from the creative industries. The third hearing focused on the technology industries. The three hearings represent the Venn diagram of copyright policy: Creators, Disseminators, and Users. Each of these groups overlaps and the boundaries are very imprecise. Nonetheless, there remains a tension among these three spheres because greater legal protections in one sphere tend to affect the other spheres in unwanted ways. Since all three spheres are critical to the culture and to the creative economy, copyright reform is a matter of finding balance and cohesion within this matrix.

In addition to the hearings by the House Judiciary Committee, the Department of Commerce Internet Policy Task Force issued a green paper entitled “Copyright Policy, Creativity, and Innovation in the Digital Economy.”[2] The green paper emphasizes the need for balance between protections for creative rights ownership and the broad dissemination of information.

Some would argue that copyright protection and the free flow of information are inextricably at odds—that copyright enforcement will diminish the innovative information-disseminating power of the Internet, or that policies promoting the free flow of information will lead to the downfall of copyright. Such a pessimistic view is unwarranted. The ultimate goal is to find, as then-Secretary of Commerce Gary Locke explained, “the sweet spot on Internet policy – one that ensures the Internet remains an engine of creativity and innovation; and a place where we do a better job protecting against piracy of copyrighted works.” Effective and balanced copyright protection need not be antithetical to the free flow of information, nor need encouraging the free flow of information undermine copyright. In fact, as the Supreme Court has recognized, “the Framers intended copyright itself to be the engine of free expression.”[3]

While the green paper is very detailed, it emphasizes areas such as the public performance right for sound recordings, issues involving notice and takedown under the DMCA, online licensing of works, and online enforcement.[4] The green paper also expresses support for expanded fair use and related exclusivity exemptions, particularly with regards to teaching and access for persons with disabilities. The green paper was distributed as the first round of hearings came to a close. The green paper had little influence on the initial hearings but is likely to become increasingly influential as the process continues.

The green paper and the Goodlatte hearings, together with the many efforts by the Copyright Office and others, are creating significant energy around changes to the copyright statute. At the same  time, the proposals are tweaks rather than overhauls and the public may quickly grow tired of what will be a lengthy process. But it matters, so try to stay tuned.


[1] See Pamela Samuelson, The Copyright Principles Project: Directions for Reform, 25 Berkeley Tech. L.J., 1175 (2011) http://www.law.berkeley.edu/files/bclt_CPP.pdf.

[2] Copyright Policy, Creativity, and Innovation in the Digital Economy, Dept. of Comm. Internet Policy Task Force, July 2013 at http://www.uspto.gov/news/publications/copyrightgreenpaper.pdf. See also USPTO & NTIA, Copyright Policy, Creativity, and Innovation in the Internet Economy, 75 Fed. Reg. 72790 (November 26, 2010) (notice of inquiry. The comments are available at http://ssl.ntia.doc.gov/comments/100910448-0448-01/.).

[3] Id. at 2, quoting Harper & Row, Publishers, Inc. v. Nation Enters., 471 U.S. 539, 558 (1985).

[4] Id. at 5.

The Proportionality Principle

By Michael Goodwin[2]

A feature of JD Rising[1]

As most civil litigators in Minnesota are aware, a number of significant rule amendments went into effect on July 1, including new rules designed to change aspects of discovery, non-dispositive motion practice and complex case management.

Many of the rule changes were based on recommendations by the Minnesota Supreme Court Civil Justice Reform Task Force, which published a report in December 2011. The task force considered its most important recommendation to be the new rule requiring proportionality in all aspects of case management (especially discovery). In fact, proportionality was considered so important that it was included in Rule 1 of the Minnesota Rules of Civil Procedure, which now reads in part:

“It is the responsibility of the court and the parties to examine each civil action to assure that the process and the costs are proportionate to the amount in controversy and the complexity and importance of the issues. The factors to be considered by the court in making a proportionality assessment include, without limitation: needs of the case, amount in controversy, parties’ resources, and complexity and importance of the issues at stake in the litigation.”

The proportionality requirement of new Rule 1 applies to “virtually any issue that affects the managerial decisions judges and parties make in handling the case.”

The task force was particularly concerned about the costs and burdens associated with discovery, and a number of amendments were made to the discovery rules to advance the proportionality principle. New Rule 26.02(b) requires that a party seeking an order compelling discovery make a showing proportionality. Rules designed to impose limits on discovery were already part of Rule 26.02(b), which mirrored the federal rule.  According to the Civil Justice Reform Task Force, these considerations had not been effective in reigning in discovery:

“In practice, [Rule 26.02(b)] discovery limits have rarely been enforced, however; and the expansion of discovery and the increasing expense of discovery literally threaten the civil justice system.”

By making the proportionality concept more explicit in the rules, the task force intended to “create a presumption in favor of narrower discovery and require consideration of proportionality in all discovery matters, limiting discovery to the reasonable needs of the case.” Proposed changes to the federal rules also include a proportionality limitation on the scope of discovery.

While the express proportionality requirement is new and applies only in Minnesota state court, a few recent cases from the federal courts demonstrate how to make detailed and persuasive proportionality arguments, especially as related to electronically stored information. In one recent case from the Northern District of Illinois, a party largely succeeded in limiting certain discovery by demonstrating the difficulty and expense of accessing the requested information, as well as the likelihood that the discovery requests duplicated discovery that had already been produced.  The defense specifically articulated how the requested data was stored and had specific dollar estimates as to the costs of recovery and production. A Colorado district court, on the other hand, rejected several “unduly burdensome” objections because the objections lacked factual support; the defendants failed to provide “any specific information indicating how the [the defendants] store electronic information, the number of back-up or archival systems that would have to be searched in the course of responding to [plaintiff’s requests], or Defendants’ capability to retrieve information stored in those back-up or archival systems.” As these cases demonstrate, building a record for a proportionality argument often requires detailed testimony from individuals with knowledge of how the requested information is stored and how it could be accessed. Of course, under Rule 1, this information will have to be viewed in the context of the amount in controversy, the parties’ resources and the complexity of the issues, among other factors.


[1] The Proportionality Principle originally appeared In Minnesota Lawyer, July 25, 2013, http://minnlawyer.com/jdr/2013/07/25/the-proportionality-principle/. Reprinted with permission.

[2] Guest blog author Michael Goodwin is an associate attorney at Jardine, Logan & O’Brien in the Twin Cities. Michael’s practice involves a range of insurance defense and coverage issues. Michael currently serves as the Outreach Committee Chairperson for the Minnesota State Bar Association New Lawyers Section. He earned first place in the 2010 Levit Essay Contest, a national writing contest sponsored by the ABA Standing Committee on Lawyers’ Professional Liability and Long & Levit, LLP. Michael graduated from Hamline University School of Law in 2009. During law school he was a board member of the Hamline Law Review and he completed a judicial externship in United States District Court. A native of Sioux City, Iowa, Michael was a newspaper reporter prior to enrolling in law school.

COPPA updates go into effect today, if anyone is watching

The FTC revised the Children’s Online Privacy Protection Rule (COPPA) in December 2012 to take into account the rapidly expanding move to mobile applications, social media and the evolving nature of personally identifiable information. Those rules go into effect July 1, 2013.

COPPA is supposed to inform parents of data being collected about their children and provide opportunities for the parents to consent or opt out of the service.[1] Unfortunately, in application, COPPA has been applied as an either/or test – a site either caters to children and therefore complies with COPPA or prohibits use of services by children and therefore takes no steps to comply with parental notification and consent rules.

Many operators provide non-children services but do nothing to discourage use by children under 13, a practice which has obviated the impact of COPPA. Social media sites, in particular, tend to avoid compliance with COPPA and instead post disclaimers requiring that the users are over 13. But these sites have no verification procedures as to identity or age.

The FTC hopes to change this with the new rules. The amendments to COPPA are intended to minimize this gamesmanship by reducing the ability for a company to ignore actual usage by under-age customers and hide behind age disclaimers. Only time will tell whether the new rules will have that effect.

A second aspect of the new rule will likely have more impact. Self-regulatory associations can submit their certification program to the FTC for pre-approval. Provided members remain within compliance of the certified program, the approval serves as a safe-harbor, protecting members of the association from FTC enforcement actions. Examples of those applications include the following:

The self-regulatory associations, particularly the ESRB, take member enforcement very seriously. The multi-billion dollar gaming industry has become the model for differentiating products based on market segment. It has a strong incentive to segregate its under-13 products from the other products. Of course, it remains to be seen whether this will result in fewer 10-year-olds sneaking onto 15+ (or 18+) platforms, but the video game industry has been more effective than most in reducing the casual avoidance of the age restrictions.

The biggest change under COPPA revisions is the type of information now covered as personally identifiable information. Mobile and social media have transformed the tools available to individually track a customer. Persistent identifiers such as unique IDs, computer or chip serial numbers, unique device identifiers, IP addresses, and geo-location tags all work individually or together to create unique identification. None of those tools include a name or address, yet serve to provide comprehensive, persistent information regarding the identity of each individual. COPPA therefore expands the definition of personally identifiable information to reduce personalized targeting of advertising at children.

As an example of how personally identifiable information has evolved, this paragraph describes the ESRB’s updated guidance on personally identifiable information:

Personally Identifiable Information means any information that can be used to identify an individual or which enables direct contact with an individual. This would include an individual’s name, online contact information (i.e. email addresses or other identifier that permits direct online contact with a person via instant messaging, video, voice over internet protocol or any other means not specifically defined herein), phone number, fax number, home address, social security number, driver’s license number, credit card number, photos, videos, or audio containing the image or voice of a child, persistent identifiers (such as a customer number held in a cookie or a processor serial number, a unique device identifier, or IP address), or geo-location information sufficient to identify a street name and name of town. Demographic information that is combined with personal information (including, but not limited to, gender, educational background, or political affiliation) also becomes Personally Identifiable information. Personally Identifiable Information does not include information that is encoded or rendered anonymous, or publicly available information that has not been combined with non-public Personally Identifiable Information (and has not been previously defined as Personally Identifiable Information.)

The expanded COPPA will take months to truly affect the marketplace. Even then, it will only be effective if companies take the obligations not to track seriously and treat their customers with respect – something missing from the past 15 years of COPPA compliance.

Some and perhaps a majority of people prefer to be served ads that are relevant and interesting, so they don’t mind the outcome of behavioral advertising even if they are squeamish regarding the methods used to select the ads. But Congress assumes that children have fewer defenses to advertising and these techniques can be manipulative and harmful. Targeting individual minors under 13 is therefore prohibited without the parents consent. Hopefully, the COPPA revisions will make this difference begin to matter.

For more information, see the additional guidance provided by the FTC:

The FTC has also released two new pieces designed to help small businesses that operate child-directed websites, mobile applications and plug-ins ensure they are compliant with upcoming changes to the rule.

The first is a document, “The Children’s Online Privacy Protection Rule: A Six-Step Compliance Plan for Your Business, which is designed especially for small businesses and contains a step-by-step process for companies to determine if they are covered by COPPA, and what steps they are required to take to protect children’s privacy. The FTC also released a video aimed at businesses to help explain their obligations under the revised rule, including an explanation of the changes.

Finally, the FTC has updated a guide for parents, “Protecting Your Child’s Privacy Online,” that explains what COPPA is, how it works and what parents can do to help protect their children’s privacy online.

These new documents provide guidance from the FTC staff that supplements the rule and other COPPA–related material previously published by the FTC, including an updated set of frequently asked questions about the rule. FTC staff will periodically update the FAQs.

In addition to the guidelines and frequently asked questions, FTC staff maintain a “COPPA Hotline” email address, COPPAHotLine@ftc.gov, where industry members can send questions on how to ensure they are compliant with the rule. Comments on the FAQs or suggestions for new FAQs may also be submitted through the COPPA Hotline email address.


[1] The COPPA rule requires that operators of websites or online services that are either directed to children under 13 or have actual knowledge that they are collecting personal information from children under 13 give notice to parents and get their verifiable consent before collecting, using, or disclosing such personal information, and keep secure the information they collect from children.

Wireless Taps lead those actually reported by US Courts

Public disclosures regarding the otherwise secret wiretaps under the Foreign Intelligence Surveillance Act have been the focus of news reports, criminal investigations, and international intrigue in recent weeks. But the Administrative Office of the US Courts annually report the other wiretaps ordered by the federal and state  judiciary.

According to the report, “in calendar year 2012, a total of 3,395 orders authorizing the interception of wire, oral, or electronic communications, or wiretaps, were approved by state and federal judges,” according to the report. Only three percent of the wiretaps involved wires.

For the 2012 reporting period, January 1, 2012 to December 31, 2012, 97 percent of all wiretaps were authorized for “portable devices,” a category that includes cellular telephones and digital pagers. In addition, 87 percent of all 2012 applications for intercepts cited illegal drugs as the most serious offense under investigation.  As of December 31, 2012, a total of 3,743 persons had been arrested and 455 persons had been convicted as a result of interceptions reported as terminated.

The Administrative Office of the Courts points out that it is not authorized – or permitted – to include FISA-approved wiretaps. Equally importantly, the report also reminds the public that non-content data does not need a warrant. Instead pen register data about the nature of the call and the connection to the call requires a much lower legal standard to collect the data. It merely needs to be relevant to the investigation.

A Pen Register records telephone numbers called from a particular phone. The Register also records the date, time, and length of calls. Note that this is information that is already gathered for billing purposes by a communications service provider.

A Trap and Trace Order records the telephone numbers of telephones that are used to place calls to a particular phone. (i.e. Makes a log of incoming phone numbers.) Note that information of this sort is not gathered in the ordinary course of business. – Berkman Center

There is no security reason that these orders are not surveyed. In addition, the report points out that no report from a court to the Administrative Office  is necessary if “an order is issued with the consent of one of the principal parties to the communication.”

The use of wiretaps and the proportion of wiretaps in drug investigations to the exclusion of most other crimes should also raise some provocative public policy questions. Regardless of whether the information  being collected should remain private, there is no question that the information about the process and scope of these investigations should be incorporated into public policy development.