A pen register is an electronic device that records all numbers called from a particular telephone line. The term has come to include any device or program that performs similar functions to an original pen register, including programs monitoring Internet communications.
The United States statutes governing pen registers are codified under 18 U.S.C., Chapter 206.
The term pen register originally referred to a device for recording telegraph signals on a strip of paper. Samuel F. B. Morse's 1840 telegraph patent described such a register as consisting of a lever holding an armature on one end, opposite an electromagnet, with a fountain pen, pencil or other marking instrument on the other end, and a clockwork mechanism to advance a paper recording tape under the marker.
The term telegraph register came to be a generic term for such a recording device in the later 19th century. See for example, Frank Wood's Telegraph Register. Where the record was made in ink with a pen, the term pen register emerged. By the end of the 19th century, pen registers were widely used to record pulsed electrical signals in many contexts. For example, one fire-alarm system used a "double pen-register", and another used a "single or multiple pen register".
As pulse dialing came into use for telephone exchanges, pen registers had obvious applications as diagnostic instruments for recording sequences of telephone dial pulses. With the passage of time, any instrument that could be used for this purpose came to be defined as a pen register. Title 18 of the United States Code defines a pen register as:
- a device or process which records or decodes routing, addressing, or signalling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted, provided, however, that such information shall not include the contents of any communication, but such term does not include any device or process used by a provider or customer of a wire or electronic communication service for billing, or recording as an incident to billing, for communications services provided by such provider or any device or process used by a provider or customer of a wire communication service for cost accounting or other like purposes in the ordinary course of its business.
This is the current definition of a Pen Register, as amended by passage of the 2001 USA PATRIOT Act. The original statutory definition of a pen register was created in 1984 as part of the Electronic Communications Privacy Act, which defined a "Pen Register" as:
- A device which records or decodes electronic or other impulses which identify the numbers called or otherwise transmitted on the telephone line to which such device is dedicated.
A pen register is similar to a trap and trace device. A trap and trace device would show what numbers had called a specific telephone, i.e. all incoming phone numbers. A pen register rather would show what numbers a phone had called, i.e. all outgoing phone numbers. The two terms are often used in concert, especially in the context of Internet communications. They are often jointly referred to as "Pen Register or Trap and Trace devices," to reflect the fact that the same program will probably do both functions in the modern era, and the distinction is not that important. The term 'pen register' is often used to describe both pen registers and trap and trace devices.
In Katz v. United States (1967), the United States Supreme Court established its "reasonable expectation of privacy" test. It overturned Olmstead v. United States and held that wiretaps were unconstitutional searches, because there was a reasonable expectation that the communication would be private. The government was then required to get a warrant to execute a wiretap.
Ten years later the Supreme Court held that a pen register is not a search because the "petitioner voluntarily conveyed numerical information to the telephone company." Smith v. Maryland, 442 U.S. 735, 744 (1979). Since the defendant had disclosed the dialed numbers to the telephone company so they could connect his call, he did not have a reasonable expectation of privacy in the numbers he dialed. The court did not distinguish between disclosing the numbers to a human operator or just the automatic equipment used by the telephone company.
Pen Register Act 
The Electronic Communications Privacy Act (ECPA) was passed in 1986 (Pub. L. No. 99-508, 100 Stat. 1848). There were three main provisions or Titles to the ECPA. Title III created the Pen Register Act, which included restrictions on private and law enforcement uses of pen registers. Private parties were generally restricted from using them unless they met one of the exceptions, which included an exception for the business providing the communication if it needed to do so to ensure the proper functioning of its business.
For law enforcement agencies to get a pen register approved for surveillance, they must get a court order from a judge. According to 18 U.S.C. § 3123(a)(1), the "court shall enter an ex parte order authorizing the installation and use of a pen register or trap and trace device anywhere within the United States, if the court finds that the attorney for the Government has certified to the court that the information likely to be obtained by such installation and use is relevant to an ongoing criminal investigation." Thus, a government attorney only needs to certify that information will 'likely' be obtained in relation to an 'ongoing criminal investigation'. This is the lowest requirement for receiving a court order under any of the ECPA's three titles. This is because in Smith v. Maryland, the Supreme Court ruled that use of a pen register does not constitute a search. The ruling held that only the content of a conversation should receive full constitutional protection under the right to privacy, since pen registers do not intercept conversation, they do not pose as much threat to this right.
Some have argued that the government should be required to present "specific and articulable facts" showing that the information to be gathered is relevant and material to an ongoing investigation. This is the standard used by Title II of the ECPA with regard to the contents of stored communications. And others believe probable cause should be required; Daniel Solove, Petricia Bellia, and Dierdre Mulligan say a warrant and probable cause should be necessary, and Paul Ohm argues that standard of proof should be replaced/reworked for electronic communications altogether.
The Pen Register Act did not include an exclusionary rule. While there were civil remedies for violations of the Act, evidence gained in violation of the Act can still be used against a defendant in court. There have also been calls for congress to add an exclusionary rule to the Pen Register Act, as this would make it more analogous to traditional Fourth Amendment protections. The penalty for violating the Pen Register Act is a misdemeanor, and it carries a prison sentence of not more than one year.
USA-PATRIOT Act 
Section 216 of the 2001 USA PATRIOT Act expanded the definition of a pen register to include devices or programs that provide an analogous function with internet communications. Prior to the Patriot Act, it was unclear whether or not the definition of a pen register, which included very specific telephone terminology, could apply to internet communications. Most courts and law enforcement personnel operated under the assumption that it did, however the Clinton administration had begun to work on legislation to make that clear, and one magistrate judge in California did rule that the language was too telephone-specific to apply to Internet surveillance.
The Pen Register Statute is a privacy act. As there is no constitutional protection for information divulged to a third party under the Supreme Court's expectation of privacy test, and the routing information for phone and internet communications are divulged to the company providing the communication, the absence or inapplicability of the statute would leave the routing information for those communications completely unprotected from government surveillance.
The government also has an interest in making sure the Pen Register Act exists and applies to internet communications. Without the Act, they cannot compel service providers to give them records or do internet surveillance with their own equipment or software, and the law enforcement agency, which may not have very good technological capabilities, will have to do the surveillance itself at its own cost.
Rather than creating new laws regarding Internet surveillance, the Patriot Act simply expanded the definition of a pen register to include computer software programs doing Internet surveillance. While not completely compatible with the technical definition of a pen register device, this was the interpretation that had been used by almost all courts and law enforcement agencies prior to the change.
NSA call database controversy 
When, in 2006, the Bush administration came under fire for having secretly collected billions of phone call details from regular Americans, ostensibly to check for calls to terror suspects, the Pen Register Act was cited, along with the Stored Communications Act, as example of how such domestic spying violated Federal law.
- Samuel F. B. Morse, Improvement in the Mode of Communicating Information by Signals by the Application of Electro-Magnetism, U.S. Patent 1647, June 20, 1840; see page 4 column 2
- Frank B. Wood, Telegraph-Register, U.S. Patent 338,329, Mar. 23, 1886.
- William F. Singer, Electrical Automatic Fire-Alarm System, U.S. Patent 436,640, Sept. 16, 1890; see page 3 line 48
- Bernice J. Noyes, Electric Signalling Apparatus, U.S. Patent 534,908, Feb. 26, 1895; see page 1 lines 82-83.
- 18 U.S.C. § 3121(d)
- U.S. Supreme Court; SMITH v. MARYLAND, 442 U.S. 735 (1979)
- See Generally: Orin Kerr, Internet Surveillance Law After the USA Patriot Act: The Big Brother That Isn't