Spying on the Mob: United Sta Tes V. Scarfo - a Constitutional Analysis

SPYING ON THE MOB: UNITED STA TES V. SCARFO - A CONSTITUTIONAL ANALYSIS

Nathan E. Carrell

In this day and age, crime and technology have become entwined concepts. Criminals have been using technology to avoid detection, literally cloaking their business dealings through cryptography. In order to compensate for these technological advances, law enforcement has upped its own technological applications. From theuse of infrared photography and DNA testing, to the advent of the Keystroke Logging System, which decipers encryted data, law enforcement has taken a proactice step towards catching tech savvy criminals. More advanced technologies have begun to spring up that have less gliches. These new technologies, particularly the Keystroke Logging System, have implicated several constitutionalconcerns. This note discusses the application of the Fourth Amendment "search and seizure" clause to these new technologies, focusing on the competing privacy interests and law enforcement interests. It then proceeds to recommend judicial and legislative solutions that will better balance these interests. Subtler and more far-reaching means of invading privacy have become available to the Government. Discovery and invention have made it possible for the Government, by means far more effective than stretching upon the rack, to obtain disclosure in court of what is whispered in the closet. ... The progress of science in furnishing the Government with means of espionage is not likely to stop with wiretapping. Ways may some day be developed by which the government, without removing papers from secret drawers, can reproduce them in court, and by which it will be enabled to expose to a jury the most intimate occurrences of the home.

I. INTRODUCTION As the use of technology in society rapidly advances, the practice of criminals who seek to use this technology to avoid detection and arrest increases exponentially. Organized crime groups and drug traffickers utilize computers and the Internet to their advantage2 while seeking to cloak their communications using strong cryptography which makes

1. Olmstead v. United States, 277 U.S. 438, 473-74 (1928) (Brandeis, J., dissenting). 2. FBI Programs and Initiatives - Carnivore Diagnostic Tool, at http://www.fbi.gov/hq/ lab/carnivore/carnivore2.htm (last visited Feb. 10, 2002) [hereinafter Carnivore]. JOURNAL OF LAW, TECHNOLOGY & POLICY [Vol. 2002 them undecipherable.3 Cryptographic software is easily accessible, and criminals can utilize it in a variety of ways.4 Law enforcement, on the other hand, has not stood idle to these developments. Technological advances, including infrared photography and DNA testing, have provided law enforcement officials with new devices to assist in the detection of criminal activity.5 The Federal Bureau of Investigation (FBI) has also evolved by expanding its arsenal of tools to thwart criminal use of the Internet and cryptography. The FBI has developed Carnivore - a tool to intercept e-mail and other electronic communications passing through a data point at an Internet Service Provider (ISP).6 Another tool in the FBI's repertoire is the Keystroke Logger System (KLS) which monitors and records keystrokes entered into a computer.7 This allows the FBI to access passwords entered via keystrokes which are required for deciphering encrypted data. The FBI is currently working on a software version of the KLS. This new software, known as Magic Lantern, can be inserted into a suspect's machine through a computer virus or a common network vulnerability.8 New technology in law enforcement results in new challenges for the courts, not only in determining reliability of the evidence gathered, but also in balancing society's interest in law and order with an individual's constitutionally protected civil liberties.9 In a case of first impression, a federal judge denied a motion to suppress evidence obtained utilizing the KLS. l° The court found that a special warrant pursuant to Title III" is not needed for the KLS because the method used to obtain evidence is not regulated under the statute. 2 The court also rejected an argument

3. Statement for the Record of Donald M. Kerr, Assistant Director Laboratory Division Federal Bureau of Investigation on Internet and Data Interception Capabilities Developed by the FBI, Before the United States House of Representatives, The Committee on the Judiciary, Subcommittee on the Constitution $ 1 (July 24, 2000), available at http://www.fbi.gov/congress/congress00/kerr072400.htm (July 24, 2000) [hereinafter Kerr House Statement]. 4. Overview of PGP, at http://www.pgpi.org/doc/overview/ (last visited Feb. 10, 2002). Pretty Good Privacy (PGP) is free for download at http://www.pgpi.org. Id. PGP is used primarily for encryption of e-mails, however it can be used to encrypt disk partitions and secure phone calls. Id. 5. John E. Theuman, J.D., Annotation, Constitutionality Of Secret Video Surveillance, 91 A.L.R.5th 585, § 2 (2001). 6. Manton M. Grier, Jr., The Software Formerly Known As "Carnivore": When Does E-Mail Surveillance Encroach Upon A Reasonable Expectation of Privacy?, 52 S.C. L. REV. 875, 875 (2001). 7. Jane Black, Needed: Wiretap Laws for a Wired World, BUSINESSWEEK ONLINE (Aug. 23, 2001), available at http://www.businessweek.com/bwdaily/dnflash/aug200l/nf20010823-686.htm. 8. Bob Sullivan, FBI Software Cracks Encryption Wall (Nov. 20, 2001), at http://www.msnbc.com/news/660096.asp#BODY. 9. Theuman, supra note 5, § 2. 10. United States v. Scarfo, 180 F. Supp. 2d 572 (D.N.J. 2001). 11. Title III is the common term for wiretapping statutes located at 18 U.S.C. §§ 2510-22.: WAYNE R. LAFAVE ET AL., CRIMINAL PROCEDURE § 4.2(a) (3d ed. 2000). 12. Scarfo, 180 F. Supp. 2d at 581. No. 1] SPYING ON THE MOB that using the KLS constituted a general search13 in violation of 4 the Fourth Amendment's particularity requirement. This note begins with a short discussion concerning criminal use of technology in modern society and the constabulary's response in developing tools to combat this high-tech criminal activity. I then offer a brief discussion of Fourth Amendment law implicated by use of the KLS in law enforcement, including traditional search warrants, Title III, and non-audio video surveillance. In the analysis section, I discuss constitutional and other legal implications associated with the application of the KLS to gather evidence in light of previous legislative and judicial decisions. Finally, I propose possible judicial and legislative solutions to better protect privacy interests while preserving law enforcement's ability to fight crime.

II. CRIMINAL ACTIVITY AND STRONG CRYPTOGRAPHY

A. Criminal Use of Technology

The use of the Internet and computers is growing rapidly and is paralleled by the exploitation of networks, computers "and databases to commit crimes and to harm the safety, security, and privacy of others."'5 "[T]errorists, spies, hackers, and dangerous criminals are increasingly using computers ... to carry out their heinous acts."' 6 Criminals can use computers to 1) transmit child pornography; 2) steal customer information, including credit card and social security numbers, from businesses; 3) commit large-scale frauds; 4) and plan terrorist strikes around the world.17 One tool criminals use to safeguard their data and communications is encryption. 8 Encryption gives Internet users a heightened degree of privacy in Internet communications and a data storage capacity unequaled in the physical world. 9 One of the most common encryption methods used is Pretty Good Privacy (PGP). PGP

13. Id. at 577-78. 14. U.S. CONST. amend. IV. 15. Kerr House Statement, supra note 3. 16. Statement for the Record of Donald M. Kerr, Assistant Director Laboratory Division Federal Bureau of Investigations on Carnivore Diagnostic Tool, Before the United States Senate. The Committee on the Judiciary 2 (Sept. 6, 2000), available at http://www.fbi.gov/congress/congress00/kerr090600.htm [hereinafter Kerr Senate Statement].. 17. Kerr House Statement, supra note 3. Suspected shoe-bomber Richard Reid left data on his laptop connecting him to Al Qaeda and sent e-mails from Internet cafes. Ben Taylor, Shoe Bomber Link to Al Qaeda Terror Trail, DAILY MAIL, Feb. 4, 2002, available at 2002 WL 3310294. "Ramzi Yousef, the mastermind of the World Trade Center bombing, stored detailed plans to destroy United States airliners on encrypted files on his laptop computer." Kerr Senate Statement, supra note 16. 18. Edward L. Allen, CriminalsAre Tech-Savvy, USA TODAY, Aug. 30, 2001. at 12A. In United States v. Scarfo, Nicodemo Scarfo, Jr. encrypted his gambling files using Pretty Good Privacy (PGP). 180 F. Supp 2d at 581 (D.N.J. 2001). 19. Orin S. Kerr, The Fourth Amendment In Cyberspace: Can Encryption Create A "Reasonable Expectation of Privacy?," 33 CONN. L. REV. 503, 503 (2001). JOURNAL OF LAW, TECHNOLOGY & POLICY [Vol. 2002 uses a two key system with a passphrase to encrypt plain text into ciphertext, and to decrypt the ciphertext back to plain text. ° PGP is such a strong cryptography that it has been said, ". . . even a billion computers ... doing a billion checks a second2 [could] not decipher the result... before the end of the universe." '

B. Strong Cryptography -Pretty Good Privacy

"Cryptography is the science of using mathematics to encrypt and decrypt data. '22 Two types of cryptography exist: conventional cryptography and strong cryptography.23 Conventional cryptography, also known as secret-key or symmetric-key encryption, utilizes one key for both encryption and decryption. 4 PGP and other strong cryptography methods used today utilize a two-key, or public-key, system consisting of a public key, a private key and a passphrase Plain text is encrypted into ciphertext, a mathematical algorithm, using the public key.26 The public key is shared with those who wish to send encrypted data.27 Plain text can only be encrypted with the public key; it cannot be decrypted. 28 To decrypt the ciphertext the corresponding private key is needed. 29 Although they are related, the private key cannot feasibly be mathematically deduced from the public key.3" Data, which can be encrypted by anyone, can only be decrypted by the possessor of the private key, thus ensuring the ability of one recipient to maintain secure communications with multiple senders." This allows

20. How PGP Works, at http://www.pgpi.org/doc/pgpintro/ (last visited Feb. 10, 2002). Ciphertext is the encrypted version of the readable plain text. Id. 21. Id. Experts estimate that it would take several million years for a supercomputer to break an Internet communication encrypted with a 128-bit key. Kerr. supra note 19. at 530 (citing BRUCE SCHNEIER, APPLIED CRYPTOGRAPHY, 153 (2d ed. 1996)). 22. How PGP Works, supra note 20. 23. Id. 24. Id. Conventional cryptography is most useful for data that isn't going anywhere. Id. However, if one wants to transmit data using conventional cryptography, privacy requires that both the sender and recipient keep the key secret. Id. 25. ld.Keys are values that a cryptographic algorithm uses to produce a specific ciphertext. Id. They are basically really large numbers made of zeros and ones. See Kerr, supra note 19, at 530. The length of a key represents the level of encryption where for example a 256-bit key contains a combination of 256 zeros and ones and has 11,579,000,000,000,000,000,000,000,000,000,000,000,000 possible key combinations. Id. 26. How PGP Works. supra note 20. A session key is created and the file is then encrypted with the session key which itself is encrypted with the public key. Id. 27. Id. A particular user gives his public key to all with whom he communicates. d. 28. Id. 29. Id. The private key is kept secret to a specific user and is not shared with anyone, unlike conventional cryptography. Id. The private key is used to decrypt the encrypted session key and the session key is used to decrypt the data. id. 30. Id. The public and private keys are mathematically related, and given enough time and computing power, the private key could be derived from the public key. Id. The user needs to consider the resources of those who may try to "crack" his encryption when choosing the size of the key. Id. A very large key could take years to decipher, but it takes longer to encrypt the data. Id. 31. Id. No. 11 SPYING ON THE MOB secure data to be transmitted over the Internet or any other data channel in which the secure data is encrypted by the sender so that only the recipient can decrypt it. This eliminates the need for sharing passwords and decreases possible security breaches associated with conventional cryptography.32 Public and private keys are kept on the computer in encrypted form (keyrings).33 Because the private key can be long and complicated, it is encrypted on the recipient's machine using a passphrase or secret key.34 The passphrase can be any one of a number of combinations of uppercase and lowercase letters, numbers, and punctuation marks.35 A passphrase is generally longer than a password so it is less susceptible to dictionary attacks and other standard code- breaking attempts.36 The advent of two-key encryption has enabled criminals to encrypt and transfer files without divulging their passwords or passphrases to others who might eventually share that information with law enforcement personnel.

III. HIGH-TECH LAW ENFORCEMENT TOOLS EMPLOYED BY THE FEDERAL BUREAU OF INVESTIGATIONS "In recent years, the FBI has encountered an increasing number of criminal investigations in which the criminals use the Internet to communicate with each other or to communicate with their victims."37 Because many Internet Service Providers (ISPs) lacked the ability to filter communications to identify a particular subject's messages while excluding all others, the FBI developed a diagnostic tool known as Carnivore." Carnivore allows the FBI to intercept and collect specific data at an ISP pursuant to a federal wiretap order.39 The data collected is necessarily narrow to comply with stringent restrictions under federal wiretapping laws." Some privacy advocates question whether Carnivore only gathers data authorized under the wiretap order or whether it unnecessarily encroaches upon an individual's reasonable expectation of privacy.4 The events of September 11, 2001, have prompted the CIA to seek authorization for the interception of all e-mails sent from overseas

32. Id. 33. Id. Public and private keys are kept in separate files known as keyrings. Id. All public keys are kept in the public keyring and private keys are stored in a separate private keyring. Id. 34. Id. 35. Id. 36. Id. A passphrase is longer than a password, which makes it less susceptible to programs utilized to crack passwords. Id. A passphrase should consist of many words with upper and lower case letters, numerics, and punctuation and it should be difficult for you to forget but hard for others to figure out. Id. 37. Carnivore, supra note 2. 38. Id. 39. Id. 40. Id. Because what is collected is encompassed by the definition of "electronic communications" in the wiretapping statutes, federal authorities must comply with the applicable statutory requirements. 18 U.S.C. §§ 2510-22 (2001). 41. Grier. supra note 6. at 375. JOURNAL OF LAW, TECHNOLOGY & POLICY [Vol. 2002 to the United States.42 However, interception of data is fruitless if the sender and recipient utilize strong cryptography such as PGP, described above. Due to the difficulty of decrypting ciphertext files, the government has countered these encryption techniques with a Keystroke Logger System (KLS).43 Although the precise technical specifications are unavailable," the KLS records keystrokes entered into a computer keyboard when the computer's modem or other communication devices are not in use.45 The KLS consists of a combination of firmware, software and/or hardware, and is embedded into the host computer to conceal its existence.' The KLS program examines each keystroke individually, and if no communications device is being used simultaneously, the keystroke is recorded. This eliminates the possibility of recording information that is being transmitted through or in route to a modem or other communication device.47 This system has allowed the government to utilize traditional search warrants,48 thereby avoiding more stringent wiretapping statute requirements. 9 Each component of the KLS produces an "output," all of which are combined to produce the composite output of the KLS.5° Because of the secrecy required in gathering data, installation of the KLS must be done surreptitiously.5 Secret installation, however, is not without risks. To install the system onto a suspect's computer, the FBI must enter the premises by breaking and entering pursuant to a valid warrant. The suspect may be in the premises or return while the officers are installing the KLS, making this mode of gathering evidence inherently more dangerous than traditional search warrants. To avoid the risks associated with installing the KLS onto a suspect's computer, the FBI is developing a software version of the KLS known as Magic Lantern, which utilizes a computer virus for remote installation on a suspect's machine to obtain the suspect's password or

42. Jeremy Campbell, Less Power To The CIA People, EVENING STANDARD- LONDON, Jan. 22, 2002, available at 2002 WL 11331577. 43. Jonathan Krim, High-Tech FBI Tactics Raise Privacy Questions, WASH. POST, Aug. 14, 2001, at Al, available at 2001 WL 23186852. 44. The FBI has successfully kept the technical details secret pursuant to the Classified Information Procedures Act. United States v. Scarfo, 180 F. Supp. 2d 572, at 575-76, 580-81 (D.N.J Dec. 26,2001). 45. Id. at 582. 46. Id. at 577 47. Id. at 582. 48. See Order Granting Application for Surreptitious Entry, United States v. Scarfo, Criminal No. 00-404 (D.N.J. May 8, 1999), available at http:llwww2.epic.org/cryptolscarfo/order_5-99.pdf. 49. 18 U.S.C. §§ 2510-2522 (1994). 50. Affidavit of Randall Murch at 5, United States v. Scarfo, 180 F. Supp. 2d 572 (D.N.J. Dec. 26, 2001), available at http://www.epic.org/crypro/scarfo/murch-aff.pdf Murch Aff. [hereinafter Murch Aff.] 51. Leo A. Dawson, Jr. Affidavit in Support of Application for Surreptitious Entry 1 62, at 33, United States v. Scarfo, 180 F. Supp. 2d 572 (D.N.J. Dec. 26, 2001), available at http://www2.epic.org/ crypto/scarfo/affidavit_5_99.pdf. No. 1] SPYING ON THE MOB passphrase 2 This program could be e-mailed to the suspect by relatives or friends or installed through network vulnerabilities in the computer system, thereby eliminating the need for a physical break-in and the dangers associated therewith." Like the KLS, Magic Lantern records keystrokes typed on the computer, but it is also capable of e-mailing an output data file back to law enforcement personnel.54 However, Magic Lantern inherently runs the risk that anti-virus software will identify and destroy the virus, rendering the Magic Lantern ineffective. Although it is rumored that some anti-virus software developers in the security software industry will assist the FBI, "[m]ajor anti-virus software companies have vehemently denied any knowledge... saying they would not do anything to compromise the security of their customers."55 Sophos Anti-Virus Inc. of Wakefield, Massachusetts, has assured its customers that they rate higher than the FBI so no such loophole would be left in their software to accommodate the government program.56 Although the KLS and Magic Lantern law enforcement tools are fairly recent developments, hardware and software versions of 57a keystroke logging system are commercially available on the Internet. Although one cannot purchase a version that is transmitted by a computer virus, most of the other functions performed by the KLS and Magic Lantern systems are currently available.

IV. OVERVIEW: UNITED STATES V. SCARFO AND RELATED LAW

A. Background: United States v. Scarfo Nicodemo Scarfo, a New Jersey mob boss and son of the notorious and now imprisoned Nicodemo Scarfo, Sr. ("Little Nicky"), used PGP to encrypt computer records of alleged illegal gambling operations." In January of 1999, pursuant to a search warrant, the FBI seized Scarfo's

52. Sullivan, supra note 8. 53. Jovi Tanada Yam, [email protected] Worst Tech Product of 2001?, Bus. WORLD (PHILIPPINES), Dec. 27, 2001, available at 2001 WL 31372969. 54. Id. 55. Id. The anti-virus industry has many serious concerns that programs such as Magic Lantern could be a tool for hackers as well as for the government. William Jackson, Industry Balks at FBI Plans for a Back Door, GOVT COMPUTER NEWS, Jan. 7,2002, available at 2002 WL 9596476. 56. See Yam, supra note 53. 57. Investigator 4 by WinWhatWhere.com has the "ability to invisibly monitor and record all computer activity including keystrokes...." WinWhatWhere Investigator, at http://www.winwhatwhere.conw3i4/index.htm (last visited Aug. 30, 2002). KeyGhost.com sells hardware including connectors and keyboards that contain flash ROM that store keystrokes for future downloads. KeyGhost KeyLogger: Tiny hardware key loggers record keystrokes at http://www.keyghost.com (last visited Aug. 30, 2002). KeyLogger.com sells a software version similar to Magic Lantern. KeyLogger.com Software Products, at http://www.keylogger.com/products.htm (last visited Aug. 30, 2002). KeyLogger.com also offers a StealthMail Program, "an e-mail 'robot' which sends out e-mails at pre-set time intervals with any file attachment." Id. 58. Dawson Aff., supra note 51 4, at 3, 1 28, at 30. JOURNAL OF LAW, TECHNOLOGY & POLICY [Vol. 2002 computer from his place of business.59 They recovered a "Factors" file which was encrypted using the PGP program.6" After failing in their attempts to decrypt the file, the FBI developed the Keystroke Logger System.6 In May of 2000, the government sought and obtained a warrant for surreptitious entry into the business operated by Scarfo to install the KLS on his computer. 62 The warrant was for a thirty-day period, and allowed entry and reentry as often as possible to recover data and perform maintenance on the KLS.63 The officers entered the business four times and recovered twenty-seven pages of text, including Scarfo's passphrase, which was suspiciously the very last thing recorded by the KLS.6 The passphrase was used to decrypt data, which revealed a record of gambling and loansharking operations maintained by Scarfo. 65 Based on that information, in June 2000, a three-count indictment was returned by a federal grand jury, which led to the arrest of Nicodemo Scarfo and Frank Paolercio.66 Scarfo filed a motion for discovery requesting the technical details of the KLS. 67 The judge ordered the government to file a report outlining the technical details of the KLS.68 The government invoked the Classified Information Procedures Act,69 claiming that disclosure of the technical specifications of the KLS would cause identifiable damage to the national security of the United States.y° The court then required the government to give an unclassified summary of how the KLS operates.71 After reviewing all of the motions and affidavits and holding an ex parte in camera hearing concerning the technical details of the KLS, the court denied Scarfo's motion to suppress the data collected by the KLS and denied Scarfo's motion for discovery of the more detailed technical specifications of the KLS. y2 The court, however did allow Scarfo discovery of the unclassified summary of how

59. Id. 60. 1d. 61. 1d. 62. See Order Granting Application for Surreptitious Entry, supra note 48. 63. Id. 64. Supplemental Brief of Defendant Nicodemo S. Scarfo, Memorandum of Law in Support of Defendant's Position in Regard to Discovery, United States v. Scarfo, 180 F. Supp. 2d 572 (D.N.J. 2001) (No. 00-00-404). at http:llwww.epic.orglcryptolscarfolsup-suppress.mot.pdf. 65. Robert Rudolph, Lawmen Explain, In General, How They Cracked Scarfo Code, THE STAR- LEDGER (Newark. N.J.), Oct. 11, 2001, available at 2001 WL 28898087. 66. Id. 67. Defendant's Motion for Discovery at 2, United States v. Scarfo. 180 F. Supp. 2d 572 (D.N.J. 2001) (Criminal No. 00-404), available at http://www2.epic.org/crypto/scarfo/def disc mot.pdf. 68. Court Order Requiring Government to Disclose Details of KLS at 5. United States v. Scarfo, 180 F. Supp. 2d 572 (D.N.J. 2001) (Criminal No. 00-404), available at http://www2.epic.org/crypto/scarfo/order_8_7_.01.pdf. 69. Pub. L. No. 96-456, 94 Stat. 2025. amended by Pub. L. No. 100-690, 102 Stat. 4396 (1988). 70. Affidavit of Neil Gallagher in Support of KLS Classification at 3, United States v. Scarfo, 180 F. Supp. 2d 572 (D.N.J. Dec. 26. 2001) (Criminal No. 00-404), available at http://www.epic.org/crypto/scarfo/gov-afLcipa.pdf. 71. Court Order Requiring Government to Disclose Details of KLSsupra note 68, at 4-5. 72. United States v. Scarfo. 180 F. Supp. 2d 572, 583 (D.N.J. Dec. 26. 2001). The court did allow the defendants motion for discovery for other requested items including the unclassified summary of the operation of the KLS. Id. No. 1 ] SPYING ON THE MOB the KLS operates. Ultimately, Nicodemo Scarfo pled guilty, ending his legal battle and delaying an adjudication of the issue by a federal appellate court.7"

B. The "Keystroke Logging System" and TraditionalSearch Warrants

The use of KLS potentially implicates two important warrant requirements under the Fourth Amendment: (1) the things to be seized are to be particularly described; and (2) the warrant shall be limited reasonably in time, place, and scope of execution, including notification, when reasonable, to the occupant of the premises to be searched. The particularity requirement stems from the Constitution, which states "It]he right of the people to be secure ... against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue ...[without] particularly describing the place to be searched, and the persons or things to be seized."74 The Supreme Court has stated, "[t]he requirement that warrants shall particularly describe the things to be seized makes general searches under them impossible and prevents the seizure of one thing under a warrant describing another."75 A general warrant authorizes a general exploratory rummaging through a person's belongings.76 "[N]othing is left to the discretion of the officers executing the warrant."77 Additionally, states generally require the police to give notice of their authority and purpose prior to executing a search warrant. In Wilson v. Arkansas,"8 a unanimous Court held "that the common-law principle of announcement ... is an element of the reasonableness inquiry under the Fourth Amendment." The announcement requirement serves several purposes, including decreasing the potential for violence due to an unannounced breaking and entering, protecting privacy by minimizing the chance of entry into the wrong premises, and preventing physical destruction of property by giving the occupant opportunity and time to admit the police." However, in cases where there is a risk of evidence destruction or physical harm to the police, the announcement requirement is superceded"' Traditional search warrants are normally executed at a specified time and place in search of particular items. Police then seize items they

73. George A. Chidi, Jr., Mobster Nailed by FBI Keystroke Logger Pleads Guilty. IDG NEws SERV., Mar. 1, 2002 at http://www.idg.net/idgns/2002/03/01/MobsterNailedByFBIKeystrokeLogger. shtml. 74. U.S. CONST. amend. IV. 75. Marron v. United States, 275 U.S. 192. 196 (1927). 76. Coolidge v. New Hampshire, 403 U.S. 443, 467 (1971). 77. Marron, 275 U.S. at 196. 78. 514 U.S. 927, 930 (1998). 79. LAFAVE, supra note 11, § 3.4(h). 80. See Richards v. Wisconsin, 520 U.S. 385, 388 (1997) (recommending that exceptions to knock-and-announce rule be determined on a case-by-case basis, and rejecting a blanket exception for felony drug cases). JOURNAL OF LAW, TECHNOLOGY & POLICY [Vol. 2002 are searching for and any other illegal items in plain view. At the time of a search, previously disposed or destroyed items- old mail, letters, or hand-written notes - are not subject to seizure. Use of the KLS, in contrast, is the equivalent of a continual search of one's personal items over a specified period of time; even previously "deleted" letters or typed notes are still capable of being seized per se. The KLS seizes information that would not have been available under a traditional search warrant if the suspect had destroyed physical papers or other evidence prior to execution of the warrant. However, the KLS is limited in time, place, and scope, in the sense that it only records keystrokes on a particular computer for a particular time period authorized by the warrant.

C. Olmstead and Title III In Olmstead v. United States,81 the Supreme Court held that the interception of messages on telephone lines was not a search within the meaning of the Fourth Amendment because no houses were searched, and because phone messages are intangible things which cannot be seized. Concerned about intrusive, unwarranted invasions of privacy, Congress enacted the Federal Communications Act of 1934,82 providing that "no person not being authorized by the sender shall intercept any communication and divulge the existence, contents, substance, purport, effect, or meaning of such intercepted communication to any person."83 Through the passage of time it became clear that the fears expressed by Justice Brandeis, dissenting in Olmstead, were becoming realities. 4 More sophisticated means of electronic surveillance were developed and put into use.85 In 1967 the Supreme Court retreated from their original position in Olmstead. In Berger v. New York,8 6 the Court held that a state eavesdropping statute violated the Fourth Amendment. In Katz v. United States,87 the Supreme Court held that use of recording devices to intercept conversations from a public telephone booth was a violation of the Fourth Amendment because it violated the defendant's "reasonable expectation of privacy." These decisions made it clear that electronic eavesdropping and wiretapping are also subject to the limitations of the Fourth Amendment.88 A year later Congress amended the wiretapping laws by enacting Title 11189 of the Omnibus Crime Control and Safe

81. 277 U.S. 438 (1928). 82. 48 Stat. 1103 (codified in 47 U.S.C. § 605 (2001)). 83. LAFAVE, supra note 11, § 4.1(b). 84. See Olmstead, 277 U.S. at 473-74 (Brandeis, J., dissenting). 85. LAFAVE, supra note 11,§ 4.1(c). 86. 388 U.S. 41 (1967). 87. 389 U.S. 347, 361 (1967) (Harlan, J.,concurring). 88. LAFAVE, supra note 11, § 4.1(c). 89. Title III is the common name used for this legislation and subsequent legislation covering wiretapping. See id. at § 4.2(a). No. 11 SPYING ON THE MOB

Streets Act. 90 However, this Act only protected oral or wire communications of aural transfers.91 In 1986 Congress further amended 92 Title III with the Electronic Communications Privacy Act (ECPA). "The principal purpose of the ECPA amendments was to extend to 'electronic communications' similar protections against unauthorized interceptions that Title III had been providing for 'oral' and 'wire' communications via common carrier transmissions."9 3 In November of 2001 Congress again amended sections of Title III to help prevent terrorist activities against the United States.94 The 2001 amendments will not be discussed in this paper because they primarily pertain to the gathering of information relating to foreign intelligence and the national security of the United States. Today's wiretapping laws embody an evolution beginning with Olmstead and ends at a point that extends beyond the traditional protections offered by the Fourth Amendment. Title III warrants, which seek interception of oral or wire communications, require authorization of a high-level Department of Justice (DOJ) official prior to application by the local United States Attorney's office.95 Title III warrants seek interception of electronic communications and require the authorization of a government attorney before the warrant application can be made to the judge.96 Unlike traditional search warrants,9" Title III warrants cannot be issued by a federal magistrate judge; they can only be issued by a federal district court judge and certain authorized state judges.98 Interception of communications is limited to situations where such interception may provide, or has provided, evidence of certain delineated offenses.99 Applications for wiretapping authorization must show probable cause and state with specificity and particularity details of the offense that has been or will be committed, description of the nature and location of the facility where the interception will take place, type of communications to be intercepted, the identity of the person(s), if known, committing the offense and whose communications are being intercepted."° Thus, the

90. Pub. L. No. 90-351,82 Stat. 197 (1968). 91. Id. 92. Pub. L. No. 99-508, 100 Stat. 1848 (1986). 93. Brown v. Waddell, 50 F.3d 285, 289 (4th Cir. 1995). 94. Uniting And Strengthening America By Providing Appropriate Tools Required To Intercept And Obstruct Terrorism (USA PATRIOT) Act of 2001, Pub. L. No. 107-56, 115 Stat. 272 (2001). 95. 18 U.S.C. § 2516,2518 (2000). 96. 18 U.S.C. § 2516. 97. Traditional search warrants must be issued by a "neutral and detached magistrate." Coolidge v. New Hampshire, 403 U.S. 443, 449 (1971). Under the Fourth Amendment the magistrate does not necessarily need to be a lawyer or a judge, but "must meet two tests. He must be neutral and detached, and he must be capable of determining whether probable cause exists for the requested arrest or search." Shadwick v. City of Tampa, 407 U.S. 345, 350 (1970). 98. 18 U.S.C. § 2510(9). 99. 18 U.S.C. § 2516. 100. 18 U.S.C. § 2518(1). The application must also "state the applicant's authority to make such application.., the identity of the ... officer making the application.., the officer authorizing the application ... a full and complete statement as to whether or not other investigative procedures have JOURNAL OF LAW, TECHNOLOGY & POLICY [Vol. 2002 criminal wiretapping statutes "focus on gathering hard evidence" and not on gathering general intelligence.' Court orders have a thirty-day maximum surveillance period and interceptions must terminate sooner if the objectives are met. 1112 Judges "may require reports to be made... showing what progress has been made toward achievement of the authorized objective and the need for continued interception.., at such intervals as the judge may require. ''lu3 If extensions are necessary, they are allowed up to a maximum of an additional thirty days."~ The additional limitations and constraints imposed by Title III evidence a Congressional intent to grant greater protections where invasions of personal privacy are so intrusive. Advances in technology have given society more efficient ways of communication, including cellular, satellite, and Internet communications. These new methods of communication are not entirely secure; each has vulnerabilities that allow for intrusion. Much of what once was sent by regular mail is now sent via e-mail, and yet an equivalent means to the Carnivore system does not exist for intercepting mail sent through the United States Postal Service. Despite these advances in technology to date, the statutory exclusionary rule applicable to interception of oral and wire communications has not been extended to electronic communications."" Thus, any evidence obtained under a warrant seeking interception of electronic communications that complies with the requirement of Title III will not result in suppression of that evidence.

D. Video Surveillance

Video surveillance has been used more readily in the past decade by law enforcement and private businesses that seek to protect themselves from employee or customer misconduct." However, video surveillance is considered far more intrusive than conventional investigative techniques. 7 Because of its intrusive nature, the use of secret video surveillance has often been challenged as a violation of the Fourth Amendment's prohibition against unreasonable searches and seizures. been tried and failed or why they reasonably appear to be unlikely to succeed if tried or to be too dangerous ...a statement of the period of time for which the interception is required to be maintained ... a full and complete statement of facts concerning all previous applications... involving any of the same persons, facilities, or places specified in the application, and the action taken by the judge on each such application[.]" § 2518(1). 101. Carnivore, supra note 2. 102. 18 U.S.C. § 2518(5). 103. 18 U.S.C. § 2518(6). 104. 18 U.S.C. § 2518(5). 105. § 2515. Incorporation of electronic communications into the statutory exclusionary rule was debated in the House of Representatives in H.R. 5018, The Electronic Communications Privacy Act of 2000. but inclusion was ultimately rejected. Summary of H.R. 5018, The Electronic Communications Privacy Act of 2000. CENTER FOR DEMOCRACY & TECHNOLOGY- CYBER SECURITY DIVISION, Sept. 17, 2000. available at http://www.cdt.org/security/000927hr5018.shtml. 106. Theuman, supra note 5, § 2. 107. Id. No. 1.] SPYING ON THE MOB

The following discussion is applicable to silent video surveillance only, as any video surveillance recording video and sound would require compliance with Title III due to the interception of oral communications and aural transfers."' Courts generally reject the argument that use of secret video surveillance is unconstitutional per se."' Courts vary as to what is required for issuance of a warrant authorizing secret video surveillance, however. Although secret video surveillance is not unconstitutional per se, the Fourth Amendment's warrant requirement still applies to video surveillance."" Under certain circumstances, some courts allow warrantless video surveillance."' Where a warrant is required, many courts impose more stringent requirements, borrowing Title III's provisions relating to the Fourth Amendment's particularity and minimization requirements due to the increased invasion of privacy imposed by the use of video surveillance." 2 For secret video surveillance, Torres and Biasucci borrow four provisions of Title III: 1) the issuing judge must be satisfied that "normal investigative procedures have been tried and have failed or reasonably appear to be unlikely to succeed if tried or to be too dangerous;""' 3 2) the warrant must contain "a particular description of the type of communication sought to be intercepted, and a statement of the particular offense to which it relates;"" 4 3) the period of interception must not be "longer than necessary to achieve the objective of the authorization, or in any event longer than thirty days" (extensions permissible);" 5 and 4) the warrant must require the interception "be conducted in such a way as to minimize the interception of 111].5511communications6 not otherwise subject to interception under [Title

108. 18 U.S.C. § 2510(2). 109. United States v. Torres. 751 F.2d 875 (7th Cir. 1984). See also United States v. Andonian. 735 F. Supp. 1469 (C.D. Cal. 1990). 110. United States v. Falls, 34 F.3d 674, 683 (8th Cir. 1994). 111. United States v. Cox, 836 F. Supp. 1189 (D. Md. 1993) (holding consensual video surveillance did not violate the Fourth Amendment). See also State v. Clemmons, 81 Wash. App. 1003 (Div. 1996), available at 1996 WL 146721 (holding that persons subjected to video surveillance had no reasonable expectation of privacy). 112. Torres, 751 F.2d at 883-84. See also United States v. Biasucci, 786 F.2d 504, 507-12 (2d Cir. 1986). 113. 18 U.S.C. § 2518(3)(c). 114. 18 U.S.C. § 2518(4)(c). 115. 18 U.S.C. § 2518(5). 116. Id. JOURNAL OF LAW, TECHNOLOGY & POLICY [Vol. 2002

V. DISCUSSION

A. The "Keystroke Logger System" and the Classified Information ProceduresAct Federal law enforcement encompasses numerous organizations, including the Federal Bureau of Investigation, Central Intelligence Agency, National Security Agency, Immigration and Naturalization Service, Drug Enforcement Agency, and the Bureau of Alcohol, Tobacco, and Firearms. As one might expect, criminal investigations can overlap from one organization to another. Methods employed to fight crime and gather evidence are also shared among departments. Many groups, especially those operating internationally, use sensitive tools and clandestine procedures to gather evidence and information. Full disclosure of such operations could jeopardize the safety and well-being of men and women serving the United States abroad. When secret operations and techniques are employed in domestic law enforcement operations, however, disclosure of the methods employed and their function is essential in determining whether a suspect's constitutional rights have been violated. In Scarfo's case, the Federal District Court for the District of New Jersey found that operating the KLS while the computer's modem and communications devices were inactive rendered Title III inapplicable. 17 The Court, however, did not allow the defendants' motion for discovery of the technical details of the KLS. "8 The government's refusal to release the technical details fails to ensure that no electronic communications are being intercepted."9 Even assuming electronic communications are being intercepted, under the law as it exists today, they would not be subject to the statutory exclusionary rule. 2° In Kyllo v. United States,2' the Supreme Court extensively reviewed the technology involved and determined that its application to the defendant violated the Fourth Amendment. Nicodemo S. Scarfo and Frank Paolercio were denied the 12 opportunity to discover how the KLS operated. ' The government successfully argued that it has the right to keep information classified 23

117. United Stated v. Scarfo, 180 F. Supp. 2d 572, 582 (D.N.J. Dec. 26, 2001). 118. Id. 119. Id. 120. 18 U.S.C. § 2515 ("Whenever any wire or oral communication has been intercepted, no part of the contents of such communication and no evidence derived therefrom may be received in evidence in any trial, hearing, or other proceeding .... ). 121. 533 U.S. 27 (2001). In Ky~lo, the Court evaluated the technology involved in a FLIR (forward looking infra red) device used by law enforcement officers to locate suspect marijuana harvesting in personal residences, implicating the defendant. Id. 122. United States v. Scarfo, 180 F. Supp. 2d 872,580-81. 123. Id. No. 1] SPYING ON THE MOB under the Classified Information Procedures Act (CIPA).'24 Without technical specifics, though, there is no assurance that the system itself is not intercepting keystrokes contemporaneously with modem operations. However, the Supreme Court in Kyllo indicated that one reason they deemed the intrusion a violation of the Fourth Amendment was that the technology was not widely available commercially in the United States.'25 Software and hardware versions of the type the KLS used against Scarfo are readily available on the Internet.'2 6 In Scarfo, the Court held an ex parte in camera hearing to review the technical details of the KLS and found that allowing disclosure would cause identifiable damage to the national security of the United States.'27 The district court reasoned that CIPA "strikes a balance between national security interests and a criminal defendant's right to discovery by allowing for a summary which meets the defendant's discovery needs."'28 The defendants were granted the Murch Affidavit - the unclassified summary of the KLS. 2 9 But the Murch Affidavit was merely a statement that the KLS did not record keystrokes while the modem was operational. 3 This was a highly questionable proposition since the output of the KLS (which was authorized for sixty days) was twenty-four pages of text, and the very last thing typed was the passphrase sought by the FBI.' The government's argument of necessity for national security interests is refutable. In today's high-tech environment, technology dominates the intelligence arena, any foreign nations or subjects who suspect that the KLS is being used to spy on them will now be analyzing their computers for aberrations in hardware, firmware or software that would indicate the presence of the KLS. Discovery of its presence is most likely inevitable. Should the government be able to spy on its own citizens while denying adversely affected citizens an opportunity to examine the technology used to determine whether or not their constitutional rights have been violated? When the federal government, out of concern for national security, utilizes technology to spy, the interest in protecting the constitutional rights of citizens adversely affected should outweigh any national security interest. Without such a rule, the government would be virtually unrestrained in its use of spy technology in domestic law

124. Classified Information Procedures Act, Pub. L. No. 96-456, 94 Stat. 2025 (1980), amended by Pub. L. No. 100-690, 102 Stat. 4396 (2002). 125. Kyllo, 533 U.S. at 40. 126. See WinWhatWhere Investigator, supra note 57. 127. Scarfo, 180 F. Supp. 2d at 575. 128. Id. at 583. 129. Id. 130. Murch Aff., supra note 50, at 5-6. 131. Memorandum of Law in Support of Defendant's Position in Regard to Discovery, supra note 64. The probability of such an occurrence over a broad length of time is very low, coupled with the low probability that the file was opened only for the sake of opening it and that nothing else was typed along with the fact that only twenty-four pages of text were recovered over a sixty-day period. Id. JOURNAL OF LAW, TECHNOLOGY & POLICY [Vol. 2002 enforcement, subject only to review through ex parte in camera hearings in which a member of the judiciary must evaluate what is often very complex technology to determine whether a defendant's constitutional rights have been violated. Additionally, because the defendant takes no part in the hearing, that which is presented for evaluation by the i-udge is solely what is set forth by the government. Such a scheme could potentially result in an abuse of power, ultimately denying those adversely affected the opportunity to conduct a thorough review of the technical details to determine if their rights guaranteed by the Constitution are violated. Adopting a rule requiring disclosure would not dampen the effectiveness of the government's ability to protect national security; rather, it would merely limit the government's use of more intrusive tools in the domestic arena to those which the government is willing to disclose to the general public. Essentially, the government would be forced to choose only those techniques which are not violative of the constitutional rights guaranteed to every person in the United States. Although this could have an adverse effect on law enforcement in the United States by enabling criminals to work around such technology, this would not be the first instance in which criminal elements have found ways to evade the authorities and circumvent capture."'

B. The "Keystroke Logger System" and Title III

As discussed above, Title III warrants for electronic surveillance have much more stringent requirements than traditional search warrants. 33 However, Title III warrants apply only to wire, oral, or electronic communications as they are statutorily defined. 34 Wire communication includes only aural transfers via wire, cable, or other similar connection between two points."5 "Oral communication" means any oral communication by a person exhibiting an objective expectation of privacy; yet it does not include electronic communications.'36 18 U.S.C. § 2510 defines electronic communications as, "any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electro-magnetic, photoelectronic or photooptical system that affects interstate or foreign commerce, but does not include" any oral or wire communications, communications via a tone-only paging device, any tracking device communications, and electronic funds transfer information stored with a

132. Criminals use encryption and technology to get around current law enforcement techniques as evidenced by United States v. Scarfo. 133. See supra notes 85-104 and accompanying text. 134. 18 U.S.C. § 2510 (2000). 135. Id. § 2510(1). 136. Id. § 2510(2). No. 1.] SPYING ON THE MOB financial institution.'37 Keystrokes are neither oral communications nor aural transfers. Therefore, if Title III is applicable, these keystrokes must be electronic communications, requiring that they be transferred by a system affecting interstate commerce.' In Scarfo, the government successfully argued that recorded keystrokes typed on a computer without active communications does not constitute an interception of electronic communications under Title III. 9 The government took the position in Scarfo that data collected by the KLS does not affect interstate commerce nor is it intercepted because the modem is inactive while the keystrokes are recorded. 4 " One could argue this position is flawed in at least two respects. First, a user can queue an e-mail and send it at a later time. A user may wish to type his e-mails and messages, connect to the Internet, and then send them at once to minimize interruption of his phone service. These e-mails would be intercepted and recorded by the KLS because they are not contemporaneous with modem operation. Second, many users may wish to communicate via e-mails with attachments rather than using the framework of the e-mail program itself. These keystrokes would also be recorded, even though they would be later e-mailed through the Internet. To protect e-mails or attachments typed during modem operation and to refuse protection for e-mails typed prior to connecting to the Internet is an unwarranted distinction that frustrates the purpose of the ECPA. 4' However, in Scarfo, the government successfully argued that because the data recorded by the KLS is not being transmitted contemporaneously through a modem or other communications device, the data is not intercepted under Title III.42 The government cites numerous cases applying the contemporaneous interception standard set forth in United States v. Turk.'43 However, the sources cited all reflect a situation of post-transmission interception.'" In fact, one case cited by the

137. Id. § 2510(12). 138. Id. 139. United States v. Scarfo, 180 F. Supp. 2d 572, 582 (D.N.J. Dec. 26, 2001). 140. Brief of the United States in Opposition to Defendant Scarfo's Pretrial Motions at 25-29, United States v. Scarfo, 180 F. Supp. 2d 572 (D.N.J. Dec. 26, 2001) (No. 00-404). available at http://www2.epic.org/crypto/scarfo/gov-brief.pdf. 141. Brown v. Waddell, 50 F.3d 285, 289 (4th Cir. 1995). 142. Brief of the United States in Opposition to Defendant Scarfo's Pretrial Motions, supra note 140. 143. 526 F.2d 654, 659 (5th Cir. 1976) (concluding that "no new and distinct interception occurs when the contents of a communication are revealed through the replaying of a previous recording"). 144. Brief of the United States in Opposition to Defendant Scarfo's Pretrial Motions, supra note 140 (citing Steve Jackson Games, Inc. v. United States Secret Service. 36 F.3d 457 (5th Cir. 1994)); United States v. Meriwether, 917 F.2d 955 (6th Cir. 1990); United States v. Turk. 526 F.2d 654, 658 (5th Cir. 1976); Fraser v. Nationwide Mutual Insurance, 135 F. Supp. 2d 623 (E.D. Pa. 2001): Eagle Investment v. Tamm, 2001 WL 576133 (D. Mass. 2001); Wesley College v. Pitts. 974 F. Supp. 375, 387 (D. Del. 1997); Bohach v. Reno, 932 F. Supp. 1232 (D. Nev. 1996); United States v. Reyes, 922 F. Supp. 818 (S.D. N.Y. 1996): Payne v. Norwest, 911 F. Supp. 1299 (D. Mont. 1995): United States v. Moriarty, 962 F. Supp. 217 (D. Mass. 1994); Lopez v. First Union. 129 F.3d 1186 (11 th Cir. 1997). JOURNAL OF LAW, TECHNOLOGY & POLICY [Vol. 2002 government, Fraser v. Nationwide Mutual Ins. Co.,'4 5 is detrimental to their argument that Title III does not apply to the KLS. In Fraser the Court stated, "[r]etrieval of a message from storage while it is in the course of transmission is 'interception' under the Wiretap Act." '146 In another case distinguished by Fraser, the Ninth Circuit held that the contents of a secure website were "'electronic communications' in intermediate storage that are protected from unauthorized interception under the Wiretap Act." '147 The Court in Konop also stated, "[a]n electronic communication in storage is no more or less private than an electronic communication in transmission." The KLS does not retrieve stored data; it intercepts data as it is entered. Analogizing to Fraserand Konop, if retrieval of intermediate storage is interception then a fortiori retrieval of the data as it is entered prior to and for the purpose of transmission is also interception. Queued e-mails and files meant for immediate e-mail attachment should fall under the protections of Title III. Data storage, however, is not subject to the statutory exclusionary rule. Thus, if the court were to determine such queued e-mails were "data storage," they would not be subject to exclusion, provided that the requirements of Title III were met.'48 The KLS, as applied in Scarfo, does not exclude this type of information, therefore Title III should be applicable in spirit if not literally. The definition of "electronic communications" is ambiguous as to which term the phrase "affects interstate or foreign commerce" applies.'49 This denotation could be construed as modifying the transfer of data, the system used to transfer data, or both. The government's position in Scarfo reflects its desire to "have its cake and eat it too." The government's interpretation of Title III would require the transmission to affect interstate commerce. A literal reading of the statute, however, suggests a more plausible interpretation requiring that the transmission be sent by a system affecting interstate commerce. 5 ' Congress regulates criminal activity primarily under the authority granted to them by the Commerce Clause of the Constitution. 5' The government usually seeks an expansive definition of what affects interstate commerce, when a criminal statute is challenged on the basis that Congress has exceeded its power granted by the Commerce Clause.' Consider the following

145. 135 F. Supp. 2d 623 (E.D. Pa. 2001). 146. Id. at 635. 147. Konop v. Hawaiian Airlines, Inc., 236 F.3d 1035 (9th Cir. 2001), withdrawn, Konop v. Hawaiian Airlines, Inc., 262 F.3d 972 (9th Cir. 2001). 148. See, e.g., United States v. Reyes, 922 F. Supp. 818 (S.D.N.Y. 1996). 149. See 18 U.S.C. § 2510 (12) (2000). 150. Id. 151. U.S. CONST. art. 1, § 8, cl. 3. 152. See United States v. Kallestad, 236 F.3d 225,227-31 (5th Cir. 2000) (holding Congress has the power under the Commerce Clause to regulate child pornography because it is inherently a national market and that defendant's film had traveled in interstate commerce satisfying the jurisdictional element). See also United States v. Santiago, 238 F.3d 213, 215 (2d Cir. 2001) (affirming defendant's conviction for possession of a firearm that has traveled in interstate commerce by a felon); United No. 1] SPYING ON THE MOB scenario: in Scarfo's case a Title III warrant was successfully obtained for use of the KLS but Nicodemo Scarfo and Frank Paolercio challenge the constitutionality of the KLS as applied to their case as beyond the power granted to Congress under the Commerce Clause. In this hypothetical, there is no doubt that the government would seek to uphold the regulation as a valid exercise of the Commerce Power. It would argue that Scarfo's computer contains a modem, which has been connected to the Internet at intermittent times,153 and a computer used to connect to the Internet is without a doubt a system that affects interstate commerce. Courts have frequently upheld federal criminal statutes using a jurisdictional hook, requiring only that a physical object has traveled in interstate commerce."' In such cases, the government would inevitably argue for a broad construction of the phrase "interstate commerce". Arguing that Scarfo's single computer has an inconsequential or minimal and attenuated effect on interstate commerce would also fail. Applying the principles of United States v. Lopez 55 and Wickard v. Filburn,l56 a high percentage of commercial products, that travel in interstate commerce, fall within the congressional regulation power due to the potential aggregate effect of all like products on interstate commerce (an argument frequently relied on to uphold federal legislation rooted in the Commerce Clause). In Scarfo, the government seeks to limit the meaning of "affects interstate ... commerce"'57 because it suits its immediate goal. In summary, the government should not be allowed an expansive definition of interstate commerce when defending a statute, while also being allowed a narrow definition when seeking to avoid a burdensome statute. Ultimately, government compliance with the requirements of Title III, (whether or not the intercepted communications were "electronic communications" as that term is statutorily defined) would have prevented the suppression of the evidence because electronic communications are not protected by the statutory exclusionary rule.'

States v. Nathan, 202 F.3d 230,234 (4th Cir. 2000) (affirming conviction where government only had to prove defendant's firearm and ammunition had previously traveled in interstate commerce). 153. Memorandum of Law in Support of Defendant's Position in Regard to Discovery, supra note 64. 154. Kallestad, 236 F.3d at 225 (upholding 18 U.S.C. § 2252(a)(4)(B), which states "knowingly possesses 1 or more books ... or other matter.., that has been mailed, or has been shipped or transported in interstate or foreign commerce, or which was produced using materials which have been mailed or so shipped or transported," as a constitutional exercise by Congress of the Commerce Power); see also Santiago, 238 F.3d at 216: Nathan, 202 F.3d at 234. 155. 514 U.S. 549 (1995) (establishing the modern test for valid Congressional exercise of the Commerce Power). 156. 317 U.S. 111 (1942) (holding valid Congressional exercise of the Commerce Power establishing limits on individual wheat farmers because of the potential aggregate effect of all wheat farmers on interstate commerce). 157. 18 U.S.C. § 2510(12) (2000). 158. 18 U.S.C. § 2515. JOURNAL OF LAW, TECHNOLOGY & POLICY [Vol. 2002

C. The "Keystroke Logging System" and Video Surveillance

Non-audio video surveillance gathers visual data, whereas the KLS gathers only digitized keystroke data. Each method is intrusive in a different way. The KLS records the keystrokes that are representations of knowledge that has been transferred to a computer. These can include an individual's most intimate thoughts, recollection of events, banking records, letters and messages of a highly personal nature. On the other hand, video surveillance records visual depictions and movements, which can include full nudity and acts intended only for the privacy of the home. Despite these differences, an analogy may be drawn between the KLS and non-audio video surveillance investigative methods. Title III does not expressly include either method of investigation, thus it is more stringent requirements are not explicitly applicable to a case involving either method. Both methods constitute an invasion of privacy more intrusive than that imposed through execution of a traditional search warrant. When the execution of a traditional search warrant occurs, it is limited by time and place and by particular items. Police then seize items they are searching for and any other illegal items in "plain view." In contrast, video surveillance and the KLS record ongoing activities over a period of time, and are not limited to what is available at the time the warrant is executed. For this reason, the added protections offered by Torres and Biasucci should be afforded to a defendant against whom evidence obtained by the KLS is sought to be introduced. In Scarfo's case, although signed by a magistrate judge, the order authorizing surreptitious entry and installation of the KLS onto Scarfo's computer would have met the added requirements of Torres for non- audio video surveillance.159 Normal investigative techniques failed. The FBI previously seized Scarfo's computer and recovered the undecipherable "Factors" file.16 ° Normal methods would have also been unlikely to succeed in the future, for without the passphrase, no encrypted files could be deciphered. The order included the particular "communications" intended for interception and allowed surreptitious entry to "leave behind software, firmware, and/or hardware equipment which will monitor the inputted data entered on ...Scarfo's computer by recording the key related information as they are entered[.]"'' 1 The order listed specific criminal offenses and corresponding statutes.62 The authorization also limited the period of interception to that which was

159. See Order Granting Application for Surreptitious Entry, supra note 48. 160. Dawson Aff.. supra note 51. 157, at 29. 161. Order Granting Application for Surreptitious Entry, supra note 48,at 4. 162. Id. Information was sought relating to "illegal gambling, loansharking and other racketeering offenses, and all of which are fruits, instrumentalities and/or evidence of violations of 18 U.S.C. § 371 (conspiracy. §§ 892-94 (extortionate credit transactions). § 1955 (illegal gambling business) and § 1962 (RICO)[.]" Id. No. 1] SPYING ON THE MOB necessary to achieve the objective within a thirty-day period.163 Finally, the order authorized recovery methods which would not capture communications protected under Title III, minimizing the actual data recorded.'64

VI. PROPOSED SOLUTIONS

A. Legislative Amendments

Because the KLS captures all keystrokes not typed contemporaneously with modem operations, the system's potential for intrusion surpasses phone taps, pen registers, trap and trace devices and conventional audio bugs. Interception of phone conversations or e-mails seems much less intrusive because the individual sends these communications beyond the boundaries of his home. The KLS records information entered into a computer inside the boundaries and sanctity of the home. The information technology revolution has led to digital storage in computers of data previously kept in a typed or handwritten format. The KLS can intercept a broad range of data exceeding that which other electronic surveillance methods can intercept, including letters, diaries, queued e-mails and financial information, whether communicated outside the home or not. Government investigators must peruse all of this personal information to discern the passphrase or other information sought. As discussed above, the KLS records much more than conventional techniques currently within the statutory definition of electronic communications, such as phone taps. Because of this potential level of intrusion, the most viable solution is a modification of Title III. Such a modification should attack the appropriate safeguards offered by Title III to the KLS and Magic Lantern systems, whether or not they include the statutory exclusionary rule.

B. Judicial Remedies

Considering the potential intrusiveness of the KLS and the intent of Congress in passing the Electronic Communications Privacy Act, courts would be justified in excluding evidence collected by the KLS as not complying with the requirements of Title III. As Konop and Fraserhave shown, post-transmission and pre-transmission storage is easily distinguishable. As Konop and Fraser also note, some storage is necessary for the electronic communication of data. Seizure of keystrokes typed into an e-mail program that queues messages for subsequent transmission is analogous to the types of pre-transmission storage necessary for electronic communications. Courts could also

163. Id. 164. See id. JOURNAL OF LAW, TECHNOLOGY & POLICY [Vol. 2002 redefine the beginning and ending point for transmission of electronic communications to include the entering of data likely to be transmitted in the immediate future. Failing to disclose the full details of the KLS restricts a person's right to determine if the government violated his constitutional rights. As stated above, the government should not be allowed to use high-tech law enforcement tools in the domestic arena if they are unwilling to disclose their methodology. Hiding behind the smokescreen of national security gives the government an open invitation to use any and all spy technology on persons residing in the United States. This problem is easily remedied by restricting law enforcement to tools with disclosed technical details in situations when the information seized is uncertain. Of course, the FBI could obtain a warrant that satisfies the more stringent requirements of Title III. Disclosure of the KLS technical details would then be unnecessary, as there could have been nothing seized that was unwarranted. Finally, if failing the first two recommendations posed above, courts should apply the added particularity and minimization requirements applicable to non-audio video surveillance, as stated in Torres. The intrusive nature of the KLS surely requires something more than a traditional search warrant.

VII. CONCLUSION Once again, the courts must address what Samuel D. Warren and Louis D. Brandeis stated so eloquently in 1890: Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual what Judge Cooley calls the right 'to be let alone.'.. . [N]umerous mechanical devices threaten to make good the prediction that 'what is whispered in the closet shall be proclaimed from the house-tops.' ... [Tihe question whether our law will recognize and protect the right to privacy in this and in other respects must soon come before ou[r] courts for consideration.'65 Using the KLS pursuant to a traditional search warrant does not adequately ensure a suspect's Fourth Amendment rights are protected. I do not propose to ban its use completely. Instead, I merely propose that Title III be amended to balance individual civil liberties with society's interest in preserving law and order. In the absence of such legislation, I propose courts should reign in the constabulary's use of these invasive techniques, which are so carefully designed to circumvent legislative restrictions embodied in Title III.

165. Samuel D. Warren & Louis D. Brandeis, The Right To Privacy,4 HARV. L. REV. 193, 195-96 (1890).