# Pen register

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/Pen_register
> Markdown URL: https://mediated.wiki/source/Pen_register.md
> Source: https://en.wikipedia.org/wiki/Pen_register
> Source revision: 1355912814
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

{{Short description|Device that records all numbers called from a particular telephone line}}

A '''pen register''', or '''dialed number recorder''' (DNR), is a device that records all [numbers](/source/Telephone_number) called from a particular [telephone](/source/telephone) line.<ref name="Applegate, John, and Amy Grossman">{{Cite journal|last=Applegate, John, and Amy Grossman|title=Pen Registers after Smith v. Maryland|journal=Harv. CR-CLL}}</ref> The term has come to include any device or program that performs similar functions to an original pen register, including programs [monitoring](/source/Internet_surveillance) [Internet](/source/Internet) communications.

The United States statutes governing pen registers are codified under [https://www.law.cornell.edu/uscode/text/18/part-II/chapter-206 18 U.S.C., Chapter 206].

== Definitions ==
thumb|400px|Pen register manufactured by J. H. Bunnell & Co, Brooklyn, New York The term ''pen register'' originally referred to a device for recording [telegraph](/source/telegraph) signals on a strip of paper. [Samuel F. B. Morse](/source/Samuel_F._B._Morse)'s 1840 telegraph patent described such a register as consisting of a [lever](/source/lever) holding an armature on one end, opposite an [electromagnet](/source/electromagnet), with a [fountain pen](/source/fountain_pen), [pencil](/source/pencil) or other marking instrument on the other end, and a clockwork mechanism to advance a paper recording tape under the marker.<ref>Samuel F. B. Morse, Improvement in the Mode of Communicating Information by Signals by the Application of Electro-Magnetism, [https://patents.google.com/patent/US1647 U.S. Patent 1647], June 20, 1840; see page 4 column 2</ref>

The term ''telegraph register'' came to be a generic term for such a recording device in the later 19th century.<ref>See for example, Frank Wood's Telegraph Register, [https://patents.google.com/patent/US338329 U.S. Patent 338,329], Mar. 23, 1886.</ref> Where the record was made in ink with a pen, the term ''pen register'' emerged. By the end of the 19th century, pen registers were widely used to record pulsed electrical signals in many contexts. For example, one fire-alarm system used a "double pen-register",<ref>William F. Singer, Electrical Automatic Fire-Alarm System, [https://patents.google.com/patent/US436640 U.S. Patent 436,640], Sept. 16, 1890; see page 3 line 48</ref> and another used a "single or multiple pen register".<ref>Bernice J. Noyes, Electric Signalling Apparatus, [https://patents.google.com/patent/US534908 U.S. Patent 534,908], Feb. 26, 1895; see page 1 lines 82-83.</ref>

As [pulse dialing](/source/pulse_dialing) came into use for [telephone exchange](/source/telephone_exchange)s, pen registers had obvious applications as diagnostic instruments for recording sequences of telephone dial pulses.  In the United States, the clockwork-powered Bunnell pen register remained in use into the 1960s.<ref>Bunnell Ink Writing Register (Pen Register), [http://etler.com/docs/BSP/030/030-340-701_I2.pdf Bell System Practices, Section 030-340-701], 2 Sept 1961.</ref>

After the introduction of [tone dialing](/source/tone_dialing), any instrument that could be used to record the numbers dialed from a telephone came to be defined as a pen register. Title 18 of the [United States Code](/source/United_States_Code) defines a pen register as:

<blockquote>a device or process which records or decodes dialing, routing, addressing, or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted, provided, however, that such information shall not include the contents of any communication, but such term does not include any device or process used by a provider or customer of a wire or electronic communication service for billing, or recording as an incident to billing, for communications services provided by such provider or any device or process used by a provider or customer of a wire communication service for cost accounting or other like purposes in the ordinary course of its business<ref>{{usc-clause|18|3127|(3)}}</ref></blockquote>

This is the current definition of a pen register, as amended by passage of the 2001 [USA PATRIOT Act](/source/USA_PATRIOT_Act).  The original statutory definition of a pen register was created in 1984 as part of the [Electronic Communications Privacy Act](/source/Electronic_Communications_Privacy_Act), which defined a "Pen Register" as:

<blockquote>A device which records or decodes electronic or other impulses which identify the numbers called or otherwise transmitted on the telephone line to which such device is dedicated.</blockquote>

A pen register is similar to a [trap and trace device](/source/trap_and_trace_device). A trap and trace device would show what numbers had called a specific telephone, i.e., all ''incoming'' phone numbers. A pen register rather would show what numbers a phone had called, i.e. all ''outgoing'' phone numbers. The two terms are often used in concert, especially in the context of Internet communications. They are often jointly referred to as "Pen Register or Trap and Trace devices" to reflect the fact that the same program will probably do both functions in the modern era, and the distinction is not that important. The term "pen register" is often used to describe both pen registers and trap and trace devices.<ref>{{Cite web|title=Introduction to Government Investigations|url=https://cyber.harvard.edu/privacy/Introduction%20to%20Government%20Investigations.htm|access-date=2020-10-23|website=cyber.harvard.edu}}</ref>

== Background ==

In ''[Katz v. United States](/source/Katz_v._United_States)'' (1967), the [United States Supreme Court](/source/United_States_Supreme_Court) established its "[reasonable expectation of privacy](/source/reasonable_expectation_of_privacy)" test. It overturned ''[Olmstead v. United States](/source/Olmstead_v._United_States)'' (1928) and held that warrantless [wiretaps](/source/Telephone_tapping) were [unconstitutional](/source/Constitutionality) searches, because there was a reasonable expectation that the communication would be [private](/source/privacy). From then on, the government was required to get a [warrant](/source/Warrant_(law)) to execute a wiretap.

Twelve years later the Supreme Court held that a pen register is not a search because the "petitioner voluntarily conveyed numerical information to the telephone company." ''[Smith v. Maryland](/source/Smith_v._Maryland)'', 442 U.S. 735, 744 (1979).  Since the [defendant](/source/defendant) had disclosed the dialed numbers to the telephone company so they could connect his call, he did not have a reasonable expectation of privacy in the numbers he dialed. The court did not distinguish between disclosing the numbers to a human operator or just the automatic equipment used by the telephone company.

The Smith decision left pen registers completely outside [constitutional](/source/United_States_Constitution) protection. If there was to be any privacy protection, it would have to be enacted by Congress as statutory [privacy law](/source/telecommunications_privacy_laws).<ref name="Applegate, John, and Amy Grossman"/>

== Pen Register Act ==
The [Electronic Communications Privacy Act](/source/Electronic_Communications_Privacy_Act) (ECPA) was passed in 1986 (Pub. L. No. 99-508, 100 Stat. 1848).  There were three main provisions or Titles to the ECPA.  Title III created the Pen Register Act, which included restrictions on private and law enforcement uses of pen registers. Private parties were generally restricted from using them unless they met one of the exceptions, which included an exception for the business providing the communication if it needed to do so to ensure the proper functioning of its business.

For [law enforcement agencies](/source/law_enforcement_agency) to get a pen register approved for [surveillance](/source/surveillance), they must get a [court order](/source/court_order) from a judge.  According to 18 U.S.C. §&nbsp;3123(a)(1), the "court shall enter an [ex parte](/source/ex_parte) order authorizing the installation and use of a pen register or trap and trace device anywhere within the United States, if the court finds that the attorney for the Government has certified to the court that the information likely to be obtained by such installation and use is relevant to an ongoing criminal investigation".<ref>{{cite web|url=https://www.law.cornell.edu/uscode/text/18/3123-|title=18 U.S. Code §&nbsp;3123 – Issuance of an order for a pen register or a trap and trace device|website=LII / Legal Information Institute}}</ref> Thus, a government attorney only needs to certify that information will "likely" be obtained in relation to an 'ongoing [criminal investigation](/source/criminal_investigation)'. This is the lowest requirement for receiving a court order under any of the ECPA's three titles. This is because in ''[Smith v. Maryland](/source/Smith_v._Maryland)'', the Supreme Court ruled that use of a pen register does not constitute a [search](/source/Search_and_seizure). The ruling held that only the content of a conversation should receive full constitutional protection under the [right to privacy](/source/right_to_privacy); since pen registers do not intercept conversation, they do not pose as much threat to this right.

Some have argued that the government should be required to present "specific and articulable facts" showing that the information to be gathered is relevant and material to an ongoing investigation. This is the standard used by Title II of the ECPA with regard to the contents of stored communications. Others, such as [Daniel J. Solove](/source/Daniel_J._Solove), [Petricia Bellia](/source/Petricia_Bellia), and [Deirdre Mulligan](/source/Deirdre_Mulligan), believe that [probable cause](/source/probable_cause) and a warrant should be necessary.<ref name="Solove">{{cite journal |first=Daniel J. |last=Solove |title=Reconstructing Electronic Surveillance Law |volume=72 |journal=[Geo. Wash. L. Rev.](/source/George_Washington_Law_Review) |issue=6 |pages=1264–1305 |year=2004 }}</ref><ref name="Bellia">{{cite journal |first=Patricia L. |last=Bellia |title=Surveillance Law Through Cyberlaw's Lens |volume=72 |journal=[Geo. Wash. L. Rev.](/source/George_Washington_Law_Review) |issue=6 |pages=1375–1458 |year=2004}}</ref><ref name="Mulligan2004">{{cite journal |last=Mulligan |first=Deirdre K. |title=Reasonable Expectations in Electronic Communications: A Critical Perspective on the Electronic Communications Privacy Act |volume=72 |journal=[Geo. Wash. L. Rev.](/source/George_Washington_Law_Review) |issue=6 |pages=1557–1598 |year=2004}}</ref> [Paul Ohm](/source/Paul_Ohm) argues that [standard of proof](/source/standard_of_proof) should be replaced/reworked for electronic communications altogether.<ref name="Ohm2009">{{cite journal |last=Ohm |first=Paul |year=2009 |title=Probably Probable Cause: The Diminishing Importance of Justification Standards |journal=[Minn. L. Rev.](/source/Minnesota_Law_Review) |volume=94 |issue=3 |pages=1514–1560 |url=http://www.minnesotalawreview.org/wp-content/uploads/2012/03/Ohm_MLR.pdf}}</ref>

The Pen Register Act did not include an [exclusionary rule](/source/exclusionary_rule). While there were [civil remedies](/source/civil_litigation) for violations of the Act, evidence gained in violation of the Act can still be used against a defendant in court. There have also been calls for Congress to add an [exclusionary rule](/source/exclusionary_rule) to the Pen Register Act, as this would make it more analogous to traditional [Fourth Amendment](/source/Fourth_Amendment_to_the_United_States_Constitution) protections. The penalty for violating the Pen Register Act is a misdemeanor, and it carries a prison sentence of not more than one year.<ref>{{cite web|url=https://www.law.cornell.edu/uscode/usc_sec_18_00003121----000-.html|title=18 U.S.C. §&nbsp;3121(d)|website=cornell.edu}}</ref>

== USA PATRIOT Act ==

Section 216 of the 2001 [USA PATRIOT Act](/source/USA_PATRIOT_Act) expanded the definition of a pen register to include devices or programs that provide an analogous function with Internet communications. Prior to the Patriot Act, it was unclear whether or not the definition of a pen register, which included very specific telephone terminology,<ref name=":0">{{Cite journal|last=Schwartz|first=Paul M.|date=2009-09-01|title=Law and technologyKeeping track of telecommunications surveillance|url=https://doi.org/10.1145/1562164.1562175|journal=Communications of the ACM|volume=52|issue=9|pages=24–26|doi=10.1145/1562164.1562175|s2cid=8119299|issn=0001-0782|url-access=subscription}}</ref> could apply to Internet communications.  Most courts and law enforcement personnel operated under the assumption that it did, however, the [Clinton administration](/source/Clinton_administration) had begun to work on legislation to make that clear, and one [magistrate](/source/magistrate) judge in [California](/source/California) did rule that the language was too telephone-specific to apply to [Internet surveillance](/source/Internet_surveillance).

The Pen Register Statute is a privacy act.  As there is no constitutional protection for information divulged to a third party under the Supreme Court's expectation of privacy test, and the routing information for phone and Internet communications are divulged to the company providing the communication, the absence or inapplicability of the statute would leave the routing information for those communications completely unprotected from government surveillance.

The government also has an interest in making sure the Pen Register Act exists and applies to Internet communications.  Without the Act, they cannot compel service providers to give them records or do Internet surveillance with their own equipment or [software](/source/software), and the law enforcement agency, which may not have very good [technological](/source/Computer_technology) capabilities, will have to do the surveillance itself at its own cost.

Rather than creating new laws regarding Internet surveillance, the Patriot Act simply expanded the definition of a pen register to include computer software programs doing Internet surveillance by accessing information. While not completely compatible with the technical definition of a pen register device, this was the interpretation that had been used by almost all courts and law enforcement agencies prior to the change.<ref name=":0" />

== NSA call database controversy ==

{{Main|NSA call database}}

When, in 2006, the Bush administration came under fire for having secretly collected billions of phone call details from regular Americans, ostensibly to check for calls to terror suspects, the Pen Register Act was cited, along with the [Stored Communications Act](/source/Stored_Communications_Act), as an example of how such domestic spying violated Federal law.<ref>{{Cite web|title=Privacy: An Overview of Federal Statutes Governing Wiretapping and Electronic Eavesdropping|url=https://www.everycrsreport.com/reports/98-326.html|access-date=2020-11-21|website=www.everycrsreport.com|language=en}}</ref>

In 2013, the Obama administration sought a court order "requiring Verizon on an 'ongoing, daily basis' to give the NSA information on all telephone calls in its systems, both within the US and between the US and other countries". The order was approved on April 25, 2013, by federal Judge [Roger Vinson](/source/Roger_Vinson), member of the secret [Foreign Intelligence Surveillance Court](/source/Foreign_Intelligence_Surveillance_Court) (FISC), which court had been created by the [Foreign Intelligence Surveillance Act](/source/Foreign_Intelligence_Surveillance_Act) (FISA). The order gave the government unlimited authority to compel Verizon to collect and provide the data for a specified three-month period ending on July 19. It was the first time significant and top-secret documents have been revealed exposing the continuation of the practice on a massive scale under U.S. President [Barack Obama](/source/Barack_Obama).

According to ''[The Guardian](/source/The_Guardian)'', "it is not known whether Verizon is the only cell-phone provider to be targeted with such an order, although previous reporting has suggested the NSA has collected cell records from all major mobile networks. It is also unclear from the leaked document whether the three-month order was a one-off or the latest in a series of similar orders".<ref>{{cite news |first=Glenn |last=Greenwald |url=https://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order |title=NSA collecting phone records of millions of Verizon customers daily |newspaper=The Guardian |date=June 5, 2013 }}</ref>

== Hemisphere DEA call database controversy ==
On September 1, 2013, the [DEA](/source/Drug_Enforcement_Administration)'s Hemisphere Project was revealed to the public by ''[The New York Times](/source/The_New_York_Times)''. In a series of [PowerPoint](/source/PowerPoint) slides acquired through a lawsuit, [AT&T](/source/AT%26T) is revealed to be operating a call database going back to 1987 which the DEA has warrantless access to with no judicial oversight under "administrative subpoenas" originated by the DEA. The DEA pays AT&T to maintain employees throughout the country devoted to investigating call records through this database for the DEA. The database grows by 4 billion records per day, and presumably covers all traffic that crosses AT&T's network. Internal directives instructed participants never to reveal the project publicly, despite the fact that the project was portrayed as a "routine" part of DEA investigations; several investigations unrelated to drugs have been mentioned as using the data. When questioned on their participation, [Verizon](/source/Verizon), [Sprint](/source/Sprint_Corporation), and [T-Mobile](/source/T-Mobile_US) refused to comment on whether they were part of the project, generating fears that ''pen registers'' and ''trap and trace'' devices are effectively irrelevant in the face of ubiquitous private-public-partnership surveillance with indefinite data retention.<ref>{{cite news |first=Scott|last=Shane & Colin Moynihan|url=https://www.nytimes.com/2013/09/02/us/drug-agents-use-vast-phone-trove-eclipsing-nsas.html?hp&_r=0&pagewanted=all |title=Drug Agents Use Vast Phone Trove, Eclipsing N.S.A.'s |newspaper=The New York Times |date=September 1, 2013 }}</ref>

== Information collected ==

Information that is legally collectible according to 2014 pen trap laws includes:{{citation needed|date=July 2024}}

=== Phone ===

* Dialed numbers
* Received call numbers
* The time the call was made
* Whether the call was answered, or went to voice-mail
* The length of each call
* Content of SMS text messages
* Post-cut-through dialed digits--(digits dialed after call is connected, like banking [personal identification number](/source/personal_identification_number) (PIN) or prescription refill numbers)
* The real-time location of a cell phone to within a few meters

=== Email ===

* All email header information other than the subject line
* The email addresses of the people to whom an email was sent
* The email addresses of people who received the email
* The time each email is sent or received
* The size of each email that is sent or received

=== Internet ===

* [IP address](/source/IP_address), port, and protocol used
* The IP address of other computers on the Internet that information was exchanged with
* Time-stamp and size information of Internet access
* Protocol traffic analysis to obtain URL web addresses surfed on the web, emails posted or read, instant messages exchanged, and information posted onto message boards

== See also ==
* [Call detail record](/source/Call_detail_record)
* ''[Smith v. Maryland](/source/Smith_v._Maryland)''
* ''[United States v. Davis](/source/United_States_v._Davis_(2014))'', dealing with cell phone location data

== References ==
{{Reflist}}

== Further reading ==
* {{cite journal |first=Christopher R. |last=Brennan |title=Katz Cradle: Holding On to Fourth Amendment Parity in an Age of Evolving Electronic Communication |volume=53 |journal=[Wm. & Mary L. Rev.](/source/William_and_Mary_Law_Review) |issue=5 |pages=1797–1823 |year=2012 |url=http://scholarship.law.wm.edu/wmlr/vol53/iss5/7 }}
* {{cite journal |last=Kerr |first=Orin |authorlink=Orin Kerr |title=Internet Surveillance Law After the USA Patriot Act: The Big Brother That Isn't |journal=[Nw. U. L. Rev.](/source/Northwestern_University_Law_Review) |volume=97 |year=2003 |issue=2 |pages=607–673 |ssrn=317501 }}

Category:Law enforcement equipment
Category:Surveillance
Category:Privacy of telecommunications

---
Adapted from the Wikipedia article [Pen register](https://en.wikipedia.org/wiki/Pen_register) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/Pen_register?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.
