Date: Mon, 27 Apr 92 17:30:17 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#002 Computer Privacy Digest Mon, 27 Apr 92 Volume 1 : Issue: 002 Today's Topics: Moderator: Dennis G. Rears Barasch v. Pa Decision All the Myriad Ways... Re: Cordless phones The Computer Privacy Digest is a a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.200]. ---------------------------------------------------------------------- From: Dave Banisar Date: Thu, 23 Apr 1992 13:25:42 EDT Subject: Barasch v. Pa Decision >From CPSR Barasch v. Pa Decision David M. BARASCH, Consumer Advocate, et al., Appellees, v. THE BELL TELEPHONE COMPANY OF PENNSYLVANIA, Appellant. David M. BARASCH, CONSUMER ADVOCATE, et al., Appellees. PENNSYLVANIA PUBLIC UTILITY COMMISSION, Appellant. Nos. 201 E.D.1990, 202 E.D.1990. Supreme Court of Pennsylvania. March 18, 1992. OPINION OF THE COURT PAPADAKOS In this appeal we are called upon to address the legality of "Caller ID" service which Appellant, The Bell Telephone Company of Pennsylvania (Bell), proposes to offer to its customers. For the reasons set forth below, we agree with the Commonwealth Court that "Caller ID" violates our Wiretapping and Electronic Surveillance Control Act, 18 P.S. ss 5701-5781, and hence cannot now be offered in Pennsylvania. The facts on which this appeal is based are as follows. On January 18, 1989, Bell filed a revision to Tariff Pa. PUC No. 1, proposing that Various new services be added to its tariff, including the offering of the optional service known as Caller ID. Caller-ID allows a telephone subscriber to identify and record the telephone number from which a call is being made, including private and unlisted numbers, through the use of a device supplied to customers which displays that number and then stores it for future retrieval. {FN1} With Caller ID service, every time a call is made from a private telephone, the caller's telephone number will be obtained by the Caller ID subscriber and by anyone to whom that subscriber chooses to give or sell that number. This is true regardless of whether the caller wishes to divulge the number to the call recipient. Complaints against the Caller ID portion of the proposed tariff were filed by a number of parties, including the Office of Consumer Advocate (OCA); the Office of the Attorney General; Barry Steinhardt and the American Civil Liberties Union of Pennsylvania (ACLU); Karen Kulp, President of the Pennsylvania Coalition Against Rape; and Mary Jane Isenberg, President of the Pennsylvania Coalition Against Domestic Violence (PCADV). By order entered March 31, 1989, the Pennsylvania Public Utility Commission (PUC) suspended the Caller ID portion of the tariff for investigation purposes and the matter was assigned to an Administrative Law Judge (ALJ) for hearings and a recommended decision. The remaining services offered by Bell in this proceeding were approved by the PUC without further investigation. (FN2) On September 22, 1989, after extensive hearings and briefings by the parties, the ALJ issued his recommended decision on Caller ID. In that decision, the ALJ agreed with the positions taken by OCA, PCADV and the Attorney General and found that Caller ID service was not in the public interest unless it was provided along with a free "per-call" blocking option, with which callers could block the transmission of their telephone numbers if they chose to do so. The recommended decision concluded that unblockable Caller ID constitutes a "trap and trace device" as that term is defined in the Pennsylvania Wiretap Act, supra. The ALJ determined that providing the service as proposed by Bell would be a violation of law, and thus per se unjust and unreasonable under the Public Utility Code. Moreover, the ALJ determined that, whether or not Caller ID service was deemed violative of the Wiretap Act, it was not in the public interest to offer Caller ID without a blocking option. The ALJ found that numerous groups and individuals who require privacy in making calls in certain instances would be threatened by unblockable Caller ID. The ALJ also found that the implementation of a blocking option would not diminish the value of Caller ID in responding to annoying calls, particularly when the benefits of the service were considered along with other Bell services such as Call Trace. {FN3} After the filing of exceptions and reply exceptions by various parties, the PUC, at its public meeting on November 9, 1989, voted to reject the Administrative Law Judge's recommended decision and to allow Bell to provide Caller ID almost without restriction or protection for callers. The three to one decision determined that Caller ID blocking could only be provided to non- profit domestic abuse shelters and their staffs, law enforcement agencies, and individuals "certified" by law enforcement officials as requiring Caller ID blocking to "mitigate the risk of personal injury." Caller ID blocking would not be made generally available to any other individuals. On November 28, 1989, Petitions for Review of the Commission's order were filed by the OCA and the PCADV. On December 8, 1989, the OCA and the PCADV filed a Joint Application for Partial Stay with the Commonwealth Court. The application requested that Bell be directed to provide a free per-call blocking mechanism if it chose to offer Caller ID to the general public or, alternatively, that Bell be permitted to offer Caller ID service only to emergency service providers, i.e., police, fire and county emergency dispatch centers, during the pendency of the appeal. Petitions for Review and Applications for Stay were also filed by the ACLU and by Carol Walton and the Consumer Education and Protective Association (CEPA). By opinion and order entered December 29, 1989, after argument, Judge Crumlish of the Commonwealth Court granted the Application for Partial Stay and directed that Caller ID could only be offered to emergency service providers pending the resolution of the appeal. The opinion and order of Judge Crumlish is reported at 130 Pa.Cmwlth. Ct. 418, 568 A.2d 726 (1989). After briefing and en banc argument on the merits, the full Commonwealth Court held that Bell's proposed Caller ID service violates the trap and trace provisions of the Pennsylvania Wiretap Act. The Commonwealth Court decision is reported at --- Pa.Cmwlth. Ct. ----, 576 A.2d 79 (1990). A majority of the court, in an opinion by Judge Smith, also found that the PUC's approval of Caller ID violated the privacy rights of Pennsylvania citizens guaranteed by the Pennsylvania Constitution. The court also ruled that the limited blocking procedure approved by the Commission was wholly devoid of minimum due process protections and that the PUC decision on that point was not supported by substantial evidence. The Commonwealth Court majority also declared that Caller ID service would be unlawful and unconstitutional even if it were offered along with the per-call blocking option recommended by the ALJ. In an opinion which concurred in part and dissented in part, Judge Pellegrini, joined by Judge McGinley, fully endorsed the holding that Caller ID violated the trap and trace provisions of the Pennsylvania Wiretap Act. However, Judge Pellegrini stated that the court should not have reached the constitutional questions raised in the Petition for Review. Because the Commonwealth Court order reversed the commission order in its entirety, three of the successful Petitioners below--OCA, PCADV and ACLU-- filed an Application for Limited Reargument which sought clarification of the order as to one point. Specifically, the applicants asked the court to clarify their order to the affect that it did not preclude the use of Caller ID by emergency service providers. Such emergency service providers are exempt from the relevant prohibitions of the Wiretap Act. On July 18, 1990, the court entered an order denying the Application for Reargument, but, in doing so, declared that the court's majority opinion "neither impliedly nor expressly invalidates any provision of the Pennsylvania Wiretapping and Electronic Surveillance Control Act, 18 Pa.C.S. ss 5701-5781, allowing the use of recording and trap-and-trace devices by police and other designated emergency systems. The PUC and Bell filed Petitions for Allowance of Appeal with this Court on August 14, 1990. By orders dated December 19, 1990 and December 24, 1990, we granted both petitions and briefs were subsequently filed by the PUC, Bell and several amici curiae. The appeals were consolidated by order of this Court dated February 8, 1991. {FN4} We agree with Judge Pellegrini in that Caller ID violates the Wiretap Act, and that it is unnecessary, therefore, to reach the constitutional issues addressed by the Commonwealth Court majority. Simply put, Caller ID, as proposed by Bell and approved by the PUC, violates the "trap and trace" prohibitions contained in the Pennsylvania Wiretap Act. A trap and trace device is defined at 18 P.S. s 5702 as follows: Trap and trace devise. A device which captures the incoming electronic or other impulses which identify the originating number of an instrument or device from which a wire or electronic communication was transmitted. The relevant section of the Wiretap Act that governs the use of trap and trace devices is 18 P.S. s 5771, which provides: General prohibition of pen register {FN5} and trap and trace device use; exception (a) General rule.--Except as provided in this section, no person may install or use a pen register or a trap and trace device without first obtaining a court order under section 5773 (relating to issuance of an order for a pen register or a trap and trace device). (b) Exception.--The prohibition of subsection (a) does not apply with respect to the use of a pen register or a trap and trace device by a provider of electronic or wire communication service: (1) relating to the operation, maintenance and testing of a wire or electronic communication service or to the protection of the rights or property of the provider, or to the protection of users of the service from abuse of service or unlawful use of service; or (2) to record the fact that a wire or electronic communication was initiated or completed in order to protect the provider, another provider furnishing service toward the completion of the wire communication or a user of the service from fraudulent, unlawful or abusive use of service, or with the consent of the user of the service. (c) Penalty.--Whoever, intentionally and knowingly violates subsection (2) is guilty of a misdemeanor of the third degree. By definition and by agreement of the parties, the Caller ID terminal which is purchased by the subscriber and attached to the subscriber's telephone line "captures the incoming electronic or other impulses which identify the originating number" of the telephone from which the call was transmitted. That is the very function of the Caller ID device. It captures, displays, and stores for future retrieval the telephone number of the calling party. Caller ID therefore falls within the general prohibition of Section 5771(a) of trap and trace devices and cannot be used by anyone without first obtaining a court order. The only remaining issue is whether it falls within one of the exceptions to this general prohibition in Section 5771(b). The PUC, Bell and the Office of the Attorney General (in his amicus brief) all argue that Caller ID is permitted under the exception which permits the use of a trap and trace device "by a provider of electronic or wire communication service ... with the consent of the user of the service." The most obvious flaw in this argument, of course, if that the Caller ID subscriber is not an electronic or communicating service provider. The exception, therefore, can only apply to Bell, not to the subscriber. Bell argues vehemently that it is the only entity that performs a trap and trace under the statute, not the subscriber. Bell contends that Caller ID involves only a single trap and trace by the telephone company. It is Bell's network computers that "capture" the caller's number by computer software that identifies and stores the number in memory upon placement of a call. The call recipient merely receives the resulting information which is transmitted by Bell from its network computer. The display unit is entirely passive, like a television or radio or mailbox. It does not send any signal to or otherwise act on or manipulate the telephone network to ferret out the caller's number from the mass of electronic signals in the network. That function of "capturing" the caller's number is performed by the telephone company, without whose deciphering of the electronic signals in the network the called party would have no ability to identify the number. Appellees respond to this argument by contending there are two traps which take place when Caller ID service is used. The first is by the telephone company and it occurs when the calling number is placed in the memory of the called party's central office. This trap may be exempted from the provisions of Section 5771(b) under certain circumstances. But there is a second trap--when the calling number is deposited and stored in the customer's Caller ID device. That trap is not the use of "a trap and trace device by a provider of electronic or wire communication service" and thus is not exempted. Whatever the merits of this argument, and the Commonwealth Court agreed with Appellees and concluded that neither the "Caller ID device nor the data captured by the device is controlled or maintained by Bell but rather by the customer subscriber, clearly violating the trap and trace device prohibition.... " 576 A.2d at 85; nevertheless, further examination of the governing statutory language is necessary. Even if the Caller ID service were solely a function of the telephone company--which it almost certainly is not--we agree with the Commonwealth Court that the service still violates the wiretap law, because it is being used for unlimited purposes without the "consent" of each of the users of the telephone service. As noted by the Commonwealth Court majority: Followed to its logical conclusion, Bell would contend and have this court believe that a Caller ID subscriber is the user of the service and consents to use of a trap and trace device by subscribing to Caller ID. This argument must fail when one considers that "user" includes "any person or entity" who uses the telephone network and that a contrary and reasonable interpretation of that term could also be construed as the calling party rather than the Caller ID subscriber. 576 A.2d at 85. Judge Pellegrini joined in this aspect of the decision and further demonstrated the consistency of this interpretation with the Pennsylvania wiretap Act's requirement that all parties to a warrantless wiretap must consent to its use. 18 P.S. s 5704 provides: It shall not be unlawful under this chapter for: ... (4) A person to intercept a wire, electronic or oral communication, where all parties to the communication have given prior consent to such interception. As stated by Judge Pellegrini: [W]hen the 1988 amendments were adopted by the General Assembly, they were grafted onto a legislative scheme very different and one that is much more protective of individual rights than federal law. Even though the language of the federal law and 1988 amendments to the Wiretap Act are nearly the same, by not changing the "all party consent rule," it is clear that the General Assembly meant that any part of the communication, including phone number identification, should have the consent of all parties prior to it being trapped and traced. 576 A.2d at 93. We agree. None of the parties relying upon the exception in Section 5771(b) provides a satisfactory explanation of why the "user" as it appears in Section 5771(b)(2) must refer only to the Caller ID customer, rather than the calling party, or both the called and calling parties. No one disputes that the definition of "user" in the Wiretap Act includes "any person or entity" who uses the telephone network. 18 P.S. s 5702. It is also obvious that when a Caller ID device is employed, two "users" of the telephone network are involved--the called party and the calling party. It is the caller whose number is being trapped and traced and whose privacy is being jeopardized, and whose "consent" would therefore be particularly relevant. Moreover, under the rules of statutory construction, the singular generally includes the plural. 1 P.S. s 1902. In short, as recognized by the Commonwealth Court, the "consent" provision of the trap and trace section must be read in light of the overall requirement of the Act that consent to any form of interception must be obtained from all parties. 18 P.S. s 5704(4). The two-party consent rule has long been established in Pennsylvania as a means of protecting privacy rights and principles of statutory construction require that the provisions of the Wiretap Act be interpreted in a manner which is consistent with those concerns. Where the consent of less than all parties is required under the Wiretap Act, the General Assembly specifically so stated, as in Section 5704(2)(ii) which permits a law enforcement officer, under very limited circumstances, to intercept a communication where "one of the parties to the communication has given prior consent to such interception." (Emphasis added.) If the General Assembly had concluded that the consent to a trap and trace by "one of the users" of the service was sufficient, then they could have so stated. But they did not. In short, Caller ID violates the Pennsylvania Wiretap Act and therefore the Commonwealth Court decision must be affirmed. We need not reach the constitutional issues decided by the Commonwealth court majority in this case because we have long held that our courts should not decide constitutional issues in cases which can properly be decided on non- constitutional grounds. Ballou v. State Ethics Commission, 496 Pa. 127, 436 A.2d 186 (1981). Nor do we decide what results should be reached if Bell provided with its Caller ID service a free "per call" blocking option for callers. That issue is not before us. Accordingly, the decision of the Commonwealth Court is affirmed. FN1. Caller ID would not permit customers to identify the telephone number of calls being made from a pay telephone, by credit card, or through operator assistance. FN2. Among the other Bell services approved in this proceeding and currently available to customers is a service known as Call Trace. With this service, a person who receives an abusive or objectionable phone call can dial a three-digit code and thereby have the call traced by the telephone company. The company can then take appropriate action as to that caller. Unlike Caller ID, Call Trace does not reveal the caller's number directly to the called party. Other Bell services approved in this case include: Call-Return which allows a customer, by dialing a three-digit code, automatically to return the last call received, without knowing the phone number of the caller; and Call-Block which allows a customer to block the receipt of calls permanently from up to six different phone numbers, including the phone that made the last call which was received, whether or not the customer knows the number of the last caller. FN3. It should be noted that the operation of Call Trace would not be affected by the blocking mechanism recommended by the ALJ. The same is true for Call-Return and Call-Block services discussed in footnote 2, supra. FN4. Pursuant to Rule 502(c) of the Pennsylvania Rules of Appellate Procedure, and by order of this Court dated February 8, 1991, the name of Irwin A. Popowsky, Consumer Advocate, was substituted for that of David M. Barasch as an Appellee in this matter. FN5. A "pen register" is defined as: A device which records or decodes electronic or other impulses which identify the numbers dialed or otherwise transmitted, with respect to wire communications, on the telephone line to which the device is attached. The term does not include a device used by a provider or customer of a wire or electronic communication service for billing, or recording as an incident to billing, for communication service provided by the provider, or any device used by a provider, or customer of a wire communication service for cost accounting or other like purposes in the ordinary course of business. 18 P.S. s 5702. MR. JUSTICE MCDERMOTT files a Concurring Opinion. CONCURRING OPINION MR. JUSTICE MCDERMOTT I agree that the statute is clear upon its face and applies to "any person or entity." {FN1} Therefore the constitutional questions need not be addressed at this time. FN1. 18 Pa.C.S. s 5702. ------------------------------ Path: watyew!rmgreen From: rmgreen@watyew.uwaterloo.ca (Ronald M. Green) Subject: All the Myriad Ways... Date: Sat, 25 Apr 1992 01:00:34 GMT Hello! Well, where to start? As a Canadian who has long been enamoured of surveillance and information technology - the result, I suspect, of a fascination with the field of the private investigator (and my place in it) - I think that the only regret I have about this group is that is didn't exist even earlier. A late start, but what the hey... I'll leap back in after I see what major threads people want to develop, but a few obvious suggestions (touched on in the "Keywords" line) include: Scanners (radio monitors for "private" (laugh) frequencies) Phone Phreaking (by-passing of telephone protocols and fees) Micro-Mikes (the world of bugging and tapping) Net-Watching (tracking folks through their Net activities) Of course, there is much more to the field, but like I said, I'll let other folks develop the initial threads. I think I'm going to enjoy this...and now, if you'll excuse me, I think I'm going to indulge in some recreational scanning for a while... Be seeing you! - Ronald M. Green - ------------------------------ From: Craig "Powderkeg" DeForest Subject: Re: Cordless phones Date: 27 Apr 92 03:08:35 GMT Followups-To: comp.society.privacy >In article mla@pilot.njin.net (Marc L. Appelbaum) writes: >>I've been reading all these msgs about cellular phone calls. I just >>don't see why anyone would want to monitor cellular phone calls. Yes, > [stuff about tabloids & privacy] But it's none of your business! Damn it! Those photons are hitting *me*! They're *MINE*. I'll do whatever the hell I want with *my* photons, regardless of the law. I firmly believe in privacy -- I won't go looking into people's houses, or tapping their phones, or whatever. But, if you want privacy, you *don't* shout so that everyone within ten miles can hear it. If you want privacy, you don't broadcast your conversation. If people don't want me to hear their conversation, they ought not to be shooting photons at me! followups elsewhere; this ain't folklore anymore. -- Craig DeForest: zowie@banneker.stanford.edu *or* craig@reed.bitnet ---------------------------------------------------------------------------- "So, if you guys make a living looking at the SUN, why do you spend so much time at the SYNCHROTRON, working UNDERGROUND at NIGHT?" ------------------------------ End of Computer Privacy Digest V1 #002 ******************************