If so ordered by a court of competent jurisdiction.
Essentially from lavabit it appears if you don't have technical capabilities inside the service already in place to provide pen trap level realtime reporting, they can compel you to install a pen trap device, and provide all keying/etc. required to make it work.
On June 10, the federal government served a court order on Lavabit issued under 18 USC 2703(d), a 1994 amendment of the Stored Communications Act.
The Stored Communications Act (SCA, codified at 18 U.S.C. Chapter 121 §§ 2701–2712) is a law that addresses voluntary and compelled disclosure of "stored wire and electronic communications and transactional records" held by third-party internet service providers (ISPs). It was enacted as Title II of the Electronic Communications Privacy Act (ECPA, Pub.L. 99–508, 100 Stat. 1848, enacted October 21, 1986).
(emphasis mine)
Users generally entrust the security of online information to a third party, an ISP. In many cases, Fourth Amendment doctrine has held that, in so doing, users relinquish any expectation of privacy. The Third-Party Doctrine holds "…that knowingly revealing information to a third party relinquishes Fourth Amendment protection in that information."
It doesn't follow that a private individual can be compelled to install a pen register on his/her own infrastructure.
I thought he meant "do us citizens operating services for third parties have to install pen registers". If it is your own service for yourself, they just go a layer down the stack and get your hosting provider or carrier to do so.
Essentially from lavabit it appears if you don't have technical capabilities inside the service already in place to provide pen trap level realtime reporting, they can compel you to install a pen trap device, and provide all keying/etc. required to make it work.