If a new federal proposal announced this week requiring Internet providers and Wi-Fi access points to keep records on users for two years becomes law, police would not be the only ones to benefit.
So would individuals and companies bringing civil lawsuits, including the Recording Industry Association of America and other large copyright holders, many of which have lobbied for similar data retention laws in other countries.
When filing lawsuits over suspected online piracy, lawyers for the RIAA and other plaintiffs typically have an Internet Protocol address they hope to link with someone's identity. But if the network operator doesn't retain the logs, the lawsuit can be derailed.
Marc Rotenberg, director of the Electronic Privacy Information Center in Washington, D.C., said the Internet Safety Act would "create new risk" for Internet users and expose them to "possible liability in civil suits and supboena fishing expeditions--it's a terrible idea."
The pair of Texas Republicans who announced the proposal at a press conference on Thursday--Rep. Lamar Smith, the ranking member on the House Judiciary Committee, and Sen. John Cornyn--said it's necessary to protect children online. The Internet's "limitless nature offers anonymity that has opened the door to criminals looking to harm innocent children," Cornyn said.
Large copyright holders that are members of the RIAA and the Motion Picture Association of America have supported similar data retention regulations in Europe. They wrote in a 2005 letter to a committee of the European Parliament that "it is essential that service providers retain the relevant data for a reasonable period and that the data can be disclosed for appropriate purposes."
The letter--which argued for a data retention period of at least six months and preferably longer--was signed by Time Warner, Universal Music Group, Walt Disney, Warner Music, Sony Pictures, Sony BMG, and EMI, along with the MPAA and IFPI, the RIAA's international affiliate.
The MPAA and RIAA did not immediately respond to a request for comment on Friday. The FBI referred calls to the Justice Department, which did not comment. Neither of the bill's sponsors, Smith or Cornyn, would comment.
Under the new House and Senate bills, one benefit to companies bringing copyright lawsuits is that universities, schools, libraries, and commercial broadband providers would have to keep records of who's using which IP address for at least two years.
Few universities, which have been targeted by the RIAA as part of their anti-file-sharing campaign, seem to do that. Cornell University's Web site says it "typically keeps these logs 6 months." The University of Nebraska-Lincoln, according to a local newspaper report, keeps logs for a month. When contacted for an earlier CNET News story, Georgetown University refused to disclose how long it kept logs.
In the past, at least, the RIAA has not always filed cases quickly, and would benefit from longer data retention durations. In one 2007 case, the suit was filed in September, even though the IP addresses listed as sources of piracy dated back to February. Another RIAA case against 21 "John Does" at Boston University was filed four months after the alleged infringing activity.
In addition, the millions of American homes with Wi-Fi networks or wired routers would have to keep logs.
Paul Levy, an attorney at the Ralph Nader-founded Public Citizen group who has litigated Internet anonymity cases, says: "I have a Wi-Fi network at home, and i would have no idea how to retain IP information."
"This has a chilling effect on speaking, the fact that your information remains around for such a long time," Levy said.
In an opinion article published in the Dallas Morning News on Thursday, Rep. Smith defended his legislation by saying: "How many times have we seen TV detectives seek call logs of a suspect in order to determine who he has been talking to? What if the telephone companies simply said to the detectives, 'Sorry, we get rid of that information after 24 hours?'"
Two bills have been introduced so far -- S 436 in the Senate and HR 1076 in the House. Each of the bills is titled "Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act," or Internet SAFETY Act.