Saturday, April 29, 2006
Congress may consider mandatory ISP snooping | CNET News.com
Congress may consider mandatory ISP snooping | CNET News.com:
"It didn't take long for the idea of forcing Internet providers to retain records of their users' activities to gain traction in the U.S. Congress.
Last week, Attorney General Alberto Gonzales, a Republican, gave a speech saying that data retention by Internet service providers is an 'issue that must be addressed.' Child pornography investigations have been 'hampered' because data may be routinely deleted, Gonzales warned.
Now, in a demonstration of bipartisan unity, a Democratic member of the Congressional Internet Caucus is preparing to introduce an amendment--perhaps during a U.S. House of Representatives floor vote next week--that would make such data deletion illegal.
Colorado Rep. Diana DeGette's proposal (click for PDF) says that any Internet service that 'enables users to access content' must permanently retain records that would permit police to identify each user. The records could not be discarded until at least one year after the user's account was closed.
It's not clear whether that requirement would be limited only to e-mail providers and Internet providers such as DSL (digital subscriber line) or cable modem services. An expansive reading of DeGette's measure would require every Web site to retain those records. (Details would be left to the Federal Communications Commission.)"
For their part, Internet providers say they have a long history of helping law enforcement in child porn cases and point out that two federal laws already require them to cooperate. It's also unclear that investigations are really being hindered, according to Kate Dean, director of the U.S. Internet Service Provider Association.
"Our main concern on the bill is privacy, protecting the privacy of everyone out there on the Internet, but also retention of those records so law enforcement officials will have access to them, so we just need to really tinker with the language," MacGillis said.
Child porn as surveillance excuse?
Critics of DeGette's proposal have said that, while the justification for Internet surveillance might be protecting children, the data would be accessible to any local or state law enforcement official investigating anything from drug possession to tax evasion. In addition, the one-year retention is a minimum; the FCC would receive the authority to require Internet companies to keep records "for not less than one year after a subscriber ceases to subscribe to such services."
Jim Harper, director of information policy studies at the free-market Cato Institute, said: "This is an unrestricted grant of authority to the FCC to require surveillance."
"The FCC would be able to tell Internet service providers to monitor our e-mails, monitor our Web surfing, monitor what we post on blogs or chat rooms, and everything else under the sun," said Harper, a member of the Department of Homeland Security's Data Privacy and Integrity Advisory Committee. "We're seeing a kind of hysteria reminiscent of the McMartin case. The result will be privacy that goes away and doesn't come back when the foolishness is exposed."
At the moment, Internet service providers typically discard any log file that's no longer required for business reasons such as network monitoring, fraud prevention or billing disputes. Companies do, however, alter that general rule when contacted by police performing an investigation--a practice called data preservation.
A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It requires Internet providers to retain any "record" in their possession for 90 days "upon the request of a governmental entity."
In addition, Internet providers are required by another federal law to report child pornography sightings to the National Center for Missing and Exploited Children, which is in turn is charged with forwarding that report to the appropriate police agency.