FBI, politicos renew push for ISP data retention laws

FBI director Robert Mueller calls for new federal data retention laws forcing Internet companies to keep records of what their customers are doing, but without providing details. Several politicians endorsed the idea during a hearing on Tuesday.

(Credit: Anne Broache/News.com)

WASHINGTON--The FBI and multiple members of Congress said on Wednesday that Internet service providers must be legally required to keep records of their users' activities for later review by police.

Their suggestions for mandatory data retention revive a push for potentially sweeping federal laws--which civil libertarians oppose--that flagged last year after the resignation of Attorney General Alberto Gonzales, the idea's most prominent proponent.

FBI Director Robert Mueller told a House of Representatives committee that Internet service providers should be required to keep records of users' activities for two years.

"From the perspective of an investigator, having that backlog of records would be tremendously important if someone comes up on your screen now," Mueller said. "If those records are only kept 15 days or 30 days, you may lose the information you may need to bring that person to justice."

Also lending their support for data retention were Rep. Ric Keller, R-Fla., who said that Internet chat rooms were crammed with sexual predators, and Rep. Lamar Smith of Texas, the senior Republican on the House Judiciary committee and a previous data retention enthusiast. Rep. John Conyers, the senior Democrat and chairman, added that any proposed data retention legislation submitted by the FBI "would be most welcome."

ISP snooping time line

In a series of events first reported by CNET News.com, Bush administration officials have lobbied to force Internet providers to keep track of what Americans are doing online:

June 2005: Justice Department officials quietly propose data retention rules.

December 2005: European Parliament votes for data retention of up to two years.

April 14, 2006: Data retention proposals surface in Colorado and the U.S. Congress.

April 20, 2006: Attorney General Gonzales says data retention "must be addressed."

April 28, 2006: Rep. DeGette proposes data retention amendment.

May 16, 2006: Rep. Sensenbrenner drafts data retention legislation, but backs away from it two days later.

May 26, 2006: Gonzales and FBI Director Mueller meet with Internet and telecommunications companies.

February 6, 2007: Rep. Smith introduces bill that would give the Justice Department broad authority to write data retention rules.

"Records retention by ISPs would be tremendously helpful in giving us a historic basis to make a case on a number of child pornographers who use the Internet to push their pornography" or lure children, Mueller said.

Replied Smith: "I think a number of us may well follow up on that suggestion."

An aide to Rep. Smith said in response to questions from News.com that the congressman was offering no details and would not be commenting at this point.

Based on the statements at Wednesday's hearing and previous calls for new laws in this area, the scope of a mandatory data retention law remains fuzzy. It could mean forcing companies to store data for two years about what Internet addresses are assigned to which customers (Comcast said in 2006 that it would be retaining those records for six months).

Or it could be far more intrusive. It could mean keeping track of e-mail and instant-messaging correspondence and what Web pages users visit. Some Democratic politicians have called for data retention laws to extend to domain name registries and Web hosting companies and even social-networking sites. During private meetings with industry officials, FBI and Justice Department representatives have said it would be desirable to force search engines to keep logs--a proposal that could gain additional law enforcement support, but raise additional privacy concerns and potentially conflict with European laws.

Kate Dean, director of the U.S. Internet Service Provider Association, which counts as members AT&T, AOL, Comcast, and Verizon, said in an e-mail message:

Without specifics, it's hard to know what Director Mueller is looking for from industry. The idea of data retention is complex, and Congress will need to examine many issues including which providers would be covered by a retention regime, for what period of time would those organizations be required to keep the data, does the policy idea fit with the today's and tomorrow's technologies, and what are the effects on the consumer--what are the potential risks to subscriber privacy and security? US ISPA members have been at the forefront of child protection initiatives with the National Center for Missing and Exploited Children and law enforcement, so we welcome a continued dialogue.

As attorney general until last summer, Gonzales rarely passed up an opportunity to call for data retention. In April 2006, he said Internet providers must retain records for a "reasonable amount of time" and the issue "must be addressed." In September 2006, he added: "This is a national problem that requires federal legislation."

After Gonzales' departure, the Bush administration has been less vocal on lobbying for data retention legislation. During Wednesday's hearing, however, Mueller called for new laws at least three times.

Multiple proposals to mandate data retention have surfaced in the U.S. Congress. One, backed by Rep. Diana DeGette, a Colorado Democrat, said that any Internet service that "enables users to access content" must indefinitely retain records that would permit police to identify each user. Another came from Wisconsin Rep. F. James Sensenbrenner, a close ally of President Bush, and a third was written by Rep. Smith, who endorsed the idea again on Wednesday.

At the moment, Internet service providers typically discard any log file that's no longer required for business reasons such as network monitoring, fraud prevention or billing disputes. Companies do, however, alter that general rule when contacted by police performing an investigation--a practice called data preservation.

A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It requires Internet providers to retain any "record" in their possession for 90 days "upon the request of a governmental entity."

Because Internet addresses remain a relatively scarce commodity, ISPs tend to allocate them to customers from a pool based on whether a computer is in use at the time. (Two standard techniques used are the Dynamic Host Configuration Protocol and Point-to-Point Protocol over Ethernet.)

In addition, Internet providers are required by another federal law to report child pornography sightings to the National Center for Missing and Exploited Children, which is in turn charged with forwarding that report to the appropriate police agency.

News.com's Anne Broache reported from Washington, D.C.

[Leria]

Yet another meaningless law

That will do nothing to solve the problems of forcible child rape and forcible 'child sexual abuse' like simply making pedosexuality and the actions connected with it legal would.

Period and done with, MAKE PEDOSEXUALITY LEGAL AND YOU WILL NOT HAVE CHILDREN BEING FORCIBLY RAPED ANYMORE! Hell, most of the children who are forcibly raped are raped by pedosexuals who have gone absolutely INSANE because society has put so much pressure on them to 'conform to societies wants'.
It's about time that we start putting the blame for forcible child rapes on the laws, where it belongs.

Since we made homosexuality legal and stopped allowing religious people to spout their ******** in public, we haven't seen any homosexual serial killers, period.
I've search for one since Ted Bundy, and cannot find one.

The same thing would apply to pedosexuals, allow them to be in the open with their sexual orientation and desires, allow them to ASK children for sexual encounters and allow the children to MAKE THEIR OWN CHOICES, and you won't see anymore child rapes.
Hell, the only reason why forcible rapes of adult women are going up is because people are encouraging women to 'not give it up' and be severely MEAN to men who proposition them, thereby making those men start to hate them little by little.

[InMYhumbleO]

The Law is Needed, Just Read the Comment Section

Leria just made the case for why we need communications data retention laws in the US. I hope his IP address has been flagged, although he's likely already been tagged a sexual predator.

[Leria]

Save the children!?..... Or not....

Does anyone else realize that everytime the politicians try to push something that infringes on civil rights like this, the rallying cry is "Protect the children!"

I believe that children would be BETTER protected by acknowledging that pedosexuality is a normal sexuality, bringing it out into the open, and legalizing both it and the actions connected with it, as long as the adult asks the child for sexual encounters in front of witnesses and out in public.

We have tried this sexual prohibition ******** with homosexuality, and what did it lead to? Homosexuals being driven to insanity by society, ala Ted Bundy. Homosexuals being physically ATTACKED in public. Those are only the two most major things that were done to homosexuals, and the same things were done when we prohibited sex outside of marriage by law.

Children are MORE than able to protect themselves if we bring things out into the light of day, forbid people from attacking pedosexuals just because they are pedosexuals and proposition their children, and start realizing that sex is morality NEUTRAL... it is neither good nor bad, that is a judgement that is put on it by stupid people who are jealous of other people who are 'getting more' than they are, from a child or an adult.

[thebakerclan]

Legalize Pedosexuality?!?

You are out of your freaking mind, and in some serious denial, if you think that a child has the requisite maturity to make up their mind reasonably about sex with an adult.

I certainly hope CNet is providing IP address to the Feds, because you need to be put away.

[scdecade]

What are you some kind of monster?

Children do not have the experience and/or judgement to deal with deceptive sexual predators. To suggest that they be allowed to make these decisions is savagely grotesque. Anyone who propositions a child "in front of witnesses and out in public" should be hauled off in handcuffs and thrown in jail FOREVER. It's a known fact there's no cure for pedophilia. Therefore, it should be one strike and you're out.

Having said that I disagree with government regulation which infringes on personal privacy. I watch my children very carefully including what they see on the internet. I don't need or appreciate the government's intrusions.

[R. U. Sirius]

Hey Dumbass

I suspect you are a troll, but whether you are or not, you are disgusting.

[dont_taze_me_bro]

While I don't agree with 100% of what you say here and Leria appears to be a woman's name although I know you are a man, I believe you have a right to your opinion. Those other posters who expressed a hope that cnet kept a log of your ISP are the reason laws like the one in question herein are able to pass Constitutional muster: Most American's are deathly afraid of freedom and liberty and desperately want government to Do Something about it. They needn't worry. Government IS doing something...they are destroying America from within.

"In the course of human events..."

[igl00lgi]

What about government?

How about figuring out who deleted all the whitehouse emails? How about bringing them to justice. We need more accountability in government. Sure people need to be brought to justice, but lets not let government officials off the hook. Ohh, sorry I forgot who the FBI really works for.... not the people.

[honorable1]

Exactly....

Here here...

[reallyconcernedcitizen]

EU already doing Data Retention

About time the US caught up!

Here is a US based Data Retention company:

http://www.intelligentias.com/

Looks like they knew this was coming.

[honorable1]

Who will pay, me (us) ?

Just another power grab by our mostly inept, greedy and criminal Congress. When are people going to realize that the "president" is a toothless igmo with NO POWER at all unless Congress gives it to them? People need to VOTE OUT most represenatives to the House and Senate, THEN and only then will real change be possible.

And just who do you suppose will pay for all this "data retention" ? It will be you and me as we pay more for services to catch the few 'predators' out there. Meanwhile the GOVT gets a free pass to all the data they want on innocent Americans.

It's high time for a COMPLETE overhaul of CONGRESS and a DEMAND by "We the people" to bring us back under CONSTITUTIONAL principles.

The Revolution WILL BE LIVE, and it's already underway.

[PeterCapek]

Awful!

The problem I see is that this information can so easily be abused, and "even" the FBI is far from safe against such abuse. (See, for example, the recent reports about abuse of National Security Letters, which the FBI has acknowledged.)

Beyond that, monitoring such as seems to be proposed creates a really unfriendly environment, in which one always has to worry about a search being misinterpreted or a web site visit being misconstrued. It was bad enough when communications could be intercepted by court order when there was probable cause demonstrated. With this kind of intensive monitoring, it really seems to undermine free speech by undermining my right to read what someone else has written.

[etunnels]

German High Court ruled this unconstitutional

Germany's implementation of EU-mandated data retention was ruled an unconstitutional violation of the newly declared right to Internet privacy: http://www.e-tunnels.com/learn-more-about-vpn/about-vpn/elite-proxy/want-anonymous-vpn-germany-is-best.html

[Dr. Kardasz]

Data retention would help investigators to catch Internet sex criminals

I conducted a survey of investigators beginning in 2006 and learned some interesting things about the data retention issues:
see: http://kardasz.org/blog/2008/02/ongoing_survey_of_law_enforcem.html

I testified before a Congressional subcommittee in April 2006 and suggested that data retention be mandated.
see: http://kardasz.org/blog/2007/11/kardasz_testimony_april_6_2006.html

Dr. Frank Kardasz

[sam80439]

who pays for data storage

Feds obviously do not know how much data would be involved. We are a very small ISP and just one of our servers generates about 20 Gb of e-mail logs a week which is nothing more than:

xxx@yyy.com mail to zzz@ourserver.com result valid or something like this.

Just to keep this log on a single small server would require terabytes of storage.

If a record is required for two years, add a good $100 a month to the monthly access bill, or more. Imagine what it would be if you included content.

[twistedparrot]

Too chilling for words

Imagine the chilling effect data-retention laws as proposed by Mueller would have on free speech on the Web. For one thing, figures of speech and sarcasm seldom seem like what they are when they're taken out of context. Even innocent conversation snippets like "I can't believe so-and-so signed that law! He should be shot!" ("He should be shot" is a common Southern idiom used to express extreme disapproval of everything from fashion disasters and bad jokes to presidential behavior.) "Kill the ump!" -- a common expression at baseball parks nationwide -- certainly isn't a literal death threat, but it could seem like one in online conversations. Are we all going to be forced to keep our conversations polite and vanilla or risk legal repercussions? Interactive forums like this one would disappear.

I think most people would agree the world has changed dramatically since the advent of the Internet Age, but society also made some radical paradigm shifts after the introduction of the Pony Express, the telegraph and the telephone -- and the government wasn't given overarching authority to snoop on those communication modes. In fact, the U.S. vehemently denounced regimes that stooped to that level during the Cold War, when the threat of thermonuclear war loomed large over everyone. What makes Americans so eager to hand over their civil liberties in the current environment? We've ALWAYS lived under one threat or another, and most of today's complacent U.S. citizens might be surprised to discover how imminent and monumental some of those threats were.

"Those who would give up essential liberty to purchase a little temporary safety, deserve neither Liberty nor Safety." -Benjamin Franklin

[dc0de]

Will this save the children?

Of the many points of view expressed here, I would like to inject my points. I take them from a purely realistic view, so please take a minute to absorb these.

Requiring ISPs track the IP to Account data alone will cause the following things to occur:
1. An increase in the cost of internet services. (it's already overpriced)
2. It will create a data "landfill" at each ISP, that will become the new hacking target, ripe with user information. (We know ISPs have great security, right?)
3. This data landfill will be outsourced, as ISPs don't have experience with cataloging and retaining such large record sets.
4. ChoicePoint and others will bid on the job to store and parse the data. (then they will add it to the huge records they already retain about every consumer in North America on behalf of the Government)
5. Persecution of innocent people will begin.

That is simply if they get the IP/Account mappings, just imagine what will happen when they get the web sites, search criteria, chat content, and blog postings? What about these replies? Would this reply paint me as an "anti-american"?

How about the children? Those who are exploited by sex offenders over the internet? My simple take on this is Good. Let them. If those children's parents aren't doing their job, then they should be held accountable for their children's actions. And Sexual predators on the internet? Well, how many of them are there? Really? How many?

Is it worth taking the RIGHTS of Privacy away from the ENTIRE COUNTRY? (we're turning back into Britain, where everyone is ASSUMED GUILTY until proven innocent.)

We fought a war over 200 years ago to get out from under that oppression. It's time to remind your Senators, Representatives, and any other political figure who supports this move. It's simply a violation of freedoms.

(dc0de is a former military intelligence analyst, [http://i know, contradiction... whatever|http://i know, contradiction... whatever], who served his country proudly. He is appalled as to the police state it is turning into.)

[blacklogic1]

Use VPN for anonymous surfing

Use VPN and be a happy user. All traffic is encrypted and NO LOGS.
http://blacklogic.com

[Tracey12_12]

How much more are we going to be monitored? When will our federal in-home cameras become reality? How long until we all have a Cop-In-Your-Pocket Government GPS (GGPS) device required by law to be on or near our bodies at all times? In the name of security, we are becoming slaves to government. Who is the winner in this war on terrorism if we lose our 4th Amendment rights? I am an Ultra Conservative. I am not a pinko commie lib. And as such, I am very very concerned we are falling into a fascist state aka a police state where every second of our lives is recorded, watched, and some agency is just waiting for you to make a wrong move so they can throw you in prison with the other 2.3 million people we have in jail now. When did we decide to give up on liberty, my fellow Americans? I didn't get to cast my vote on the issue. Did you?

[VPNMaster]

I think, this low will make our life better. I work in company, wich provides <a href="http://world-secure-channel.com/anonymous-vpn-service.html/">anonymous vpn service</a>. It's great.

[VPNMaster]

http://world-secure-channel.com

[VPNMaster]

[url=http://world-secure-channel.com]VPN Service[/url]

[VPNMaster]

http://world-secure-channel.com

[VPNMaster]

<a href="http://world-secure-channel.com">vpn service</a>