Legal Definitions - Trap and trace device

A trap and trace device is a tool or process used to identify the origin of incoming communications to a specific telephone line or computer. It records information about the source of these signals, such as the originating phone number or Internet Protocol (IP) address, but it does not capture or reveal the actual content of the communication itself (e.g., the words spoken in a call, the text of an email, or the data exchanged). Law enforcement agencies often use these devices, typically with a court order, to investigate harassment, threats, or other criminal activities by pinpointing who is initiating contact.

• Example 1: Investigating Persistent Harassing Phone Calls

  Imagine a person who is receiving numerous anonymous, harassing phone calls late at night. They report this to the police, but without caller ID, they have no way to identify the perpetrator. Law enforcement obtains a court order to install a trap and trace device on the victim's phone line. This device then records the phone numbers of all incoming calls to the victim's phone, allowing investigators to identify the harasser's number without listening to the content of the actual calls.

  This example illustrates the term because the trap and trace device focuses solely on identifying the *source* (the caller's phone number) of the incoming communication, not the content of the harassing messages.

• Example 2: Tracing Online Cyberstalking Threats

  Consider an individual who is receiving a series of threatening messages and emails from an unknown sender, causing them significant distress. To identify the sender, investigators might deploy a trap and trace mechanism on the victim's email account or messaging service. This system would log the IP addresses or account identifiers of the servers or devices from which the threatening messages are originating, helping to trace the sender without reading the actual content of the threats.

  Here, the device identifies the *originating IP address* or account of the incoming digital communications, demonstrating how it pinpoints the source rather than intercepting the message content.

• Example 3: Identifying Sources of a Denial-of-Service (DoS) Attack

  Suppose a small business's website is repeatedly targeted by a Denial-of-Service (DoS) attack, which overwhelms its servers with traffic and makes the site inaccessible to legitimate customers. The company, in cooperation with law enforcement, might implement a trap and trace system on their network. This system would log the IP addresses of the incoming connections that are flooding their servers during the attack, helping to identify the source computers or networks participating in the DoS without analyzing the specific data payload of each connection.

  This example shows the device identifying the *source IP addresses* of the malicious incoming network traffic, not the data payload of that traffic, directly aligning with the definition of recording incoming signal sources without substantive content.