This paper provides a comparative analysis of telecommunications interception and access regulatory frameworks in the United States and the United Kingdom. Beginning with foundational definitions of interception and stored communications access, the paper traces the historical evolution of both nations' legal regimes β from early 20th-century surveillance practices through landmark legislation such as the U.K.'s Regulation of Investigatory Powers Act (RIPA) and the U.S. Wiretap Act, FISA, ECPA, CALEA, and the Patriot Act. The paper examines warrant requirements, exceptions, restrictions on use of intercepted materials in court, telecommunications carrier obligations, and oversight mechanisms, before offering a comparative assessment of each regime's strengths and weaknesses in balancing civil liberties against national security imperatives.
This paper provides an overview of the telecommunications interception and access laws in the United States and the United Kingdom, as prime examples of developed telecommunications regulatory frameworks that can, to some extent, provide useful real-world case studies for refining a regulatory regime in other jurisdictions.
Interception is the electronic surveillance of private telecommunication transmissions in real time. Also commonly referred to as "wiretapping" β because historically the practice required placing a "tap" on a phone line β interception involves the use of a device or technology to listen to live person-to-person communications, such as landline telephone calls, internet conversations, or conversations via wireless phone networks, as they occur. The parties to the communication are typically unaware that they are being observed by a third party.
Telecommunications access is similar to interception, except that it refers to the act of accessing and reviewing a stored record of a communication that occurred in the past β for example, a recording of a telephone call, a voicemail message, or an email stored on a carrier's systems or other media. Interception and access are generally accepted as tools of modern law enforcement and national security intelligence gathering and prosecution. Ongoing technological evolution has required both law enforcement agencies and legislative bodies to grapple with ever-increasing modes of internet and wireless communication β such as instant messaging and text messaging β which have all become common platforms for "live" communication.
Telecommunications interception and access are officially and strictly controlled in many countries in order to safeguard individual privacy; this is the case in all developed democracies. In theory, telephone tapping often requires court authorization and is normally approved only when evidence demonstrates that it is not possible to detect criminal or subversive activity through less intrusive means. Laws and regulations often require that the crime under investigation must meet at least a minimum threshold of severity. In many jurisdictions, however, permission for telephone tapping is easily obtained on a routine basis without rigorous investigation by the authorizing court or other entity. Illegal or unauthorized telephone tapping is frequently a criminal offense.
The U.S. and the U.K. together provide a distinct β and in many ways common β perspective on the issues of telecommunications interception. Both nations have developed interception and access regimes in a context in which national security concerns hold a prominent position in both legislative debate and public discourse. As countries that share strong traditions of individual freedoms and privacy, it is notable that both nations β in particular the U.S. β have created regulatory regimes with the potential to intrude upon civil liberties to a greater degree than those of some other developed nations. The modern history of terrorist activity in both the U.S. and the U.K. has been a driving force in the broadening of interception and access capabilities by law enforcement and national security agencies, making it instructive to examine the two countries together as a means of exploring the balancing act between civil liberties and national security in the regulatory environment.
To understand the current regulatory regimes in both nations, it is first necessary to examine how those regimes came to be and what legal, historical, and societal forces influenced their evolution. In many respects, the philosophical underpinnings and historical development of the U.S. and U.K. regulatory regimes are parallel, due in part to the shared history and culture between the two nations. Both nations have also been compelled to respond to a combination of dramatic events and strong public sentiment in the development of their respective regulatory regimes.
The evolution of telecommunications interception and access regulations in the U.K. is marked by an emphasis on secrecy and an unwillingness of parliamentary authorities to interfere with the activities of police and national security services. Wiretapping activity in the U.K. had "traditionally been conducted under conditions of considerable secrecy, being governed by somewhat obscure administrative regulations rather than by precise legal controls" (Lloyd, 1986). The history of British monitoring of communications for national security purposes extends back to the late 19th century and the introduction of the telegraph, with active surveillance during the Boer War in 1900 and the First World War (Hills, 2006). The approaches and legal structures around electronic communications surveillance continued to evolve, with the beginning of the "modern" era dating from the Second World War and the BRUSA COMINT (communications intelligence) alliance between the United States and the United Kingdom (Hills, 2006). As a result of that agreement, a cooperative operation was established with broad monitoring of multiple streams of communications, with information made available to both British security agencies (e.g., MI6) and U.S. security agencies (e.g., the National Security Agency). The system became known as "Echelon," based in the U.K., and over the years developed extensive automated monitoring programs to track phone calls, faxes, emails, and telex messages around the globe, with cooperative efforts among the U.K. and other countries in the European Union (Hills, 2006).
The British legal system has relied largely on a complex set of historical precedents. The first legislative landmark to provide statutory guidance on interception was the Interception of Communications Act 1985 (IOCA). Prior to the passage of the IOCA, little in British law explicitly made wiretapping illegal without specific warrants or authorization, beyond a few statutory provisions (Lloyd, 1986). The IOCA was passed partly in response to censure by the European Court of Human Rights on the basis that U.K. interception practices were overstepping civil rights (Yeates, 2001β2). The IOCA introduced a warrant system requiring law enforcement or national security agencies to obtain a warrant from a Secretary of State before setting up interception of any individual's communications, including both telephone and postal mail communication (Lloyd, 1986). It specified that a warrant could only be issued:
"(i) in the interests of national security; (ii) for the purpose of preventing or detecting serious crime; or (iii) for the purpose of safeguarding the economic well-being of the United Kingdom" (Straw, 1999).
The IOCA also "placed strict safeguards on the extent to which intercepted material may be disclosed, copied and retained, requiring arrangements to be made to ensure that each of these is kept to a minimum" (Straw, 1999). Additionally, the IOCA introduced stiff monetary and imprisonment penalties for illegal interception activity.
The IOCA was criticized, however, for allowing multiple wiretaps from a single warrant. While it established an Interception Commissioner to review warrant operations and created a complaints tribunal, the act was also criticized for inadequate oversight provisions (Yeates, 2001β2). Additionally, the IOCA did not address the interception of communications occurring over private communications networks β a gap that produced another adverse decision from the European Court of Human Rights in 1997. This led to closer examination of the IOCA by British authorities, who also recognized that interception laws needed to evolve to address new technologies. A Consultation Paper issued by the Home Secretary in 1999 outlined the need to extend interception laws and warrant procedures to private networks, to acknowledge new market realities (by that time there were 150 telecommunications companies operating in the country), and to encompass new technologies such as cellular phones, satellite communications, and the internet (Straw, 1999).
This instigated the passage of the Regulation of Investigatory Powers Act (RIPA) in 2000 (Yeates, 2001β2). While the RIPA addressed many critical aspects of modern interception practice, critics identified remaining gaps and issues. In particular, the RIPA does not address the practice of third-party participant monitoring, "where one party only consents to [i]nterception" (Justice, 1999). It also introduced provisions giving law enforcement agencies the power to compel decryption of encoded email β a provision that has given rise to significant concerns (Reid & Ryder, 2001).
Since the passage of the RIPA in 2000, some refinements in interpretation can be derived from relevant case law β for example, an important distinction has been drawn between the party with technical control over telecommunications networks versus a party duly authorized to access communications via a warrant (MarΓs, 2002). Consistent with the British model of legal evolution, which relies heavily on judicial interpretation and precedent rather than overt legislative action, no new statutes were issued in the intervening decade. The only additional guiding document is a Code of Practice issued by the Home Secretary in 2002, providing more detailed procedural guidance and some interpretation of the RIPA.
The table below summarizes the key milestones in the evolution of the United Kingdom's regulatory regime:
Milestones in the Evolution of the United Kingdom Regulatory Regime
1985 β Interception of Communications Act 1985 (IOCA)
1999 β Interception of Communications in the United Kingdom, Consultation Paper
2000 β Regulation of Investigatory Powers Act (RIPA)
2002 β Interception of Communications: Code of Practice, issued by the Home Secretary
The earliest evolutionary stages of the U.S. interception system run parallel to those of the U.K., with the development of cooperative monitoring efforts during World War II and the Cold War. The first significant telecommunications interception legislation in the U.S. was the Communications Act of 1934, which "recodified earlier U.S. legislation from 1912 and 1927, providing that no person not authorized by the sender could intercept any communication and divulge the contents or existence of the message to any other person" (Yeates, 2001β2). Although these statutes were apparently not intended to prevent interception by law enforcement, the U.S. Supreme Court ruled in 1928 that law enforcement agencies could intercept communications and use them as evidence in court. Several years later, however, the Supreme Court issued decisions regarding the 1934 Communications Act that created inconsistencies β inconsistencies that persisted for many years, allowing law enforcement to intercept communications but preventing the use of those interceptions as court evidence (Yeates, 2001β2).
In 1967, the U.S. Supreme Court issued two landmark decisions β Berger v. New York and Katz v. United States β clarifying that the Fourth Amendment of the U.S. Constitution, which protects "[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures," applied to conversations as well. Thus, citizens should be protected from "searches and seizures" of any conversations in which an individual had a "reasonable expectation" of privacy. In response, Congress passed the Omnibus Crime Control and Safe Streets Act of 1968, which included "Title III," known as the Wiretap Act. The Wiretap Act established a regime of warrants required for law enforcement interception of communications, just as the Fourth Amendment had led to a warrant system for physical searches of an individual's premises.
The Wiretap Act addressed domestic law enforcement activity, but gray areas remained with regard to national security interception. "As a result of a Congressional investigation following the Watergate scandal of 1974, the [collaboration with the British Echelon] project was halted. Charges that citizens had been spied on led in the late 1970s to President Carter ordering the end of 'back door' intelligence on U.S. political figures through the swapping of intelligence data with the British" (Hills, 2006). From this point onward, the U.S. interception regulatory framework took a distinct evolutionary pathway. Notably, "the scandals of unauthorized surveillance on individuals resulted in the passage by Congress in 1978 of the Foreign Intelligence Surveillance Act (FISA). This Act codified the authority that the FBI required in order to undertake domestic electronic surveillance, and separated out intelligence and criminal investigations. It created the Foreign Intelligence Surveillance Court, a secret court to approve requests for domestic surveillance and to act as a watchdog over the rights of citizens subject to surveillance" (Hills, 2006).
One of the finer points of the Wiretap Act is that it focused exclusively on the surveillance of content β the words spoken or communicated via an electronic medium. However, law enforcement continued to make use of every tool available, including the pen register, "a device that permits the recording of telephone numbers that one dials. A similar machine, the 'trap and trace' device, is used to capture the numbers received by a telephone" (Schwartz, 2008). The Pen Register Act passed by Congress in 1968 regulates use of pen registers and trap and trace devices. Even though warrants are required, a lower standard of review applies to these warrants than to wiretaps (Schwartz, 2008).
Another significant development occurred in 1986, as Congress attempted to keep pace with new forms of communication such as cellular phones, computer transmissions, and pagers. Congress enacted the Electronic Communications Privacy Act of 1986 (ECPA), which included Title III β commonly referred to as the Stored Communications Act (SCA). While not a replacement for the Wiretap Act, ECPA extended the Wiretap Act's protections and restrictions on telephone interception to the various new forms of electronic communication (Yeates, 2001β2). ECPA did not, however, address the more subtle issue of obtaining warrants for types of electronic communications that law enforcement could not technically access β a gap addressed by the Communications Assistance for Law Enforcement Act (CALEA).
Following the first bombing of the World Trade Center in 1993, the government revisited a previously rejected FBI proposal that "U.S. telephone companies design their systems to guarantee they could be tapped by law enforcement agencies" (Hills, 2006). Although civil rights groups had previously expressed concerns, the bombing provided momentum to expand interception capabilities under CALEA. The intent of CALEA was "to make clear a telecommunications carrier's duty to cooperate in the interception of communications for law enforcement purposes, and for other purposes" (Communications Assistance for Law Enforcement Act). Despite objections from telecommunications and internet carriers about the potential cost and burden of compliance, in 2004 the U.S. Federal Communications Commission expanded CALEA provisions to incorporate the technical ability to intercept and access internet communications, including broadband telephony services such as voice over IP (VoIP) (Hills, 2008).
An additional U.S. legal mechanism used to set up interception for national security purposes is the National Security Letter (NSL), first introduced in the 1970s. An NSL "is a written directive by the FBI in cases involving national security; it does not require judicial review" (Schwartz, 2008). In addition to electronic communications, NSLs can be used to obtain financial records, subscriber information, toll billing records, and electronic communication transactional records (Schwartz, 2008).
One of the most significant events in modern U.S. history occurred on September 11, 2001, when four jet airplanes were hijacked by Al-Qaeda terrorists. Two planes flew into and destroyed the twin towers of the World Trade Center in New York City, killing more than 3,000 civilians, police officers, and firefighters; one plane struck the Pentagon; and a fourth crashed in a field in Pennsylvania, believed to have been heading for a second target in Washington, D.C. The impact of these events β both in terms of societal attitudes and governmental response β cannot be overstated. As national security concerns rose dramatically, Congress acted quickly to pass the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act, commonly called the Patriot Act. Among many provisions, the Patriot Act significantly broadened the ability of law enforcement agencies to perform interception and access of telecommunications and stored communications of all types, and implemented changes to FISA and ECPA. The Patriot Act:
β Amended the definition of "electronic surveillance" to exclude the interception of communications done through or from a protected computer where the owner allows the interception or is lawfully involved in an investigation (Patriot Act, Title X, Section 1003).
β Enhanced law enforcement's authority to "intercept wire, oral and electronic communications relating to terrorism" and "relating to computer fraud and abuse offenses" (Patriot Act, Title II, Sections 201 & 202).
β Enhanced ability for law enforcement and national security agencies to share "electronic, wire and oral" intercepted information (Patriot Act, Title II, Section 203(b)).
β Clarified "intelligence exceptions from limitations on interception and disclosure of wire, oral and electronic communications" (Patriot Act, Title II, Section 204).
β Incorporated provisions for "roving surveillance authority under the Foreign Intelligence Surveillance Act of 1979" (Patriot Act, Title II, Section 206) and changed the duration of surveillance allowed under FISA (Patriot Act, Title II, Section 207).
β Allowed for "emergency disclosure of electronic communications to protect life and limb" (Patriot Act, Title II, Section 212).
β Expanded access capabilities by allowing "seizure of voice-mail messages pursuant to warrants" (Patriot Act, Title II, Sections 201 & 202).
β Allowed pen register and trap and trace authority under FISA (Patriot Act, Title II, Section 214).
β Authorized interception of "computer trespasser information" (Patriot Act, Title II).
β Allowed "nationwide service of search warrants for electronic evidence" (Patriot Act, Title II, Section 220).
β Provided "immunity for compliance with FISA wiretap" (Patriot Act, Title II, Section 225).
β Lowered the threshold for law enforcement agencies to obtain National Security Letters (Schwartz, 2008).
β Included controversial provisions requiring libraries to release information about materials checked out or accessed by their patrons, intersecting with electronic communications interception to the extent that libraries provide internet access (Yeh, 2006).
A number of the Patriot Act's provisions were designated to "sunset" after five years, and additional legislative action was taken to reauthorize certain provisions and amend those considered controversial infringements on civil liberties. In 2006, the U.S.A. PATRIOT Act Additional Reauthorizing Amendments Act accomplished many of these aims.
In 2007, Congress passed the Protect America Act in response to revelations that the National Security Agency had been conducting extensive warrantless surveillance of domestic communications with the cooperation of telecommunications carriers (Risen & Lichtblau, 2005). The Protect America Act implemented changes to FISA, removing the warrant requirement for surveillance of foreign intelligence targets "reasonably believed" to be outside the United States and broadening the government's ability to conduct domestic wiretapping for alleged national security and anti-terrorism purposes. Critics of the Protect America Act, the Patriot Act, and related regulations that have expanded government interception capabilities remain vocal, and discussion of these issues continues (e.g., Hills, 2006; Brownstein & Voglei, 2006; Gellman, 2005).
Milestones in the Evolution of the United States Regulatory Regime
1934 β Communications Act of 1934
1968 β Omnibus Crime Control and Safe Streets Act of 1968 (Wiretap Act / Title III); Pen Register Act
1978 β Foreign Intelligence Surveillance Act (FISA)
1986 β Electronic Communications Privacy Act (ECPA) / Stored Communications Act (SCA)
1993 β World Trade Center truck bombing
1994 β Communications Assistance for Law Enforcement Act (CALEA)
2001 β September 11 terrorist attacks; Patriot Act
2006 β U.S.A. PATRIOT Act Additional Reauthorizing Amendments Act
2007 β Protect America Act
The RIPA defines interception as occurring when "a person intercepts a communication in the course of its transmission by means of a telecommunication system if, and only if, he β (a) so modifies or interferes with the system, or its operation, (b) so monitors transmissions made by means of the system, or (c) so monitors transmissions made by wireless telegraphy to or from apparatus comprised in the system, as to make some or all of the contents of the communication available, while being transmitted, to a person other than the sender or intended recipient of the communication" (Regulation of Investigatory Powers Act, Chapter 23, Section 2). The British government's intention was that "it should not make any difference how a communication is sent...whether by telephone, fax, email or letter, should all be treated in the same way by law" (Straw, 1999).
The 1968 Wiretap Act of the U.S. defines interception as "the aural acquisition of the contents of any wire or oral communication through the use of any electronic, mechanical, or other device" (Wiretap Act, Chapter 119, Section 2510). An oral communication is defined as "any oral communication uttered by a person exhibiting an expectation that such communication is not subject to interception under circumstances justifying such expectation" (Wiretap Act, Chapter 119, Section 2510). Thus, the expectation of privacy is implicitly incorporated in the Wiretap Act.
Both the U.K. and U.S. regulatory regimes rest on the principle that interception is generally prohibited except in specific circumstances. In the U.K., the protection of civil liberties has been codified by acceptance of Article 8 of the European Convention on Human Rights (ECHR), incorporated into British law as the Human Rights Act 1998. Home Secretary Jack Straw stated: "We recognise that, by its nature, interception of communications is a highly intrusive activity, affecting the privacy of the individual.... The ECHR recognizes, however, that there are circumstances in a democratic society where it may be necessary for the state to interfere with this right, but only in accordance with the law and for certain clearly defined purposes" (Straw, 1999).
In the U.S., the prohibition on interception has its foundation in the Fourth Amendment of the Constitution. The Wiretap Act of 1968 firmly established that wiretapping was illegal without a judicially issued warrant. Compared to other U.S. statutes regulating domestic surveillance, "the Wiretap Act sets the highest procedural hurdles for government" (Schwartz, 2008), requiring findings to justify a "super search warrant" that demands a higher standard of proof than, for example, a warrant for searching a house. The Wiretap Act requires the government to show "probable cause" that an "individual is committing, has committed, or is about to commit" (Wiretap Act, Chapter 119, Section 2518) a serious offense, to demonstrate that surveillance will capture evidence of the crime, and to show that alternatives to interception have been tried and failed or are otherwise unlikely to succeed. Law enforcement officers must also minimize their surveillance of any communications not relevant to the investigation; if a conversation strays into matters unrelated to criminal activity, the wiretapping must cease (Wiretap Act, Chapter 119, Section 2518).
In the U.K., exceptions to laws prohibiting interception are clearly outlined in the RIPA and in a subsequent Code of Practice issued by the Home Office. The Secretary of State must believe that the action is necessary "in the interests of national security; for the purpose of preventing or detecting serious crime; or for the purpose of safeguarding the economic well-being of the U.K." and that "the conduct authorized by the warrant is proportionate to what is sought to be achieved by that conduct" (Interception of Communications: Code of Practice, 2002).
In the U.S., the core concept is the demonstration of "probable cause" by law enforcement. As originally enacted, the Wiretap Act set forth only three exceptions to the prohibition on interception: where a judicial warrant has been issued; for operators and service providers acting in the normal course of their employment; and for persons authorized by law to conduct electronic surveillance as defined under FISA. Under FISA, an exception can be made for individuals the government has probable cause to believe are "a foreign power or an agent of a foreign power" (Foreign Intelligence Surveillance Act, 1978, Title 50, Chapter 36, Subchapter I, Section 1801). Subsequently, the exceptions have expanded significantly in the post-9/11 era. The Patriot Act expanded the types of targets and crimes against which interception could be used while simultaneously lowering the threshold for obtaining warrants, and many new crimes β including crimes related to terrorism, computer fraud, and biological weapons β have been added to the list of predicate offenses (Gorelick, Harwood & Zachary, 2005).
Both the U.K. and the U.S. require law enforcement officials to provide sufficient detail as to the scope, nature, and intention of interception warrants. In the U.K., "an interception warrant must name or describe either (a) one person as the interception subject; or (b) a single set of premises" (Regulation of Investigatory Powers Act 2000, Chapter 23, Part I, Section 8). The U.K. regime allows warrants to remain in place for up to three months for normal criminal activities and up to six months for intelligence service activities related to national security investigations (Reid & Ryder, 2001).
Under the U.S. system, law enforcement officials must establish the identity of the targeted individual, the facilities to be tapped, the type of communications to be intercepted, the criminal offense suspected, and the authorized period for the tap. Not every criminal act is sufficient; the Wiretap Act specified felonies deemed to merit interception, a list subsequently broadened under the Patriot Act. Additionally, law enforcement must establish that interception is necessary because other investigative methods are insufficient. The approval of a judge is required and warrants are no more than 30 days in length, though they may be extended (Wiretap Act, Chapter 18, Section 2518).
Both the U.S. and the U.K. also allow warrants to be issued on an urgent basis in emergency situations even if a proper issuing authority is not available; such urgent warrants typically remain valid for only a very limited period, for example 72 hours in the U.K. (Reid & Ryder, 2001).
The U.S. regulatory regime additionally incorporates the "roving wiretap," first introduced under ECPA and then expanded under the Patriot Act, which allows law enforcement to intercept any communications device that the target is likely to be using without specifying a particular facility or phone number. The Patriot Act extended roving wiretap authority to FISA, making it available for foreign intelligence investigations as well (Kennedy & Swire, 2003). The U.S. system also includes a "delayed notice search warrant" β also known as a "sneak and peek" warrant β allowing law enforcement officials to search premises before notifying suspects of their presence, and to search, photograph documents, or conduct "virtual" searches of stored communications. The Patriot Act extended the notification deadline to 30 days with the capability to renew indefinitely, meaning a subject might theoretically never be notified (Henning, Bazan, Doyle & Liu, 2009).
"Covers court admissibility rules and stored data access regimes"
"Examines CALEA/RIPA carrier duties and oversight structures"
"Contrasts complexity, carrier treatment, encryption, and civil liberties"
To some extent, due to the longstanding alliance and "special relationship" between the U.S. and the U.K. (as characterized in 1946 by Winston Churchill), the evolution of both nations' telecommunications interception activities is parallel, or even overlapping, particularly during the early part of the 20th century. Notable in the evolution of both countries' respective regulatory systems is the prominence of human rights and civil liberties concerns. Both nations have grappled on an ongoing basis with how to balance these issues against national security concerns as well as law enforcement activities. The nations share a deep commitment to democratic governance β the U.K. with origins traceable back to the Magna Carta in 1215, and the U.S. with its Declaration of Independence in 1776 β and both continually emphasize and seek to protect the rights of their citizens.
You’re 55% through this paper. Sign up to read the remaining 3 sections.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.