C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
Statement of Alissa Cooper
Chief Computer Scientist, Center for Democracy & Technology
Before the House Committee on Energy and Commerce,
Subcommittee on Telecommunications and the Internet
" What Your Broadband Provider Knows About Your Web Use:
Deep Packet Inspection and Communications Laws and Policies"
July 17, 2008
!
I. Summary
!"#$%&#'()#%*+,(#'-()+&.+%/(01(2"+(34.50&&$22++6(
7'(.+"#81(01(2"+(!+'2+%(10%(9+&05%#5,(:(;+5"'080<,(=!9;>?(@(2"#'*(,04(10%(2"+(
0AA0%24'$2,( 20( 2+/2$1,( 20-#,B( C+( #AA8#4-( 2"+( 34.50&&$22++D/( 8+#-+%/"$A( #'-(
10%+/$<"2( $'( +E#&$'$'<( 2"+( +&+%<$'<( A08$5,( #'-( 8+<#8( $&A8$5#2$0'/( 01( 2"+(
2+5"'$F4+(*'0G'(#/(H-++A(A#5*+2($'/A+52$0'BI(
J%+/+%K$'<( 2"+( @'2+%'+2( #/( #( 2%4/2+-( 0A+'( A8#210%&( 10%( /A++5"( #'-( $''0K#2$0'?(
G$2"042(<#2+*++A+%/(0%(5+'2%#8(50'2%08?("#/(.++'(#(-+1$'$'<($//4+(10%(!9;(/$'5+(
$2/( $'5+A2$0'B( ;"+( @'2+%'+2( G#/( .4$82( #%04'-( 2"+( H+'-L20L+'-I( A%$'5$A8+6( 2"+(
'02$0'( 2"#2( #AA8$5#2$0'/( #%+( .+22+%( 8+12( 20( .+( $&A8+&+'2+-( #2( 2"+( @'2+%'+2D/(
+'-A0$'2/( %#2"+%( 2"#'( $2/( 50%+?( 8+#K$'<( 2"+( '+2G0%*( $2/+81( 4'1+22+%+-( .,( #',(
A#%2$548#%( A#%2,D/( $'2+%+/2/BM( J4%/4#'2( 20( 2"$/( +'-L20L+'-( -+/$<'?( -#2#( "#/(
2%#-$2$0'#88,( 2%#K+%/+-( 2"+( @'2+%'+2( G$2"042( $'2+%1+%+'5+( 1%0&( $'2+%&+-$#%$+/B(
N+<$/8#2$K+( #'-( 8+<#8( -+5$/$0'/( A%02+52$'<( @'2+%'+2( /+%K$5+( A%0K$-+%/( 1%0&(
$'2+%&+-$#%,( 8$#.$8$2,( =!"#"?( 8$#.$8$2,( 10%( 50'2+'2( 2"#2( 0%$<$'#2+/( G$2"( 4/+%/>( "#K+(
.++'(104'-+-(0'(2"+(A%$'5$A8+(2"#2(2"+('+2G0%*(0A+%#20%($/('02(&#'$A48#2$'<(2"+(
50'2+'2( 2"#2( A#//+/( 2"%04<"( $2/( '+2G0%*B( O0%( -+5#-+/?( #-"+%+'5+( 20( 2"+( +'-L20L
+'-( A%$'5$A8+( "#/( A%+/+%K+-( 2"+( @'2+%'+2( #/( #( 2%4/2+-( A8#210%&( #'-( "#/(
/4AA0%2+-( #/204'-$'<( 8+K+8/( 01( $''0K#2$0'?( +50'0&$5( #52$K$2,?( #'-( $'-$K$-4#8(
+EA%+//$0'B((
((((((((((((((((((((((((((((((((((((((((((((((((((((((((
1
J.H. Saltzer, D.P. Reed & D.D. Clark, End-to-End Arguments in System Design, 2 ACM Transactions on Computer Sys. 277
(1984).
1634 I St., NW, Suite 1100, Washington, DC 20006 • v. +1.202.637.9800. • f. +1.202.637.0968 • http://www.cdt.org
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
@'(%+5+'2(,+#%/?("0G+K+%?(&#//$K+(<%0G2"($'(-#2#(A%05+//$'<(A0G+%("#/(/A4%%+-(
2"+( -+K+80A&+'2( 01( '+G( H-++A( A#5*+2( $'/A+52$0'I( =9J@>( +F4$A&+'2( 2"#2(
A02+'2$#88,(#880G/(@3J/(#'-(02"+%($'2+%&+-$#%$+/(20(5088+52(#'-(#'#8,P+(#88(01(2"+(
@'2+%'+2( 2%#'/&$//$0'/( 01( &$88$0'/( 01( 4/+%/( /$&482#'+04/8,B( ;"+( 4/+( 01( 9J@(
2+5"'080<,?( 2"04<"( /2$88( $'( /0&+G"#2( 8$&$2+-( -+A80,&+'2?( %#$/+/( /+%$04/(
F4+/2$0'/(#.042(2"+(1424%+(01(2%4/2?(0A+''+//?(#'-($''0K#2$0'(0'8$'+BQ((
;"+(482$&#2+($&A8$5#2$0'/(01(9J@(-+A+'-(8#%<+8,(0'(.02"("0G($2($/($&A8+&+'2+-(
#'-( 2"+( A4%A0/+/( 10%( G"$5"( $2( $/( 4/+-B( 9J@( #AA8$5#2$0'/( %#'<+( 1%0&( &#'#<$'<(
'+2G0%*( 50'<+/2$0'( 20( -+2+52$'<( '+2G0%*( 2"%+#2/( 20( &0'+2$P$'<( $'-$K$-4#8(
@'2+%'+2( -#2#( /2%+#&/( 2"%04<"( 2#%<+2+-( #-K+%2$/$'<B( 30&+( 01( 2"+/+( #AA8$5#2$0'/(
#%+( 8$*+8,( 4'0.R+52$0'#.8+?( G"$8+( 02"+%/( %#$/+( 1#%L%#'<$'<( A08$5,( #'-( 8+<#8(
F4+/2$0'/( #11+52$'<( +K+%,2"$'<( 1%0&( A%$K#5,( #'-( $'2+88+524#8( A%0A+%2,( %$<"2/( 20(
1%++-0&(01(+EA%+//$0'(#'-(@'2+%'+2($''0K#2$0'B(S82"04<"(!9;(K$+G/(#88(01(2"+/+(
#/( 50%+( @'2+%'+2( A08$5,( $//4+/?T( &,( 2+/2$&0',( 20-#,( G$88( 1054/( 0'( 2"+( A%$K#5,(
$&A8$5#2$0'/( 01( 9J@?( #/( '+#%8,( +K+%,( 50'2+E2( $'( G"$5"( 9J@( &#,( .+( 4/+-( %#$/+/(
/4./2#'2$#8(A%$K#5,(50'5+%'/B(
@'(A#%2(.+5#4/+(01(2"+(@'2+%'+2D/("$/20%,(01(-+5+'2%#8$P+-(50'2%08(#'-(4'1+22+%+-(
50&&4'$5#2$0'/?( 50'/4&+%/( #%+( '02( #554/20&+-( 20( "#K$'<( 2"+$%( @'2+%'+2(
2%#'/&$//$0'/($'2+%5+A2+-(0%(#'#8,P+-(+'(%042+(.,(#'($'2+%&+-$#%,B(9+A+'-$'<(
0'( "0G( 2"+,( #%+( -+A80,+-?( 9J@( /,/2+&/( 5#'( -+1,( 2"$/( +EA+52#2$0'?( 2"%+#2+'$'<(
2"+(.#/$/(10%(50'/4&+%(2%4/2(0'8$'+B(!+%2#$'(#/A+52/(01(9J@(#%+(#8/0(#2(0--/(G$2"(
G+88( #55+A2+-( H1#$%( $'10%&#2$0'( A%#52$5+/?I( 5#'( .+( -$/%4A2$K+( 20( @'2+%'+2( #'-(
C+.(14'52$0'#8$2,?(#'-(&#,(%4'(#1048(01(50&&4'$5#2$0'/(A%$K#5,(8#G/B((
;"0/+( G"0( 4/+( 9J@( 10%( 2"+( A4%A0/+( 01( 2%#5*$'<( 50'/4&+%/D( 0'8$'+( #52$K$2$+/( 20(
/+%K+( 2#%<+2+-( #-K+%2$/+&+'2/( /2%+//( 2"+( #'0',&04/( #'-( 8$&$2+-( '#24%+( 01( 2"+(
A%01$8+/(2"+,(50&A$8+B(U0G+K+%?(2"+(&#$'(1054/(01(04%(A%$K#5,(50'5+%'(G$2"(2"$/(
((((((((((((((((((((((((((((((((((((((((((((((((((((((((
2
Packet inspection or data analysis that a user conducts on his or her own data stream is a different matter and does not raise the
same questions. There are many reasons why a user may want to conduct such analysis, and the ability to do so empowers users to
better understand their own Internet service plans. This testimony focuses exclusively on packet inspection and analysis by
intermediaries at the middle of the network rather than at the endpoints.
3
CDT has a long history of opposing government mandates that require ISPs to filter content at the middle of the network, which is
certainly one potential use of DPI. See, e.g., CDT, Summary and Highlights of the Philadelphia District Court’s Decision in Center
for Democracy & Technology v. Pappert (Case No. 03-5051 (E.D. Pa. Sept. 10 2004) (Sept. 15, 2004),
http://www.cdt.org/speech/pennwebblock/20040915highlights.pdf. CDT has also been an active participant in policy debates
surrounding Internet neutrality and network congestion management, both of which potentially implicate DPI as a tool that can be
used to distinguish certain Internet data streams from others. We have called for focused Internet neutrality legislation that, if
enacted, would likely have the effect of restricting certain uses of DPI that facilitate discrimination between Internet data streams.
See CDT, PRESERVING THE ESSENTIAL INTERNET (2006), http://cdt.org/speech/20060620neutrality.pdf. More recently, we
recommended to the Federal Communications Commission that ISPs’ endeavors to manage congestion on their networks – which
may include the use of DPI – be transparent, evenly applied to all services and applications, and consistent with core internetworking
standards. See Comments of CDT, In the Matter of Broadband Industry Practices, WC Docket No. 07-52 (Feb. 13, 2008),
http://cdt.org/speech/20080213_FCC_comments.pdf.
2(
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
&0-+8(#/($2(+E$/2/(20-#,($/('02(0'(2"+(A%01$8+/(2"+&/+8K+/(.42(%#2"+%(0'(G"#2($/(
%+F4$%+-( 20( 50&A$8+( 2"0/+( A%01$8+/?( '#&+8,( 2"+( -$K+%/$0'( 0%( 50A,$'<( 01(
/4./2#'2$#88,(#88(01(2"+(C+.(2%#11$5(01(#88(/4./5%$.+%/B(;"+(1#52(2"#2(#/(01('0G(2"+(
#-K+%2$/$'<( '+2G0%*/( 4/+( 0'8,( #( /&#88( A0%2$0'( 01( G"#2( $/( 5#A24%+-( #'-( -0( '02(
/20%+( 02"+%( $'10%&#2$0'( -0+/( '02( -$&$'$/"( 2"+( $'2%4/$K+'+//( 01( 2"+( $'$2$#8( -#2#(
5#A24%+B(C+(#%+(50'5+%'+-(G$2"(2"+($'2+%5+A2$0'(#'-(#'#8,/$/(01(-#2#($'(2%#'/$2(
10%(A4%A0/+/("#K$'<('02"$'<(20(-0(G$2"(2"+(-+8$K+%,(01(2"#2(-#2#(0%(2"+(/+54%$2,(
0%( $'2+<%$2,( 01( 2"+( @'2+%'+2( /+%K$5+B( )0%+0K+%?( #/( 2"+( +E$/2$'<( &0-+8/( #%+( '0G(
50'1$<4%+-?( '0( 0'+( 5#'( 0A2L042( 01( 2"#2( -$K+%/$0'( 0%( 50A,$'<( 01( 2"+$%( @'2+%'+2(
2%#11$5V( +E$/2$'<( 0A2L042/( &+%+8,( -$/50'2$'4+( 2"+( 5%+#2$0'( 01( .+"#K$0%#8( A%01$8+/(
10%(4/+($'(-+8$K+%$'<(#-/B(
9J@(/,/2+&/(/"048-('02(.+(K$+G+-($'($/08#2$0'B((;"+,(#%+(.+$'<(-+A80,+-(G$2"$'(
2"+(50'2+E2(01(#'(0'8$'+(+'K$%0'&+'2(G"+%+(&0%+(-#2#($/(.+$'<(5088+52+-(W(#'-(
%+2#$'+-(10%(80'<+%(A+%$0-/( W(2"#'(+K+%(.+10%+B(X+2(04%('#2$0'(/2$88("#/('0(.#/$5(
50'/4&+%( A%$K#5,( 8#G( #'-( +E$/2$'<( /+520%#8( A%$K#5,( A%02+52$0'/( "#K+( .++'( 1#%(
042A#5+-(.,(2+5"'080<$5#8($''0K#2$0'B((
Y+5+'28,?( 2"+( O;!( "#/( .+<4'( 5%#12$'<( /+81L%+<48#20%,( A%$'5$A8+/( 10%( A%$K#5,(
A%02+52$0'( $'( 0'8$'+( #-K+%2$/$'<BZ( C+( #AA8#4-( 2"+( O;!( 10%( 2#*$'<( 2"$/( /2+A?( .42(
2"+(A%$'5$A8+/(-0('02(#--%+//(9J@?[(#'-(0'8$'+(A%$K#5,(50'5+%'/(#%+('02(8$&$2+-(
20( 0'8$'+( #-K+%2$/$'<B( S82"04<"( !9;( <+'+%#88,( /4AA0%2/( /+81L%+<48#2$0'?( $2( "#/(
A%0K+'(20(.+($'/411$5$+'2($'(2"+(0'8$'+(A%$K#5,(50'2+E2B(O0%(#88(01(2"+/+(%+#/0'/?(
!0'<%+//( '++-/( 20( 2#*+( #( 50&A%+"+'/$K+( 800*( '02( 0'8,( #2( 2"+( 54%%+'2( #'-(
+&+%<$'<( A%#52$5+/( #//05$#2+-( G$2"( 9J@?( .42( #8/0( #2( 0'8$'+( A%$K#5,( 50'5+%'/( #2(
8#%<+B(C+(%+50&&+'-(2"#2(!0'<%+//(2#*+(2"+(10880G$'<(/2+A/6(
!
!
!
;"+( 34.50&&$22++( /"048-( /++*( #--$2$0'#8( $'10%&#2$0'( -$%+528,( 1%0&( @3J/(
#'-(2"+$%(A#%2'+%/(#.042("0G(2"+,(#%+(4/$'<(9J@B(
;"+( 34.50&&$22++( /"048-( /+2( #( <0#8( 01( +'#52$'<( $'( 2"+( '+E2( ,+#%( #( /$&A8+?(
18+E$.8+( .#/+8$'+( 50'/4&+%( A%$K#5,( 8#G( 2"#2( G048-( A%02+52( 50'/4&+%/( 1%0&(
$'#AA%0A%$#2+( 5088+52$0'( #'-( &$/4/+( 01( 2"+$%( A+%/0'#8( $'10%&#2$0'?( .02"(
0'8$'+(#'-(0118$'+B(
;"+( !0&&$22++( /"048-( /2%0'<8,( 4%<+( 2"+( O+-+%#8( ;%#-+( !0&&$//$0'( 20(
#--%+//( 9J@( $'( $2/( A%0A0/+-( <4$-+8$'+/( #'-( +E+%5$/+( $2/( 1488( +'10%5+&+'2(
#42"0%$2,(0K+%(0'8$'+(#-K+%2$/$'<(A%#52$5+/B((
((((((((((((((((((((((((((((((((((((((((((((((((((((((((
4
See FTC, Online Behavioral Advertising: Moving the Discussion Forward to Possible Self-Regulatory Principles (Dec. 20, 2007),
http://ftc.gov/os/2007/12/P859900stmt.pdf (proposal).
5
See Center for Democracy & Technology et al., Comments of the Center for Democracy & Technology,
Consumer Action, and Privacy Activism In Regards to the FTC Staff Statement, “Online Behavioral Advertising: Moving the
Discussion Forward to Possible Self-Regulatory Principles” (Apr. 11, 2008), http://www.cdt.org/privacy/20080411bt_comments.pdf
at 18.
3(
C E N T E R
!
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
!0'<%+//( /"048-( +E#&$'+( #'-( /2%+'<2"+'( +E$/2$'<( 50&&4'$5#2$0'/( A%$K#5,(
8#G/( 20( 50K+%( '+G( /+%K$5+/?( 2+5"'080<$+/( #'-( .4/$'+//( &0-+8/( G$2"(
50'/$/2+'2(%48+/B((
II. Understanding Deep Packet Inspection
"#!!
"$!"$%&'()!*'!*+,!-'.*%&!/).*,0!
;"+(+#/$+/2(G#,(20(4'-+%/2#'-(-++A(A#5*+2($'/A+52$0'($/(20(50'/$-+%(#'(#'#80<,(
20(2"+(A0/2#8(&#$8(/,/2+&B(@'(2"+(A0/2#8(/,/2+&?(8+22+%/(2%#K+8(2"%04<"(2"+(/,/2+&(
$'( +'K+80A+/?( +#5"( 01( G"$5"( $/( #--%+//+-( 20( $2/( #AA%0A%$#2+( %+5$A$+'2( #'-(
50'2#$'/( 2"+( %+24%'( #--%+//( $'10%&#2$0'( 01( 2"+( /+'-+%B( 7'( 2"+( @'2+%'+2?( -#2#( $/(
.%0*+'( $'20( HA#5*+2/BI( ;"$/( $/( 2%4+( 10%( #88( *$'-/( 01( @'2+%'+2( 50&&4'$5#2$0'/6(
C+.( .%0G/$'<?( +&#$8?( K0$5+L0K+%L@J( =\0@J>( A"0'+( 5#88/?( A++%L20LA++%( =AQA>( 1$8+(
2%#'/1+%/?( 0'8$'+( <#&$'<( #'-( /0( 0'B( S( /$'<8+( A#5*+2( 50'/$/2( 01( 2G0( A#%2/6( #(
HA#,80#-?I( G"$5"( $/( 2"+( #524#8( -#2#( $'/$-+( 2"+( A#5*+2?( 8$*+( 2"+( 8+22+%( $'/$-+( #'(
+'K+80A+V( #'-( #( H"+#-+%?I( G"$5"( 50'2#$'/( 2"+( %042$'<( $'10%&#2$0'( 2"#2( -$%+52/(
2"+( A#5*+2( 20( $2/( -+/2$'#2$0'( =0%( .#5*( 20( 2"+( /+'-+%( $'( 5#/+( 01( +%%0%/>?( 8$*+( 2"+(
#--%+//( #'-( %+24%'( #--%+//( 0'( 2"+( 042/$-+( 01( #'( +'K+80A+B( O0%( #'( @'2+%'+2(
A#5*+2?(2"+(@J(#--%+//+/(01(2"+(%+5$A$+'2(#'-(/+'-+%?(%+/A+52$K+8,?(#%+(+F4$K#8+'2(
20(2"+(#--%+//(#'-(%+24%'(#--%+//(0'(#'(+'K+80A+($'(2"+(&#$8B((
S/( A0/2#8( +&A80,++/( #'-( +F4$A&+'2( &0K+( &#$8( 2"%04<"( 2"+( /,/2+&?( 2"+,(
$'/A+52(2"+(#--%+//$'<($'10%&#2$0'(0'(2"+(042/$-+(01(+#5"(+'K+80A+(20(-+2+%&$'+(
2"+('+E2(/2+A($'(-$%+52$'<(2"+(&#$8(20($2/(1$'#8(-+/2$'#2$0'B(;"+(/#&+($/(2%4+(10%(2"+(
@'2+%'+2(W(2"+(-+K$5+/($'(2"+(&$--8+(01(2"+('+2G0%*(%+/A0'/$.8+(10%(%042$'<(-#2#(
=*'0G'(#/(H%042+%/I>($'/A+52(A#5*+2("+#-+%/(20(-+5$-+(G"+%+(+#5"(A#5*+2(/"048-(
<0( '+E2B( ;"$/( $/( 5#88+-( H/"#880G( A#5*+2( $'/A+52$0'I( .+5#4/+( 2"+( #'#8,/$/( $/(
8$&$2+-(20(2"+("+#-+%($'10%&#2$0'(2"#2($/(#420&#2$5#88,(+EA0/+-(=.,('+5+//$2,>(20(
+K+%,(%042+%(0'(2"+(@'2+%'+2B(]4/2(#/(2"+(A0/2#8(&#$8(/$&A8,(5#''02(.+(-+8$K+%+-(
G$2"042( A0/2#8( +&A80,++/( #'-( +F4$A&+'2( $'/A+52$'<( #--%+//+/?( '+$2"+%( 5#'(
@'2+%'+2( 50&&4'$5#2$0'/( .+( -+8$K+%+-( G$2"042( %042+%/( $'/A+52$'<( A#5*+2(
"+#-+%/B(^42(2"$/(/"#880G(/0%2(01($'/A+52$0'(-0+/('02(%+K+#8(2"+(#524#8(50'2+'2(01(
2"+( C+.( .%0G/$'<( /+//$0'?( +&#$8?( 0%( \0@J( 5#88( 2"#2( #( A#%2$548#%( A#5*+2( &#,(
50'2#$'?(R4/2(#/(800*$'<(#2(#'(#--%+//(0'(#'(+'K+80A+(%+K+#8/('02"$'<(#.042(2"+(
50'2+'2(01(2"+(8+22+%($'/$-+B(
9++A(A#5*+2($'/A+52$0'($/(2"+(+F4$K#8+'2(01(A0/2#8(+&A80,++/(0A+'$'<(+'K+80A+/(
#'-(%+#-$'<(2"+(8+22+%/($'/$-+B(;0(-0(9J@?('+2G0%*(-+K$5+/(+E#&$'+(2"+(A#,80#-(
01(#(A#5*+2(W(2"+(#524#8(-#2#(2"+(A#5*+2(5#%%$+/(W($'(#--$2$0'(20(2"+(A#5*+2("+#-+%B(
;0($'/A+52(#(A#5*+2(-++A8,(&+#'/(20(+E#&$'+(2"+(50'2+'2/(01(2"+(C+.(.%0G/$'<(
/+//$0'?( +&#$8?( $'/2#'2( &+//#<+?( 0%( G"#2+K+%( 02"+%( -#2#( 2"+( A#5*+2( 50'2#$'/B(
4(
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
_'8+//(2"+(50'2+'2(01(2"+(A#5*+2($/(+'5%,A2+-(=#/(G$2"(&0/2(0'8$'+(A4%5"#/+/(#'-(
.#'*(2%#'/#52$0'/>?(2"+(+'2$%+2,(01(2"+(A#5*+2(5#'(.+(#'#8,P+-(G$2"(9J@B((
7'+( /8$<"2( 50&A8+E$2,( 01( @'2+%'+2( A#5*+2/( $/( 2"#2( #( A#5*+2( A#,80#-( $2/+81( &#,(
50'2#$'( /0&+( #--$2$0'#8( #--%+//$'<( $'10%&#2$0'( 2"#2( $/( /4AA8+&+'2#8( 20( 2"+( @J(
#--%+//+/(#K#$8#.8+($'(2"+(A#5*+2("+#-+%B(C"+'(/+'-$'<(#'(+&#$8?(10%(+E#&A8+?(
2"+( +&#$8( #--%+//( 01( 2"+( %+5$A$+'2( #AA+#%/( $'( 2"+( A#5*+2( A#,80#-?( '02( $'( 2"+(
A#5*+2("+#-+%B(N$*+G$/+(10%(C+.(.%0G/$'<?(2"+('#&+(01(2"+(C+.(/$2+(2"#2(#(4/+%(
$/( 2%,$'<( 20( %+#5"( #AA+#%/( $'( 2"+( A#,80#-?( '02( 2"+( "+#-+%B( ;"+/+( *$'-/( 01(
#--$2$0'#8( #--%+//$'<( $'10%&#2$0'( #%+( /0&+2$&+/( %+1+%%+-( 20( #/( H#AA8$5#2$0'(
"+#-+%/I( .+5#4/+( 2"+,( #%+( /A+5$1$5( 20( A#%2$548#%( @'2+%'+2( #AA8$5#2$0'/( =C+.(
.%0G/$'<?(+&#$8?(0%(\0@J?(10%(+E#&A8+>B((
S82"04<"( /0&+( &#,( 58#$&( 2"#2( +E#&$'$'<( /45"( #AA8$5#2$0'( "+#-+%/( -0+/( '02(
50'/2$242+(-++A(A#5*+2($'/A+52$0'?`(!9;(-$/#<%++/B(SAA8$5#2$0'("+#-+%/("#K+(2"+(
A02+'2$#8(20(%+K+#8(&45"(&0%+(#.042(#(50&&4'$5#2$0'(2"#'(A#5*+2("+#-+%/?(#'-(
2"+( 2#/*( 01( -+2+%&$'$'<( G"+%+( #'( #AA8$5#2$0'( "+#-+%( /20A/( #'-( #524#8( -#2#(
50'2+'2( .+<$'/( 012+'( '+5+//$2#2+/( 2"+( $'/A+52$0'( 01( 2"+( -#2#( 50'2+'2( $2/+81B(
;"+%+10%+?(G+(.+8$+K+(2"+(8$'+(.+2G++'(/"#880G(#'-(-++A($'/A+52$0'(8$+/(.+2G++'(
2"+( A#5*+2( "+#-+%( #'-( 2"+( A#5*+2( A#,80#-?( %+<#%-8+//( 01( G"+2"+%( 2"+( A#,80#-(
50'2#$'/(2"+/+(#--$2$0'#8(H#AA8$5#2$0'("+#-+%/BI((
9J@(&#,(.+(-0'+($'(%+#8L2$&+(#/(2"+(-#2#($/($'(2%#'/&$//$0'?(0%($2(&#,(.+(-0'+(
#12+%G#%-( $1( 2"+( -#2#( $/( %+2#$'+-B( @3J/( &#,( "04/+( 9J@( +F4$A&+'2( #'-( 50'-452(
2"+(A#5*+2($'/A+52$0'(2"+&/+8K+/?(0%(2"+,(&#,(#880G(#(2"$%-(A#%2,($'2+%&+-$#%,(
20( #22#5"( +F4$A&+'2( 20( 5088+52( #'-( $'/A+52( 2"+( @'2+%'+2( 2%#'/&$//$0'/( 01( 2"+$%(
/4./5%$.+%/B(
1#!!
2.,.!'3!4,,5!-%67,*!8$.5,6*9'$!
9++A(A#5*+2($'/A+52$0'($/(#(<+'+%$5(2+5"'$F4+(2"#2(5#'(.+(4/+-(10%(#(G$-+(K#%$+2,(
01(A4%A0/+/B(aE#&A8+/($'584-+6(
!
!
$#%&'!()&*+ &,'#)-!.!/0( W( S/( G+( -$/54//( $'( <%+#2( -+2#$8( $'( 3+52$0'( @\?( 9J@( $/(
54%%+'28,(.+$'<(4/+-(.,(#-K+%2$/$'<(50&A#'$+/(20(#'#8,P+($'-$K$-4#8/D(C+.(
.%0G/$'<( "#.$2/?( 5%+#2+( A%01$8+/( 01( 2"+$%( $'2+%+/2/( #'-( .+"#K$0%/?( #'-( 4/+(
2"0/+(A%01$8+/(20(/+%K+(2"+&(2#%<+2+-(#-K+%2$/+&+'2/B(
1#-#2-!(/+ (3+ /#-4()5+ &--&25.( W( @3J/( #'-( 02"+%( '+2G0%*( 0A+%#20%/( 5#'(
/0&+2$&+/( 4/+( 9J@( 20( -+2+52( '+2G0%*( 2"%+#2/( 8$*+( /A#&( #'-( K$%4/+/?( /$'5+(
((((((((((((((((((((((((((((((((((((((((((((((((((((((((
6
See, e.g., Declan McCullagh, Q&A with Charter VP: Your Web activity, logged and loaded, C|Net, May 15, 2008,
http://news.cnet.com/8301-13578_3-9945309-38.html.
5(
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
2"+/+( *$'-/( 01( #22#5*/( &#,( +E"$.$2( G+88( *'0G'( -#2#( H/$<'#24%+/I( 2"#2( @3J/(
5#'(%+50<'$P+(.,($'/A+52$'<(A#5*+2(A#,80#-/Bb((
!
6#-4()5+ 2(/0#.-!(/+ 7&/&0#7#/-( W( 9J@( 5#'( "+8A( @3J/( &#'#<+( 2"+( K084&+( 01(
-#2#(0'(2"+$%('+2G0%*/B(O0%(+E#&A8+?($'/A+52$'<(A#5*+2/(&#,(#880G(#'(@3J(20(
$-+'2$1,( 5+%2#$'( *$'-/( 01( 50&&4'$5#2$0'/( =AQA( 1$8+( 2%#'/1+%/?( 10%( +E#&A8+>(
2"#2( $2( &#,( -+5$-+( 20( H2"%0228+I( 0%( A%05+//( &0%+( /80G8,( #2( 2$&+/( G"+'( 2"+(
'+2G0%*($/(50'<+/2+-Bc(
!
8#)'!2#+ -!#)!/0( W( S'( @3J( 2"#2( G#'2/( 20( 5"#%<+( -$11+%+'2( A%$5+/( 10%( 2"+( 4/+( 01(
-$11+%+'2(@'2+%'+2(/+%K$5+/(W(/#,(C+.(.%0G/$'<?(0'8$'+(<#&$'<?(0%(\0@J(W(5#'(
4/+(9J@(20(-$/2$'<4$/"(0'+(/+%K$5+(1%0&(#'02"+%(0'(2"+('+2G0%*(#'-(5"#%<+(
$2/(54/20&+%/(#550%-$'<8,Bd((
!
1#-#2-!(/+ (3+ !/-#**#2-9&*+ :)(:#)-;( W( 30&+( @3J/( #'-( 50'2+'2( $-+'2$1$5#2$0'(
50&A#'$+/("#K+(.+<4'(4/$'<(9J@(20(#22+&A2(20($-+'2$1,(50A,%$<"2+-(G0%*/(
#/( 2"+,( 180G( #5%0//( 2"+$%( '+2G0%*/( 10%( 2"+( A4%A0/+( 01( +'10%5$'<( $'2+88+524#8(
A%0A+%2,(%$<"2/BMe(
(
N$*+( &0/2( 02"+%( 2+5"'080<$+/?( 9J@( $/( '+42%#8( W( $2/( .+'+1$2/( #'-( %$/*/( 20( .02"(
50'/4&+%/(#'-(2"+(@'2+%'+2(#2(8#%<+(K#%,(G$-+8,(-+A+'-$'<(4A0'(2"+(A#%2$548#%(
A4%A0/+( 10%( G"$5"( $2( $/( 4/+-( #'-( "0G( $2( $/( -+A80,+-( 0'( 2"+( '+2G0%*B( a#5"(
A0//$.8+( 4/+( 01( 9J@( "#/( $2/( 0G'( 4'$F4+( A08$5,( #'-( 8+<#8( $&A8$5#2$0'/?( #'-( 2"+(
482$&#2+(#'#8,/$/(01(G"+2"+%(2"+(.+'+1$2/(01(9J@(042G+$<"($2/(%$/*/(G$88(24%'(0'(
2"+( 50'2+E2( 01( #( A#%2$548#%( 9J@( #AA8$5#2$0'B( U0G+K+%?( G+( .+8$+K+( 9J@( $'( '+#%8,(
+K+%,( 50'2+E2( %#$/+/( /4./2#'2$#8( A%$K#5,( 50'5+%'/( .+5#4/+( $2( A02+'2$#88,( #880G/(
10%( 2"+( 50'2+'2( 01( 50'/4&+%/D( @'2+%'+2( 50&&4'$5#2$0'/( 20( .+( 5#A24%+-( #'-(
#'#8,P+-B((
III. The Privacy Risks of Deep Packet Inspection
@'( A#%2( .+5#4/+( 2"+( @'2+%'+2( G#/( -+K+80A+-( #%04'-( 2"+( +'-L20L+'-( A%$'5$A8+?(
50'/4&+%/("#K+(50&+(20(+EA+52(2"#2(2"+$%(@'2+%'+2(50&&4'$5#2$0'/(A#//(2"%04<"(
((((((((((((((((((((((((((((((((((((((((((((((((((((((((
7
See, e.g., Sandvine DPI-Based Policy Solutions, http://sandvine.com/general/getfile.asp?FILEID=17 at 6 (last visited July 14,
2008); Thomas Porter, The Perils of Deep Packet Inspection, SecurityFocus, Jan. 1, 2005, http://securityfocus.com/infocus/1817.
8
See, e.g., Nate Anderson, New Filings Reveal Extent, Damage of Bell Canada Throttling, Ars Technica, June 2, 2008,
http://arstechnica.com/news.ars/post/20080602-new-filings-reveal-extent-damage-of-bell-canada-throttling.html.
9
See Nate Anderson, Deep Packet Inspection Meets 'Net Neutrality, CALEA, Ars Technica, July 24, 2007,
http://arstechnica.com/articles/culture/Deep-packet-inspection-meets-net-neutrality.ars.
10
See, e.g., Audible Magic CopySense Appliance, http://audiblemagic.com/products-services/copysense/ (last visited July 14, 2008);
see also Rob Frieden, Internet Packet Sniffing and Its Impact on the Network Neutrality Debate and the Balance of Power Between
Intellectual Property Creators and Consumers, 18 Fordham Intell. Prop. Media & Ent. L.J. 633 (2008).
6(
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
2"+( '+2G0%*( G$2"042( .+$'<( /'00A+-( 0'( 2"+( G#,B( 9J@( -%#&#2$5#88,( #82+%/( 2"$/(
8#'-/5#A+( .,( A%0K$-$'<( #'( @3J( 0%( $2/( A#%2'+%/( G$2"( 2"+( #.$8$2,( 20( $'/A+52(
50'/4&+%(50&&4'$5#2$0'/(+'(%042+B(;"4/?(-+A80,$'<(#(9J@(/,/2+&(8$*+8,(-+1$+/(
2"+( +EA+52#2$0'/( 50'/4&+%/( "#K+( .4$82( 4A( 0K+%( 2$&+B( S./+'2( 4'&$/2#*#.8+(
'02$5+?( 50'/4&+%/( /$&A8,( -0( '02( +EA+52( 2"+$%( @3J( 0%( $2/( A#%2'+%/( 20( .+( 800*$'<(
$'20(2"+(50'2+'2(01(2"+$%(@'2+%'+2(50&&4'$5#2$0'/B((
)#',(50&A#'$+/(#2(+K+%,(8+K+8(01(2"+(@'2+%'+2(K#84+(5"#$'("#K+(G0%*+-(20(.4$8-(
2%4/2($'(2"+(&+-$4&(20(2"+(A0$'2(G"+%+(&$88$0'/(01(50'/4&+%/(1++8(50&10%2#.8+(
+'<#<$'<( $'( #( G$-+( %#'<+( 01( A+%/0'#8( #'-( 50&&+%5$#8( 50&&4'$5#2$0'/( #'-(
2%#'/#52$0'/( 0'8$'+B( @3J/( #%+( #( 5%$2$5#8( A#%2( 01( 2"#2( 5"#$'( 01( 2%4/2B( @1( 50'/4&+%/(
1$'-(%+#/0'/(20(F4+/2$0'(G"#2(2"+$%(@3J/(#%+(-0$'<(G$2"(2"+$%(@'2+%'+2(-#2#?(2"+,(
&#,( .+50&+( %+8452#'2( 20( 4/+( 2"+( @'2+%'+2( #/( 0A+'8,( #'-( 1%+F4+'28,( #/( 2"+,( -0(
20-#,B(_'8+//($2($/(5#%+1488,(-+A80,+-?(9J@(%4'/(2"+(%$/*(01(-#&#<$'<(50'/4&+%(
50'1$-+'5+($'(2"+(&+-$4&B(
!+%2#$'(5"#%#52+%$/2$5/(01(9J@(#8/0(/+%$04/8,(5"#88+'<+(2%#-$2$0'#8('02$0'/(01(H1#$%(
$'10%&#2$0'( A%#52$5+/?I( #( <+'+%#88,( #55+A2+-( /+2( 01( A%$'5$A8+/( 10%( A%02+52$'<(
A%$K#5,BMM( !0'/$-+%( 2"+( 1#$%( $'10%&#2$0'( A%$'5$A8+( 01( 8$&$2$'<( -#2#( 5088+52$0'( 20(
G"#2( $/( '+5+//#%,( 20( 50&A8+2+( 2"+( 2#/*( #2( "#'-B( U0G( 5#'( 2"$/( $-+#( .+( /F4#%+-(
G$2"(+E$/2$'<(9J@(+F4$A&+'2(2"#2("#/(2"+(5#A#.$8$2,(20(5088+52(#'-(#'#8,P+(+K+%,(
/$'<8+(@'2+%'+2(A#5*+2(10%(&$88$0'/(01(@'2+%'+2(4/+%/(#2(0'5+fMQ(S82"04<"(9J@(5#'(
.+( $&A8+&+'2+-( G$2"( 8$&$2/( 0'( 2"+( 2,A+/( 01( -#2#( 5088+52+-?( 2"+( 2%+'-( $/( 20G#%-(
&0%+(-#2#(5088+52$0'(#'-(A%05+//$'<(A0G+%?('02(8+//B(
;%#'/A#%+'5,( $/(#'02"+%( 50%+( 1#$%( $'10%&#2$0'( A%$'5$A8+(2"#2(9J@(G048-(#AA+#%(
20(5"#88+'<+B(9J@(+F4$A&+'2(K+'-0%/(50&A+2+(0'("0G(/&#88(01(#'($&A#52(2"+,(
5#'( "#K+( 0'( 0K+%#88( '+2G0%*( 0A+%#2$0'/BMT( \+'-0%/( /++*( 20( +'/4%+( 2"#2( 9J@(
+F4$A&+'2?( +K+'( #/( $2( A%05+//+/( &#//+/( 01( @'2+%'+2( -#2#( 1%0&( &$88$0'/( 01(
/4./5%$.+%/?( G$88( '02( /80G( -0G'( '+2G0%*( 0A+%#2$0'/( #'-( G$88( $'( 1#52( .+( #/(
$'K$/$.8+(#/(A0//$.8+(0'(2"+('+2G0%*B(;"$/(&+#'/(@3J/(#'-(02"+%/(&#,(.+(#.8+(20(
-+A80,( 9J@( /,/2+&/( 2"#2( "#K+( 1+G( '02$5+#.8+( +11+52/( 0'( 50'/4&+%/B( C$2"( 9J@(
((((((((((((((((((((((((((((((((((((((((((((((((((((((((
11
See, e.g., Organisation for Economic Co-operation and Development, OECD GUIDELINES ON THE PROTECTION OF PRIVACY AND
TRANSBORDER FLOWS OF PERSONAL DATA (Sept. 23, 1980),
http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html.
12
See Procera PacketLogic PL10000 Datasheet, http://www.proceranetworks.com/images/documents/ds-pl10000-05-2108_4p_web.pdf (last visited July 14, 2008).
13
See, e.g., The Tolly Group, Procera PacketLogic 7600 Evaluation of Accuracy and Scalability of Network Traffic and Service
Management System (May 2007),
http://www.proceranetworks.com/images/documents/tolly207173procerapacketlogic7600may2007.pdf (highlighting the fact that the
Procera DPI device “generates less than 1 millisecond of one-way average latency”).
7(
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
"$--+'(1%0&(K$+G?(2"0/+(-0$'<(2"+(A#5*+2($'/A+52$0'(&#,("#K+(8$228+($'5+'2$K+(20(
1488,(-$/580/+(2"+$%(A%#52$5+/B(
@'(&#',(5#/+/?(9J@(+F4$A&+'2(G$88(#420&#2$5#88,(5088+52(A+%/0'#88,($-+'2$1$#.8+(
$'10%&#2$0'(=J@@>?(+K+'($1(2"+(@3J(0%($2/(A#%2'+%/("#K+('0($'2+'2$0'/(01(4/$'<(/45"(
-#2#B( !0'/$-+%( #( 2"$%-LA#%2,( K+'-0%( 4/$'<( #( 9J@( /,/2+&( 20( #'#8,P+( 2"+( C+.(
.%0G/$'<(#52$K$2$+/(01(#'(@3JD/(/4./5%$.+%/B(S82"04<"(2"+(K+'-0%(&#,('02(5#%+(20(
*'0G( 2"+( "0&+( #--%+//( 01( #( /4./5%$.+%?( 2"+( 9J@( +F4$A&+'2( /4%+8,( 5088+52/( J@@(
G"+'(2"#2(/4./5%$.+%(50'-452/(C+.(/+#%5"+/(20(0.2#$'(0'8$'+(-%$K$'<(-$%+52$0'/(
1%0&( "$/( 0%( "+%( 0G'( "0&+( #--%+//B( O4%2"+%&0%+?( 9J@( /,/2+&/( #420&#2$5#88,(
5088+52( @J( #--%+//+/?( G"$5"( 5#'( /0&+2$&+/( .+( 4/+-( 20( %+L$-+'2$1,( $'-$K$-4#8/(
G"+'( 50&.$'+-( G$2"( 02"+%( $'10%&#2$0'B( @'( 2"$/( G#,?( 9J@( 2+'-/( 20( /G++A( $'(
A+%/0'#8( $'10%&#2$0'( +K+'( G"+'( /45"( $'10%&#2$0'( $/( '02( /04<"2( .,( 2"+( A#%2,(
-0$'<(2"+(A#5*+2($'/A+52$0'B(
3$&$8#%8,?( /+'/$2$K+( $'10%&#2$0'( &#,( .+( 4'$'2+'2$0'#88,( 5088+52+-( $'( #( 9J@(
/,/2+&B(J+%/0'#8("+#82"(-#2#?(10%(+E#&A8+?($/(&$<%#2$'<(0'8$'+(2"%04<"(#'(+K+%L
+EA#'-$'<(#%%#,(01("+#82"($'10%&#2$0'(#'-(/+#%5"(/$2+/?(0'8$'+(/4AA0%2(<%04A/?(
#'-(A+%/0'#8("+#82"(%+50%-(/$2+/B(S82"04<"(2"+(0A+%#20%(01(#(9J@(/,/2+&(&#,('02(
5#%+( 20( /20%+( 0%( #'#8,P+( /45"( $'10%&#2$0'?( #( A#5*+2( 50'2#$'$'<( /+'/$2$K+( -#2#(
&4/2(1$%/2(.+($'/A+52+-(20(-+2+%&$'+($2/(50'2+'2/(.+10%+(2"+(9J@(/,/2+&(0A+%#20%(
5#'( -+5$-+( G"#2( 20( -0( G$2"( $2B( @'( /"0%2?( 9J@( 2+5"'080<,( &#,( 800*( #2( #88(
$'10%&#2$0'?( $'584-$'<( /+'/$2$K+( $'10%&#2$0'V( G"#2( $/( 2"+'( -0'+( G$2"( 2"#2(
$'10%&#2$0'( 5#'( K#%,( G$-+8,( #'-( $/( 4'8$*+8,( 20( .+( -$%+528,( 0./+%K#.8+( .,(
50'/4&+%/B(
O0%( 9J@( 20( 0A+%#2+( $'( #( 2%48,( A%$K#5,LA%02+52$K+( G#,?( -#2#( 5088+52$0'( #'-(
%+2+'2$0'( '++-( 20( .+( 8$&$2+-( #'-( 2"0/+( 8$&$2/( /"048-( .+( 2$+-( 20( 2"+( 0%$<$'#8(
A4%A0/+/( 10%( 5088+52$'<( 2"+( -#2#B( !0'/4&+%/( '++-( 20( .+( $'10%&+-( #.042( G"#2(
-#2#( $/( .+$'<( 5088+52+-( #.042( 2"+$%( @'2+%'+2( #52$K$2$+/?( "0G( 2"+( $'10%&#2$0'( G$88(
.+(4/+-?(G"+2"+%(2"+($'10%&#2$0'(G$88(.+(/"#%+-(G$2"(02"+%/?(#'-(G"#2(&+#/4%+/(
#%+(.+$'<(2#*+'(20(+'/4%+(2"#2(#',(2%#'/1+%(01(-#2#(%+&#$'/(/+54%+B(;"+,(/"048-(
.+( A%+/+'2+-( G$2"( 2"$/( $'10%&#2$0'( $'( #( &#''+%( 2"#2( /4AA0%2/( $'10%&+-( 5"0$5+(
50'5+%'$'<( 2"+$%( $'10%&#2$0'( #'-( 2"#2( 5"0$5+( /"048-( "0'0%+-( A+%/$/2+'28,( 0K+%(
2$&+B(!0'/4&+%/(&4/2(#8/0("#K+(0AA0%24'$2$+/(10%(8+<#8(%+-%+//(10%(&$/4/+(01(2"+(
-#2#B( S/( #( %+5+'2( 9B!B( 9$/2%$52( !04%2( 0A$'$0'( +/2#.8$/"+-?( -#2#( 8+#*#<+( #'-( 2"+(
50'5+%'(10%(A02+'2$#8(#.4/+/(01(2"#2(-#2#(#%+(%+50<'$P#.8+("#%&/(/2#'-$'<(#80'+?(
8(
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
G$2"042( #',( '++-( 20( /"0G( &$/4/+( 01( 2"+( -#2#BMZ( !0'/4&+%/( -0( '02( '++-( 20(
.+50&+(K$52$&/(01($-+'2$2,(2"+12(20(/411+%(1%0&(#'($'K#/$0'(01(A%$K#5,B((
S82"04<"( 9J@( $'( #( <+'+%$5( /+'/+( %#$/+/( 2"+( A%$K#5,( 50'5+%'/( -+/5%$.+-( #.0K+?(
2"+( 4/+( 01( 9J@( 10%( .+"#K$0%#8( #-K+%2$/$'<( "#/( $2/( 0G'( 4'$F4+( A%$K#5,(
$&A8$5#2$0'/B(;"+/+(#%+(+EA80%+-($'(2"+('+E2(/+52$0'B(
IV. The Emerging Use of Deep Packet Inspection for
Behavioral Advertising
^+"#K$0%#8( #-K+%2$/$'<?( G"$5"( $'K08K+/( 2"+( 5088+52$0'( #'-( #<<%+<#2$0'( 01(
50'/4&+%/D( C+.( .%0G/$'<( #52$K$2$+/( 10%( 2"+( A4%A0/+( 01( /+%K$'<( 2"+&( 2#%<+2+-(
#-K+%2$/+&+'2/?( "#/( '02( 2%#-$2$0'#88,( &#-+( 4/+( 01( 9J@B( O0%( '+#%8,( #( -+5#-+?(
.+"#K$0%#8( #-K+%2$/$'<( "#/( .++'( 4'-+%2#*+'( .,( #-( '+2G0%*/( W( 50&A#'$+/( 2"#2(
50'2%#52(G$2"(C+.(/$2+/(20(.+(#.8+(20(5088+52(-#2#(#.042(2"+(50'/4&+%/(G"0(K$/$2(
2"0/+(/$2+/B(S(2%#-$2$0'#8(.+"#K$0%#8(#-('+2G0%*(.4$8-/(4A(A%01$8+/(01($'-$K$-4#8(
50'/4&+%/(.,(2%#5*$'<(2"+$%(#52$K$2$+/(0'(/$2+/(A#%2$5$A#2$'<($'(2"+('+2G0%*B(S-(
'+2G0%*/( 4/4#88,( #550&A8$/"( 2"$/( 2%#5*$'<( .,( A8#5$'<( #( 500*$+( G$2"( #( 4'$F4+(
$-+'2$1$+%(0'(#(50'/4&+%D/(50&A42+%(#'-(2,$'<(2"+(50'/4&+%D/(.+"#K$0%#8(A%01$8+(
20( 2"#2( $-+'2$1$+%B( !0'/4&+%/D( A%01$8+/( #%+( 8#2+%( 4/+-( 20( /+%K+( 2#%<+2+-( #-/( 20(
2"0/+(50'/4&+%/(0'(02"+%(C+.(/$2+/B(@1(#(50'/4&+%(K$/$2/(#(/+%$+/(01(/A0%2/(C+.(
/$2+/(#'-(8#2+%(K$/$2/(#('+G/(/$2+?(10%(+E#&A8+?("+(0%(/"+(&#,(.+(/"0G'(#'(#-(10%(
<081(584./(0%(.#/+.#88(2$5*+2/(0'(2"+('+G/(/$2+B(
7K+%( 2"+( A#/2( ,+#%?( #( '+G( *$'-( 01( #-( '+2G0%*( 2"#2( &#*+/( 4/+( 01( 9J@( 10%(
.+"#K$0%#8(#-K+%2$/$'<("#/(+&+%<+-B(@'(2"$/(&0-+8?(2"+(#-('+2G0%*(A#%2'+%/(G$2"(
#'(@3J(20(-0($2/(-#2#(5088+52$0'?(%#2"+%(2"#'(G$2"(#('+2G0%*(01(A#%2$5$A#2$'<(C+.(
/$2+/B( ;"+( @3J( #880G/( 2"+( #-( '+2G0%*( 20( 50'-452( 9J@( 0'( 2"+( $'-$K$-4#8( C+.(
.%0G/$'<( #52$K$2$+/( 01( +#5"( 01( 2"+( @3JD/( 54/20&+%/B( ;"$/( &+#'/( 2"#2( 2"+( #-(
'+2G0%*( %+5+$K+/( #'( $'-$K$-4#8D/( C+.( .%0G/$'<( /2%+#&( -$%+528,( 1%0&( 2"+( @3J(
#'-(#'#8,P+/(2"+(50'2+'2(01(2"#2(A#5*+2(/2%+#&($'(0%-+%(20(5%+#2+(#(A%01$8+(01(2"+(
$'-$K$-4#8D/( 0'8$'+( .+"#K$0%/( #'-( $'2+%+/2/B( S/( 54/20&+%/( 01( 2"+( @3J( /4%1( 2"+(
C+.( #'-( K$/$2( 02"+%( C+.( /$2+/?(2"+( #-('+2G0%*(/+%K+/(2"+&(#-/( 2#%<+2+-(.#/+-(
0'(2"+$%(.+"#K$0%#8(A%01$8+/B(
((((((((((((((((((((((((((((((((((((((((((((((((((((((((
14
Am. Fed'n of Gov't Employees v. Hawley, 543 F. Supp. 2d 44, 50–51 (D.D.C. 2008) (ruling, inter alia, that concerns about identity
theft, embarrassment, inconvenience, and damage to financial suitability requirements after an apparent data breach constituted a
recognizable "adverse effect" under the Privacy Act, 5 U.S.C. § 552a (citing Kreiger v. Dep't of Justice, 529 F. Supp. 2d 29, 53
(D.D.C. 2008)).
9(
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
;"+( 4/+( 01( 9J@( 10%( .+"#K$0%#8( #-K+%2$/$'<( $/( 0'+( #%+#( 2"#2( G+( .+8$+K+( %+F4$%+/(
580/+(/5%42$',(1%0&(8#G&#*+%/B(S/($2("#/(.++'($&A8+&+'2+-(2"4/(1#%?(2"+(4/+(01(
9J@( 10%( .+"#K$0%#8( #-K+%2$/$'<( A0/+/( %$/*/( 20( 50'/4&+%( A%$K#5,?( -+1$+/(
%+#/0'#.8+( 4/+%( +EA+52#2$0'/?( 5#'( .+( -$/%4A2$K+( 20( @'2+%'+2( #'-( C+.(
14'52$0'#8$2,?(#'-(&#,(%4'(#1048(01(50&&4'$5#2$0'/(A%$K#5,(8#G/B(
"#!
-:9;%6)!805&96%*9'$.!'3!*+,!2.,!'3!4-8!3':!1,+%;9':%&!"<;,:*9.9$(!
<"+
=)!'&2;+>7:*!2&-!(/.+(3+$#%&'!()&*+?,'#)-!.!/0+&-+@&)0#+
aK+'(G"+'($2(-0+/('02($'K08K+(9J@?(.+"#K$0%#8(#-K+%2$/$'<(A0/+/(#(<%0G$'<(%$/*(
20( 50'/4&+%( A%$K#5,B( !0'/4&+%/( #%+( 8#%<+8,( 4'#G#%+( 01( 2"+( A%#52$5+( #'-( #%+(
2"4/( $88( +F4$AA+-( 20( 2#*+( A%02+52$K+( #52$0'B( ;"+,( "#K+( '0( +EA+52#2$0'( 2"#2( 2"+$%(
.%0G/$'<( $'10%&#2$0'( &#,( .+( 2%#5*+-( #'-( /08-?( #'-( 2"+,( #%+( %#%+8,( A%0K$-+-(
/411$5$+'2( $'10%&#2$0'( #.042( 2"+( A%#52$5+/( 01( #-K+%2$/+%/( 0%( 02"+%/( $'( 2"+(
#-K+%2$/$'<( K#84+( 5"#$'( 20( <#4<+( 2"+( A%$K#5,( %$/*/( #'-( &#*+( &+#'$'<148(
-+5$/$0'/(#.042(G"+2"+%(#'-("0G(2"+$%($'10%&#2$0'(&#,(.+(4/+-B(@'(#(%+5+'28,(
%+8+#/+-(U#%%$/(@'2+%#52$K+gS8#'(OB(C+/2$'(/24-,?([dh(01(%+/A0'-+'2/(/#$-(2"+,(
G+%+( '02( 50&10%2#.8+( G$2"( 0'8$'+( 50&A#'$+/( 4/$'<( 2"+$%( .%0G/$'<( .+"#K$0%( 20(
2#$80%( #-/( #'-( 50'2+'2( 20( 2"+$%( $'2+%+/2/( +K+'( G"+'( 2"+,( G+%+( 208-( 2"#2( /45"(
#-K+%2$/$'<( /4AA0%2/( 1%++( /+%K$5+/BM[( S( %+5+'2( ;Y_3;+( /4%K+,( A%0-45+-( /$&$8#%(
%+/482/BM`(@2($/("$<"8,(4'8$*+8,(2"#2(2"+/+(%+/A0'-+'2/(4'-+%/200-(2"#2(2"$/(2,A+(01(
#-(2#%<+2$'<($/(#8%+#-,(2#*$'<(A8#5+(0'8$'+(+K+%,(-#,B((
@'(&0/2(5#/+/?(-#2#(5088+52$0'(10%(.+"#K$0%#8(#-K+%2$/$'<(0A+%#2+/(0'(#'(0A2L042(
.#/$/B(7A2L042(&+5"#'$/&/(10%(0'8$'+(#-K+%2$/$'<(#%+(012+'(.4%$+-($'(1$'+(A%$'2?(
-$11$5482( 20( 4'-+%/2#'-?( "#%-( 20( +E+542+( #'-( 2+5"'$5#88,( $'#-+F4#2+B( 7'8,( 2"+(
&0/2( /0A"$/2$5#2+-( #'-( 2+5"'$5#88,( /#KK,( 50'/4&+%/( #%+( 8$*+8,( 20( .+( #.8+( 20(
/455+//1488,('+<02$#2+(/45"(0A2L042(A%05+//+/B()0%+0K+%?($'(&0/2(5#/+/?(0A2L042(
&+5"#'$/&/(011+%+-(10%(.+"#K$0%#8(#-K+%2$/$'<(0'8,(0A2(2"+(4/+%(042(01(%+5+$K$'<(
2#%<+2+-( #-/?( .42( -0( '02( 0A2( 2"+( 4/+%( 042( 01( -#2#( 5088+52$0'( #.042( "$/( 0%( "+%(
@'2+%'+2(4/#<+B((
((((((((((((((((((((((((((((((((((((((((((((((((((((((((
15
Alan F. Westin, How Online Users Feel About Behavioral Marketing and How Adoption of Privacy and Security Policies Could
Affect Their Feelings (Mar. 2008).
16
TRUSTe, “TRUSTe Report Reveals Consumer Awareness and Attitudes About Behavioral Targeting” (Mar. 28, 2008),
http://marketwire.com/press-release/Truste-837437.html (“71 percent of online consumers are aware that their browsing information
may be collected by a third party for advertising purposes . . .. 57 percent of respondents say they are not comfortable with
advertisers using that browsing history to serve relevant ads, even when that information cannot be tied to their names or any other
personal information.”).
10(
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
;"+%+( $/( #8/0( #( %$/*( 2"#2( A%01$8+/( 10%( .+"#K$0%#8( #-K+%2$/$'<( &#,( .+( 4/+-( 10%(
A4%A0/+/( 02"+%( 2"#'( #-K+%2$/$'<B( O0%( +E#&A8+?( #-( '+2G0%*/( 2"#2( 1054/( 0'( H%+L
2#%<+2$'<I( #-/( &#,( #8%+#-,( .+( 4/$'<( A%01$8+/( 20( "+8A( &#%*+2+%/( +'<#<+( $'(
-$11+%+'2$#8(A%$5$'<BMb(^+"#K$0%#8(A%01$8+/?(A#%2$548#%8,(2"0/+(2"#2(5#'(.+(2$+-(20(#'(
$'-$K$-4#8?( &#,( #8/0( .+( #( 2+&A2$'<( /04%5+( 01( $'10%&#2$0'( $'( &#*$'<( -+5$/$0'/(
#.042(5%+-$2?($'/4%#'5+?(#'-(+&A80,&+'2B(C"$8+(2"+(8#5*(01(2%#'/A#%+'5,(&#*+/(
$2( #8&0/2( $&A0//$.8+( 20( *'0G( G"+2"+%( .+"#K$0%#8( A%01$8+/( #%+( .+$'<( 4/+-( 10%(
02"+%( A4%A0/+/?( 2"+( 8#5*( 01( +'10%5+#.8+( %48+/( #%04'-( 2"+( 5088+52$0'( #'-( 4/+( 01(
&0/2(A+%/0'#8($'10%&#2$0'(8+#K+/(2"+(-00%(G$-+(0A+'(10%(#(&,%$#-(01(/+50'-#%,(
4/+/B((
O$'#88,?( .+5#4/+( 2"+( 8+<#8( /2#'-#%-/( 10%( <0K+%'&+'2( #55+//( 20( A+%/0'#8(
$'10%&#2$0'( "+8-( .,( 2"$%-(A#%2$+/(#%+(+E2%#0%-$'#%$8,(80G?(2"+/+(50&A%+"+'/$K+(
50'/4&+%( A%01$8+/( #%+( #K#$8#.8+( 20( <0K+%'&+'2( 011$5$#8/( .,( &+%+( /4.A0+'#?(
G$2"042('02$5+(20(2"+($'-$K$-4#8(0%(#'(0AA0%24'$2,(10%(2"+($'-$K$-4#8(20(0.R+52BMc(
A"+
1##:+=&25#-+>/.:#2-!(/+BC&2#)D&-#.+&/,+>/-)(,92#.+>-.+E4/+=)!'&2;+F(/2#)/.+
;"+(A%$K#5,($&A8$5#2$0'/(01(.+"#K$0%#8(#-K+%2$/$'<(#2(8#%<+(#%+(#&A8$1$+-(G"+'(
9J@( $/( 2"+( -#2#( 5088+52$0'( &+5"#'$/&B( S-( '+2G0%*/( 2"#2( A#%2'+%( G$2"( @3J/( #'-(
4/+(9J@( &#,( A02+'2$#88,( <#$'( #55+//(20(/4./2#'2$#88,(#88( 01( #'( $'-$K$-4#8D/(C+.(
.%0G/$'<( -#2#( #/( $2( 2%#K+%/+/( 2"+( @3JD/( $'1%#/2%4524%+?( $'584-$'<( 2%#11$5( 20( #88(
A08$2$5#8?( %+8$<$04/?( #'-( 02"+%( '0'L50&&+%5$#8( /$2+/B( C"$8+( 2%#-$2$0'#8( #-(
'+2G0%*/( &#,( .+( 8#%<+?( 1+G( $1( #',( A%0K$-+( 2"+( 0AA0%24'$2,( 20( 5088+52(
$'10%&#2$0'(#.042(#'($'-$K$-4#8D/(0'8$'+(#52$K$2$+/(#/(50&A%+"+'/$K+8,(#/($'(2"+(
9J@( &0-+8?( A#%2$548#%8,( G$2"( %+/A+52( 20( #52$K$2$+/( $'K08K$'<( '0'L50&&+%5$#8(
50'2+'2B(S'-(#82"04<"(2"+/+(#-('+2G0%*/(54%%+'28,($'/A+52(A%+-0&$'#'28,(C+.(
2%#11$5?(@3J/(5#%%,(+&#$8/?(5"#2/?(1$8+(2%#'/1+%/(#'-(&#',(02"+%(*$'-/(01(-#2#(2"#2(
2"+,( 5048-( -+5$-+( 20( A#//( 0'( 20( .+"#K$0%#8( #-( '+2G0%*/( 10%( $'/A+52$0'( $'( 2"+(
1424%+B(
)0%+0K+%?( 2"+( 4/+( 01( 9J@( 10%( .+"#K$0%#8( #-K+%2$/$'<( -+1$+/( 4/+%( +EA+52#2$0'/(
#.042( G"#2( "#AA+'/( G"+'( 2"+,( /4%1( 2"+( C+.( #'-( 50&&4'$5#2+( 0'8$'+B( )0/2(
@'2+%'+2( 4/+%/( G048-( .+( /4%A%$/+-( 20( 1$'-( #( &$--8+&#'( 84%*$'<( .+2G++'( 2"+&(
#'-( 2"+( C+.( /$2+/( 2"+,( K$/$2B( i$K$'<( #'( 4'*'0G'( 2"$%-( A#%2,( .%0#-( #55+//( 20(
((((((((((((((((((((((((((((((((((((((((((((((((((((((((
17
See Louise Story, Online Pitches Made Just for You, N.Y. TIMES, Mar. 6, 2008,
http://nytimes.com/2008/03/06/business/media/06adco.html.
18
See CDT, Digital Search and Seizure: Updating Privacy Protections to Keep Pace with Technology (Mar. 2006),
http://cdt.org/publications/digital-search-and-seizure.pdf at 7-9; Deirdre K. Mulligan, Reasonable Expectations in Electronic
Communications: A Critical Perspective on the Electronic Communications Privacy Act, 72 GEO. WASH. L. REV. 1557 (2004);
Daniel J. Solove, Digital Dossiers and the Dissipation of Fourth Amendment Privacy, 75 S. CAL. L. REV. 1083, 1135 (2002).
11(
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
&0/2(50'/4&+%(C+.(50&&4'$5#2$0'/(&#,(4'-+%&$'+(2"+(2%4/2(2"#2(50'/4&+%/(
"#K+($'(2"+$%(@3J/B(
1#!
=>::,$*!805&,0,$*%*9'$.!?%)!8$*,:3,:,!@9*+!A':0%&!8$*,:$,*!2.,!
9+/A$2+(2"+/+(50'5+%'/?(/+K+%#8(#-('+2G0%*(50&A#'$+/(#%+(&0K$'<(10%G#%-(G$2"(
A8#'/( 20( 4/+( 9J@( 10%( .+"#K$0%#8( #-K+%2$/$'<B( ;"+( 2G0( &0/2( A%0&$'+'2( #-(
'+2G0%*/(+'<#<+-($'(2"$/(A%#52$5+(#%+(j+.4S-($'(2"+(_'$2+-(32#2+/(#'-(J"0%&(
$'(2"+(_kB(!"#%2+%(!0&&4'$5#2$0'/?(#(5#.8+(.%0#-.#'-(@3J?(%+5+'28,(#''04'5+-(
W( #'-( 2"+'( -+8#,+-( W( #( A8#'( 20( 50'-452( 2%$#8/( 01( 2"+( j+.4S-( .+"#K$0%#8(
#-K+%2$/$'<(2+5"'080<,BMd(3+K+%#8(02"+%(@3J/?(/45"(#/(C$-+(7A+'(C+/2(=C7Cl>?(
!+'24%,;+8?(a&.#%F(#'-(k'080<,(#8/0(#''04'5+-(A8#'/(G$2"(j+.4S-(20(2%$#8(0%(
-+A80,($2/(.+"#K$0%#8(#-K+%2$/$'<(2+5"'080<,B(S82"04<"(#('4&.+%(01(2"+/+(@3J/(
"#K+( A42( 2"+$%( A8#'/( 0'( "08-( $'( 2"+( G#*+( 01( #( 1$%+/20%&( 01( 5%$2$5$/&?( j+.4S-(
50'2$'4+/( 20( G0%*( G$2"( _B3B( @3J/( #'-( /++*( '+G( @3J( A#%2'+%/B( J"0%&?( G"$5"(
0%$<$'#88,( #''04'5+-( -+#8/( G$2"( 2"%++( 01( 2"+( _kD/( 8#%<+/2( @3J/( #'-( "#/( /04<"2(
A#%2'+%/"$A/(G$2"(_B3B(@3J/?($/(#8/0('0G(+'504'2+%$'<("+/$2#2$0'(1%0&(/0&+(01($2/(
_k(A#%2'+%/BQe(
@'-+A+'-+'2(#'#8,/+/(01(.02"(50&A#'$+/D(/,/2+&/("#K+(%+K+#8+-(2"#2(.,(K$%24+(
01(2"+$%(#.$8$2,(20($'2+%5+A2(@'2+%'+2(2%#11$5(+'(%042+(W(#'-(.#/+-(0'(2"+$%(-+/$%+(20(
2%#5*( $'-$K$-4#8( @'2+%'+2( 4/+%/( W( 2"+,( +'<#<+( $'( #'( #%%#,( 01( A%#52$5+/( 2"#2( #%+(
$'50'/$/2+'2( G$2"( 2"+( 4/4#8( 180G( 01( @'2+%'+2( 2%#11$5B( j+.4S-( %+A0%2+-8,( $'R+52/(
50&A42+%( 50-+( $'20( C+.( 2%#11$5( /2%+#&/( 2"#2( 5#4/+/( '4&+%04/( 500*$+/( 20( .+(
A8#5+-(0'(4/+%/D(50&A42+%/(10%(.+"#K$0%#8(2%#5*$'<?('0'+(01(G"$5"(#%+(%+8#2+-(20(
0%( /#'52$0'+-( .,( 2"+( C+.( /$2+/( 2"+( 4/+%/( K$/$2BQM( C"+'( #( 4/+%( '#K$<#2+/( 20( #(
A#%2$548#%(C+.(/$2+?(J"0%&(%+A0%2+-8,(A%+2+'-/(20(.+(2"#2(C+.(/$2+(/0(2"#2($2(5#'(
A8#'2(#(.+"#K$0%#8(2%#5*$'<(500*$+(8$'*+-(20(2"#2(/$2+(0'(2"+(4/+%D/(50&A42+%BQQ(@'(
#--$2$0'( 20( 2"+( A%$K#5,( $&A8$5#2$0'/( 01( 2%#5*$'<( #88( 01( #'( $'-$K$-4#8D/( C+.(
#52$K$2$+/?( 2"$/( *$'-( 01( 50'-452( "#/( 2"+( A02+'2$#8( 20( 5%+#2+( /+%$04/( /+54%$2,(
((((((((((((((((((((((((((((((((((((((((((((((((((((((((
19
Saul Hansell, Charter Suspends Plan to Sell Customer Data to Advertisers, N.Y. TIMES: BITS BLOG, Jun. 24, 2008,
http://bits.blogs.nytimes.com/2008/06/24/charter-suspends-plan-to-sell-customer-data-to-advertisers.
20
Chris Williams, CPW builds wall between customers and Phorm, REGISTER, Mar. 11, 2008,
http://theregister.co.uk/2008/03/11/phorm_shares_plummet.
21
Robert M. Topolski, NebuAd and Partner ISPs: Wiretapping, Forgery and Browser Hijacking (June 2008),
http://publicknowledge.org/pdf/nebuad-report-20080618.pdf.
22
Richard Clayton, The Phorm “Webwise” System (May 18, 2008), http://www.cl.cam.ac.uk/~rnc1/080518-phorm.pdf.
12(
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
K48'+%#.$8$2$+/($'(2"+('+2G0%*?QT("#&A+%(2"+(/A++-(01(4/+%/D(@'2+%'+2(50''+52$0'/?(
#'-( $'2+%1+%+( G$2"( 0%-$'#%,( C+.( 14'52$0'#8$2,B( S2( #( 2$&+( G"+'( &#',( -$11+%+'2(
*$'-/( 01( 50&A#'$+/( #%+( G0%*$'<( 20( .4$8-( #( 2%4/2+-( 50&A42$'<( A8#210%&( 10%( 2"+(
@'2+%'+2?("#K$'<(@3J/(G0%*(G$2"(A#%2'+%/(G"0/+(A%#52$5+/(4'-+%&$'+(2%4/2(%#$/+/(
1424%+(5,.+%L/+54%$2,(50'5+%'/B(
=#!
(
=>::,$*!805&,0,$*%*9'$.!?%)!B9'&%*,!C,<,:%&!D%E!
^+"#K$0%#8(#-K+%2$/$'<('+2G0%*/(4/$'<(9J@(/2%+//(2"#2(2"+(A%01$8+/(2"+,(50&A$8+(
#%+( #'0',&04/( #'-( 50'2#$'( 0'8,( <+'+%$5( &#%*+2$'<( 58#//$1$5#2$0'/B( ;"#2( &#,(
G+88( .+( 2%4+?( #'-( /45"( A%01$8+/( G048-( '02( .+( 2"+( 1054/( 01( /+%$04/( A%$K#5,(
50'5+%'/B(Y#2"+%?(04%(50'5+%'($/(G$2"(G"#2($2(2#*+/(20(50&A$8+(/45"(A%01$8+/6(2"+(
-$/580/4%+?( 50A,$'<( #'-( #'#8,/$/( 01( /4./2#'2$#88,( #88( 01( #'( @'2+%'+2( 4/+%D/( C+.(
2%#11$5B(;"#2(#-K+%2$/$'<('+2G0%*/(20-#,(4/+(0'8,(#(A0%2$0'(01(G"#2(2"+,(5088+52(
#'-(-$/5#%-(2"+(%#G(-#2#(#12+%(#'#8,P$'<($2(011+%/(/&#88(50&10%2(20(G"#2(2"+,(0%(
2"+$%(A02+'2$#8(50&A+2$20%/(&$<"2(-0(G$2"(2"+(-#2#($'(2"+(1424%+B(j0%(-0(54%%+'2(
58#$&/(#.042(2"+(#'0',&$2,(01(/20%+-(A%01$8+/(0K+%50&+(2"+(1#52(2"#2(2"+($'$2$#8(
5#A24%+( #'-( -$/580/4%+( 01( /4./2#'2$#88,( #88( 01( #( A+%/0'D/( C+.( 2%#11$5( -+1$+/(
%+#/0'#.8+(+EA+52#2$0'/(#'-(&#,(K$08#2+(G$%+2#AA$'<(8#G/B(
;"+(1+-+%#8(C$%+2#A(S52?(#/(#&+'-+-(.,(2"+(a8+52%0'$5(!0&&4'$5#2$0'/(J%$K#5,(
S52(=a!JS>?(A%0"$.$2/(2"+($'2+%5+A2$0'(#'-(-$/580/4%+(01(+8+52%0'$5(
50&&4'$5#2$0'/(W($'584-$'<(2"+(50'2+'2(01(@'2+%'+2(A#5*+2/(W(G$2"042(50'/+'2BQZ(
S82"04<"(+E5+A2$0'/(20(2"$/(%48+(A+%&$2($'2+%5+A2$0'(#'-(-$/580/4%+(G$2"042(
50'/+'2?(G+(/+%$04/8,(-04.2(2"#2(#',(01(2"+&(#AA8,(20(2"+(4/+(01(9J@(10%(
.+"#K$0%#8(#-K+%2$/$'<(A4%A0/+/B(S550%-$'<8,?(G+(.+8$+K+(2"#2(2"+(C$%+2#A(S52(
%+F4$%+/(50'/+'2(.+10%+(2"+(50'2+'2(01(@'2+%'+2(A#5*+2/(&#,(.+(4/+-(10%(
.+"#K$0%#8(#-K+%2$/$'<(A4%A0/+/?(#'-(14%2"+%&0%+(2"#2(/45"(50'/+'2(/"048-(.+(
0.2#$'+-(0'(#'(0A2L$'(.#/$/(#12+%(4'#K0$-#.8+('02$5+B(!+%2#$'(/2#2+(8#G/(&#,(2#*+(
2"$/(0'+(/2+A(14%2"+%?(%+F4$%$'<(50'/+'2(1%0&(.02"(A#%2$+/(20(2"+(50&&4'$5#2$0'6(
2"+(50'/4&+%(#'-(2"+(C+.(/$2+("+(0%(/"+($/(K$/$2$'<B(S(-+2#$8+-(!9;(8+<#8(
&+&0%#'-4&(0'(2"+(#AA8$5#2$0'(01(2"+(C$%+2#A(S52?(a!JS(#'-(%+8+K#'2(/2#2+(
G$%+2#A(8#G/(20(2"+(4/+(01(@'2+%'+2(-#2#(50'2+'2(10%(.+"#K$0%#8(#-K+%2$/$'<($/(
#22#5"+-(#/(SAA+'-$E(SB(
(
((((((((((((((((((((((((((((((((((((((((((((((((((((((((
23
These types of behaviors have much in common with well-understood online security threats, and parts of the Internet security
community are already investigating how to respond. See Anti-Spyware Coalition, Anti-Spyware Coalition Aims to Address
Behavioral Targeting (Apr. 2008), http://antispywarecoalition.org/newsroom/20080425press.htm.
24
18 U.S.C. § 2511.
13(
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
@&A0%2#'28,?(1+-+%#8(#'-(/2#2+(G$%+2#A(8#G/(&#*+('0(-$/2$'52$0'(.+2G++'(J@@(#'-(
'0'LJ@@?(#'-(%$<"28,(/06(+#K+/-%0AA$'<(0'(A"0'+(5#88/?(10%(+E#&A8+?($/(#'(
0.K$04/(A%$K#5,(K$08#2$0'(+K+'(G"+'(2"+(+#K+/-%0AA+%(-0+/('02(*'0G(2"+(
$-+'2$2,(01(2"+(5#88+%B(aE$/2$'<(8+<#8(A%0"$.$2$0'/(#<#$'/2($'2+%5+A2$0'(#'-(
-$/580/4%+(01(+8+52%0'$5(50&&4'$5#2$0'/(#AA8,(G"+2"+%(0%('02(2"0/+(
50&&4'$5#2$0'/(50'2#$'(J@@B((
(
S/( !0'<%+//&+'( )#%*+,?( ^#%20'( #'-( 9$'<+88( "#K+( '02+-?( 2"+( !#.8+(
!0&&4'$5#2$0'/( J08$5,( S52( #8/0( #AA8$+/( "+%+BQ[( ;"+( 8#G( A%0"$.$2/( 5#.8+(
0A+%#20%/( 1%0&( 5088+52$'<( 0%( -$/580/$'<( A+%/0'#88,( $-+'2$1$#.8+(
$'10%&#2$0'( G$2"042( A%$0%( 50'/+'2BQ`( C"$8+( 2"+( 2+%&( HA+%/0'#88,(
$-+'2$1$#.8+( $'10%&#2$0'I( $'( 2"+( 8#G( $/( -+1$'+-( .,( G"#2( $2( -0+/( '02(
$'584-+( W( H#',( %+50%-( 01( #<<%+<#2+( -#2#( G"$5"( -0+/( '02( $-+'2$1,(
A#%2$548#%(A+%/0'/IQb(W(G+(-04.2(2"#2(#(4/+%D/(+'2$%+(C+.(.%0G/$'<(-#2#(
/2%+#&?(4'$F4+(20(2"#2($'-$K$-4#8?(012+'(50'2#$'$'<(.02"(J@@(#'-('0'LJ@@?(
G048-( .+( 50'/$-+%+-( #<<%+<#2+( -#2#( #/( 2"#2( 2+%&( $/( 50&&0'8,(
4'-+%/200-B((
(
C+( -0( '02( .+8$+K+( 2"#2( $2( $/( A0//$.8+( 20( /"0+"0%'( 2"+( 5088+52$0'( #'-(
-$/580/4%+( 01( #( /4./5%$.+%D/( +'2$%+( .%0G/$'<( "$/20%,( 10%( #-K+%2$/$'<(
A4%A0/+/( $'20( 2"+( /2#242+D/( +E5+A2$0'( 10%( 5088+52$0'( 0%( -$/580/4%+( 01(
$'10%&#2$0'(2"#2($/('+5+//#%,(20(%+'-+%(/+%K$5+BQc(;"4/?(G+(50'584-+(2"#2(
5#.8+L.#/+-( @3J/( 2"#2( G$/"( 20( -$/580/+( 2"+( 50'2+'2( 01( @'2+%'+2( A#5*+2/( 20(
#-K+%2$/$'<('+2G0%*/(G048-(#8/0("#K+(20(&++2(2"+(50'/+'2(%+F4$%+&+'2/(
01(2"+(!#.8+(!0&&4'$5#2$0'/(J08$5,(S52B(
;"+(9J@(&0-+8/(2"#2("#K+(.++'(-+A80,+-(2"4/(1#%("#K+(1#$8+-(20(0.2#$'(
#11$%&#2$K+?(+EA%+//(0A2L$'(50'/+'2(%+F4$%+-(.,(8#GB(@'(1#52?(2"+,("#K+(1#$8+-(20(
&++2(+K+'(%+8#2$K+8,(8#E(/2#'-#%-/(01($&A8$+-(50'/+'2B(3+K+%#8(/&#88(_B3B(@3J/?(
((((((((((((((((((((((((((((((((((((((((((((((((((((((((
25
Reps. Edward Markey and Joe Barton, Letter to Charter Communications CEO in Regards to the Charter-NebuAd Data
Collection Scheme (May 2008), http://markey.house.gov/docs/telecomm/letter_charter_comm_privacy.pdf; Reps. Edward Markey,
John Dingell, and Joe Barton, Letter to Embarq CEO (July 2008),
http://markey.house.gov/index.php?option=content&task=view&id=3410&Itemid=125.
26
47 U.S.C. § 551(b)-(c). A 1992 amendment adding the phrase “other services” to the Cable Act’s privacy provision made it clear
that the law covers Internet services provided by cable operators.
27
Id. § 551(a)(2)(A).
28
Id. § 551(a)(2)(B).
14(
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
10%(+E#&A8+?("#K+(.4%$+-(K#<4+($'10%&#2$0'(#.042(2"+$%(-+#8/(G$2"(j+.4S-($'(
2"+(@3J/D(2+%&/(01(/+%K$5+BQd(!"#%2+%(!0&&4'$5#2$0'/?(2"+(8#%<+/2(_B3B(@3J(2"#2(
"#-(A8#''+-(20(A#%2'+%(G$2"(j+.4S-?('02$1$+-($2/(/4./5%$.+%/(2"#2(2"+,(G048-(
.+(%+5+$K$'<(&0%+(%+8+K#'2(#-/?(.42(-$-('02(+EA8#$'($2/(A8#'/(20($'2+%5+A2(
/4./5%$.+%/D(2%#11$5(-#2#(#'-(-$-('02(A%0K$-+(#(G#,(10%(/4./5%$.+%/(20(<$K+(0%(
G$2""08-(50'/+'2(20("#K$'<(2"+$%(50&&4'$5#2$0'/($'2+%5+A2+-(#'-(-$/580/+-B(
!"#%2+%("#/(/$'5+(/4/A+'-+-($2/(A8#'/B(
(
9+/$<'$'<(#(%0.4/2(0A2L$'(50'/+'2(/,/2+&(10%(9J@L.#/+-(.+"#K$0%#8(#-K+%2$/$'<(
A%+/+'2/(#(10%&$-#.8+(5"#88+'<+B(C+(#%+(8+//(2"#'(/#'<4$'+(2"#2(/45"(#(/,/2+&(
5#'(.+(+#/$8,(-+/$<'+-?(A#%2$548#%8,(/$'5+($2(&4/2('02(0'8,(A%0K$-+(#(G#,(10%(
50'/4&+%/(20(<$K+(#11$%&#2$K+(50'/+'2?(.42($2(&4/2(#8/0(A%0K$-+(#(&+2"0-(10%(
2"+&(20(%+K0*+(2"#2(50'/+'2B(;"+(.4%-+'($/(0'(2"0/+(G"0(G$/"(20(&0K+(10%G#%-(
G$2"(2"+(&0-+8(20(-+&0'/2%#2+(2"#2(#'(+EA%+//('02$5+(#'-(50'/+'2(%+<$&+(5#'(
G0%*($'(2"$/(50'2+E2B((
V. The Role of Congress
!0'<%+//( /"048-( 2#*+( #52$0'( 20( #--%+//( 2"+( /$<'$1$5#'2( A%$K#5,( 50'5+%'/( %#$/+-(
.,(9J@(#'-(.%0#-+%(0'8$'+(A%$K#5,($//4+/6(
!
S/( #( 1$%/2( /2+A?( G+( 4%<+( 2"+( 34.50&&$22++( 20( /++*( #--$2$0'#8( $'10%&#2$0'(
-$%+528,(1%0&(@3J/(#'-(02"+%(50&A#'$+/(#.042(2"+$%(4/+(01(9J@(2+5"'080<,($'(
0%-+%( 20( .+22+%( #//+//( 2"+( #//05$#2+-( 2+5"'080<$5#8?( 8+<#8( #'-( A08$5,(
$&A8$5#2$0'/B(
;"$/( 34.50&&$22++( /"048-( /+2( #( <0#8( 01( +'#52$'<( $'( 2"+( '+E2( ,+#%( <+'+%#8(
A%$K#5,( 8+<$/8#2$0'( 50K+%$'<( .02"( 2"+( 0'8$'+( #'-( 0118$'+( G0%8-/B( !9;( "#/(
80'<( #%<4+-( 10%( /$&A8+?( 18+E$.8+( .#/+8$'+( 50'/4&+%( A%$K#5,( 8+<$/8#2$0'( 2"#2(
G048-(A%02+52(50'/4&+%/(1%0&($'#AA%0A%$#2+(5088+52$0'(#'-(&$/4/+(01(2"+$%(
A+%/0'#8( $'10%&#2$0'( G"$8+( +'#.8$'<( 8+<$2$&#2+( .4/$'+//( 4/+( 20( A%0&02+(
+50'0&$5( #'-( /05$#8( K#84+B( @'( A%$'5$A8+?( /45"( 8+<$/8#2$0'( G048-( 50-$1,( 2"+(
14'-#&+'2#8/( 01( H1#$%( $'10%&#2$0'( A%#52$5+/6I( %+F4$%$'<( 2%#'/A#%+'5,( #'-(
'02$5+( 01( -#2#( 5088+52$0'( A%#52$5+/?( A%0K$-$'<( 50'/4&+%/( G$2"( &+#'$'<148(
5"0$5+( %+<#%-$'<( 2"+( 4/+( #'-( -$/580/4%+( 01( 2"#2( $'10%&#2$0'?( #880G$'<(
50'/4&+%/( %+#/0'#.8+( #55+//( 20( A+%/0'#8( $'10%&#2$0'( 2"+,( "#K+( A%0K$-+-?(
A%0K$-$'<( %+&+-$+/( 10%( &$/4/+( 0%( 4'#42"0%$P+-( #55+//?( #'-( /+22$'<(
((((((((((((((((((((((((((((((((((((((((((((((((((((((((
!
29
See Mike Masnick, Where's The Line Between Personalized Advertising And Creeping People Out?, TECHDIRT, Mar. 11, 2008,
http://techdirt.com/articles/20080311/121305499.shtml; Peter Whoriskey, Every Click You Make, WASH. POST, Apr. 3, 2008,
http://washingtonpost.com/wp-dyn/content/article/2008/04/03/AR2008040304052.html.
15(
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
/2#'-#%-/( 20( 8$&$2( -#2#( 5088+52$0'( #'-( +'/4%+( -#2#( /+54%$2,B( S82"04<"( G+(
.+8$+K+(50&&4'$5#2$0'/(A%$K#5,(8#G/(#8%+#-,(#AA8,(20(/0&+(#AA8$5#2$0'/(01(
9J@?( +'#52$'<( .#/+8$'+( A%$K#5,( 8+<$/8#2$0'( G048-( 14%2"+%( 58#%$1,( 50'/4&+%/D(
A%$K#5,( %$<"2/( #'-( 5%+#2+( A%02+52$0'/( 10%( 02"+%( 10%&/( 01( -#2#( 5088+52$0'( '02(
50K+%+-(4'-+%(54%%+'2(8#GB(
!
;"+( O;!D/( -%#12( A%0A0/+-( A%$'5$A8+/( 10%( 0'8$'+( #-K+%2$/$'<( 1#$8( 20( #--%+//(
$//4+/(/A+5$1$5(20(2"+(9J@L.#/+-(#-K+%2$/$'<(&0-+8B(@2($/(#8/0(4'58+#%(G"+2"+%(
2"+( O;!( G$88( 10%&#88,( #-0A2( 2"+( A%$'5$A8+/( 0%( A42( $2/( +'10%5+&+'2( A0G+%(
.+"$'-(2"+&B(C+(#/*(2"+(34.50&&$22++(20(4%<+(2"+(O;!(20(#--%+//(9J@($'($2/(
<4$-+8$'+/( #'-( +E+%5$/+( 2"+( 1488( &+#/4%+( 01( $2/( +'10%5+&+'2( #42"0%$2,( 0K+%(
0'8$'+(#-K+%2$/$'<(A%#52$5+/B((
!
!0'<%+//( /"048-( +E#&$'+( #'-( /2%+'<2"+'( +E$/2$'<( 50&&4'$5#2$0'/( A%$K#5,(
8#G/( 20( 50K+%( '+G( /+%K$5+/?( 2+5"'080<$+/( #'-( .4/$'+//( &0-+8/( G$2"(
50'/$/2+'2(%48+/B(a!JS(G#/(A#//+-(&0%+(2"#'(Qe(,+#%/(#<0?(80'<(.+10%+(2"+%+(
G#/(#(C0%8-(C$-+(C+.(#'-(2"+(@'2+%'+2(.+5#&+($'2+<%#2+-($'20(S&+%$5#'/D(
-#$8,(8$K+/B(;"+(#AA8$5#2$0'(01(2"+(8#G(20(50&&0'(0'8$'+(#52$K$2$+/($'584-$'<(
C+.( /+#%5"( %+&#$'/( 4'58+#%( #'-( 2"+( 8+<#8( A%02+52$0'/( $2( A%0K$-+/( 10%( 2"+(
+'0%&04/(#&04'2/(01(A+%/0'#8(-#2#(/20%+-(0'8$'+(#%+(1#%(200(80GB(!0'<%+//(
/"048-(#8/0(50'/$-+%(58#%$1,$'<(2"#2(2"+(!#.8+(!0&&4'$5#2$0'/(J08$5,(S52D/(
A%$K#5,(A%0K$/$0'/(#AA8,(20(.%0#-.#'-(@'2+%'+2(/+%K$5+B(
VI. Conclusion
!9;(G048-(8$*+(20(2"#'*(2"+(34.50&&$22++(#<#$'(10%("08-$'<(2"$/($&A0%2#'2(#'-(
10%G#%-L800*$'<("+#%$'<B(C+(.+8$+K+(2"#2(!0'<%+//("#/(#(5%$2$5#8(%08+(20(A8#,($'(
+'/4%$'<( 2"#2( A%$K#5,( $/( A%02+52+-( #/( -++A( A#5*+2( $'/A+52$0'( #'-( 02"+%( '+G(
2+5"'080<$+/( 50'2%$.42+( 20( #'( $'5%+#/$'<8,( 50&A8+E( 0'8$'+( +'K$%0'&+'2B( !9;(
800*/( 10%G#%-( 20( G0%*$'<( G$2"( 2"+( 34.50&&$22++( #/( $2( A4%/4+/( 2"+/+( $//4+/(
14%2"+%B(
(
(
FOR MORE INFORMATION
J8+#/+(50'2#526(
S8$//#(!00A+%?(!9;(!"$+1(!0&A42+%(35$+'2$/2(
=QeQ>(`QbLdcee(
"22A6ggGGGB5-2B0%<(
16(
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
Appendix A: An Overview of the Federal Wiretap Act, Electronic
Communications Privacy Act, and State Two-Party Consent Laws
of Relevance to the NebuAd System and Other Uses of Internet
Traffic Content from ISPs for Behavioral Advertising
July 8th, 2008
!"#$%&'%($)%#&*()*(%&*%($)%+*(),*)(%-."/(%012)%#&*()*(%1*%*)3/454),/6%7,&58#5/(%
9:6%,581&%5*8%#570);%1/%/"44&,()8%1*%3$&0)%&,%45,(%7<%58=),(1/1*>%,)=)*")?%9$)%
+*(),*)(% &''),/% /4)#150% &44&,("*1(1)/% (&% (5,>)(% 58/% 75/)8% &*% ($)% )@4,)//)8% &,%
1*'),,)8%1*(),)/(/%&'%($)%1*81=18"50%"/),?%9$),)%5,)%=5,1&"/%A&8)0/%'&,%8)01=),1*>%
(5,>)()8% 58/% &*01*)?% 9$)/)% ,5*>)% ',&A% ($)% 4",)0<% #&*()@("50% -)=),<&*)% 3$&%
=1/1(/% 5% (,5=)0% /1()% /))/% ($)% /5A)% 51,01*)% 58;% (&% A&8)0/% ($5(% 1*=&0=)%
#&A4101*>%1*'&,A5(1&*%57&"(%($)%&*01*)%7)$5=1&,%&'%1*81=18"50%+*(),*)(%"/),/6%(&%
7)%"/)8%1*%/),=1*>%($)A%58=),(1/)A)*(/?%B&,%<)5,/6%C)7%/1()/%$5=)%)*(),)8%1*(&%
5>,))A)*(/%31($%58=),(1/1*>%*)(3&,2/%(&%"/)%D#&&21)/E%(&%(,5#2%1*81=18"50%"/),/%
5#,&//% C)7% /1()/% 1*% &,8),% (&% #&A410)% 4,&'10)/?% 9$1/% 544,&5#$% $5/% 5035</% 7))*6%
5*8% ,)A51*/6% 5% /&",#)% &'% 4,1=5#<% #&*#),*6% 1*% 45,(% 7)#5"/)% ($)% #&*8"#(% "/"500<%
&##",/%"*7)2*&3*/(%(&%A&/(%+*(),*)(%"/),/?%F)#)*(%8)=)0&4A)*(/6%1*#0"81*>%($)%
A),>),/% 7)(3))*% &*01*)% /),=1#)% 4,&=18),/% 5*8% /&A)% &'% ($)% 05,>)/(% &*01*)%
58=),(1/1*>% *)(3&,2/6% $5=)% $)1>$()*)8% ($)/)% #&*#),*/?% 9$)% G)*(),% '&,%
H)A&#,5#<% I% 9)#$*&0&><% $5/% 7))*% #&*8"#(1*>% 5% A5.&,% 4,&.)#(% &*% 7)$5=1&,50%
58=),(1/1*>6%1*%3$1#$%3)%$5=)%7))*%,)/)5,#$1*>%7)$5=1&,50%58=),(1/1*>%4,5#(1#)/6%
#&*/"0(1*>% 31($% +*(),*)(% #&A45*1)/% 5*8% 4,1=5#<% 58=&#5()/6% 8)=)0&41*>% 4&01#<%
4,&4&/50/6% '101*>% )@()*/1=)% #&AA)*(/% 5(% ($)% B9G6% 5*8% 5*50<J1*>% 1*8"/(,<% /)0'K
,)>"05(&,<%>"18)01*)/?%
9$1/% A)A&% '&#"/)/% &*% ($)% 1A401#5(1&*/% &'% 5% /4)#1'1#% 544,&5#$% (&% 7)$5=1&,50%
58=),(1/1*>% 7)1*>% #&*/18),)8% 7<% +*(),*)(% 58=),(1/1*>% *)(3&,2/% 5*8% +*(),*)(%
L),=1#)% M,&=18),/% -+LM/;?% 9$1/% *)3% 544,&5#$% 1*=&0=)/% #&4<1*>% 5*8% 1*/4)#(1*>%
($)% #&*()*(% &'% )5#$% 1*81=18"50N/% +*(),*)(% 5#(1=1(<% 31($% ($)% #&&4),5(1&*% &'% $1/% &,%
$),% +LM?O% P*8),% ($1/% *)3% A&8)06% 5*% 58=),(1/1*>% *)(3&,2% /(,12)/% 5% 8)50% 31($% 5*%
+LM6%5*8%($)%+LM%500&3/%($)%*)(3&,2%(&%#&4<%($)%#&*()*(/%&'%($)%1*81=18"50%C)7%
(,5''1#%/(,)5A/%&'%)5#$%&'%($)%+LMN/%#"/(&A),/?%9$)%58=),(1/1*>%*)(3&,2%5*50<J)/%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
1
See, e.g., Peter Whoriskey, Every Click You Make, WASH. POST (Apr. 3, 2008),
http://www.washingtonpost.com/wpdyn/content/article/2008/04/03/AR2008040304052.html?nav=hcmodule; Saul Hansell, I.S.P. Tracking:
The Mother of All Privacy Battles, N.Y. TIMES: BITS BLOG (Mar. 20, 2008),
http://bits.blogs.nytimes.com/2008/03/20/isp-tracking-the-mother-of-all-privacy-battles/?scp=1b&sq=the+mother+of+all+privacy+battles&st=nyt.
Keeping the Internet Open, Innovative, and Free
1634 I St., NW, Suite 1100, Washington, DC 20006 • v. +1.202.637.9800. • f. +1.202.637.0968 • http://www.cdt.org
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
"#$! %&'"$'"! &(! "#$)$! "*+((,%! )"*$+-)! ,'! &*.$*! "&! %*$+"$! +! *$%&*.! &(! $+%#!
,'.,/,.0+12)! &'1,'$! 3$#+/,&*)! +'.! ,'"$*$)")4! 5+"$*6! +)! %0)"&-$*)! &(! "#$! 789! )0*(!
"#$! :$3! +'.! /,),"! ),"$)! ;#$*$! "#$! +./$*",),'<! '$";&*=! #+)! >0*%#+)$.!
+./$*",),'<! )>+%$6! "#$?! )$$! +.)! "+*<$"$.! 3+)$.! &'! "#$,*! >*$/,&0)! 7'"$*'$"!
3$#+/,&*4!
@$30A.! ,)! &'$! )0%#! +./$*",),'<! '$";&*=! %&->+'?! &>$*+",'<! ,'! "#$! B',"$.!
8"+"$)4!7'!"#$!>+)"!($;!-&'"#)6!,"!#+)!%&-$!"&!1,<#"!"#+"!@$30A.!;+)!>1+'','<!"&!
>+*"'$*!;,"#!C#+*"$*!C&--0',%+",&')6!+!%+31$!3*&+.3+'.!7896!"&!%&'.0%"!"*,+1)!
&(! "#$! @$30A.! 3$#+/,&*+1! +./$*",),'<! "$%#'&1&<?4! 8$/$*+1! &"#$*! )-+11$*! 789)6!
)0%#!+)!:,.$!D>$'!:$)"!E:D:FG6!C$'"0*?H$16!I-3+*J6!+'.!K'&1&<?6!#+/$!+1)&!
+''&0'%$.! >1+')! ;,"#! @$30A.! "&! "*,+1! &*! .$>1&?! ,")! 3$#+/,&*+1! +./$*",),'<!
"$%#'&1&<?4! 7'! *$)>&')$! "&! %&'%$*')! *+,)$.! 3?! )03)%*,3$*)6! >*,/+%?! +./&%+"$)6!
+'.! >&1,%?-+=$*)6! C#+*"$*6! C$'"0*?H$1! +'.! I-3+*J! #+/$! .$1+?$.! "#$)$! >1+')6!
30"! @$30A.! +'.! &"#$*! ),-,1+*! %&->+',$)! +*$! %&'",'0,'<! "&! )$$=! '$;! 789!
>+*"'$*)4!
H#$! 0)$! &(! 7'"$*'$"! "*+((,%! %&'"$'"! (*&-! 789)! (&*! 3$#+/,&*+1! +./$*",),'<! ,)!
.,(($*$'"! (*&-! "#$! L%&&=,$MN3+)$.! -&.$1! ,'! ),<',(,%+'"! ;+?)! +'.! *+,)$)! 0',J0$!
%&'%$*')4O! A-&'<! &"#$*! .,(($*$'%$)6! ,"! %&>,$)! +11! &*! )03)"+'",+11?! +11! :$3!
"*+')+%",&')6! ,'%10.,'<! /,),")! "&! ),"$)! "#+"! .&! '&"! 0)$! %&&=,$)4! H#0)6! ,"! -+?!
%+>"0*$! '&"! &'1?! %&--$*%,+1! +%",/,"?6! 30"! +1)&! /,),")! "&! >&1,",%+16! +./&%+%?6! &*!
*$1,<,&0)!),"$)!&*!&"#$*!'&'N%&--$*%,+1!),"$)!"#+"!.&!'&"!0)$!%&&=,$)4!
7'!"#,)!-$-&6!;$!%&'%10.$!"#+"!"#$!0)$!&(!7'"$*'$"!"*+((,%!%&'"$'"!(*&-!789)!-+?!
*0'! +(&01! &(! ($.$*+1! ;,*$"+>! 1+;)! 0'1$))! "#$! +%",/,"?! ,)! %&'.0%"$.! ;,"#! "#$!
%&')$'"!&(!"#$!)03)%*,3$*4P!H&!3$!$(($%",/$6!)0%#!%&')$'"!)#&01.!'&"!3$!30*,$.!,'!
"$*-)! &(! )$*/,%$! +'.! )#&01.! '&"! 3$! ,'($**$.! (*&-! +! -+,1$.! '&",%$4! :$!
*$%&--$'.! >*,&*6! $Q>*$))! %&')$'"6! 30"! ;$! .&! '&"! &(($*! #$*$! +'?! .$"+,1$.!
*$%&--$'.+",&')! &'! #&;! "&! &3"+,'! )0%#! %&')$'"! ,'! +'! 789! %&'"$Q"4! A1)&6! ;$!
'&"$! "#+"! "#+"! "#$! C+1,(&*',+! 1+;! *$J0,*,'<! %&')$'"! &(! +11! "#$! >+*",$)! "&! +!
%&--0',%+",&'!#+)!3$$'!+>>1,$.!3?!"#$!)"+"$!80>*$-$!C&0*"!"&!"#$!-&',"&*,'<!
&(! "$1$>#&'$! %+11)! ;#$'! "#$! -&',"&*,'<! ,)! .&'$! +"! +! (+%,1,"?! &0"),.$! C+1,(&*',+4!
H#$!C+1,(&*',+!1+;!)&!(+*!#+)!'&"!3$$'!+>>1,$.!"&!7'"$*'$"!%&--0',%+",&')!+'.!,"!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2
Privacy concerns also apply to advertising-based models that have been developed for services, such as
email, that ride over ISP networks. See CDT Policy Post 10.6, Google GMail Highlights General Privacy
Concerns (Apr. 12, 2004), http://www.cdt.org/publications/policyposts/2004/6 (recommending express
prior opt-in for advertising-based email service).
3
Additional questions have been raised under the Cable Communications Policy Act. See Rep. Edward
Markey and Rep. Joe Barton, Letter to Charter Communications CEO in Regards to the Charter-NebuAd
Data Collection Scheme (May 2008),
http://markey.house.gov/docs/telecomm/letter_charter_comm_privacy.pdf. In this memo, we focus on
issues arising under the federal Wiretap Act, as amended by the Electronic Communications Privacy Act.
2!
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
"#!$%&'()*!+,(-,(*!"-!+.$'/!)00'1!#0(&"2"&)''1!-.!-,(!&.01"%3!.2!&.44$%"&)-".%#!
)#!&.%/$&-(/!2.*!5(,)6".*)'!4.%"-.*"%3!0$*0.#(#7!5$-!"2!"-!.*!)%.-,(*!#-)-(8#!)''9
0)*-1!&.%#(%-!*$'(!+(*(!)00'"(/!-.!$#(!.2!:%-(*%(-!-*)22"&!2.*!5(,)6".*)'!0*.2"'"%37!
"-!+.$'/!#((4!-.!0.#(!)%!"%#$*4.$%-)5'(!5)**"(*!-.!-,(!0*)&-"&(;!
Wiretap Act
!"##$%&'()%#*&+'(,%&-#./00+1#23('456%7#89%#.+01%01-#+:#$4;-)&(;%&#
.+<<40()/1(+0-=#>?)%@1#*4&-4/01#1+#A(<(1%,#>?)%@1(+0-#
<,(!2(/(*)'!="*(-)0!>&-7!)#!)4(%/(/!51!-,(!?'(&-*.%"&!@.44$%"&)-".%#!A*"6)&1!
>&-7! 0*.-(&-#! -,(! 0*"6)&1! .2! +"*(7! .*)'7! )%/! ('(&-*.%"&! &.44$%"&)-".%#;B!
CD?E'(&-*.%"&! &.44$%"&)-".%F! "#! /(2"%(/! )#! C)%1! -*)%#2(*! .2! #"3%#7! #"3%)'#7!
+*"-"%37!"4)3(#7!#.$%/#7!/)-)7!.*!"%-(''"3(%&(!.2!)%1!%)-$*(!-*)%#4"--(/!"%!+,.'(!
.*! "%! 0)*-! 51! )! +"*(7! *)/".7! ('(&-*.4)3%(-"&7! 0,.-.('(&-*.%"&! .*! 0,.-..0-"&)'!
#1#-(4! ;! ;! ;! ;FG! =(5! 5*.+#"%3! )%/! .-,(*! :%-(*%(-! &.44$%"&)-".%#! )*(! &'()*'1!
('(&-*.%"&!&.44$%"&)-".%#!0*.-(&-(/!51!-,(!="*(-)0!>&-;!!
:%! ')%3$)3(! 0(*-"%(%-! -.! -,(! 4./('! $%/(*! &.%#"/(*)-".%7! H! IGJJKLM! .2! -,(! >&-!
#-)-(#!-,)-!C)!0(*#.%!.*!(%-"-1!0*.6"/"%3!)%!('(&-*.%"&!&.44$%"&)-".%!#(*6"&(!-.!
-,(!0$5"&!#,)''!%.-!"%-(%-".%)''1!/"6$'3(!-,(!&.%-(%-#!.2!)%1!&.44$%"&)-".%#!;!;!;!
+,"'(! "%! -*)%#4"##".%! .%! -,)-! #(*6"&(! -.! )%1! 0(*#.%! .*! (%-"-1! .-,(*! -,)%! )%!
)//*(##((!.*!"%-(%/(/!*(&"0"(%-!;!;!;!;FN!
<,(*(! )*(! (O&(0-".%#! -.! -,"#! 0*.,"5"-".%! .%! /"#&'.#$*(7! -+.! .2! +,"&,! 4)1! 5(!
*('(6)%-!,(*(;!P%(!(O&(0-".%!#0(&"2"(#!-,)-!CD"E-!#,)''!%.-!5(!$%')+2$'!$%/(*!-,"#!
&,)0-(*!2.*!)%!;!;!;!('(&-*.%"&!&.44$%"&)-".%!#(*6"&(7!+,.#(!2)&"'"-"(#!)*(!$#(/!"%!
-,(!-*)%#4"##".%!.2!)D%E!;!;!;!('(&-*.%"&!&.44$%"&)-".%7!-.!"%-(*&(0-7!/"#&'.#(7!.*!
$#(!-,)-!&.44$%"&)-".%!"%!-,(!%.*4)'!&.$*#(!.2!,"#!(40'.14(%-!+,"'(!(%3)3(/!
"%!)%1!)&-"6"-1!+,"&,!"#!)!!"#"$$%&'()!#)*"!+(+,(+-"(&"!*)+),!(,.(-)$($"&/)#"!.*!-.!-,(!
0*.-(&-".%! .2! -,(! *"3,-#! .*! 0*.0(*-1! .2! -,(! 0*.6"/(*! .2! -,)-! #(*6"&(;FQ! =(! +"''!
*(2(*! -.! -,"#! )#! -,(! C%(&(##)*1! "%&"/(%-F! (O&(0-".%;! <,(! #(&.%/! (O&(0-".%! "#! 2.*!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
4
18 U.S.C. §§ 2510-2522.
5
Id. § 2510(12).
6
Id. § 2511(3)(a). Lest there be any argument that the disclosure does not occur while the communications
are “in transmission,” we note that the Stored Communications Act (SCA) states that “a person or entity
providing an electronic communication service to the public shall not knowingly divulge to any person or
entity the contents of a communication while in electronic storage by that service.” Id. § 2702(a)(1). We
do not comment further here on the SCA because, in our judgment, the approach that has been described
so far clearly involves the divulging of communications “while in transmission.”
7
Id. § 2511(2)(a)(i) (emphasis added). This analysis focuses on the capture of electronic communications
and definitions are abridged accordingly.
3!
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
"#$%&'$()*$! +#,-! ,-*! %'.$*.,! '/! '.*! '/! ,-*! 01),#*$23! 4*! +#&&! "#$%($$! 5',-!
*6%*0,#'.$! 5*&'+2! 4*! %'.%&("*! ,-1,! '.&7! ,-*! %'.$*.,! *6%*0,#'.! 100&#*$! ,'! ,-*!
"#$%&'$()*!'/!$(5$%)#5*)!%'.,*.,!/')!5*-18#')1&!1"8*),#$#.9:!1."!+*!+#&&!"#$%($$!
0)*&#;#.1)#&7!+-1,!<%'.$*.,=!+'(&"!;*1.!#.!,-#$!%'.,*6,2!
!"##$%&'#(%)%&*+#,-.*/&%0123#41&*5.*/&%01#42#6720#850'%9%&*+#
>-*!4#)*,10!?%,!)*9(&1,*$!,-*!<#.,*)%*0,#'.=!'/!*&*%,)'.#%!%';;(.#%1,#'.$2!>-*!
?%,!"*/#.*$!<#.,*)%*0,=!1$!,-*!<1%@(#$#,#'.!'/!,-*!%'.,*.,$!'/!1.7!A!*&*%,)'.#%!A!
%';;(.#%1,#'.!,-)'(9-!,-*!($*!'/!1.7!*&*%,)'.#%:!;*%-1.#%1&:!')!',-*)!"*8#%*2=B!!
>-*! 4#)*,10! ?%,! 5)'1"&7! 51)$! 1&&! #.,*.,#'.1&! #.,*)%*0,#'.! '/! *&*%,)'.#%!
%';;(.#%1,#'.$2CD! >-*! ?%,! *.(;*)1,*$! $0*%#/#%! *6%*0,#'.$! ,'! ,-#$! 0)'-#5#,#'.2CC!
E1+!*./')%*;*.,!'//#%*)$:!/')!*61;0&*:!1)*!1(,-')#F*"!,'!%'."(%,!#.,*)%*0,#'.$!
0()$(1.,!,'!1!%'(),!')"*)2!G')!HIJ$!1."!',-*)!$*)8#%*!0)'8#"*)$:!,-*)*!1)*!,-)**!
*6%*0,#'.$! ,-1,! ;#9-,! 5*! )*&*81.,2! >+'! +*! -18*! ;*.,#'.*"! 1&)*1"7K! ,-*!
<.*%*$$1)7!#.%#"*.,=!*6%*0,#'.!1."!1!%'.$*.,!*6%*0,#'.2CL!
?! ,-#)"! *6%*0,#'.:! 100&#%15&*! ,'! #.,*)%*0,#'.! 5(,! .',! ,'! "#$%&'$()*:! 1)#$*$! /)';!
,-*! "*/#.#,#'.! '/! <#.,*)%*0,:=! +-#%-! #$! "*/#.*"! 1$! 1%@(#$#,#'.! 57! 1.! <*&*%,)'.#%:!
;*%-1.#%1&:! ')! ',-*)! "*8#%*:=! +-#%-! #.! ,().! #$! "*/#.*"! 1$! <1.7! "*8#%*! ')!
1001)1,($!+-#%-!%1.!5*!($*"!,'!#.,*)%*0,!1M.N!2!2!2!*&*%,)'.#%!%';;(.#%1,#'.!!"#$%&
"#'(OP1Q! 1.7! ,*&*0-'.*! ')! ,*&*9)10-! #.$,)(;*.,:! *@(#0;*.,! ')! /1%#&#,7:! ')! 1.7!
%';0'.*.,! ,-*)*'/! 2! 2! 2! P##Q! 5*#.9! ($*"! 57! 1! 0)'8#"*)! '/! 2! 2! 2! *&*%,)'.#%!
%';;(.#%1,#'.!$*)8#%*!#.!,-*!!%)*('%+&,!-%.$&!/&*".&0-.*($..!2!2!2!2=CR!>-#$!0)'8#$#'.!
,-($! $*)8*$! ,'! &#;#,! ,-*! "*/#.#,#'.! '/! <#.,*)%*0,:=! 0)'8#"#.9! +-1,! #$! $';*,#;*$!
%1&&*"!,-*!<,*&*0-'.*!*6,*.$#'.=!*6%*0,#'.:!5(,!+-#%-!+*!+#&&!%1&&!,-*!<5($#.*$$!
($*=!*6%*0,#'.2!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
8
Id. § 2511(3)(b)(ii).
9
Id. § 2510(4).
10
Id. § 2511(1).
11
Id. § 2511(2).
12
Separate from the consent provision for disclosure, the consent exception for interception is set forth in
18 U.S.C. § 2511(2)(d): “It shall not be unlawful under this chapter for a person not acting under color of
law to intercept a[n] . . . electronic communication where such person is a party to the communication or
where one of the parties to the communication has given prior consent to such interception . . . .”
13
Id. § 2510(5) (emphasis added).
4!
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
!"# $%&#!'()*+,#'-#.+/&0+&/#!'+/&+/#-'0#1*234'250&#/'#678&0/*2*+,#
9&/:'0;2#!'+2/*/5/&2#.+/&03&(/*'+#
"#$%!&%!'()!*+,-$.!&!*/.0+1$23.!*+11/%-*&0-+%.!+2!&44+5.!0#$1!0+!6$!*+,-$7!
68! &%! &79$20-.-%:! %$05+2;<! 0#+.$! *+11/%-*&0-+%.! #&9$! /%7+/60$748! 6$$%!
=-%0$2*$,0>$7?@A14! B#$2$C+2$<! /%4$..! &%! $D*$,0-+%! &,,4-$.<! -0! .$$1.! 4-;$48! 0#&0!
,4&*-%:! &! 7$9-*$! +%! &%! '()3.! %$05+2;! &%7! /.-%:! -0! 0+! *+,8! *+11/%-*&0-+%.! C+2!
/.$! -%! 7$9$4+,-%:! &79$20-.-%:! ,2+C-4$.! 5+/47! *+%.0-0/0$! -44$:&4! -%0$2*$,0-+%!
/%7$2! E! FGHHIHJI&JK! .-1-4&248<! 0#$! 7-.*4+./2$! +2! /.$! +C! 0#$! -%0$2*$,0$7!
*+11/%-*&0-+%.!5+/47!2/%!&C+/4!+C!E!FGHHIHJI*J!+2!E!FGHHIHJI7J<!2$.,$*0-9$48@!
1"##$%&#<9&3&22=0)#.+3*7&+/>#?@3&(/*'+#A0'B=B4)#1'&2#9'/#A&0C*/#/%&#
.+/&03&(/*'+#'0#1*234'250&#'-#!'CC5+*3=/*'+2#-'0#D&%=8*'0=4#
678&0/*2*+,#A50('2&2#
B#$! "-2$0&,! L*0! ,$21-0.! -%0$2*$,0-+%! +C! $4$*02+%-*! *+11/%-*&0-+%.! 5#$%! 0#$!
&*0-9-08!0&;$.!,4&*$!&.!=&!%$*$..&28!-%*-7$%0!0+!0#$!2$%7-0-+%!+C!>0#$!'()3.?!.$29-*$!
+2! 0+! 0#$! ,2+0$*0-+%! +C! 0#$! 2-:#0.! +2! ,2+,$208! +C! 0#$! ,2+9-7$2! +C! 0#&0! .$29-*$@A15!
B#$! 4&00$2! ,2+%:! *+9$2.! &%0-M.,&1! &%7! &%0-M9-2/.! 1+%-0+2-%:! &%7! C-40$2-%:! &%7!
9&2-+/.! &%0-MC2&/7! &*0-9-0-$.<! 6/0! *&%%+0! 6$! $D0$%7$7! 0+! &79$20-.-%:! &*0-9-0-$.<!
5#-*#<!5#-4$!0#$8!1&8!$%#&%*$!0#$!.$29-*$!,2+9-7$23.!2$9$%/$<!7+!%+0!=,2+0$*0A!
-0.! 2-:#0.@! N+/20.! #&9$! *+%.02/$7! 0#$! =%$*$..&28! -%*-7$%0A! ,2+%:! O/-0$! .02-*048<!
2$O/-2-%:!&!.$29-*$!,2+9-7$2!0+!.#+5!0#&0!-0!!"#$!$%:&:$!-%!0#$!&*0-9-08!-%!+27$2!
0+!*&228!+/0!-0.!6/.-%$..@HP!'0!-.!/%4-;$48!0#&0!0#$!*+,8-%:<!7-9$2.-+%<!+2!7-.*4+./2$!
+C! '%0$2%$0! 02&CC-*! *+%0$%0! C+2! 6$#&9-+2&4! &79$20-.-%:! 5+/47! 6$! *+%.02/$7! &.! &!
=%$*$..&28!-%*-7$%0A!0+!&%!'()3.!6/.-%$..@!N+%*$-9&648<!&%!'()!*+/47!&2:/$!0#&0!
-0.! 6/.-%$..! -%*4/7$7! *+,8-%:! -0.! ./6.*2-6$2.! *+11/%-*&0-+%.! &%7! ,2+9-7-%:!
0#$1! 0+! 0#-27! ,&20-$.! C+2! ,/2,+.$.! +C! ,4&*-%:! &79$20-.$1$%0.! +%! "$6! .-0$.!
/%&CC-4-&0$7! 5-0#! 0#$! '()<! 6/0! 0#$! '()! 5+/47! ,2+6&648! #&9$! 0+! .0&0$! 0#&0! 0#&0!
6/.-%$..!$D-.0$7!&%7!:$0!0#$!$D,2$..!&:2$$1$%0!+C!-0.!*/.0+1$2.!0#&0!0#$8!5$2$!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
14
See, e.g., United States v. Rodriguez, 968 F.2d 130, 136 (2d Cir. 1992) (holding in context of telephone
communications that “when the contents of a wire communication are captured or redirected in any way,
an interception occurs at that time” and that “[r]edirection presupposes interception”); In re State Police
Litig., 888 F. Supp. 1235, 1267 (D. Conn. 1995) (stating in context of telephone communications that “it is
the act of diverting, and not the act of listening, that constitutes an ‘interception’”).
15
18 U.S.C. § 2511(2)(a)(i).
16
See United States v. Councilman, 418 F.3d 67, 82 (1st Cir. 2005) (en banc) (holding that service
provider’s capture of emails to gain commercial advantage “clearly” was not within service provider
exception); Berry v. Funk, 146 F.3d 1003, 1010 (D.C. Cir. 1998) (holding in context of telephone
communications that switchboard operators’ overhearing of a few moments of phone call to ensure call
went through is a “necessary incident,” but anything more is outside service provider exception).
5!
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
"#$"%&'$'()! *+! *,-*! $#"'(.""! -"! /.00! -"! *,.! $-"'%! $#"'(.""! +1! 2(*.&(.*! -%%.""3!
/,'%,!0.-4"!-(5,+/!*+!*,.!%+(".(*!6+4.0!*,-*!/.!%+(%0#4.!'"!(.%.""-&57!
!"# $%&'(#)*#)+#,-.'(/0#$%(*%(0#*%(#123+&-(++#,+(4#!5.(6*&7-#$73'8#
966':#*7#*%(#,+(#7;#/#<(=&.(#)-+*/''(8#70#>7-*07''(8#?:#/#@/0*:#A*%(0#
*%/-#*%(#B(0=&.(#@07=&8(0C#*%(#!5.(6*&7-#<7(+#D7*#966':#*7#*%(#
@07%&?&*&7-#9E/&-+*#<&=3'E&-E#/#B3?+.0&?(0F+#>7GG3-&./*&7-+#
8,.! 9$#"'(.""! #".:! .;%.<*'+(3! =! >?@AB?CB-C3! %+("*&'%*"! *,.! 4.1'('*'+(! +1! 94.D'%.:!
-(4!*,.&.$5!(-&&+/"!*,.!4.1'('*'+(!+1!9'(*.&%.<*:!'(!*,.!E'&.*-<!F%*7!8,.&.!-&.!
*/+!G#."*'+("!'(D+0D.4!'(!-"".""'()!-<<0'%-$'0'*5!+1!*,'"!.;%.<*'+(!*+!*,.!#".!+1!
2(*.&(.*! *&-11'%! %+(*.(*! 1+&! $.,-D'+&-0! -4D.&*'"'()H! B@C! /,.*,.&! *,.! 4.D'%.! *,-*!
%+<'."! *,.! %+(*.(*! 1+&! 4.0'D.&5! *+! *,.! -4D.&*'"'()! (.*/+&I! %+("*'*#*."! -!
9*.0.<,+(.! +&! *.0.)&-<,! '("*&#6.(*3! .G#'<6.(*! +&! 1-%'0'*53! +&! -(5! %+6<+(.(*!
*,.&.+13:! -(4! B>C! /,.*,.&! -(! 2JKL"! #".! +1! *,.! 4.D'%.! /+#04! $.! /'*,'(! *,.!
9+&4'(-&5!%+#&".!+1!'*"!$#"'(.""7:!
E.!/'00!4'"%#""!*,.!9$#"'(.""!#".:!.;%.<*'+(!-*!"+6.!0.()*,3!$.%-#".!*,.&.!,-"!
$..(! %+("'4.&-$0.! 4'"%#""'+(! -0&.-45! -$+#*! /,.*,.&! %+<5'()! +1! -(! 2JK!
"#$"%&'$.&L"! %+66#('%-*'+("! 1+&! $.,-D'+&-0! -4D.&*'"'()! '"! -(! 9'(*.&%.<*'+(:!
#(4.&!=!>?@@B@C!+1!*,.!E'&.*-<!F%*7!M+/.D.&3!.D.(!'1!*,.!$#"'(.""!#".!.;%.<*'+(!
-<<0'.43! -(! 2JK! /+#04! +(05! -D+'4! 0'-$'0'*5! 1+&! *,.! !"#$%&$'#!("! +1! .0.%*&+('%!
%+66#('%-*'+("7! 2*! /+#04! "*'00! $.! <&+,'$'*.4! 1&+6! 4'D#0)'()! *,.!
%+66#('%-*'+("! +1! '*"!%#"*+6.&"! *+! -(! -4D.&*'"'()!(.*/+&I!#(4.&! *,.!".<-&-*.!
".%*'+(!+1!*,.!E'&.*-<!F%*3!=!>?@@BNC3!/,'%,!"*-*."!*,-*!-!".&D'%.!<&+D'4.&!9",-00!
(+*! '(*.(*'+(-005! 4'D#0).! *,.! %+(*.(*"! +1! -(5! %+66#('%-*'+(! 7! 7! 7! /,'0.! '(!
*&-("6'""'+(!+(!*,-*!".&D'%.!*+!-(5!<.&"+(!+&!.(*'*5!+*,.&!*,-(!-(!-44&.""..!+&!
'(*.(4.4! &.%'<'.(*! 7! 7! 7! 7:@O! 8,.! $#"'(.""! #".! .;%.<*'+(! 4+."! (+*! -<<05! *+! *,'"!
<&+,'$'*'+(!-)-'("*!4'D#0)'()718!
F*!1'&"*!)0-(%.3!'*!/+#04!"..6!*,-*!*,.!$#"'(.""!#".!.;%.<*'+(!'"!'(-<<0'%-$0.!*+!
*,.! 1-%'0'*'."! +1! -(! 2JK! $.%-#".! *,.! .;%.<*'+(! -<<0'."! +(05! *+! -! 9*.0.<,+(.! +&!
*.0.)&-<,! '("*&#6.(*3! .G#'<6.(*! +&! 1-%'0'*53! +&! -(5! %+6<+(.(*! *,.&.+17:!
M+/.D.&3! *,.! %+#&*"! ,-D.! &.%+)('P.4! *,-*! QRKF! /-"! 6+*'D-*.4! '(! <-&*! $5! *,.!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
17
18 U.S.C. § 2511(3)(a).
18
By adopting two different exceptions—“necessary incident” and “ordinary course”—Congress
apparently meant them to have different meanings. Based on our reading of the cases, the necessary
incident exception is narrower than the ordinary course exception. It is significant that the “necessary
incident” exception applies to both interception and disclosure while the “ordinary course” exception is
applicable only to interception. This suggests that Congress meant to allow service providers broader
latitude in examining (that is, “intercepting” or “using”) subscriber communications so long as they did
not disclose the communications to third parties. This permits providers to conduct a range of in-house
maintenance and service quality functions that do not involve disclosing communications to third parties.
6!
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
"#$%&%'()! )*%+,-.! (+! +-/! )0&12'-$! %+#! '-3-)0&&2+()%'(0+.! '-)*+030,(-.456!
%+#!'*-$-70$-!/%.!(+'-+#-#!'0!&%8-!'*-!9($-'%1!:)'!3%$,-3;!+-2'$%3!/('*!$-.1-)'!
'0!('.!'$-%'&-+'!07!<%$(02.!)0&&2+()%'(0+.!'-)*+030,(-.=!>*-!?-)0+#!@($)2('A!70$!
-B%&13-A! )0+)32#-#! (+! %! $-3%'-#! )0+'-B'! '*%'! '*-! '-$&! "'-3-1*0+-4! .*023#!
C$0%#3;! (+)32#-! '*-! "(+.'$2&-+'.A! -D2(1&-+'! %+#! 7%)(3('(-.! '*%'! E?F.! 2.-! '0!
'$%+.&('!-G&%(3=4HI!>*-$-70$-A!%.!%!,-+-$%3!&%''-$A!('!.*023#!C-!%..2&-#!'*%'!'*-!
C2.(+-..!2.-!-B)-1'(0+!(.!%<%(3%C3-!'0!E?F.=!
J0/-<-$A! ('! (.! +0'! )-$'%(+! '*%'! '*-! #-<()-! 2.-#! '0! )01;! %+#! #(<-$'! )0+'-+'! 70$!
C-*%<(0$%3! %#<-$'(.(+,! /023#! C-! )0+.(#-$-#! '0! C-! %! )0&10+-+'! 07! '*-! .-$<()-!
1$0<(#-$K.! -D2(1&-+'! 0$! 7%)(3('(-.=! E+! .0&-! 07! '*-! C-*%<(0$%3! %#<-$'(.(+,!
(&13-&-+'%'(0+.! '*%'! *%<-! C--+! #-.)$(C-#A! '*-! &0+('0$(+,! #-<()-! 0$! 1$0)-..! (.!
+0'!#-<-301-#!0$!)0+'$033-#!C;!'*-!E?F!C2'!$%'*-$!C;!'*-!%#<-$'(.(+,!+-'/0$8=!
>*-!.-)0+#!D2-.'(0+!(.!/*-'*-$!%+!E?FK.!2.-!07!%!#-<()-!'0!)01;!'$%77()!)0+'-+'!
70$! C-*%<(0$%3! %#<-$'(.(+,! 7%33.! /('*(+! '*-! "0$#(+%$;! )02$.-! 07! ('.! C2.(+-..=4!
>*-$-!%$-!%!+2&C-$!07!)%.-.!(+'-$1$-'(+,!'*(.!-B)-1'(0+A!C2'!+0+-!07!'*-&!)3-%$3;!
%##$-..-.! %! .('2%'(0+! /*-$-! %! .-$<()-! 1$0<(#-$! (.! )01;(+,! %33! 07! '*-!
)0&&2+()%'(0+.! 07! ('.! )2.'0&-$.=! L%+;! 07! '*-! )%.-.! %$(.-! (+! .('2%'(0+.! /*-$-!
-&130;-$.! %$-! &0+('0$(+,! '*-! )%33.! 07! '*-($! -&130;--.! 70$! 12$10.-.! 07!
.21-$<(.(0+! %+#! D2%3(';! %..2$%+)-=! ">*-.-! )%.-.! *%<-! +%$$0/3;! )0+.'$2-#! '*-!
1*$%.-! M0$#(+%$;! )02$.-! 07! C2.(+-..=K421! N7'-+! .2)*! )%.-.! %3.0! (+<03<-! +0'()-! '0!
'*-!-&130;--.!%+#!(&13(-#!)0+.-+'=22!N+-!)02$'!*%.!.'%'-#!'*%'A!-<-+!(7!%+!-+'(';!
)023#! .%'(.7;! '*-! C2.(+-..! 2.-! -B)-1'(0+A! +0'()-! '0! 0+-! 07! '*-! 1%$'(-.! C-(+,!
&0+('0$-#!/023#!C-!$-D2($-#=HO!N'*-$!)%.-.!(+<03<-!'*-!&0+('0$(+,!07!1$(.0+-$.=!!
?0&-!)%.-.!*%<-!(+'-$1$-'-#!"0$#(+%$;!)02$.-4!'0!&-%+!%+;'*(+,!'*%'!(.!2.-#!(+!
"+0$&%34! 01-$%'(0+.=! >*-! P=@=! @($)2('A! 70$! (+.'%+)-A! *%.! .2,,-.'-#! '*%'!
&0+('0$(+,! "2+#-$'%8-+! +0$&%33;4! D2%3(7(-.! %.! C-(+,! /('*(+! '*-! "0$#(+%$;!
)02$.-!07!C2.(+-..=4HQ!E+!'*-!)0+'-B'!07!3%/!-+70$)-&-+'!'%1(+,!07!'*-!1*0+-!)%33.!
07!1$(.0+-$.A!'*-!R(+'*!%+#!>-+'*!@($)2('.!*%<-!)0+)32#-#!'*%'!.0&-'*(+,!(.!(+!
'*-!"0$#(+%$;!)02$.-4!(7!('!(.!#0+-!$02'(+-3;!%+#!)0+.(.'-+'3;=HS!E'!&(,*'!C-!'*%'!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
19
S. Rep. No. 99-541, at 1 (1986), reprinted in 1986 U.S.C.C.A.N. 3555, 3555.
20
Hall v. Earthlink Network, Inc., 396 F.3d 500, 505 (2d Cir. 2005) (quoting S. Rep. No. 99-541 at 8).
21
United States v. Murdock, 63 F.3d 1391. 1396 (6th Cir 1995).
22
E.g., James v. Newspaper Agency Corp., 591 F.2d 579 (10th Cir. 1979).
23
See, e.g., Adams v. City of Battle Creek, 250 F.3d 980, 984 (6th Cir. 2001).
24
Berry v. Funk, 146 F.3d 1003, 1009 (D.C. Cir. 1998) (workplace monitoring).
25
See United States v. Van Poyck, 77 F.3d 285, 292 (9th Cir. 1996); United States v. Gangi, 57 Fed.
Appx. 809, 814 (10th Cir. 2003).
7!
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
"#$%&'! (#$)*! +,-.! ./$0)! #%! +%.0&.%! )0&,&$*.! &#! '.%-,".! 1%#-,*.%'! ,2! 3#2,&#%,2+!
&4.,%!2.&(#%5'!&402!&4.6!(#$)*!+,-.!&#!3.%.!'$7'"%,7.%'!#%!$'.%'8!!
9&4.%! ",%"$,&! "#$%&'! 40-.! $'.*! 0! 3#%.! ),3,&.*! ,2&.%1%.&0&,#2:! "#2")$*,2+! &40&!
;#%*,20%6! "#$%'.<! #2)6! 011),.'! ,=! &4.! *.-,".! ,'! 7.,2+! $'.*! &#! ,2&.%".1&!
"#33$2,"0&,#2'! =#%! ;).+,&,30&.! 7$',2.''! %.0'#2'8<>?! @)&4#$+4! &4.! "#$%&'! 40-.!
2#&! 7..2! .2&,%.)6! ").0%! 0'! &#! (40&! &40&! 3.02':! '#3.! 40-.! '$++.'&.*! &40&! ,&! ,'!
3$"4!")#'.%!&#!2.".'',&6!&402!&#!3.%.!1%#=,&!3#&,-.8>A!92.!=%./$.2&)6B",&.*!"0'.!
.C1),",&)6! 4#)*'! &40&! &4.! 7$',2.''! $'.! .C".1&,#2! *#.'! 2#&! 7%#0*)6! .2"#310''! 0!
"#31026D'!=,202",0)!#%!#&4.%!3#&,-0&,#2'E!;F4.!14%0'.!G,2!&4.!#%*,20%6!"#$%'.!#=!
7$',2.''D!"022#&!7.!.C102*.*!&#!3.02!026&4,2+!&40&!,2&.%.'&'!0!"#310268<>H!
I#%30)! 1%,2",1).'! #=! '&0&$&#%6! ,2&.%1%.&0&,#2! (#$)*! %./$,%.! &40&! '#3.!
,2*.1.2*.2&!(.,+4&!7.!+,-.2!&#!&4.!(#%*!;#%*,20%6:<!'#!&40&!&4.!.C".1&,#2!*#.'!
2#&!.2"#310''!026&4,2+!*#2.!=#%!7$',2.''!1$%1#'.'8!J&!,'!$2").0%:!4#(.-.%:!4#(!
3$"4! (.,+4&! "#$%&'! (#$)*! +,-.! &#! &4.! (#%*! ;#%*,20%6<! ,2! 0! %01,*)6! "402+,2+!
30%5.&8! J&! *#.'! 2#&! '..3! &40&! &4.! 14%0'.! ;#%*,20%6! "#$%'.! #=! 7$',2.''<! '4#$)*!
1%.")$*.! ,22#-0&,#2:! 7$&! "#$%&'! 3,+4&! %.=.%! &#! 10'&! 1%0"&,".'! 02*! 2#%30)!
.C1."&0&,#2'!'$%%#$2*,2+!0!),2.!#=!7$',2.''!02*!'1.",=,"0))6!3,+4&!)##5!&#!(40&!
"$'&#3.%'!40-.!"#3.!&#!.C1."&8!
K,.(.*! #2.! (06:! ,&! ,'! 40%*! &#! '..! 4#(! &4.! "#16,2+! #=! "#2&.2&! =#%! 7.40-,#%0)!
0*-.%&,',2+!,'!10%&!#=!&4.!;#%*,20%6!"#$%'.!#=!7$',2.''<!#=!02!JLM8!@=&.%!0)):!&4.!
JLM! ,'! 2#&! &4.! #2.! &40&! (,))! 7.! $',2+! &4.! "#2&.2&! &#! *.-.)#1! 1%#=,).'! #=! ,&'!
"$'&#3.%'N! &4.! 1%#=,),2+! ,'! *#2.! 76! &4.! 0*-.%&,',2+! 2.&(#%5:! (4,"4! *#.'! 2#&!
.-.2! *,'")#'.! &#! &4.! JLM! &4.! 1%#=,).'! #=! ,&'! #(2! '$7'"%,7.%'8! OF4.! 1%#=,).'! 0%.!
1%#1%,.&0%6! &#! &4.! 0*-.%&,',2+! 2.&(#%5! 02*! ,&! ,'! "0%.=$)! 2#&! &#! *,'")#'.! &4.3! &#!
026#2.8P! K.%6! =.(! O,=! 026P! #=! &4.! 0*'! &40&! 0%.! 1)0".*! $',2+! &4.! 1%#=,).'! (,))! 7.!
0*'!=#%!&4.!JLMD'!'.%-,".'N!&4.6!(,))!7.!0*'!=#%!1%#*$"&'!02*!'.%-,".'!"#31).&.)6!
$2%.)0&.*!&#!&4.!JLMD'!;#%*,20%6!"#$%'.!#=!7$',2.''8<!Q#%.#-.%:!&4.!0*'!(,))!7.!
1)0".*! #2! R.7! ',&.'! 40-,2+! 2#! 0==,),0&,#2! (,&4! &4.! JLM8! 92! &4.! #&4.%! 402*:! &4.!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
26
See Arias v. Mutual Central Alarm Serv., Inc., 202 F.3d 553, 560 (2d Cir. 2000) (monitoring calls to an
central alarm monitoring service).
27
See id. (concluding that alarm company had legitimate reasons to tap all calls because such businesses
“are the repositories of extremely sensitive security information, including information that could facilitate
access to their customers’ premises”); see also First v. Stark County Bd. of Comm’rs, 234 F.3d 1268, at *4
(6th Cir. 2000) (table disposition).
28
Watkins v. L.M. Berry & Co., 704 F.2d 577, 582 (11th Cir. 1983). Watkins states: “We hold that a
personal call may not be intercepted in the ordinary course of business under the exemption in section
2510(5)(a)(i), except to the extent necessary to guard against unauthorized use of the telephone or to
determine whether a call is personal or not. In other words, a personal call may be intercepted in the
ordinary course of business to determine its nature but never its contents.” 704 F.2d at 583. This language
supports the conclusion that the business use exception could not cover wholesale interception of ISP
traffic, no more than switchboard operators can perform wholesale monitoring of telephone traffic.
8!
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
"#$! %&'()! *+,'-! ./*.! 0*+.! &1! 2.3! 4'325-33! 6&)-(70*+.! &1! 8/*.! 9--03! 2.3! +*.-3!
(&8723!)-+2:25,!+-:-5'-!1+&6!2.3!0*+.5-+3/20!82./!*):-+.2325,!5-.8&+93;!
</-! (-,23(*.2:-! /23.&+2-3! &1! ./-! =2+-.*0! >%.! *5)! ?@$>! 8-2,/! *,*253.! *! 4+&*)!
+-*)25,!&1!./-!4'325-33!'3-!-A%-0.2&5;!</+&',/!./-3-!(*83B!@&5,+-33!25.-5)-)!.&!
%+-*.-! *! 3.*.'.&+C! +-,26-! ,-5-+*((C! *11&+)25,! 3.+&5,! 0+&.-%.2&5! .&! -(-%.+&52%!
%&66'52%*.2&53;!@&5,+-33!25%(')-)!(262.-)B!30-%212%!*5)!)-.*2(-)!-A%-0.2&53!1&+!
(*8! -51&+%-6-5.! *%%-33! .&! %&66'52%*.2&53B! *5)! &./-+! (262.-)B! 30-%212%! *5)!
)-.*2(-)! -A%-0.2&53! .&! *((&8! %&60*52-3! 0+&:2)25,! -(-%.+&52%! %&66'52%*.2&53!
3-+:2%-! .&! %&5)'%.! &+)25*+C! 3C3.-6! 6*25.-5*5%-! *5)! &0-+*.2&5*(! *%.2:2.2-3;!
@&5,+-33! ,*:-! -30-%2*((C! /2,/! 0+&.-%.2&5! .&! %&66'52%*.2&53! %&5.-5.;!"1! ./-!
4'325-33! '3-! -A%-0.2&5! %*5! *00(C! *5C! .26-! *5! "#$! 2)-5.212-3! *! 5-8! +-:-5'-!
3.+-*6! ./*.! %*5! 4-! .*00-)! ./&',/! '3-! &1! 2.3! %'3.&6-+3D! %&66'52%*.2&53B! ./23!
%*+-1'(!3.*.'.&+C!3%/-6-!8&'()!4-!3-+2&'3(C!'5)-+625-);!
!"# $%&#'()*&)+#,-.&/+0()1#$%&#'()+&-+#2&03%*#4&56078#0)#!56(9#(:#
;::09<5+06&=#>/+?@)#'()*&)+#:9(<#@AB#ACD*.90D&9*##
@&53-5.! 23! *5! -A0(2%2.! -A%-0.2&5! 4&./! .&! ./-! 0+&/242.2&5! *,*253.! 25.-+%-0.25,!
-(-%.+&52%! %&66'52%*.2&53! '5)-+! ./-! =2+-.*0! >%.! *5)! .&! ./-! >%.D3! 0+&/242.2&5!
*,*253.!)23%(&325,!3'43%+24-+!%&66'52%*.2&53;!</-!9-C!E'-3.2&5!23F!G&8!3/&'()!
%&53-5.!4-!&4.*25-)!1&+!'3-!&1!"5.-+5-.!.+*112%!%&5.-5.!1&+!4-/*:2&+*(!*):-+.2325,H!
@&'+.3! /*:-! /-()! 25! .-(-0/&5-! 6&52.&+25,! %*3-3! '5)-+! ./-! =2+-.*0! >%.! ./*.!
%&53-5.!%*5!4-!260(2-)B!4'.!./-+-!*+-!+-(*.2:-(C!1-8!%*3-3!30-%212%*((C!*))+-3325,!
%&53-5.!*5)!-(-%.+&52%!%&66'52%*.2&53;!G&8-:-+B!25!%*3-3!25:&(:25,!.-(-0/&5-!
6&52.&+25,B!&5-!%2+%'2.!%&'+.!/*3!3.*.-)!./*.!%&53-5.!'5)-+!./-!=2+-.*0!>%.!I23!
5&.! .&! 4-! %*:*(2-+(C! 260(2-);JKL! >5&./-+! %2+%'2.! %&'+.! /*3! 5&.-)! ./*.! %&53-5.!
I3/&'()! 5&.! %*3'*((C! 4-! 251-++-)JMN! *5)! ./*.! %&53-5.! 6'3.! 4-! I*%.'*(BJ! 5&.!
I%&53.+'%.2:-;J31! O-.! *5&./-+! %2+%'2.! %&'+.! /*3! 3.*.-)F! I=2./&'.! *%.'*(! 5&.2%-B!
%&53-5.! %*5! &5(C! 4-! 260(2-)! 8/-5! ./-! 3'++&'5)25,! %2+%'63.*5%-3! !"#$%#!%#&'(!
3/&8! ./*.! ./-! 0*+.C! 95-8! *4&'.! *5)! %&53-5.-)! .&! ./-! 25.-+%-0.2&5;JMK!
P'+./-+6&+-B! I95&8(-),-! &1! ./-! !)*)+%'%,(! &1! 6&52.&+25,! *(&5-! %*55&.! 4-!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
29
Watkins. 704 F.2d at 581 ("Consent under title III is not to be cavalierly implied. Title III expresses a
strong purpose to protect individual privacy by strictly limiting the occasions on which interception may
lawfully take place.").
30
Griggs-Ryan v. Smith, 904 F.2d 112, 117 (1st Cir. 1990).
31
In re Pharmatrak, Inc. Privacy Litig., 329 F.3d 9, 20 (1st Cir. 2003); see also United States v. CoronaChavez, 328 F.3d 974, 978 (8th Cir. 2003).
32
Berry v. Funk, 146 F.3d 1003, 1011 (D.C. Cir. 1998) (internal quotation omitted).
9!
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
"#$%&'()('! &*+,&('! "#$%($-./00! 12(! "3%(%! 42()(! "#$%($-! 23%! 5(($! &*+,&('!
&$6#,6(!6()7!(8+,&"&-!$#-&"(9!*3$7!#:!-2(*!&$6#,6(!-2(!*#$&-#)&$;!#:!+)&%#$()%<!
+2#$(!"3,,%.34!
=#$%($-! &%! "#$-(8->53%('.! ?-! &%! #$(! -2&$;! -#! &*+,7! "#$%($-! &$! -2(! "#$-(8-! #:! 3!
+)&%#$!#)!3!4#)@+,3"(A!42()(!$#-&"(!*37!5(!+)(%($-('!3%!+3)-!#:!-2(!'3&,7!,#;>&$!
+)#"(%%.!?-!&%!BC&-(!3$#-2()!-#!&*+,7!&-!&$!-2(!"#$-(8-!#:!#)'&$3)7!?$-()$(-!C%3;(!
57!)(%&'($-&3,!%C5%")&5()%A!42#A!57!'(:&$&-&#$A!3)(!C%&$;!-2(!%()6&"(!:#)!+()%#$3,!
3$'! #:-($! 2&;2,7! %($%&-&6(! "#**C$&"3-&#$%.! =#$-&$C('! C%(! #:! 3! %()6&"(! 3:-()! 3!
*3&,('! $#-&"(! *&;2-! $#-! 5(! ($#C;2! -#! "#$%-&-C-(! "#$%($-.! =()-3&$,7A! *3&,&$;!
$#-&:&"3-&#$! -#! -2(! 5&,,! +37()! &%! +)#535,7! &$%C::&"&($-! -#! +C-! 3,,! *(*5()%! #:! -2(!
2#C%(2#,'!42#!%23)(!-2(!?$-()$(-!"#$$("-&#$!#$!$#-&"(.!
12C%A! &-! %((*%! -23-! 3$! 3%%()-&#$! #:! &*+,&('! "#$%($-A! 42(-2()! #)! $#-! C%()%! 3)(!
+)#6&'('!3$!#++#)-C$&-7!-#!#+-!#C-!#:!-2(!%7%-(*A!4#C,'!*#%-!,&@(,7!$#-!%3-&%:7!
-2(! "#$%($-! (8"(+-&#$! :#)! -2(! -7+(! #:! &$-()"(+-&#$! #)! '&%",#%C)(! C$'()!
"#$%&'()3-&#$! 2()(.! D8+)(%%! +)&#)! "#$%($-! E#+->&$! "#$%($-F! &%! ",(3),7! +)(:()35,(!
3$'! *37! 5(! )(BC&)('.! G2&,(! *(3$&$;:C,! #+->&$! "#$%($-! 4#C,'! 5(! %C::&"&($-A!
"#C)-%!4#C,'!,&@(,7!5(!%@(+-&"3,!#:!3$!#+->&$!"#$%&%-&$;!*()(,7!#:!3!",&"@>-2)#C;2!
3;)((*($-H&.(.A! 3! %(-! #:! -()*%! -23-! 3! C%()! 3;)((%! -#! 57! ",&"@&$;! 3$! #$>%")(($!
5C--#$H&:!&-!'&%+,37%!"23)3"-()&%-&"%!-7+&"3,!#:!%C"2!3;)((*($-%A!%C"2!3%!3!,3);(!
3*#C$-! #:! -(8-! '&%+,37('! &$! 3! %*3,,! 5#8A! $#! )(BC&)(*($-! -23-! -2(! C%()! %")#,,!
-2)#C;2!-2(!($-&)(!3;)((*($-A!#)!-2(!#+->&$!+)#6&%&#$!5C)&('!3*#$;!#-2()!-()*%!
#:!%()6&"(.0I!
?$!)(;3)'%!-#!"#$%($-A!-2(!*#'(,!C$'()!'&%"C%%&#$!2()(!&%!'&%-&$;C&%235,(!:)#*!
-2(! C%(! #:! J"##@&(%A/! 42&"2! 4()(! :#C$'! -#! 5(! +()*&%%&5,(! 57! 3! :('()3,! '&%-)&"-!
"#C)-! &$! 3! KLLM! "3%(! &$6#,6&$;! N#C5,(=,&"@.36! ?$! -23-! "3%(A! -2(! G(5! %&-(%!
+3)-&"&+3-&$;!&$!-2(!N#C5,(=,&"@!3'6()-&%&$;!$(-4#)@!4()(!:#C$'!-#!5(!+3)-&(%!-#!
-2(! "#**C$&"3-&#$%! #:! -2(! ?$-()$(-! C%()%! 42#! 6&%&-('! -2#%(! %&-(%.! O%! +3)-&(%! -#!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
33
Watkins, 704 F.2d at 581; see also Deal v. Spears, 980 F.2d 1153, 1157 (8th Cir. 1992) (holding that
consent not implied when individual is aware only that monitoring might occur, rather than knowing
monitoring is occurring).
34
“The circumstances relevant to an implication of consent will vary from case to case, but the
compendium will ordinarily include language or acts which tend to prove (or disprove) that a party knows
of, or assents to, encroachments on the routine expectation that conversations are private. And the ultimate
determination must proceed in light of the prophylactic purpose of Title III-a purpose which suggests that
consent should not casually be inferred.” Griggs-Ryan, 904 F.2d at 117.
35
See, e.g., Specht v. Netscape Commc’ns Corp., 306 F.3d 17 (2d Cir. 2002) (rejecting online arbitration
agreement because, among other things, site permitted customer to download product without having
scrolled down to arbitration clause and agreement button said only “Download”); United States v. Lanoue,
71 F.3d 966, 981 (1st Cir. 1995) (“Deficient notice will almost always defeat a claim of implied
consent.”).
36
In re DoubleClick Inc. Privacy Litig., 154 F.Supp.2d 497 (S.D.N.Y. 2001).
10!
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
"#$! %&''()*%+"*&),-! "#$! .$/! ,*"$,! %&(01! %&),$)"! "&! "#$! (,$! &2! "#$! %&&3*$,! "&!
%&00$%"! *)2&4'+"*&)! +/&("! "#&,$! %&''()*%+"*&),5! 6$4$-! &2! %&(4,$-! "#$! 789,! +4$!
)&"! :+4"*$,! "&! "#$! %&''()*%+"*&),! /$*);! '&)*"&4$1! +)1! "#$! *)"$4%$:"*&)! &4!
1*,%0&,(4$!$)%&':+,,$,!%&''()*%+"*&),!<*"#!,*"$,!"#+"!+4$!)&"!'$'/$4,!&2!"#$!
+1=$4"*,*);! )$"<&435! >#$4$2&4$-! "#$! ,&(4%$! &2! %&),$)"! '(,"! /$! "#$! 789?,!
*)1*=*1(+0! ,(/,%4*/$4,-! +,! *"! <&(01! /$! *':&,,*/0$! "&! &/"+*)! %&),$)"! 24&'! $=$4@!
,*);0$!.$/!,*"$!"#+"!$=$4@!,(/,%4*/$4!'+@!%&)%$*=+/0@!=*,*"5!
State Laws Requiring Two-Party Consent to Interception
!"# $%&&'()#
7)! +11*"*&)! "&! "#$! 2$1$4+0! .*4$"+:! A%"-! +! '+B&4*"@! &2! ,"+"$,! #+=$! "#$*4! &<)!
<*4$"+:! 0+<,-! <#*%#! %+)! /$! '&4$! ,"4*);$)"! "#+)! "#$! 2$1$4+0! 0+<5! C&,"!
,*;)*2*%+)"0@-! "<$0=$! ,"+"$,DE! 4$F(*4$! +00! :+4"*$,! "&! %&),$)"! "&! "#$! *)"$4%$:"*&)! &4!
4$%&41*);!&2!%$4"+*)!"@:$,!&2!%&''()*%+"*&),!<#$)!,(%#!*)"$4%$:"*&)!*,!1&)$!/@!
+!:4*=+"$!:+4"@!)&"!()1$4!"#$!%&0&4!&2!0+<5!
7)! ,$=$4+0! &2! "#$,$! ,"+"$,G2&4! $H+':0$-! I&))$%"*%("G"#$! +00J:+4"@! %&),$)"!
4$F(*4$'$)"! +::0*$,! &)0@! "&! "#$! 4$%&41*);! &2! &4+0! %&)=$4,+"*&),5! 7)! &"#$4,-! "#$!
+00J:+4"@! %&),$)"! 4(0$! $H"$)1,! "&! /&"#! =&*%$! +)1! 1+"+! %&''()*%+"*&),5! K&4!
$H+':0$-! K0&4*1+?,! 8$%(4*"@! &2! I&''()*%+"*&),! A%"! '+3$,! *"! +! 2$0&)@! 2&4! +)@!
*)1*=*1(+0! "&! *)"$4%$:"-! 1*,%0&,$-! &4! (,$! +)@! <*4$-! &4+0-! &4! $0$%"4&)*%!
%&''()*%+"*&)-! ()0$,,! "#+"! :$4,&)! #+,! &/"+*)$1! "#$! :4*&4! %&),$)"! &2! +00!
:+4"*$,5DL! 8*'*0+40@-! "#$! 700*)&*,! ,"+"("$! &)! %4*'*)+0! $+=$,14&::*);! :4&#*/*",! +!
:$4,&)! 24&'! M*)"$4%$:"N*);O-! 4$"+*)N*);O-! &4! "4+),%4*/N*);! +)O! $0$%"4&)*%!
%&''()*%+"*&)! ()0$,,! #$! 1&$,! ,&! 5! 5! 5! <*"#! "#$! %&),$)"! &2! +00! &2! "#$! :+4"*$,! "&!
,(%#!5!5!5!$0$%"4&)*%!%&''()*%+"*&)5PDQ!
>#$! '&,"! *':&4"+)"! +00J:+4"@! %&),$)"! 0+<! '+@! /$! I+0*2&4)*+?,-! /$%+(,$! "#$!
I+0*2&4)*+! 8(:4$'$! I&(4"! #$01! *)! RSST! "#+"! "#$! 0+<! %+)! /$! +::0*$1! "&! +%"*=*"@!
&%%(44*);!&(",*1$!"#$!,"+"$5!!
*"# +',-./(0-'#
>#$! UQTE! I+0*2&4)*+! 7)=+,*&)! &2! 94*=+%@! A%"! '+3$,! %4*'*)+00@! 0*+/0$! +)@!
*)1*=*1(+0! <#&! M*)"$)"*&)+00@! "+:,-! &4! '+3$,! +)@! ()+("#&4*V$1! %&))$%"*&)! 5! 5! 5!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
37
The twelve states are California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Michigan,
Montana, Nevada, New Hampshire, Pennsylvania, and Washington.
38
Fla. Stat. § 934.03(1).
39
Ill. Comp Stat. 5/14-1(a)(1).
11!
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
"#!$%"!$&''()''*!+,-!$&.%").!.%/!0",1/,.!"(!+''!2+#.&/1!."!.%/!0"33),&0+.&",!4!4!4!
#/+-15!"#!+../32.1!."!#/+-5!"#!."!'/+#,!.%/!0",./,.1!"#!3/+,&,6!"(!+,*!3/11+6/!4!4!
4!"#!0"33),&0+.&",!$%&'/!.%/!1+3/!&1!&,!.#+,1&.!"#!2+11&,6!"7/#!+,*!$&#/5!'&,/5!"#!
0+8'/5! "#! &1! 8/&,6! 1/,.! (#"35! "#! #/0/&7/-! +.! +,*! 2'+0/9! &,! :+'&("#,&+4;<! =.! +'1"!
/1.+8'&1%/1! '&+8&'&.*! ("#! +,*! &,-&7&-)+'! >$%"! )1/15! "#! +../32.1! ."! )1/5! &,! +,*!
3+,,/#!4!4!4!+,*!&,("#3+.&",!1"!"8.+&,/-9!"#!$%"!+&-1!+,*!2/#1",!&,!-"&,6!.%/!
1+3/4;?! @%/! '+$! %+1! +! 1/2+#+./! 1/0.&",! 0#/+.&,6! '&+8&'&.*! ("#! +,*! 2/#1",!
/+7/1-#"22&,6! )2",! "#! #/0"#-&,6! +! 0",(&-/,.&+'! 0"33),&0+.&",! >&,./,.&",+''*!
+,-! $&.%").! .%/! 0",1/,.! "(! +''! 2+#.&/159! $%/.%/#! .%/! 2+#.&/1! +#/! 2#/1/,.! &,! .%/!
1+3/! '"0+.&",! "#! 0"33),&0+.&,6! "7/#! ./'/6#+2%5! ./'/2%",/5! "#! ".%/#! -/7&0/!
A/B0/2.!+!#+-&"C4;D!
:",1/,.!0+,!8/!&32'&/-!",'*!&,!7/#*!'&3&./-!0&#0)31.+,0/14!@%/!:+'&("#,&+!1.+./!
:")#.!"(!E22/+'1!%/'-!&,!!"#$%"&'(&)*+,"+!.%+.!+!1)810#&8/#!."!+!./'/2%",/!1*1./3!
&1!-//3/-!."!%+7/!0",1/,./-!."!.%/!./'/2%",/!0"32+,*F1!3",&."#&,6!"(!%&1!0+''1!
&(!%/!)1/1!.%/!1*1./3!&,!+!3+,,/#!.%+.!#/+1",+8'*!G)1.&(&/1!.%/!0"32+,*F1!8/'&/(!
.%+.!%/!&1!7&"'+.&,6!%&1!1)810#&2.&",!#&6%.15!+,-!/7/,!.%/,!.%/!0"32+,*!3+*!",'*!
3",&."#! %&1! 0+''1! ."! .%/! /B./,.! ,/0/11+#*! ("#! .%/! &,7/1.&6+.&",4;H! E,! &,-&7&-)+'!
0+,! 3+&,.+&,! +,! "8G/0.&7/'*! #/+1",+8'/! /B2/0.+.&",! "(! 2#&7+0*! 8*! /B2'&0&.'*!
$&.%%"'-&,6!0",1/,.!("#!+!.+2/!#/0"#-&,65!/7/,!&(!.%/!".%/#!2+#.*!%+1!&,-&0+./-!
+,!&,./,.&",!."!#/0"#-!.%/!0"33),&0+.&",4;;!
=,!-"*+."/&'(&0*%#1#.&01234&5*+."/6&7.8(5!.%/!1.+./!I)2#/3/!:")#.!+--#/11/-!.%/!
0",('&0.!8/.$//,!.%/!:+'&("#,&+!+''J2+#.*!0",1/,.!1.+,-+#-!+,-!K/"#6&+F1!$&#/.+2!
'+$5!$%&0%!&1!3"-/'/-!+(./#!.%/!(/-/#+'!",/J2+#.*!1.+,-+#-4;L!=.!%/'-!.%+.5!$%/#/!
+! K/"#6&+! (&#3! #/0"#-/-! 0+''1! 3+-/! (#"3! &.1! K/"#6&+! "((&0/! ."! #/1&-/,.1! &,!
:+'&("#,&+5!.%/!:+'&("#,&+!'+$!+22'&/-4!@%/!0")#.!1+&-!.%+.!&.!$")'-!8/!),(+&#!."!
&32"1/! -+3+6/1! ",! .%/! K/"#6&+! (&#35! 8).! 2#"12/0.&7/'*! .%/! 0+1/! /((/0.&7/'*!
#/M)&#/-! ").J"(J1.+./! (&#31! %+7&,6! ./'/2%",/! 0"33),&0+.&",1! $&.%! 2/"2'/! &,!
:+'&("#,&+! ."! +,,"),0/! ."! +''! 2+#.&/1! +.! .%/! ").1/.! .%/&#! &,./,.! ."! #/0"#-! +!
0"33),&0+.&",4!:'/+#!,".&0/!+,-!&32'&/-!0",1/,.!+#/!1)((&0&/,.4!>=(5!+(./#!8/&,6!
1"!+-7&1/-5!+,".%/#!2+#.*!-"/1!,".!$&1%!."!2+#.&0&2+./!&,!.%/!0",7/#1+.&",5!%/!"#!
1%/!1&32'*!3+*!-/0'&,/!."!0",.&,)/!.%/!0"33),&0+.&",49;N!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
40
Cal. Pen. Code § 631(a).
41
Id.
42
Id. § 632(a). The statute explicitly excludes radio communications from the category of confidential
communications.
43
275 Cal. App. 2d 119 (Cal. App. 1st Dist. 1969).
44
Nissan Motor Co. v. Nissan Computer Corp., 180 F. Supp. 2d 1089 (C.D. Cal. 2002).
45
39 Cal. 4th 95 (2006).
46
Id. at 118.
12!
C E N T E R
F O R
D E M O C R A C Y
&
T E C H N O L O G Y
!"# $%&#'()*+,-.+/01#/2#!"#$%"&#
"#$! %$&'($)! *&+$! &',+$! -(! .#$! *,(.$/.! ,0! .$1$2#,($! 3,(-.,'-(45! &(6! .#$'$! -+! &!
'$3&'7&81$!1&*7!,0!*&+$!1&9!&66'$++-(4!9#$.#$'!.#$!:&1-0,'(-&!+.&.;.$!&221-$+!.,!
<(.$'($.!*,33;(-*&.-,(+=!<0!-.!6,$+5!,'!-0!.#$'$!-+!,($!,.#$'!+.&.$!.#&.!&221-$+!-.+!
&11>2&'.)!*,(+$(.!';1$!.,!*,(6;*.!&00$*.-(4!<(.$'($.!*,33;(-*&.-,(+!&*',++!+.&.$!
1-($+5! .#$(! (,! 2'&*.-*&1! 0,'3! ,0! ,2.>-(5! (,! 3&..$'! #,9! ',8;+.5! 9,;16! +&?$! .#$!
2'&*.-*$! ,0! *,2)-(4! <(.$'($.! *,(.$(.! 0,'! 8$#&?-,'&1! &6?$'.-+-(4=! "#&.! -+5! $?$(! -0!
.#$! <@A! ,(1)! *,2-$+! .#$! *,33;(-*&.-,(+! ,0! .#,+$! +;8+*'-8$'+! .#&.! *,(+$(.5! &(6!
.#$! 3,(-.,'-(4! ,**;'+! ,(1)! -(+-6$! &! ,($>2&'.)! *,(+$(.! +.&.$5! &+! +,,(! &+! ,($! ,0!
.#,+$! *;+.,3$'+! #&+! &! *,33;(-*&.-,(! 9-.#! &! (,(>*,(+$(.-(4! 2$'+,(! B,'! C$8!
+-.$D!-(!&(!&11>2&'.)!*,(+$(.!+.&.$!.#&.!&221-$+!-.+!';1$!.,!-(.$'*$2.-,(+!,**;''-(4!
,;.+-6$! .#$! +.&.$5! .#$! <@A! 9,;16! +$$3! .,! 8$! -(! E$,2&'6)=! "#$! <@A! *,;16! (,.!
*,(*$-?&81)! ,8.&-(! *,(+$(.! 0',3! $?$')! 2$'+,(! &(6! C$8! +-.$! -(! .#$! &11>2&'.)!
*,(+$(.!+.&.$=!F,'!*,;16!-.!-6$(.-0)!B0,'!.#$!2;'2,+$!,0!,8.&-(-(4!*,(+$(.D!9#-*#!
2$,21$!,'!C$8!+-.$+!-.+!,2.$6>-(!+;8+*'-8$'+!9,;16!9&(.!.,!*,33;(-*&.$!9-.#!-(!
&6?&(*$!,0!.#,+$!*,33;(-*&.-,(+!,**;''-(4=!
G! *,;(.$'?&-1-(4! &'4;3$(.! *,;16! 8$! 3&6$! .#&.! &(! &11>2&'.)! *,(+$(.! ';1$! -+! (,.!
&221-*&81$!.,!.#$!8$#&?-,'&1!&6?$'.-+-(4!3,6$15!+-(*$!.#$!2',*$++!,(1)!*,2-$+!,'!
6-?;14$+! ,($! #&10! ,0! .#$! *,33;(-*&.-,(5! (&3$1)! .#$! #&10! 0',3! .#$! *,(+$(.-(4!
+;8+*'-8$'=!!
Conclusion
"#$! 2'&*.-*$! .#&.! #&+! 8$$(! 6$+*'-8$6! .,! ;+5! 9#$'$8)! &(! <@A! 3&)! $(.$'! -(.,! &(!
&4'$$3$(.!9-.#!&(!&6?$'.-+-(4!($.9,'7!.,!*,2)!&(6!&(&1)H$!.#$!.'&00-*!*,(.$(.!
,0!.#$!<@AI+!*;+.,3$'+5!2,+$+!+$'-,;+!J;$+.-,(+!;(6$'!.#$!0$6$'&1!C-'$.&2!G*.=!<.!
+$$3+! .#&.! .#$! 6-+*1,+;'$! ,0! &! +;8+*'-8$'I+! *,33;(-*&.-,(+! -+! 2',#-8-.$6!
9-.#,;.! *,(+$(.=! <(! &66-.-,(5! $+2$*-&11)! 9#$'$! .#$! *,2)-(4! -+! &*#-$?$6! 8)! &!
6$?-*$! ,9($6! ,'! *,(.',11$6! 8)! .#$! &6?$'.-+-(4! ($.9,'75! .#$! *,2)-(4! ,0! .#$!
*,(.$(.+!,0!+;8+*'-8$'!*,33;(-*&.-,(+!+$$3+!.,!8$5!-(!.#$!&8+$(*$!,0!*,(+$(.5!&!
2',#-8-.$6!-(.$'*$2.-,(=!G00-'3&.-?$!$/2'$++!*,(+$(.5!&(6!&!*$++&.-,(!,0!*,2)-(4!
;2,(!9-.#6'&9&1!,0!*,(+$(.5!9,;16!2',8&81)!+&?$!+;*#!2'&*.-*$+!;(6$'!0$6$'&1!
1&95!8;.!.#$'$!3&)!8$!+.&.$!1&9+!'$J;-'-(4!&11>2&'.)!*,(+$(.!.#&.!9,;16!8$!3,'$!
6-00-*;1.!.,!+&.-+0)=!
!
FOR MORE INFORMATION
A1$&+$!*,(.&*.K!L-3!M$32+$)5!G'-!@*#9&'.H5!,'!G1-++&!:,,2$'!
NON>PQR>STOO!
13!