|dc.description.abstract||This symposium article is the second of two on regulation of government efforts to obtain recorded information for criminal prosecutions. More specifically, it explores the scope and regulation of "transaction surveillance," which it defines as government attempts to access already existing records, either physically or through data banks, and government efforts to obtain, in real-time or otherwise, "catalogic data" (the identifying signals of a transaction, such as the address of an email recipient). Transaction surveillance is a potent way of discovering and making inferences about a person's activities, character and identity. Yet, despite a bewildering array of statutorily created authorization requirements, transaction surveillance is subject to far less regulation than either physical surveillance of activities inside the home or communications surveillance. My principal argument is that transaction surveillance should be subject to much more legal monitoring than it is.
Part I explains why government, and in particular law enforcement, finds transaction surveillance so attractive, and why it is so easy to carry out in this digital age. Part II describes the current law regulating transaction surveillance. Not only is this regulation minimal, it is confusing and contradictory; beyond the traditional subpoena, challengeable by the target of the investigation, current law recognizes a number of subpoena mutations that seem to have little rhyme or reason. If it contributes nothing else, this article should at least clarify the nature of today's regulatory framework.
Part III criticizes this framework and outlines a more promising approach. The proposed reform recognizes, as does the current regime, that different sorts of records merit different levels of protection. But, in contrast to current law, the proposal would significantly increase the degree of protection in a number of situations, to the probable cause level for personal records held by private and public entities and to the reasonable suspicion level for records readily available to the public. The relevance standard, which is all that is required today for any type of transaction surveillance, would be reserved for investigations of organizational crime and for obtaining isolated catalogic data.
Part IV examines alternatives to these proposals. It rejects both an approach that requires probable cause for all records searches and, at the other extreme, an approach that would allow suspicionless records searches on condition that anything discovered is subject to strict limitations on disclosure. It also criticizes an approach that relies on the legislature, rather than the courts and the Fourth Amendment, to establish fundamental regulatory requirements.||en_US