Data retention bills to benefit copyright holders

If a new federal proposal announced this week requiring Internet providers and Wi-Fi access points to keep records on users for two years becomes law, police would not be the only ones to benefit.

So would individuals and companies bringing civil lawsuits, including the Recording Industry Association of America and other large copyright holders, many of which have lobbied for similar data retention laws in other countries.

When filing lawsuits over suspected online piracy, lawyers for the RIAA and other plaintiffs typically have an Internet Protocol address they hope to link with someone's identity. But if the network operator doesn't retain the logs, the lawsuit can be derailed.

Marc Rotenberg, director of the Electronic Privacy Information Center in Washington, D.C., said the Internet Safety Act would "create new risk" for Internet users and expose them to "possible liability in civil suits and supboena fishing expeditions--it's a terrible idea."

The pair of Texas Republicans who announced the proposal at a press conference on Thursday--Rep. Lamar Smith, the ranking member on the House Judiciary Committee, and Sen. John Cornyn--said it's necessary to protect children online. The Internet's "limitless nature offers anonymity that has opened the door to criminals looking to harm innocent children," Cornyn said.

Large copyright holders that are members of the RIAA and the Motion Picture Association of America have supported similar data retention regulations in Europe. They wrote in a 2005 letter to a committee of the European Parliament that "it is essential that service providers retain the relevant data for a reasonable period and that the data can be disclosed for appropriate purposes."

The letter--which argued for a data retention period of at least six months and preferably longer--was signed by Time Warner, Universal Music Group, Walt Disney, Warner Music, Sony Pictures, Sony BMG, and EMI, along with the MPAA and IFPI, the RIAA's international affiliate.

The MPAA and RIAA did not immediately respond to a request for comment on Friday. The FBI referred calls to the Justice Department, which did not comment. Neither of the bill's sponsors, Smith or Cornyn, would comment.

Under the new House and Senate bills, one benefit to companies bringing copyright lawsuits is that universities, schools, libraries, and commercial broadband providers would have to keep records of who's using which IP address for at least two years.

Few universities, which have been targeted by the RIAA as part of their anti-file-sharing campaign, seem to do that. Cornell University's Web site says it "typically keeps these logs 6 months." The University of Nebraska-Lincoln, according to a local newspaper report, keeps logs for a month. When contacted for an earlier CNET News story, Georgetown University refused to disclose how long it kept logs.

In the past, at least, the RIAA has not always filed cases quickly, and would benefit from longer data retention durations. In one 2007 case, the suit was filed in September, even though the IP addresses listed as sources of piracy dated back to February. Another RIAA case against 21 "John Does" at Boston University was filed four months after the alleged infringing activity.

In addition, the millions of American homes with Wi-Fi networks or wired routers would have to keep logs.

Paul Levy, an attorney at the Ralph Nader-founded Public Citizen group who has litigated Internet anonymity cases, says: "I have a Wi-Fi network at home, and i would have no idea how to retain IP information."

"This has a chilling effect on speaking, the fact that your information remains around for such a long time," Levy said.

In an opinion article published in the Dallas Morning News on Thursday, Rep. Smith defended his legislation by saying: "How many times have we seen TV detectives seek call logs of a suspect in order to determine who he has been talking to? What if the telephone companies simply said to the detectives, 'Sorry, we get rid of that information after 24 hours?'"

Two bills have been introduced so far -- S 436 in the Senate and HR 1076 in the House. Each of the bills is titled "Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act," or Internet SAFETY Act.

[Penguinisto]

So when the RIAA comes a'knocking against any copyright violator who has more than two working neurons, what are they going to do when the IP addy turns out to be an impromptu proxy server sitting somewhere halfway across the planet?

Seems like the only thing this will do is to make it easier to catch the kids and the amateurs... anyone who trades copyrighted material w/o permission is likely to already have proxies plugged in - be they online somewhere, or pulled from a zombie/bot.

Meanwhile, sure... the hot-spots will have to keep IP addy records now. Great! so how do you convert a (likely) spoofed MAC address into real-life human being that happened to stop by a few months ago for some coffee and some Internet connection action? Oh, that's right - you can't. Since most places offer free wifi, who are you going to tie it to? What about folks who use liveCD + geek stick at a library?

With really big files (e.g. movies), okay - there's a really big time window involved. But with songs? Pfft - a popular song can likely be downloaded in less than 5 minutes, even at wifi speeds. That, or you just pick from the plethora of freely accessible (and even freely crackable) home WAP kits out there (in an apartment you can get up to dozens to pick from, and have plenty of time to crack into one, or two, or four...all without the owners' knowledge, let alone blessing).

So much for silver bullets...

/P

[mmagliaro]

All the things you cite are big stumbling blocks to finding you, but they are not insurmountable.
It really all depends on how fierce, determined, and crazy they are with this.

That proxy server will also have to keep IP address records. They will get the proxy server's logs, and see
what address it translated you to. Now, if that proxy server is overseas, good luck forcing them
to obey any of our laws, so in that case, you'd probably be safe. Of course, if you do that, you run the
risk that the very proxy server you rely on is itself a handy host site for hackers trying to break into your PC.
The lawlessness in foreign countries trying to crack into our computers is high for the same reason - hard to prosecute.

A spoofed MAC address is irrelevant. They'll start doing what hotels often do. They let you have free wifi access,
but when you first connect, their access point routs you to a web page that requires you to enter an id code. They will give you the id code for free, but you have to show a photo id to get it at the counter, and they will record it.

Ditto on the WAP/WEP crackers. Yes, you can crack into somebody else's Wifi access, but that's the reason they want ALL Wifi to be required to keep these logs, so now matter where you connect to the internet, you can be tracked.

Look, I agree with you, this is madness. But don't think they won't find you if they really want to.
They are out to make sure nobody can privately use the Internet anymore. And one way or another,
if they are not stopped on grounds for personal privacy, they are going to do it.

[geshp]

Big ISP's typically have better things to do than to record all data traffic coming across the lines. Without digging into the wording of the proposed bill, I would assume this is just matching IP addresses to the customers that use them. This potentially could help the police prosecute child predators online better, but obviously, yes, the RIAA is going to abuse this law for everything it's worth. Lock up your Wifi boxes. Uncle Riaa's coming after you!

[agoristal]

"In addition, the millions of American homes with Wi-Fi networks or wired routers would have to keep logs. "

BWAHAHAHAHAW! That part is just F'N HILARIOUS!!! Exactly where is the investigation and enforcement money for that inspired stroke of genius (well, it would seem to involve SOME kind of stroking action...) going to come from? I guess irongeek is going to need to add a "logging" flag to the iGIGLE database...

-AleG

[Penguinisto]

"It really all depends on how fierce, determined, and crazy they are with this."

...hey folks! Today we're going to demonstrate a little something I like to call 'Argumentum Ad Absurdum' Now follow the bouncing fallacy...

"They will get the proxy server's logs, and see what address it translated you to"

Heh - so they're going to hire a Jack Bauer-like figure to go overseas and bust into some poor sap's little shop in, say West Armpit (in Upper Slobovia), and confiscate his mail server all because Little Timmy was smart enough to rig up a proxy to get some free Miley Cyrus songs, right?

But hey, let's make it easy on your argument and follow it more closely: we'll move the proxy machine stateside (and forgetting about things like, oh, TOR... just for a moment). So the Copy-Cops latch onto the proxy server... and discover to their horror that the thing hasn't been keeping logs because it was never supposed to be a proxy server in the first place. Or, there's no logs because the admin, who was weasel/dumb enough to make/leave it an open proxy, is 10000% likely to not have logging set up on it either - not for two MB's worth, let alone two years.

"A spoofed MAC address is irrelevant. They'll start doing what hotels often do. They let you have free wifi access,
but when you first connect, their access point routs you to a web page that requires you to enter an id code."

Sure... let's walk through this real quickly:

'Hi - I'm in room (some room number that's not really mine), and I'd like wifi access, please.'

99 times out of 100, that's how you get one without the slightest hint of traceability - assuming they even have such a system in place. We're talking statistical near-certainty that you can pop that one faster than you can download a keygen.

(there are of course exceptions, but they are surprisingly few and far between unless you're paying for the access - even then social engineering is not exactly an unusable art).

But yep - that's what a RADIUS server does - tracks what MAC addy did what, and where - assuming that it's actually traceable to your room, and not some other poor schmuck's.

"Yes, you can crack into somebody else's Wifi access, but that's the reason they want ALL Wifi to be required to keep these logs, so now matter where you connect to the internet, you can be tracked."

...a home wifi router with at least 1gb of flash storage would cost what, d'ya think? Because if it ever gets affordable, I know of a lot of folks who suddenly provided every cracker on the planet with free distributed storage, and you won't even have to pop a PC anymore (hint: "admin" "password")


Basically, sure - with an outlandish budget (say, 6x the US' current GDP), and enough manpower to staff your own private planet? Well, you can get past anything, enforce any law, and basically lock things down to the point where no potential lawbreaker ever dare raise his or her head (The USSR under Stalin - perfect example). That said, well... we gotta draw the line somewhere on this side of reality, so whatcha gonna do? There comes a point where the 'crime' is far more prevalent than 15000x the staffing in a typical police department or bureau could ever hope to keep up with (see also the huge ratio of recreational drug users and pushers vs. the number who actually get caught).

[philosfool]

I'm willing to sacrifice the entertainment industry to pirates before I'm willing to have ISPs start collecting this kind of data. How about we start recording everyone's phone calls to see who's dealing drugs? I mean, we won't have the government keep this information, we'll just have the phone companies do it. And then we'll subject them to search warrants when we're ready.

This is dangerous legislation.

[gumpman155]

What I see here is the U.S.S.A . This legislation is with this Internet Protection Act is nothing more then one more arm of the U.S.S.A. witch should be the U.S.S.R. thats what America is now. We are no longer a free country any more. If we were a free country then the government wouldn't be doing things that hurt us. This kind of legislation is what the country of China has. Welcome to the New Red America. Ita all about big business big corperations big government $$$$$$$$$$$$$$$$$. Welcome to the United Socialist States of America with the e turned backwards. Or you could called Communist America. Thats what we are now. Thank you dimacrats and Republicans for piching the Republic down the toilet.

[imhodudes]

"The Internet's "limitless nature offers anonymity that has opened the door to criminals looking to harm innocent children," Cornyn said."

When it comes to military operations in the *name* of freedom, we can kill hundreds, tens of thousands of children ("Didn't mean to but whatcha gonna do?"). When it comes to really defending actual manifestations of freedom like the ability to communicate, just the idea of harming a child means we have to repress anything that might conceivably challenge corporate or big-media messages. Of course, big-media messages - even sexualizing childhood (Levis, Calvin Klein) must be protected at all costs.

[Mezzrow]

Absolutely correct. I applaud your clear thinking and well spoken comment

[StevenRh2co3]

It's easy to see who is working for whom here. But, remember, it's all for the children.

[CaliforniaNative023456]

How many convictions have come from these "protect the children and sacrifice your privacy" schemes? When was the last bust of even a slightly major children's porn internet operator? If the road to get to prosecution of these folks was sacrificing the privacy of millions of Americans then wouldn't the news show how many were caught? Why sacrifice our privacy for zero results?

[StevenRh2co3]

This is not a communist or socialist thing; this is a Fascist thing. The merger of corporate and political leadership is Fascism. The jackboots only come out when enough people catch on and want to change it.

[gggg sssss]

Send the drafters of this proposal, and teh RIAA and MPA to China. They will fit right in

[scottthesculptor]

lots of reaction to something that will never pass.

"Texas Republicans" trying to hide money making legislation under the guise of "protect the children"

[kgsbca]

scott, don't be too sure about it not passing. Hollywood wants this worse than anything, and they are big Dem. donors. I only hope if it does pass, that it is used to get access to the politicians' and studio execs internet activity, which then needs to be publicized. The fools that want a dangerous weapon like this need to see what it can do to them.

[gggg sssss]

then again, ssl will solve any potential data leaks to teh feds

[malcarada]

Child porn is being used once more as a excuse to pass laws that will infringe on citizens right to a private life.

All this child porn on the internet is being blowed up out of proportion so that right wing politicians can get support to pass laws that would not have any support otherwise.

[Maccess]

That appears to be the approach in other countries: Linking children to the passage of "Internet Safety Bills," which are really all about eliminating threats to the old business models of movie, music and software companies and less about children's welfare.

[Mezzrow]

The majority here are absolutely correct. This legislation has nothing to do with Child Safety and everything to do with the Neo-con's desperate attempt to re-institute the fascist agenda which has been derailed by the American People waking up and seeing what the Bush-Cheney regime was really all about.

Still the biggest liars on the planet, with that "used-car-salesman" smirk still intact. Republicans claim they want less government. But they want that little bitty government to control every single aspect of our lives. Wherever a book needs banning, or a group of people need to be marginalized you will find a Republican. Wherever a constitutional right needs removing or a civil right needs to be ignored, you will find a Republican.

I find it telling that the Conservatives/Republicans claim to be the most "Patriotic". They wrap themselves up in the flag and yet, every legislation they sponsor, every regulation they knock down, shows the utter contempt they hold for our Constitution. In fact, the contempt they hold for American values altogether. (Torture is OK... because we are scared. Civil Rights must be suspended... because we are scared.)

Well, if it happens, I will be a test case, because I will be DAMNED if I will keep any logs or give ANY information to Government shills. The Federal Government exists to serve ME, not the other way around.

(And hey, that goes for Liberals too. You start pulling ****, you will get major blowback believe me.)

Senator Smith, you're appeal about catching child predators is great propaganda... and utter HOGWASH! There are other methods to do good without doing bad to get there. Do some research or crawl back under your rock.

[Penguinisto]

"People waking up and seeing what the Bush-Cheney regime was really all about. "

Good afternoon! I realize you've been in a coma all this time and such, but we feel it important to let you know something: There is no "Bush-Cheney Regime" anymore. It became the "Obama-Pelosi" regime back in January. That's right - both Executive and Legislative are now hand-in-hand and of the same party, and can pass whatever they want to by sheer force of party ideology and a straight-ticket partisan vote. They can also stop any GOP initiative the same way.

That said, we're talking about an Executive branch that just hired an RIAA mouthpiece to a top DOJ slot, and a Congress that is now dominated by the party that traditionally loves all things Hollywood.

"You start pulling ****, you will get major blowback believe me."

Good luck with that - the spin is already that "...we just need to get better democrats in next time." Problem is, nobody pays attention during the primaries of any office that doesn't involve the address of "1600 Pennsylvania Ave.", so you;re not really likely to get that.

Enjoy the show...

/P

[Michichael]

Oh no! Not the chilluns! We need to protect the chilluns!

Good luck trying to get this to be passed, much less enforced. Is the US government seriously trying to turn any computer-savvy person against them?

[pithenumber]

it seems like it

if this law passes, I'll have my personal proxy set up in no time at all then from there, shut down the US government's network so we can all be free again

[wxdata]

The bill has nothing to do with ?protecting children? but all to do with the government tracking its citizens. This is ?Big Brother? at its worse. Why do Republicans always say publicly they?re all for limiting Government rules and regulations but privately do everything possible to add more rules and regulations on its citizens?

[troppp]

Answer: Liberalism always yields the opposite results that were initially intended.

[altbr]

Or the perpetrator could just spoof a MAC address... people wo want to will always find a way around...those people are usually called teenagers. this bill is stupid and doesn't realize that the entire internet would have to be rebuilt....which it won't be.

[shava23]

One of the basic failures involved in this is that it will chill small operators of hotspots and ISPs who will not be able to cover the retention cost, or more critically, the security required to protect a potential honeypot of unencrypted usernames and passwords. For example, if you log into many online newspapers or magazines (not to pick on Wired, for example) the login screen is http:// not https:// -- how many people do you figure use the same password for their bank, their Amazon one-click, their PayPal,...

The suits against small operators will reduce wifi availability and consolidate telecom markets in favor of huge businesses, which will favor the forces against net neutrality, and for filtering. Just my opinion...

[opiapr]

Its amazing every time this republicans want a crazy idea to pass they use the "protect our children's" line.

[unknown unknown]

It's not unique to any party. Rep. Diana DeGette (D-Colorado) has push similar legislation under the banner of fighting child porn and predators. The Communication Decency Act was a bipartisan creation to protect child from porn and other "harmful" material.

This bill should be renamed the "Internet Big Brother is Watching You Act". When are we going to stop putting up with this Bush-archy?

What next? Putting GPS chips on the inspection stickers affixed to our cars, so they can tell where we drive?

[frihet2]

Lamar Smith is no friend to liberty. This is serious business, and Americans who do not want a Chinese-style regime in their country had best start writing congress-folks today.

Then they had better start writing strongly encrypted protocols for transport and communications to moot Mr. Lamar's misguided effort to support his media monopoly friends.

[Kainchild]

It's funny all this talk of "oh it's a bad thing to protect pirates", but here's something no one seems to mention. What if someone manages to put pirated material on someone's computer through a Trojan virus and then comes along this bill to "do the right thing" that individual gets majorly screwed. Especially since courts don't seem to care about evidence of how the material got there in the first place. These old judges aren't computer savvy and have no place dictating how law applies to computing and the "intertubes".