May 31, 2006 1:56 PM PDT
Industry, others object to data retention
In a meeting Friday first reported by CNET News.com, Gonzales and FBI Director Robert Mueller said the war on terror would be aided by two years' worth of data retention, a requirement industry representatives say would be accompanied by technical, security and privacy challenges.
"We have real reservations about data retention requirements because of the security and privacy risks attached to it," said Mark Uncapher, senior vice president of the Information Technology Association of America. ITAA's board members include representatives of AT&T, Sybase, Fujitsu and Unisys.
ISP snooping timeline
In events that were first reported by CNET News.com, Bush administration officials have said Internet providers must keep track of what Americans are doing online. Here's the timeline:
June 2005: Justice Department officials quietly propose data retention rules.
December 2005: European Parliament votes for data retention of up to two years.
April 14, 2006: Data retention proposals surface in Colorado and the U.S. Congress.
April 20, 2006: Attorney General Gonzales says data retention "must be addressed."
April 28, 2006: Rep. DeGette proposes data retention amendment.
May 26, 2006: Gonzales and FBI Director Mueller meet with Internet and telecommunications companies.
A Justice Department representative said this week that the government is not seeking to require the retention of the content of communications, but did not elaborate. If the European Union's approach were adopted, Internet companies would be required to save logs showing the identities of e-mail and perhaps instant messaging correspondents in addition to data about which customer was assigned which Internet address.
That suggestion alarms many Internet providers, which worry about the cost and complexity of recording what their customers are doing online. In some cases, especially among libraries, coffee shops and universities, no records may be stored at all.
"In general, libraries only keep records on users to the extent required to provide their services," said Rick Weingarten, director of the American Library Association's Office for Information Technology Policy.
Based on the limited information that has been made public so far--including in a speech by Gonzales last month--Weingarten said the library association would not favor such a requirement. "Absolutely we have concerns about users' privacy," he said.
A second meeting at the Justice Department has been scheduled for Friday.
Snooping on Web-based e-mail
The Justice Department also proposed that Web sites such as e-mail providers be required to store data about their users' activities for future law enforcement and national security investigations, according to one industry representative familiar with last week's meeting.
That could create privacy and security complications for Microsoft's Hotmail, Google's Gmail, Yahoo Mail and numerous other e-mail services, industry representatives said privately.
In response to a query from CNET News.com, Microsoft provided a statement that said it supported working with law enforcement to ensure Internet safety and protect children from online predators.
"But data retention is a complicated issue with implications not only for efforts to combat child pornography but also for security, privacy, safety and availability of low-cost or free Internet services," the statement said. (Click here to read the complete statement.)
7 commentsJoin the conversation! Add your comment