Bill proposes ISPs, Wi-Fi keep logs for police

Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations.

The legislation, which echoes a measure proposed by one of their Democratic colleagues three years ago, would impose unprecedented data retention requirements on a broad swath of Internet access providers and is certain to draw fire from businesses and privacy advocates.

"While the Internet has generated many positive changes in the way we communicate and do business, its limitless nature offers anonymity that has opened the door to criminals looking to harm innocent children," U.S. Sen. John Cornyn, a Texas Republican, said at a press conference on Thursday. "Keeping our children safe requires cooperation on the local, state, federal, and family level."

Joining Cornyn was Texas Rep. Lamar Smith, the senior Republican on the House Judiciary Committee, and Texas Attorney General Greg Abbott, who said such a measure would let "law enforcement stay ahead of the criminals."

Two bills have been introduced so far--S.436 in the Senate and H.R.1076 in the House. Each of the companion bills is titled "Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act," or Internet Safety Act.

Each contains the same language: "A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user."

Translated, the Internet Safety Act applies not just to AT&T, Comcast, Verizon, and so on--but also to the tens of millions of homes with Wi-Fi access points or wired routers that use the standard method of dynamically assigning temporary addresses. (That method is called Dynamic Host Configuration Protocol, or DHCP.)

"Everyone has to keep such information," says Albert Gidari, a partner at the Perkins Coie law firm in Seattle who specializes in this area of electronic privacy law.

The legal definition of electronic communication service is "any service which provides to users thereof the ability to send or receive wire or electronic communications." The U.S. Justice Department's position is that any service "that provides others with means of communicating electronically" qualifies.

That sweeps in not just public Wi-Fi access points, but password-protected ones too, and applies to individuals, small businesses, large corporations, libraries, schools, universities, and even government agencies. Voice over IP services may be covered too.

Under the Internet Safety Act, all of those would have to keep logs for at least two years. It "covers every employer that uses DHCP for its network," Gidari said. "It covers Aircell on airplanes--those little pico cells will have to store a lot of data for those in-the-air Internet users."

In the Bush administration, Attorney General Alberto Gonzales had called for a very similar proposal, saying that subscriber information and network data should be logged for two years.

Until Gonzales' remarks in 2006, the Bush administration had generally opposed laws requiring data retention, saying it had "serious reservations" about them. But after the European Parliament approved such a requirement for Internet, telephone and VoIP providers, top administration officials began talking about the practice more favorably.

After Gonzales left the Justice Department, the political will for data retention legislation seemed to ebb for a time, but then FBI Director Robert Mueller resumed lobbying efforts last spring.

This tends to be a bipartisan sentiment: Attorney General Eric Holder, a Democrat, said in 1999 that "certain data must be retained by ISPs for reasonable periods of time so that it can be accessible to law enforcement." Rep. John Conyers, the Democratic chairman of the House Judiciary Committee, said that FBI proposals for data retention legislation "would be most welcome."

Smith, who sponsored the House version of the Internet Safety Act, had previously introduced a one-year requirement as part of a law-and-order agenda in 2007.

A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It requires Internet providers to retain any "record" in their possession for 90 days "upon the request of a governmental entity."

Because Internet addresses remain a relatively scarce commodity, ISPs tend to allocate them to customers from a pool based on whether a computer is in use at the time. (Two standard techniques used are the Dynamic Host Configuration Protocol and Point-to-Point Protocol over Ethernet.)

In addition, Internet providers are required by another federal law to report child pornography sightings to the National Center for Missing and Exploited Children, which is in turn charged with forwarding that report to the appropriate police agency.

The Internet Safety Act is broader than just data retention. Other portions add criminal penalties to other child pornography-related offenses, increase penalties for sexual exploitation of minors, and give the FBI an extra $30 million for the "Innocent Images National Initiative."

[pgp_protector]

*** ?

Can I get a Stimulus Check to pay for a server to keep the data for 2 years worth of web / email / game logs / ect

[carydc2]

Amen Brother. Non Technical People making Technical Decissions they have NO FREGGIN Idea what the Technical Hurdles they are putting in place nor how the Hades they can really enforce this ********.

[carydc2]

Folks,

This is going to damned far.

This is rediculous.

I can see if we had people that were tech savy running these wifi access points.

But by and large most have not a damned clue one what they are doing when they put up a WiFi access point. The majority NEVER turn on the security, including the businesses. And even when the security is turned on it is NEVER of the type that is not easy to break through. Remember all the Credit Card Scandals not but months ago where the drive by hijacking of Credit Card Numbers were happening.

No LAWS were put in place then.

But NOW, we are concerned about Child Porn and Exploitation.

Rip People off. But protect the children.

Smacks of Hipocritical Politics.

Pass the law requiring that EVERYONE Turn on the Security that Can not Easily be broken for personal use PERIOD.

Then require those that do not comply for what ever reason to keep the records.

If they want the records so darned bad, then require that the logs be sent to a central log server at the local police station if it is so important to have the freggin logs then make the PD responsible for collecting them.

[blusky08]

This is exactly the problem with the REPUBLICAN party: They claim they want Big Brother out of our lives, less government interference. BUT, they only mean that where big business is concerned. When it comes to individual privacy they want to be right there in your personal life.

We all want to protect children, but this nantra is being abused to infringe on our freedoms just like the drum beat against terrorism. As Benjamin Franklin said: Those who give up freedom for security will soon have neither (because the security itself will become the oppressor).

[aeonlife7]

You are wrong blusky08. It is not the republicans doing this, it is the democrats. The DEMOCRATS are in control of both houses of Congress and the Presidency. You are obviously very uninformed.

[skellener]

> Republican politicians on Thursday called for a sweeping new federal law....

First line of the article. Doesn't say Democratic politicians...

Regardless who called for it or who votes for it, it must be stopped.

[tgrenier]

The article states in the first line "Republican politicians on Thursday called for a sweeping new federal law."

Not my line but i do like it:: Republicans want government just small enough to fit in your bedroom."

This will never pass. They might as well make sunrise illegal and try to enforce it. Besides ,what good would it do to know that my linksys gave someone 192.168.1.102 for an hour on Tuesday January 28th. I won't know who it is.

[khm95841]

Dear aeonlife7...Please get your facts straight before you unveil your ignorance: Senator John
Cornyn [Texas] is a REPUBLICAN sponsoring the Senate bill [without co-sponsors]; who, in
my opinion, ought to be investigated for consorting with, and accepting monies from the 'thieves of Enron'...[By the way, let's examine Ken Lay's coffin to be sure that it contains HIS body!]
And, Representative Lamar S. Smith [Texas/21st district] is a REPUBLICAN...the sole sponsor
of the House bill.....Both bills have been referred to 'committees'; where, hopefully, they will die an ignominous death...

These guys have been screwing up the country for over 8 years now. The past election should have given them a hint but I guess they won't stop till there is no country left. They need to all be rounded up and sent on a one way trip to guantanamo bay.

[gabeheim]

If one thinks that the democrats care about their freedoms more than the republicans, then they are quite ignorant. Clinton wished he had the patriot act; his administration failed to get some of the provisions that ended up in the patriot act passed because until 9/11 we had not experienced such an attack. President Johnson was wiretapping in the 60's, and I believe he knew full well what J Edgar Hoover was up to. In fact, it is due to abuse by Johnson's administration/justice department, as well as Nixon's, that most of the 1970's wiretapping reforms were passed. Unfortunately, many people aren't able to see past the last 8 years and realize that politicians have always been out to screw them.
Anyways, democratic and republican politicians have been for the most part technically ignorant, and so many in the house and especially senate are technologically inept. Obama is the first president to come into office as a serious internet user, and I am sure that the technical expertise regarding data retention is "beyond his pay grade". One hopes that he will listen to the experts, since it seems the house and the senate does not.

[bonochromatic]

Don't worry, folks - this one will NEVER happen. Not only won't it pass, but even if it could pass, the government has no way to keep track of any of it.

This is a perfect example of legislators trying to pass laws about things they simply don't understand.

And why does it always have to be about "the children?" Screw the children!

[Imalittleteapot]

"Screw the children!"

Can I subscribe to your newsletter?

[teh_chrizzle]

"Screw the children!"

screwing children is what this whole mess is supposed to prevent.

[gsekse]

The FBI/Big Brother internet monitoring system has now taking your "*** the children!" remark and earmarked you for monitoring. 8)

[gmclean0402]

Ah, but if it does, they really don't have to keep track of EVERYONE... they just haul the law out and whack it over the head of anyone they want if something else doesn't stick.

[Inconnux]

This just goes to show that they have NO IDEA what they are talking about... logs for 2 yrs... /me shakes his head.

[c-me-myway]

The Soviet Union did not die, it moved to the USA! This is another one of those laws (or attempts) which is a time and money waster, later to be ruled illegal. Following the 'keep the public scared attitude' of the Bush Administration here is another time and money waster!

[Fe1d]

Even the Bush Admin opposed this measure when a Democrat proposed it.

[declan00]

Correction, Fe1d: The Bush admin opposed this measure when the *Europeans* proposed it. Then, after a few years, Attorney General Gonzales became Washington, DC's biggest champion of the idea.

[Michichael]

Oooh... nice burn. :D

[kenstech_com]

It's not "about the children." If they gave a damn about the children they would make it a priority to round up street kids selling their bodies in most major cities in America and find them a safe home.

This is just another attempt to regulate the internet. The Government Class doesn't like the freedom of the internet. When people feel they can speak freely, they say all sorts of things that the government lackies don't want them to say.

The point of legislation like this is not so much to actually implement a law restricting speech, but to create the climate of fear, uncertainty and doubt on the internet that exist in real life. The idea is that if people THINK they aren't free to speak their minds without sanctions, then they will censor themselves, and we can go right along continuing to believe we are a free society.

Ken
www.kenStech.com

[mattumanu]

Those are good points Ken, but I'd like to add something that everyone needs to pay close attention to. If such a law passed, some company somewhere would have to create the software and possibly build servers that would do the job of keeping track of and logging the information. I would say that there are a number of companies who are, at this very minute, lobbying for such legislation because they want to be the creators of the next big tech wave, and they will be lobbying hard to get legislation passed that will facilitate their new products. This is why the old guard makes these kinds of moves, not because they are stupid or because they know anything, but because some lobbyists are greasing their palms to get the legislation passed.

Get such laws passed and you instantly create demand for products that people will be mandated to buy... It's a bit like the auto insurance scam where everyone is mandated to have insurance no matter what... You, me, and everyone will be forced to buy these devices and software in order to comply with the new law.

Take heed.

[thedr9wningman]

mattumanu nailed this. I must add that this may shut down free/state-provided ISPs because they may not have the means to store 2 years of data for something that isn't for-profit. And it isn't free wi-fi non-profits who lobby congress for more profits; those are solely in the big-business camp.

This will further harm the have-nots because they won't be able to afford internet access, so kids in poor neighbourhoods who now have access to the internet for free will have their connection shut off. It's brilliant, really... unless of course, you're trying to make ends meet and can't afford internet access.

Winners and losers: that's the mindset here. Create winners and losers, even when the way we have it now doesn't even have a game to be played.

[Harrison912]

As a webs site owner of safety and security products, I'm all about catching and punishing the bad guys. Our law enforcement agencies need all the help they can get but there is a fine line between cooperating with them and invading our privacy. We all need to be vigilent in watching this legislation as it moves forward.

I agree with mattumau to a point. There is probably some lobbying going on but the need for technology drives invention and thus the American way. American have always had the freedom to capitalize on meeting the needs that are presented. Many jobs can be created with this particular situation.

There are countries out there whose citizens would love to have the opportunities that we enjoy here even though we have to weed through the lobbyists, corruption and propeganda to actually see our free enterprise system at work. I'm very thankful we have the systems in place in our country that help us survive through all of this.

[girble]

I'm pretty sure that most children are being harmed by each other on the internet and not by strangers. This is the same as "don't take candy from strangers." If children are actively being exploited via the internet still, it's the parents' fault, not everyone else's who just wants some privacy and to have a Wi-Fi network.

I agree with carydc2, that if they really want to log everyone's Wi-Fi usage for police, then the police should be responsible for it.

All I want my ISP to do is provide a connection to the internet.

[gerrrg]

I can't wait to give John Cornyn the finger.

Talk about bypassing the Constitution against unreasonable searches and seizures. First they give the NSA warrantless wiretaps, now they're giving Big Brother the right to make us spy on each other.

Love Orwell, hate the fact that George was 100% right.

[skillingssucks]

Yeah baby, keep voting Republican. (rolls eyes)

[Endbringer]

This isn't a republican or democrat thing. Both sides have been proposing laws like this for at least a decade. It's the "elite" government class that is wishing to control the population. I would hope if something like this ever passed that groups like the EFF and others will sue based on 1st and 5th amendment grounds. The only problem with that is our justice system doesn't pay attention to what our Constitution says, so it might not even matter.

10th amendment anyone? It doesn't allow the government to do things like this, but no one ever questions it on those grounds.

[declan00]

ss: A Democratic politician (Rep. DeGette) was the first to propose such legislation in the U.S. Congress, and the current Democratic attorney general was the first executive branch official of either party to propose it, as far as I can remember. The Democratic chairman of House Judiciary, which is responsible for writing such legislation, said it's a good idea.

Perhaps you can explain, in detail, why you think only Republicans like this approach?

[KinoM]

declan00: "Perhaps you can explain why you think Republicans like this approach"

Maybe because bill S.436 is sponsored by Senator John Cornyn (R-TX) and bill H.R.1076 is sponsored by Rep. Lamar Smith (R-TX)? Call me crazy but that sounds like Republican support to me. However, both sides of the aisle are supporting some version of this bill.

[wickedss]

KinoM: I like how you removed "only" from his quote in order to avoid actually responding to his statement and just spew your republican hatred. He said the same thing you did...that both sides want this crap not just one. Learn to read before replying.

"Better to be thought a fool than to open your mouth and prove it"

[Joetwopointoh]

There is currently very little a home user can do to keep logs of wifi (or even wired) usage.Some but not most routers have such a utility and of those that do the logging is extremely limited such as the last ten in/out by IP only with no ability to save the information.

Once again, people with little to no knowledge coming up with stupid ideas. Isn't it obvious to everyone by now that we've suffered enough of this? There's very little left for these people to ruin.

[declan00]

Joetwopointoh: If the law says "logs must be kept of X," and current routers cannot keep logs of X, then anyone targeted by the law will have to get new hardware or software, or both. This legislation doesn't have an exception saying: "If it's a pain to comply, you don't have to."

[Fe1d]

Sounds like we'd only need to keep user ID, IP address, and start/end times. It's not very much data, and easily to put in router firmware. But, it does seem as Orwellian as requiring a retina scan to use a public pay phone. On the one hand, "those who are willing to sacrifice liberty for security deserve neither." On the other hand, "those who refuse to defend themselves guarantee their own defeat." It can be a tightrope walk, but it feels like we're sliding down the Patriot Act's slippery slope.

The headline led me to believe a whole party had rallied behind it, when in fact, precisely two Republicans with no co-sponsors re-introduced a measure formerly proposed by a few Democrats, but opposed by a Republican administration. We call that "bipartisanship". Perhaps not *good* bipartisanship, but blaming this on either party is unfair. When Charles Rangel (D-NY) introduced a bill to reinstate selective service in 2003, credible headlines didn't proclaim, "Democrats: We Want to Draft You to War". Such one-sided sensationalism might make a great blog entry title, but shouldn't be tolerated in news reporting, unless objectivity is no longer a priority.
http://www.cnn.com/2003/ALLPOLITICS/01/27/rangel.draft/

[Fe1d]

The original article title was "Republicans: All ISPs, WiFi nodes must keep logs for police". Thanks for listening, CNET. Keep up the good work!

[declan00]

Fe1d: You say the idea was "opposed by a Republican administration." The article itself says: "In the Bush administration, Attorney General Alberto Gonzales had called for a very similar proposal, saying that subscriber information and network data should be logged for two years."

[killer_storm]

the problem is "user ID", apparently, and it is not a technical problem -- you'll need to identify users somehow, and it cannot be done automatically. thus it will require looking up ID of everybody who wants to use network and logging this information manually. indeed, it is as ridiculous as getting retina scan to use a public phone.

[Imalittleteapot]

HAHAHAHAHAHAHA. Keep your logs. Go Ahead. I promise you if I do something illegal I'll use someone else's connection!

[Imalittleteapot]

Oh, and I will not keep my wifi logins. I will spend 10,000 years in prison before I ever comply with this crap. HAHAHAHAHA. Come on people. It's time to draw the line in the sand on this Government.

[Lerianis]

The fact is that is what is going to happen..... you would have to be an idiot to use your own connection to download illegal stuff when there are so many wi-fi unsecured access points all over the place even in the boonies where I live.

[tiersofaclown]

Don't forget to change your MAC address first - which is easily done. Totally useless legislation. Stupid, useless politicians strike again.

[ddhboy]

The children are always the new scape goat for these kinds of things. Its not even like Child Pornography is so rampant that we have to put up walls all over the internet. I remember reading an article about how ISPs didn't want to bother keeping logs on people because of the cost and shear impracticality of keeping a log of what EVERYONE on their service did on the internet. Then the FBI basically called the pedo supporters if they didn't keep logs. Its as bad as using the terrorist to tap phone lines. This government is out of control and there isn't a person in congress or in the white house with the will to stop it in fear that they'd get accused of supporting Child Porn for not cracking down on our freedom of privacy on the internet from the government.

[Hunnter2k3]

Oh wow, fail much?

DHCP [_]
Where's your law now?

But seriously, what a bunch of tools.
This is impossible to pull off without massively changing EVERYTHING.
And good luck storing ALL of that information.

I really hope something bad happens to the people who thought of that, something really bad.
They always use the stupid "THINK OF THE CHILDREN" bull. to try and get the attention of people.
IT WON'T WORK AGAIN, IDIOTS.

If this one goes through, i suggest every one of you complain to everyone you can, flood their servers and phone lines if you have to.
Get it through their thick skulls that this is simply impossible, and such a massive waste of money and time.

[irondog1970]

Big Brother is watching you.

[limaxray]

So basically I'll have to spoof my MAC address before exploiting children - oh no it'll take me a whole extra minute to get my exploitation on!

No, I think this law is more to create a reason to prosecute access point owners than it is find child molesters.

[rmva]

You always have to consider the source. Just because a politician stands in front of a camera and microphone doesn't mean his words carry any weight. Declan has a history of not being able to filter the wheat from the chaff.

[R²]

Depending on what exactly the "logs" are suppose to look like, this wouldn't be as hard as I think everything thinks it could be. OK, giving out public Internet addresses for ISPs might be difficult to track, but for everyone else giving out private addresses why couldn't you just use a 10.0.0.0 class A address space for your leases and have them expire every two years. You need to track down a MAC, just look at your active leases and there you go. Personally, I don't know of any Starbucks that has 16,777,214 wifi customers in a two year period...maybe the one in Seattle. Home users could do the same, it wouldn't be any different than the 192.168.0.0 address space they are currently using, set the lease expiration on your router or wifi ap to two years and you'll always get the same addresses.

[phrozen_ghost2009]

BECAUSE WE HAVE RIGHTS..its exactly because of people like you that our rights are slowly eroding away. Its NONE of their business...If they have a court order or a warrant bring it on, but Jesus..*** is going on? I'm sure you would also agree to having a chip put in ur ass so they could protect children too..what a dumb ****....

Call your representatives and rail against this....dont be a dummy like "R"

[techwiz2001]

@phrozen_ghost2009

AMEN!!!! Big government is what is ruining this country. The USA was founded with 13 colonies working together for a common goal. That shouldn't have changed. The states should be the one's with the majority power for their land. the federal government should be a small "peace keeper" for states that don't get along.

[MadLyb]

Who ever thought we would have to use TOR servers in the US for some semblance of privacy?

This is surveillance, wrapped up in the guise of protecting children and it needs to be fought vigorously.

[sparrowhyperion]

I'm all for protecting kids, but.......

Someone needs to insert a particle of grey matter into these idiot politicians who have no idea what would be involved in implementing this pile of rubbish. I know I can't afford the kind of equipment it would take to do it on my home network.. And I won't even begin to get on the subject of to what a huge privacy risk this bill would create. Hopefully our new President is smarter than the last one (Any member of Alvin and the Chipmunks would qualify for that..)

[R²]

You probably already own a wifi router, perhaps linksys, dlink, or heck even one of those crappy Belkin routers can assign a 10dot class A network range to your computers and have the lease expire after two years. IT'S NOT THAT HARD! geesh... and corporations (even small businesses) can easily afford to keep that kind of record for that period of time for private ip assignments. Like I said, ISP's would have a tougher, but not impossible task of doing the same, just with a smaller pool of public addresses.

Now if your talking about prevening MAC spoofing, now your into the whole realm of network security not just DHCP address management, but nothing in that article even hints at that.

[champion77]

R2,

I agree that it is probably doable, and I know people are worried that they would have to purchase new hard drives or whatever, but the issue is that the govt is really grossly overstepping their bounds on privacy. I am all for investigating child porn. child porn and exploitation is a horrible injustice against children. But they need to find other ways to investigate it.

Start with human trafficking.

Maybe keep logs of sex offenders. But not innocent America.

That is the issue, my friend.