Legal status

Telephone tapping is officially strictly controlled in many countries to safeguard an individual's privacy; this is the case in all developed democracies. In theory, telephone tapping often needs to be authorized by a court, and is, again in theory, normally only approved when evidence shows it is not possible to detect criminal or subversive activity in less intrusive ways; often the law and regulations require that the crime investigated must be at least of a certain severity. In many jurisdictions however, permission for telephone tapping is easily obtained on a routine basis without further investigation by the court or other entity granting such permission. Illegal or unauthorized telephone tapping is often a criminal offence. However, in certain jurisdictions such as Germany, courts will accept illegally recorded phone calls without the other party's consent as evidence.

In the United States, federal agencies may be authorized to engage in wiretaps by the United States Foreign Intelligence Surveillance Court, a court with secret proceedings, in certain circumstances.

Under United States federal law and most state laws there is nothing illegal about one of the parties to a telephone call recording the conversation, or giving permission for calls to be recorded or permitting their telephone line to be tapped. However, several states (i.e., California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Montana, Nevada, New Hampshire, Pennsylvania and Washington) require that all parties consent when one party wants to record a telephone conversation. Michigan has a similar rule: anyone who is a party to the conversation can record it himself, but a third party wishing to record the call must get the permission of all parties to the conversation.

Many businesses and other organizations record their telephone calls so that they can prove what was said, train their staff, or monitor performance. This activity may not be considered telephone tapping in some, but not all, jurisdictions because it is done with the knowledge of at least one of the parties to the telephone conversation. It is considered better practice to announce at the beginning of a call that the conversation is being recorded.

Wiretapping methods

The official tapping of telephone lines

Lawful interception

The contracts or licenses by which the state controls telephone companies often require that the companies must provide access for tapping lines to the Intelligence services and the police. In the U.S., telecommunications carriers are required by law to cooperate in the interception of communications for law enforcement purposes under the terms of Communications Assistance for Law Enforcement Act (CALEA). Taps must be secret and undetectable.

When telephone exchanges were mechanical, a tap had to be installed by technicians, linking circuits together to route the audio signal from the call. Now that many exchanges have been converted to digital technology tapping is far simpler and can be ordered remotely by computer. Public switched telephone network and telephone services provided by cable TV companies also use digital switching technology. If the tap is implemented at a digital switch, the switching computer simply copies the digitized bits that represent the phone conversation to a second line and it is impossible to tell whether a line is being tapped. A well designed tap installed on a phone wire can be difficult to detect. The noises that some people believe to be telephone taps are simply crosstalk created by the coupling of signals from other phone lines.

Data on the calling and called number, time of call and duration, will generally be collected automatically on all calls and stored for later use by the billing department of the phone company. This data can be accessed by security services, often with fewer legal restrictions than for a tap. This information used to be collected using special equipment known as "pen registers" and "trap and trace devices" and U.S. law still refers to it under those names. Today, a list of all calls to a specific number can be obtained by sorting billing records. A telephone tap during which only the call information is recorded but not the contents of the phone calls themselves, is called a "Pen Register" tap.

For telephone services via digital exchanges, the information collected may additionally include a log of the type of communications media being used (some services treat data and voice communications differently to conserve bandwidth).

The unofficial tapping of telephone lines

It is also possible to tap conversations unofficially. There are a number of ways to monitor telephone conversations:

• "Recording the conversation" - the person making/receiving the call records the conversation using a coil tap ('telephone pickup coil') attached to the ear-piece, or they fit an in-line tap with a recording output. Both of these are easily available through electrical shops. A more modern alternative is to use telephone recording devices connected to computers, such as PhoneValet Message Center. Most who record telephone conversations, such as journalists, will refer to the recording for their work.
• "Direct line tap" - this is what the state used to do via the telephone exchange. But unofficial tapping, where the user's line is physically tapped near the house, is also possible. The tap can either involve a direct electrical connection to the line, or an induction coil. An induction coil is usually placed underneath the base of a telephone or on the back of a telephone handset to pick up the signal inductively. With a direct connection, there will be some drop in signal levels because of the loss of power from the line, and it may also generate noise on the line. A well designed induction tap does not drain voltage or current from the line because it isn't physically connected to the phone line. Direct taps sometimes require regular maintenance, either to change tapes or replace batteries, which may give away their presence.
• "Radio tap" - this is like a bug that fits on the telephone line. The state does not normally do this because they have access via the telephone exchange, though certain organizations exempt from the common framework of law applying to citizens may use devices like this. It can be fitted to one phone inside the house, or outside on the phone line. It may produce noise (there might even be signal feedback on the monitored line on poorly made equipment) to inadvertently alert the caller. Modern state of the art equipment operates in the 30-300 GHz range. The unit is powered from the line to be maintenance free, and only transmits when a call is in progress. These devices tend to be low powered because the drain on the line would become too great, however a state of the art receiver could be located as far away as ten kilometers under ideal conditions, but is usually located within a radius of 1 to 3 km. Research however has also shown that a Artificial satellite can be used to receive Electromagnetic emissions in the range of a few milliwatts.

To guard against unofficial amateur line taps, the phone should be regularly inspected, and the telephone line should be checked for new joints, or small wires connected to the line; a time-domain reflectometer is a worthy tool here. If you have reason to suspect your phone has been tapped consult a technical surveillance countermeasures (TSCM) specialist. Never contact a TSCM specialist from a phone you suspect is tapped or on any other phone on the premises or any other phone that is linked to you or your organization (home phone, company cellular, etc.).

Location data and mobile phones

Mobile phones are, in surveillance terms, a major liability. This liability will only increase as the new third-generation (3G) phones are introduced. This is because the base stations will be located closer together.

For mobile phones the major threat is the collection of communications data. This data not only includes information about the time, duration, originator and recipient of the call, but also the identification of the base station where the call was made from, which equals its approximate geographical location. This data is stored with the details of the call and has utmost importance for traffic analysis.

It is also possible to get greater resolution of a phone's location by combining information from a number of cells surrounding the location, which cells routinely communicate (to agree on the next handoff—for a moving phone) and measuring the timing advance, a correction for the speed of light in the Global System for Mobile Communications  GSM standard. This additional precision must be specifically enabled by the telephone company - it is not part of ordinary operation. There is no countermeasure against the state/telephone companies doing this, perhaps with an exception of locking the phone to only one distant base station and accessing it from a distance using a high-gain antenna (which significantly impairs the attractive mobility), limiting the location data disclosed to the network to a quite large distant arc (not a circle - the base station antennas are typically divided into three individually controlled sectors, usually 120° each).

The second generation mobile phones (circa 1978 through 1990) could be easily monitored by anyone with a 'scanning all-band receiver' because the system used an analogue transmission system-like an ordinary radio transmitter. The third generation digital phones are harder to monitor because they use digitally encoded and compressed transmission. However the government can tap mobile phones with the cooperation of the phone company. It is also possible for organizations with the correct technical equipment, such as large corporations, to monitor mobile phone communications and decrypt the audio. A special device called an "IMSI-catcher" pretends to the mobile phones in its vicinity to be a legitimate base station of the mobile phone network, subjecting the communication between the phone and the network to a man in the middle attack. This is possible because while the mobile phone has to authenticate itself to the mobile telephone network, the network does not authenticate itself to the phone. This blatant flaw in GSM security was intentionally introduced to facilitate eavesdropping without the knowledge or cooperation of the mobile phone network. Once the mobile phone has accepted the IMSI-catcher as its base station the IMSI-catcher can deactivate GSM encryption using a special flag. All calls made from the tapped mobile phone go through the IMSI-catcher and are then passed on to the mobile network. Up to now no phone is known which actively alerts the user when a base station or an IMSI-catcher deactivates GSM encryption. Some phones include a special monitor mode (activated with secret codes or special software) which displays GSM operating parameters such as encryption while a call is being made. But no matter whether GSM encryption is active or not, users should not trust the encryption to be secure enough to foil an eavesdropper. The GSM specification refers to the encryption algorithms used for encrypting voice/data services as algorithms A5/1,2,3. Today a ciphertext-only attack (an attack without knowledge of some of the originally unencrypted plaintext) requires a few milliseconds to find the correct A5 decryption key allowing the attacker to eavesdrop on any GSM phone conversation in less than a second. Other exploits on GSM security easily allow call hijacking, altering of data messages and call theft. There is no defense against IMSI-catcher based eavesdropping, except using end-to-end call encryption; products offering this feature, secure telephones, are already beginning to appear on the market, though they tend to be expensive and incompatible with each other, which limits their proliferation, much to the joy of various intelligence agencies.

There were proposals for European mobile phones to use stronger encryption, but this was opposed by a number of European countries, including the Netherlands and Germany, which are among the world's most prolific telephone tappers (over 10000+ phone numbers in both countries in 2003).

Mobile phones can be used anonymously. Pre-paid mobile phones are available without being associated with a name or address, and because cards are used there is no billing information. However, once the user has been identified as using a certain phone, they can be tracked with the unique built-in International Mobile Equipment Identification (International Mobile Equipment Identity|IMEI) encoded into each mobile phone. The IMEI emitted by the phone does not change, regardless of the SIM in the phone. It is even transmitted when no SIM at all is present in the phone. If longer-term anonymity is required, it is necessary to replace the phone and SIM every few days. Sometimes, for complete anonymity it is not advisable to have a mobile phone on your person at all. Some phones may still transmit information to the network or be accessible from the network even though the user has switched them off. It is therefore strongly recommended to remove the batteries from the phone.

One-ring calls

These calls cannot be recognized by caller ID as a CID displays the caller's number only between the first two rings. The purpose of a one-ring call is usually to determine if a person is using the phone. Accessing the telephone exchange is the only way to determine the origin of these calls.

Internet wiretapping

As technologies emerge, including VOIP, new questions emerge about law enforcement access to communications.

The Internet Engineering Task Force has decided not to consider requirements for wiretapping as part of the process for creating and maintaining IETF standards. http://www.potaroo.net/ietf/idref/rfc2804/.

History of wiretapping

During the American Civil War, government officials under President Abraham Lincoln eavesdropped on telegraph conversations. Telephone wiretapping began in the 1890s, following the invention of the telephone recorder. Wiretapping has also been carried out under most Presidents, usually with a lawful warrant since the Supreme Court ruled it constitutional in 1928. Domestic wiretapping under the Clinton administration led to the capture of Aldrich Ames, a former Soviet spy in 1994. Robert F. Kennedy monitored the activity of Martin Luther King Jr. by wiretapping in 1966.

In the Greek telephone tapping case 2004-2005 more than 100 mobile phone numbers belonging mostly to members of the Greek government, including the Prime Minister of Greece, and top-ranking civil servants were found to have been illegally tapped for a period of at least one year. The Greek government concluded this had been done by a foreign intelligence agency, for security reasons related to the 2004 Olympic Games, by unlawfully activating the lawful interception subsystem of the Vodafone Greece mobile network.

The most recent case of U.S. wiretapping was the NSA warrantless surveillance controversy discovered in December 2005. It aroused much controversy, after several people accused President George W. Bush of violating a specific federal statute (Foreign Intelligence Surveillance Act|FISA) and the United States Constitution. The president argued his authorization was consistent with other federal statutes (AUMF), other provisions of the Constitution, and was necessary to keep America safe from terrorism, and could lead to the capture of notorious terrorists responsible for 9/11.