Gonzales pressures ISPs on data retention

U.S. Attorney General Alberto Gonzales and FBI Director Robert Mueller on Friday urged telecommunications officials to record their customers' Internet activities, CNET News.com has learned.

In a private meeting with industry representatives, Gonzales, Mueller and other senior members of the Justice Department said Internet service providers should retain subscriber information and network data for two years, according to two sources familiar with the discussion who spoke on condition of anonymity.

The closed-door meeting at the Justice Department, which Gonzales had requested, according to the sources, comes as the idea of legally mandated data retention has become popular on Capitol Hill and inside the Bush administration. Supporters of the idea say it will help prosecutions of child pornography because in many cases, logs are deleted during the routine course of business.

Credit: Anne Broache

Attorney General Alberto Gonzales

In a speech last month at the National Center for Missing and Exploited Children, Gonzales said that Internet providers must retain records for a "reasonable amount of time."

"I will reach out personally to the CEOs of the leading service providers and to other industry leaders," Gonzales said. "Record retention by Internet service providers consistent with the legitimate privacy rights of Americans is an issue that must be addressed."

Until Gonzales' speech, the Bush administration had generally opposed laws requiring data retention, saying it had "serious reservations" (click for PDF) about them. But after the European Parliament last December approved such a requirement for Internet, telephone and voice over Internet Protocol providers, top administration officials began talking about the practice more favorably.

During Friday's meeting, Justice Department officials passed around pixellated (that is, slightly obscured) photographs of child pornography to emphasize the lurid nature of the crimes police are trying to prevent, according to one source.

A Justice Department spokesman familiar with the administration's stand on data retention was in meetings on Friday and unavailable for comment, a department representative said.

Privacy advocates have been alarmed by the idea of legally mandated data retention, saying that, while child exploitation may be the justification today, those records would be available in all kinds of criminal and civil suits--including terrorism, tax evasion, drug, and even divorce cases.

It was not immediately clear what Gonzales and Mueller meant by suggesting that network data be retained. One possibility is requiring Internet providers to record the Internet addresses their customers are temporarily assigned. A more extensive mandate would require companies to keep track of e-mail messages sent, Web pages visited and perhaps even instant-messaging correspondents.

'Preservation' vs. 'retention'
Two proposals to mandate data retention have surfaced in the U.S. Congress. One, backed by Rep. Diana DeGette, a Colorado Democrat, says that any Internet service that "enables users to access content" must permanently retain records that would permit police to identify each user. The records could only be discarded at least one year after the user's account was closed.

The other was drafted by aides to Wisconsin Rep. F. James Sensenbrenner, the chairman of the House Judiciary Committee, a close ally of President Bush. Sensenbrenner said through a spokesman last week, though, that his proposal is on hold because "our committee's agenda is tremendously overcrowded already."

At the moment, Internet service providers typically discard any log file that's no longer required for business reasons such as network monitoring, fraud prevention or billing disputes. Companies do, however, alter that general rule when contacted by police performing an investigation--a practice called data preservation.

A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It requires Internet providers to retain any "record" in their possession for 90 days "upon the request of a governmental entity."

Because Internet addresses remain a relatively scarce commodity, ISPs tend to allocate them to customers from a pool based on whether a computer is in use at the time. (Two standard techniques used are the Dynamic Host Configuration Protocol and Point-to-Point Protocol over Ethernet.)

In addition, Internet providers are required by another federal law to report child pornography sightings to the National Center for Missing and Exploited Children, which is in turn charged with forwarding that report to the appropriate police agency.

When adopting its data retention rules, the European Parliament approved U.K.-backed requirements, saying that communications providers in its 25 member countries--several of which had enacted their own data retention laws already--must retain customer data for a minimum of six months and a maximum of two years.

The Europe-wide requirement applies to a wide variety of "traffic" and "location" data, including the identities of the customers' correspondents; the date, time and duration of phone calls, voice over Internet Protocol calls or e-mail messages; and the location of the device used for the communications. But the "content" of the communications is not supposed to be retained. The rules are expected to take effect in 2008.

[unknown unknown]

It won't do a damn bit of good.

This is nothing but another attempt by Gonzales and this corrupt administration to go on fishing expeditions. They're collecting telephone records and now they want to do the same with the internet.

I am pretty sure this will do nothing to stop child porn. There are anonymous SSL proxies servies like TOR that are designed to completely obsure the source of communication and encrypt it end to end so no server node along the way can see what passing through it, and consider the route is choosen at random it offers a great deal of plausible deniability. It stands to reason that those intent on distributing child porn will find servies like TOR or others that allow them to continue as they have in the past. Once again congress and the AG are attempt to regulate that which they obviously don't understand.

[jdbwar07]

Agreed

This is the same thing as when governments try to outlaw things like encryption and eavesdrop on its citizens.

Basically, any good criminal/terrorist already has found out methods for countering the civil liberty violation. Criminals will just use strong encryption, and if it's illegal, they'll import it in the black market. I read Al Qaeda already assumes the government eavesdrops and chooses not to communicate electronically.

That's why most of these government surveillance methods will just punish law-abiding citizens, rather than catch serious criminals. Unfortunately in the US it seems like the Bush and the Republicans care more about increasing their own power than actually protecting the country. That's why we have the NSA wiretapping the country but still unsecure ports and wide-open borders!

[unknown unknown]

It won't do a damn bit of good.

This is nothing but another attempt by Gonzales and this corrupt administration to go on fishing expeditions. They're collecting telephone records and now they want to do the same with the internet.

I am pretty sure this will do nothing to stop child porn. There are anonymous SSL proxies servies like TOR that are designed to completely obsure the source of communication and encrypt it end to end so no server node along the way can see what passing through it, and consider the route is choosen at random it offers a great deal of plausible deniability. It stands to reason that those intent on distributing child porn will find servies like TOR or others that allow them to continue as they have in the past. Once again congress and the AG are attempt to regulate that which they obviously don't understand.

"All bad precedents begin with justifiable measures."
- Julius Caesar

[tanis143]

Yes it would, but only limited.

Your right, in a way. However, data preservation would be usefull for those dumb enough to think that a simple proxy will be enough to hid them. I'm ok with data preservation because all that does is preserve info such as IP address and emails. Data rentention though is too cloudy. For one, it would be impossible to monitor what websites EVERY customer goes to, not to mention an envasion of privacy.

[Vetter83]

Welcome Comrade....

Welcome to the 'new Amerika'... the Patriot Act took away the few freedoms left, the govt is currently looking over your phone records, we have 'secret jails' or torture chambers to ship you off to.. a 'secret court' to railroad you into. The right to label you as a 'domestic terrorist' if you disagree with the govt stand on any issue, therefore leagally strip you of your citizenship and send you to any 'secret jail' for further 'interragation' (read: torture) .... read the patriot act... NOW they want ALL your internet travels too... as has been said, they are completely ignorant of the internet and its functions but will be able to watch EVERYONE that disagrees with them....

HELLO NSA.... ARE YOU LISTENING??

[Stalin Hornsby]

Please, will the real Gonzales contact my publicist.

Ruth V. McGregor (Rob's Publicist)

[casper2004]

The end of freedom as we know it, is here!

I remember when Alberto Gonzalez was being nominated and the democrats whined that he may not care about civil liberties. They were right on the money. The only thing is, I believe they only complained to make it look like they actually cared, but in reality, it was just a smokescreen to get him through. Democrats don't care about our rights, they want a piece of the pie

[Black-Magic]

Jeb Bush for President

What was the point of this comment? First you say Gonzalez doesnt care about civil liberties. But then you accuse Democrats of not caring. Lets just say that at least Democrats dont share a bed with Alberto Gonzalez(Attorney General)-R.END

[geekpro]

www.impeachbush.org

Hey government, here's the site we're all visiting, you can go ahead and delete the records now.

http://www.impeachbush.org

[casper2004]

We should fire them all and rehire nobody!

Democrats and Republicans are like two peas in a pod. They signed a pact in the early 70's promising to rule the world one way or another.

[Jon_Paal]

Them first

I think before any such laws are implemented every member of the administration and congress must first publish a complete history of their own internet sites visited for the last two years.

[geekpro]

Yeah

and we want to see copies of all emails they've sent and recieved in the last 2 years.

[casper2004]

Money talks and bull crap walks.

That's not likely to happen. This is a rich mans world. They've shown us how it works, over and over again.

[Central_office_tech]

Here is one email release under the freedom of information act

To: ***************@***************.gov

From: **************@***************.gov

Subject: The *** in **** is going well

body:*********************************
**************************************
**************************************
**************************************
**************************************
**************************************



I only posted one because they would all look the same. Some information left out for national security

[firstlast]

That's insane

What about privacy??
---
Pixel image editor - http://www.kanzelsberger.com

[MisterFlibble]

Privacy? Under the Bush Administarion? Never existed.

What about privacy??

It's gone, my brother. Okay, maybe not in it's entirty, just yet, but unless someone, or a group of someones takes a step in liberating America from their oppressors, it'll only pursue to get worse. I don't think elections alone can change what is happening now, but they are a start. Honestly, I don't have any other suggestions, it's unbelievable how the USA has been transformed into the american Empire in five short years.

[MisterFlibble]

Privacy? Under the Bush Administration? Never existed.

What about privacy?? Well, that's gone, my brother. Well, not entirely, but we're at the brink where we could let it slip by if we don't actually grab ahold of it befores we loose it. Someone or a group of someones has to do something soon, to liberate America from their oppressors, or it'll continue to decline. Elections right now seem to be the only answer I can give right now, but in the end they might now be enough, alone, but they are at least something. Speaking out against these things in any public square is another suggestion I can give.

[Steve Imparl]

Wait!

But, but, but...

It's for the chi-i-i-iiii-ldren!!!! Waah! Wah! Wah!

[Blito]

Spies Spy: Let's not be nieve BUT...

Let's not pretend that governments have never used spies before throughout history.
BUT the thing that worries me is how this is being done in such an open way.
If someone spies on me I really don't want it to happen and will fight it to the bitter end. If I find a spy spying on me I am going to protect myself in a very intense way.
So telling me, hey I am going to spy on you and your wife is like like saying I am going to rape and poison you so please don't mind.

[Bob_299]

It's spelled naive . . .

. . . "nieve" is the Spanish word for snow.

[jdbwar07]

So I guess

I guess you're saying it's okay if the government spies on you, as long as they keep it a secret?!

[fakespam]

Go Suck an Egg!

I wish the Federal Government would go suck an egg on spy on US
instead of enemies abroad! For Pete's sake!

[Zymurgist]

Why in private?

After all, if they aren't doing anything wrong, they ought not have a problem with people watching them. Right?

[Lyleblog]

Why Should Big Bother Stop There?

Why not just make the process complete and digitize all your mail when it goes through the zip code encoding? Imaging your return address on all the mail you send is not too far off into the future.

BIG BOTHER IS WATCHING YOU!

[Dave_Brown]

Spying elsewhere.

Why don't they just get it over with and install surveillance cameras in our homes or perhaps do away with probable cause and search warrants entirely?

I hate when people say "If you have nothing to hide then you don't need to worry". I guess if you have nothing to hide you wouldn't mind the government watching you taking a shower, using the toilet or making love to your wife? Or you wouldn't mind the police showing up at 3am and pulling you out of bed and dragging you down to the local police station for questioning (torture).

Everyone has something to hide, especially when laws get rewritten. Something which is legal today could easily be illegal tomorrow. Welcome to the USSA.

These violations need to be nipped in the bud otherwise they could easily transpire into what I mentioned above (or worse).

Dave

[devorauk666]

privacy

what we really should do is replace all houses and apartments with jails and have a select few, the police, run everything.

[Jas_onS]

The government overstepping their boundries

First of all there are already measures in place for ISP's to interact and cooperate with the authorities when it comes to the crime of child pornography. Any additional retention of data, such as the proposition of 2 years, can become dangerous and encroach on the general public's privacy.

[DaClyde]

Gov't is already drowning in data

What would be the point of this? The U.S. Government is already so overloaded with information that they can't seem to prevent anything or protect anything as it is. Why bury them in even more data they don't have the capacity to process? To further ensure their continued ineptitude?

Sure, maybe the could harvest data from an ISP that would lead to evidence of a terrorist attack, but at the rate they're going, they wouldn't uncover that information for a good six months AFTER the attack, then they'd just engage in the usual parade of fingerpointing, book deals, firings, promotions, lawsuits, hearings, investigations and movie deals.

[casper2004]

Where there's a will there's a way, I guess.

One way to make all that info work is to come up with a name that you want to check on and than do so. Of course, I heard that with technology advancing everyday, the computer should be able to sort it all out. But, my grandfather would say that we should let law enforcement go through all the stuff because than maybe it will keep them off the streets.

[209979377489953107664053243186]

take control of your privacy

Instead of saying what can we do, just go ahead and DO. Right now, everyone with a PC could be emailing privately for free, by using encrytion software that keeps even your ISP out, not to mention a spying govt. Software like Taceo is easy to use, right out of Outlook, and all your friends or contacts need to do to read private emails you send is open their free account.
http://www.essentialsecurity.com/products.htm

[missingamerica]

What a business advantage...

Be a good reason for an international business conglomerate to bankroll their own U.S. presidential candidate...if they were smart enough to persist in hiring puppet attorney generals and supreme court justices, think of the business advantages...aim those big hunks of iron at NSA at words like "new product" or "rollout" or "price shift", under the cover of "national security"...

For at least four years you'd have complete and legally bullet-proof access to the inner workings of all of your competitors, globally...

Might be what GW, DC, and DR Inc. are already doing...its not like their secret meetings with oil company executives include representatives from the fertilizer industry, the plastics industry, the steel making industry, the glass manufacturers, or any other industry likely to be severely impacted by global energy manuevers originating in the back rooms of the white house...

[offL]

remember this: europe did it first.

well thats painting with a broadbrush isnt it julio?
what i mean is, why does it make sense to dismiss the content? where is the power to convict with just names and locations of customers? if getting an email from dick cheney, or from someone youre less sure about, makes you a crook, then we should pass this bill and lock up all of dc.

[V_for_Vendetta]

The time is upon us

The people should not be afraid of the Government, the Government should be afraid of its' people. This quote has neve been so true as it is now. It is time that the people of the United States of America to voice our feelings. It is time to find honest leaders who will listen to the people. I heard this quote on the radio this morning, "George Bush does not care about the polls, hence he does not care about what the people think." Our freedoms, (the freedoms that were won by the blood of our 'Fathers') are being taken away everyday and the American people need to realize this.