“Trap and trace” sounds like a hidden wire in a cold farmhouse wall, but the law is usually narrower than that. It is not usually about hearing a phone call or reading a message. It is about the outer trail of a communication. A pen register looks at what goes out. A trap-and-trace device looks at what comes in. The words stay inside the room, but the tracks in the snow around the door can still say plenty.
Vermont does not read like a state with a long, stand-alone pen-register chapter. Its state law is built more around electronic communication privacy, service-provider records, protected user information, notice, emergency requests, and limits on real-time wireless interception. For classic pen-register and trap-and-trace orders, federal law in 18 U.S.C. §§ 3121 through 3127 still does much of the work. That means the Vermont answer has two layers: federal pen-register law for live non-message tracing, and Vermont’s Electronic Communication Privacy Act for stored or provider-held electronic information.
High-end privacy and record-security picks: a serious home or office setup can pass $2,000 once it includes a premium shredder, fire-resistant safe, hardware security keys, locked file storage, secure router, encrypted backup drive, and a privacy screen for work devices. Good Amazon starting points include a high-security paper shredder, a fireproof document safe, YubiKey security keys, a Wi-Fi 6 router with security features, an encrypted external hard drive, and a laptop privacy screen. These products can help guard papers and accounts from ordinary misuse, but they do not stop a valid court order.
What a Pen Register Does
A pen register records or decodes outgoing communication data. In old phone terms, it could show numbers dialed from a line. In modern federal wording, it can cover dialing, routing, addressing, and signaling information sent from a phone, account, device, or communication facility.
The boundary is message substance. A pen register should not record the words spoken during a call. It should not read the body of a text message, email, direct message, or chat. It can show that a communication went out and where it was aimed, but it should not open the message itself.
Think of it as someone watching outgoing envelopes at a counter. They can see the address and the time the envelope leaves. They cannot open the envelope and read the letter. Still, a stack of envelopes can show routines, contacts, pressure points, and habits.
What a Trap-and-Trace Device Does
A trap-and-trace device works in the other direction. It captures incoming communication data that can identify where a communication came from. In old phone terms, it could show the number that called a target line.
In plain English, it asks: who reached in? It may help identify the origin of incoming calls, signals, or electronic contacts. Like a pen register, it is not supposed to capture the message itself.
Picture a porch after a Vermont snowstorm. A pen register reads the tracks leaving the porch. A trap-and-trace device reads the tracks arriving at it. Neither one opens the front door or listens to the people inside.
Vermont Does Not Have a Long State Pen-Register Chapter
Some states have detailed pen-register chapters with sections for applications, orders, provider help, time limits, and penalties. Vermont’s statutes do not read that way. Vermont’s state privacy law is centered on the Vermont Electronic Communication Privacy Act, found in Title 13, Chapter 232.
That chapter deals with electronic communication services, protected user information, subscriber information, warrants, subpoenas, notice to users, emergency access, service-provider response, and real-time wireless interception. It does not look like a full state copy of the federal pen-register chapter.
For that reason, classic pen-register and trap-and-trace orders in Vermont are often best understood through federal law, while Vermont’s own act controls many requests for provider-held electronic information and adds strong notice and warrant rules for protected user information.
The Federal Pen-Register Path
Federal law starts with a broad rule: no person may install or use a pen register or trap-and-trace device unless a court order or a listed exception applies. That rule reaches private people as well as agencies. It is not a do-it-yourself tool for curiosity or suspicion.
Under the federal process, a government attorney or a state law enforcement officer may apply for an order. The application normally includes a certification that the information likely to be obtained is relevant to an ongoing criminal investigation.
That standard is lower than probable cause because the order is aimed at non-message data. The order should not allow call audio, message bodies, stored files, photos, private chats, or the meaning of what was said.
What a Federal Order Usually Covers
A pen-register or trap-and-trace order usually names the line, account, service, device, or communication facility covered. It may name the subscriber or account holder if known. It may name the person under investigation if known. It also states the offense tied to the information likely to be collected.
The order may direct a provider, landlord, custodian, or another person to furnish information, facilities, and technical help. That help should be limited to what the order calls for. A provider should not send extra accounts, extra dates, or message substance just because it is easier to export a larger file.
A proper order should look like a fenced field, not open woods. It should have a target, a time window, a kind of data, and a law enforcement purpose.
How Long the Federal Order Can Last
Federal pen-register and trap-and-trace orders usually run for no more than 60 days. Extensions may be granted, but each extension requires another request and court approval. Each extension may also run no more than 60 days.
The dates matter. The start date, end date, and extension papers draw the fence around collection. If data is gathered beyond that fence, a defense lawyer may have a real issue to examine.
For a provider, the same dates guide the response. The company should give what the order covers, not a wider time span because it is faster to pull.
Sealing and Nondisclosure Under Federal Law
Federal pen-register and trap-and-trace orders are usually sealed until the court says otherwise. The order can also tell a provider or other helper not to disclose the device, order, or investigation to the subscriber, customer, or anyone else unless the court allows it.
This is why a person may not learn about the order while it is active. A phone company, internet provider, app platform, landlord, custodian, or other helper may be under a court command to stay silent.
A business that receives this kind of order should route it to counsel or a trained legal-response person. It should not be sent around in office chat. It should not be discussed with the account holder.
Federal Emergency Use
Federal law has a narrow emergency path. In urgent settings, a specially authorized official may approve installation and use before a court order is signed. The government must then seek court approval within 48 hours.
Emergency categories include immediate danger of death or serious bodily injury, certain organized-crime activity, national security threats, and some ongoing attacks on protected computers. The emergency must require action before an order can be obtained with due care.
If the court denies the order, if the information sought is obtained, or if 48 hours pass without approval, use must stop under the federal rule. This is a fire door, not the main hallway.
Vermont Electronic Communication Privacy Act
Vermont’s Electronic Communication Privacy Act gives state law rules for electronic information held by service providers. The act defines protected user information to include electronic communication substance, email subject lines, cellular tower-based location data, GPS or GPS-derived location data, files entrusted to a service provider, data showing what a user viewed or accessed, and other data for which a reasonable expectation of privacy exists.
A Vermont law enforcement officer generally may not compel production of or access to protected user information from a service provider without one of the act’s listed paths. The main path is a warrant. Other paths include a recognized warrant exception, specific consent from a lawful user, an emergency involving danger of death or serious bodily injury, and certain correctional-device situations.
This state act is not the same as a classic pen-register order. It often deals with information already held by a provider, or with access to protected user information. A pen register or trap-and-trace order deals with live tracing of outside communication data.
Protected User Information Versus Subscriber Information
Vermont separates protected user information from less private provider-held records. Protected user information is the deeper layer. It can include message substance, location data, files, subject lines, and records that show what a user accessed or viewed.
Subscriber information is more basic. Vermont defines it to include the name, additional account users, account number, billing address, physical address, email address, telephone number, payment method, services used, and duration of service kept by a provider about a user or account.
That split matters. A request for message substance or location data is not the same as a request for a billing address. Vermont gives the deeper layer stronger protection.
Non-Protected Provider Records
For information kept by a service provider that is not protected user information, Vermont law allows several legal paths. A judicial subpoena may issue when there is reasonable cause to believe an offense has been committed and the information sought is relevant to the offense or reasonably calculated to lead to evidence.
A grand jury subpoena may also be used. A court order may be issued when the information sought is reasonably related to a pending investigation or pending case. A warrant, a warrant exception, or specific consent may also serve as a path.
These provider-record rules sit beside federal pen-register law. A live trap-and-trace device and a request for stored subscriber records are not the same tool, even if they both involve communication data.
Notice to Users Under Vermont Law
Vermont gives users notice rights when law enforcement executes a warrant or obtains electronic information in an emergency under the state act. The officer must notify the identified targets, and the notice must tell them that information about them has been compelled or requested. If a warrant was used, a copy of the warrant is included.
Notice usually comes at the time the warrant is executed. In an emergency, notice usually comes within three days after the information is obtained. That notice rule is one of the ways Vermont’s act differs from the federal pen-register model, where sealing and nondisclosure may keep the process quiet during the order period.
Vermont also allows delayed notice. A court may delay notice if notification may cause an adverse result, including danger to life or safety, flight from prosecution, destruction of evidence, witness intimidation, serious harm to an investigation, or delay of a trial. The first delay may not exceed 90 days, and the court may grant more 90-day periods on the same grounds.
Emergency Electronic Information Requests in Vermont
Vermont allows emergency access to protected user information when a law enforcement officer in good faith believes danger of death or serious bodily injury requires access without delay.
After using that emergency path, the officer must act quickly. Within five days, the officer must apply for a warrant or order authorizing the access, or file a motion seeking approval of the emergency disclosure. The court then reviews the facts.
If the court finds that the facts did not support an emergency, or denies the request on another ground, the court must order immediate destruction of the information obtained and immediate notice if notice has not already been given. This gives the emergency path a sharp edge. It is not a casual shortcut.
Voluntary Provider Disclosures
Vermont allows a service provider to voluntarily disclose information other than protected user information when state or federal law does not bar the disclosure. But Vermont also limits what law enforcement can keep from a voluntary disclosure.
If an officer receives voluntarily disclosed information, the officer must destroy it within 90 days unless a listed reason allows retention. Those reasons include specific consent from the sender or recipient, a court retention order, or a child exploitation investigation record kept in a multiagency database.
A retention order may be issued only for as long as the reason for the initial disclosure persists or when there is probable cause to believe the information is evidence of a crime. Vermont does not let voluntary data sit in a file forever without a legal hook.
Real-Time Wireless Interception Ban
Vermont has a specific rule on real-time wireless interception. A law enforcement officer may not use a device that, through radio or another electromagnetic wireless signal, intercepts in real time from a user’s device communication substance, real-time cellular tower-derived location information, or real-time GPS-derived location information.
The statute has a narrow exception for locating and apprehending a fugitive for whom an arrest warrant has been issued. It also says the section does not prevent an officer from getting information from an electronic communication service as otherwise allowed by law.
This matters because some tools can act like cell-site simulators or wireless interception devices. That kind of tool is not a simple trap-and-trace order. Vermont has a direct state rule aimed at real-time wireless capture from a user’s device.
How This Differs From Wiretapping
Wiretapping or interception deals with the substance of a communication. It can mean hearing calls, recording spoken words, reading message bodies, or capturing what people actually said or wrote.
A pen register or trap-and-trace device should be narrower. It should show outside data: outgoing destinations, incoming origins, routing, addressing, signaling, timing, and similar contact facts. It should not open the message itself.
The split is like looking at a package label instead of opening the box. Trap-and-trace law studies the label. Wiretap law deals with opening the box. Vermont’s electronic privacy rules add another layer when the information is held by a service provider.
Recording Calls in Vermont
Vermont does not have a detailed state call-recording statute like some states do. Federal law still applies. Under federal law, recording is generally allowed when one party to the communication consents, unless the recording is done for a criminal or tortious purpose.
This recording rule should not be confused with pen registers and trap-and-trace devices. Being allowed to record a call that you are part of is not the same as installing a tool to trace someone else’s incoming or outgoing communication traffic.
A person can be in the clear on one-party recording and still be in trouble for hidden account access, secret tracing, spyware, stalking, harassment, or computer misuse.
Location Data Is a Different Layer
Vermont treats cellular tower-based location data and GPS or GPS-derived location data as protected user information under its electronic privacy act. That gives location data a stronger state-law guard than basic subscriber information.
Location data is not the same as a basic trap-and-trace device. A trap-and-trace device points to where an incoming communication came from. Location data can show where a phone or person is, or where the device has been.
A contact trail is not a travel trail. A phone can create both, but the legal path should match the type of data being sought.
Service Provider Response to Warrants
Vermont gives service providers a response period for warrants under the electronic privacy act. A provider usually must produce the listed items within 30 days. A court may order a shorter period for good cause, and in that case production may be required within 72 hours.
Good cause can include serious matters like homicide, kidnapping, unlawful restraint, custodial interference, a felony punishable by life imprisonment, or child exploitation-related offenses.
This section deals with provider-held information, not live pen-register tracing. Still, it matters in real investigations because officers may use more than one legal tool. One tool may gather live contact data. Another may seek stored records from a service provider.
Service Providers and Good-Faith Compliance
Vermont protects a service provider from civil or criminal liability for producing or providing access to information in good-faith reliance on the electronic privacy act. That protection does not cover gross negligence, recklessness, or intentional misconduct.
For providers, the safest response is narrow and recorded. Read the warrant, subpoena, order, or federal pen-register order. Confirm the accounts, dates, data types, secrecy language, and return instructions. Produce what the paper requires, not a wider set of information.
A clean response record can save trouble later. Note when the paper arrived, who reviewed it, what was produced, and when.
Private People Should Not Try This
A private person should not install hidden software, hardware, router settings, call-forwarding rules, spyware, account filters, or tracing setups to follow someone else’s communications. Suspicion is not enough. A breakup is not enough. A work dispute is not enough. Paying the bill may not be enough.
Do not log into another person’s account to see who contacted them. Do not hire someone to trace calls or messages outside lawful process. Do not place monitoring equipment on a phone line, router, laptop, office system, shared account, or phone for personal reasons.
Federal pen-register law, computer-crime law, stalking and harassment laws, privacy claims, family-court orders, workplace rules, and Vermont electronic privacy rules can all come into play. A secret trace can become a legal pit.
Employers and Business Systems
Employers often keep phone logs, email routing logs, access records, network logs, security alerts, payment records, and fraud records. Some logging may be normal when tied to service upkeep, cybersecurity, billing, fraud control, or abuse response.
But secret tracking of private communications can create risk. Company ownership of a phone, laptop, router, email account, or work system does not answer every question. Written policy, notice, consent, business need, data type, and access limits all matter.
A Vermont employer should get legal review before adding systems that trace worker communication patterns beyond ordinary business logging. The safer route is written policy, narrow collection, limited access, and clean records.
Website Tracking and New Data Questions
Pen-register and trap-and-trace ideas began in the phone world, but newer disputes can involve websites, apps, analytics scripts, chat boxes, ad pixels, device IDs, IP logs, and account tracking. These systems can send user activity to outside vendors with little visible sign on the screen.
Not every web-tracking dispute is a Vermont pen-register case. Some turn on federal wiretap law, consumer law, contract terms, health data, consent banners, account notices, or how data moves to a vendor.
Vermont businesses should review tracking systems before launch. A small script can act like a keyhole if it passes too much user activity to the wrong party.
What Vermont Residents Should Know
For Vermont residents, the practical point is that classic pen-register and trap-and-trace orders usually run through federal law, while Vermont’s Electronic Communication Privacy Act controls many requests for provider-held electronic information.
If law enforcement seeks protected user information from a service provider, Vermont usually calls for a warrant unless a listed exception applies. If law enforcement seeks less private subscriber-type information, the act gives subpoena and court-order paths with lower showings. If law enforcement gets protected information in an emergency, quick court review and notice rules follow.
If you learn that one of these orders or requests was used in a case involving you, a Vermont criminal defense lawyer can review the application, warrant, order, dates, notice delay, provider return, emergency claim if any, and whether the government used the right process for the type of data gathered.
What Providers and Businesses Should Do With an Order
A provider, landlord, custodian, platform, or business that receives a Vermont warrant, subpoena, court order, federal pen-register order, or emergency request should treat it as legal process. Preserve the document. Limit internal access. Send it to counsel or a trained legal-response person.
Read the paper closely. Check the court, date, covered account or line, data type, time period, named agency, service instructions, secrecy language, notice rules, and return instructions. Produce what the paper requires, not extra data from extra accounts or extra dates.
Keep a clean record of the response. Note when the paper arrived, who reviewed it, what help was given, what data was furnished, and when. A careful response is like tying down a tarp before mountain wind arrives. It keeps the matter from tearing loose later.
Common Misunderstandings
One common misunderstanding is that trap and trace means listening to calls. It does not. It points to incoming identifying data, not the words spoken.
Another misunderstanding is that Vermont has a long state pen-register chapter like Minnesota, Texas, or Pennsylvania. Vermont does not read that way. Its state act centers on electronic communication privacy, provider-held information, notice, emergency access, and real-time wireless interception limits.
A third misunderstanding is that location data is just ordinary subscriber information. Vermont treats cellular tower-based and GPS-derived location data as protected user information.
A final misunderstanding is that paying for a phone or router lets a person trace someone else’s communications. Paying a bill is not the same as consent, a warrant, or a court order.
Bottom Line on Vermont Trap and Trace Law
Vermont trap and trace law is best read in layers. Classic pen-register and trap-and-trace orders usually rely on federal law in 18 U.S.C. §§ 3121 through 3127. A pen register looks outward at outgoing dialing, routing, addressing, or signaling data. A trap-and-trace device looks inward at incoming data that can identify where a communication came from. Neither is supposed to capture message substance.
Vermont’s own Electronic Communication Privacy Act, Title 13, Chapter 232, adds state-law rules for electronic information held by service providers. Protected user information generally needs a warrant unless a listed exception applies. Other provider-held information may be obtained through a judicial subpoena, grand jury subpoena, court order, warrant, or consent path depending on the type of data and request.
Vermont also has strong notice rules for warrants and emergency requests, delayed-notice rules in 90-day blocks when notice may cause an adverse result, emergency court-review rules within five days, a 30-day provider production period for warrants with a 72-hour good-cause path, and a ban on certain real-time wireless interception from a user’s device except for locating and apprehending a fugitive with an arrest warrant.
The law does not open the letter, but it can study the envelope. In Vermont, that envelope sits beside a strong state privacy act that guards location data, message substance, files, and other protected user information. For police, providers, employers, and private people, the safer rule is the same: use the right legal paper, keep the request narrow, and do not turn curiosity into surveillance.