The Government’s Wiretap Orders Still Don’t Add Up

Last week, I pointed out that the Administrative Office (AO) of the US Courts’ 2014 Wiretap Report numbers didn’t add up to the total number of wiretaps that AT&T, Verizon, Sprint and T-Mobile say they received and implemented in 2014. It has been reported that the AO has been investigating the discrepancy. Potential reasons that have been thrown out include: that the Wiretap Report includes wiretaps terminated during the reporting period, whereas the carriers report wiretaps implemented during the reporting period; that extensions weren’t counted in the AO’s numbers; or that a single order could apply to multiple providers or multiple devices, each of which the carriers might have counted separately. It is always dangerous to ask lawyers to do math, but in this case, the math is pretty simple. And it still doesn’t add up.

First, the relevant number reported by the AO is the number of applications issued in a year is contained in Table 2: “A total of 3,554 wiretaps were reported as authorized in 2014” (emphasis added). That seems to be a plain statement of the number of wiretaps authorized in 2014. There are no caveats. The table identifies each wiretap authorized in 2014 by judicial district. According to the AO, the average length of an original authorization was 30 days and the average length of an extension was also 30 days, with a total of 1,532 extensions requested and authorized in 2014. In other words, however the AO counts them, the vast majority of wiretaps are authorized and terminated during the same year. While there may be a few orders authorized a year earlier (2013) and terminated the next year (2014), those would be offset by the same thing happening between 2014 and 2015. There is just no material effect from the authorized/terminated accounting issue raised by the AO, and in any event, the federal and state appendices to the Wiretap Report (supposedly) document each and every authorization and installation date. That is, we know when carriers install wiretaps according to these datasets.

Presumably, Table 2 of the Wiretap Report doesn’t lie. It contains the total number of wiretap orders issued by judges “during the period ending December 31, 2014.” It states that 40 orders were authorized, but never installed. That is, carriers didn’t implement the orders. In 3,514 other cases, they did. How does a judge know? Because the law requires that they be advised of the progress of each tap. So we know how many orders the AO thinks were both authorized and implemented and installed. But carriers are reporting that they installed four times that number.

So what if the carriers count extensions as separate orders? Their transparency reports are not clear on this. So, if you give the AO the benefit of the doubt and add the 1,532 extensions to the 3,514 authorized wiretaps, you arrive at a total of 5,046 wiretaps. That is still only half of what appears in the carrier transparency reports; this explanation on its own simply doesn’t explain the discrepancy.

It is true that one order could be served on multiple carriers and wind up being double — or even quadruple — counted. But carriers are reporting the number of wiretaps installed. If they don’t own the target device, the carrier doesn’t have anything to implement. Ninety-six percent of wiretaps were done on mobile phones or devices. Only one carrier is providing service to each mobile phone or device on a subscriber’s plan. For our purposes, that means the situation could be one wiretap order for one carrier providing service to x devices.

Indeed, an order could list however many phone numbers the target is using. That’s counted as a single order in the Wiretap Report and could be counted as more in the carrier transparency report. But here again we know the number of targeted devices from Table 2. It tells us that the total number of orders covered a total of 3,552 devices or locations (e.g., a business or residence). Again, 3,409 (or 96%), of those taps were on mobile devices. So one carrier, multiple devices counted separately could account for some discrepancy. And the carriers’ reports could better explain what constitutes a wiretap to them. (Though each carrier report is clear that they include every order received and implemented, which seems fairly straightforward.)

The AO presents great detail about the cost, duration, nature, and location of wiretaps each year, but no one seems to be able to account for the great difference in the number of wiretaps carriers put up each year and the number the AO reports as authorized.

Perhaps one answer is that the data reported to the AO is imperfect. As the AO notes, federal judges and state judges authorized 962 wiretaps and 119 wiretaps, respectively, for which the AO received no corresponding data from prosecuting officials — despite the fact that these reports are mandated by law. The AO speculates that some of the prosecutors’ reports were received too late to include in the Report, and some prosecutors may have delayed filing the information to avoid jeopardizing ongoing investigations. But the fact remains that for nearly a third of the wiretaps authorizations granted, prosecutors failed to submit the statutorily required information.

Some in government are fond of saying that prosecutors aren’t bookkeepers and don’t have time to file reports that take away from fighting crime. But transparency isn’t about accounting, it’s about accountability. Congress and the public are told and believe that law enforcement conducts very few wiretaps, but now the accuracy of those numbers has been called into question. Are we sure all the wiretaps authorized have been reported to the AO, as the law requires? Plainly, judges report more than prosecutors, but do all judges actually report? If we are resting our policies on how much value is derived from wiretapping, surely how much wiretapping actually occurs must be known. 

About the Author(s)

Albert Gidari

Director of Privacy at Stanford Law School's Center for Internet and Society Follow him on Twitter (@agidari).