September 26, 2006 3:42 PM PDT

Politicos mull data retention by Web hosts, registrars

WASHINGTON--Politicians on Tuesday urged domain name registries and Web hosting companies to do more to keep illicit child pornography off the Internet and indicated mandatory retention of user records is an option under consideration.

At a hearing here convened by a U.S. House of Representatives subcommittee on oversight and investigations, Michigan Rep. Bart Stupak, the panel's top-ranking Democrat, asked company representatives how they would feel about being subject to a law in the works that would require Internet service providers to retain customer records for one year.

"If we do compel data retention, is there any reason Web hosting sites should be treated differently than ISPs?" Stupak asked the general counsel for GoDaddy.com, which bills itself as the largest domain name registrar in the world, and the CEO of Blue Gravity Communications, a New Jersey-based Web hosting firm. Both executives were participants on a panel at the latest in a series of hearings on the topic of online child exploitation.

"A year might be a little long," replied Thomas Krwawecz, Blue Gravity's CEO, later adding: "It would be something we would definitely be open to if there were some guidelines for maintaining that data for a specific period of time."

Christine Jones, general counsel for GoDaddy, said requirements to maintain particular customer data for hosting companies and ISPs alike would be "productive" for law enforcement. But the data, she added, should be limited to identifying information about subscribers, such as IP addresses and credit card numbers, and should not include the content of their communications.

Privacy and industry groups have generally voiced opposition to calls for mandatory data retention, which have become a fixture on the congressional agenda ever since Attorney General Alberto Gonzales touted the practice's necessity earlier this year.

Opponents to the mandate argue that existing laws already provide law enforcement with ample tools. For instance, a 1996 federal law called the Electronic Communication Transactional Records Act requires a practice known as "data preservation"--that is, Internet providers must retain any "record" in their possession for 90 days "upon the request of a governmental entity." Another federal law requires Internet service providers to report child pornography sightings to the National Center for Missing and Exploited Children, which is in turn charged with forwarding that report to the appropriate police agency.

Some companies, such as Comcast, already voluntarily retain user data for longer periods. Blue Gravity, which hosts primarily adult pornography sites, retains data for seven to 14 days but plans to increase that window to 30 days to keep up with prevailing industry practices, Krwawecz said.

Last week, Rep. Diana DeGette, a Colorado Democrat, said she hoped to introduce by the end of this week a proposal that would require Internet service companies to retain customer records for a period of one year. She described the proposal, whose language is still not finalized, as requiring maintenance only of information useful in locating a customer, such as an IP address, and not about the content of his or her communications.

A DeGette spokesman said Tuesday that the congresswoman continues to negotiate the language with Republican Reps. Joe Barton and Ed Whitfield. He could not predict exactly when the bill would be introduced or what its precise language would be.

At least two possibilities could be in play. One form of data retention legislation could require Internet providers and perhaps social networking sites and search engines to record for a year or two which IP address is used by which user. The other form would be far broader, requiring companies to record data such as the identities of e-mail correspondents, logs of who sent and received instant messages (but not the content of those communications), and the addresses of Web pages visited.

With or without such a mandate, the hosting and domain name firms should conduct more self-policing of the sites that live on their servers, said Whitfield, chairman of the oversight and investigations subcommittee. "Is there any kind of technology to monitor (for child pornography sites) that would be available for either GoDaddy or Blue Gravity?" he asked. "Is there technology you could acquire to do this in a more proactive manner?"

"If I had a staff of 1,000 people that could go and review all of our hosted pages every day, we would," said GoDaddy's Jones, adding that the company did investigate nearly 2,000 customers over allegations of child pornography or inappropriate child modeling Web sites in the last year. "But at $1.99 per month for a hosting account, the economics are not really there for us to do that."

See more CNET content tagged:
hosting company, Web hosting, Web hosting company, general counsel, Internet Service Provider

7 comments

Join the conversation!
Add your comment
They still don't have a clue, do they?
I find it hard to believe that no one in Congress knows anything about how the internet works. They are still talking about tracking ip addresses back to users. And they want ISP's to retain records for a year! I only run 2 web sites and can only afford to keep logs for about 30 days before they take up too much space.

And now they want ISP's to record credit card numbers too? The credit card services are asking merchants not to keep this information in an effort to curb identity theft. Why would we want ISP's treated any differently.

I know I'm talking to myself here, but maybe one person will read this and pass it on. Not only would retaining these records put a financial burden on all but the largest ISP's, the information would likely not provide much quality of results.

To the Attorney General: Stay out of my computer!
Posted by Pete Bardo (687 comments )
Reply Link Flag
They still don't have a clue, do they?
I find it hard to believe that no one in Congress knows anything about how the internet works. They are still talking about tracking ip addresses back to users. And they want ISP's to retain records for a year! I only run 2 web sites and can only afford to keep logs for about 30 days before they take up too much space.

And now they want ISP's to record credit card numbers too? The credit card services are asking merchants not to keep this information in an effort to curb identity theft. Why would we want ISP's treated any differently.

I know I'm talking to myself here, but maybe one person will read this and pass it on. Not only would retaining these records put a financial burden on all but the largest ISP's, the information would likely not provide much quality of results.

To the Attorney General: Stay out of my computer!
Posted by Pete Bardo (687 comments )
Reply Link Flag
Will not stop the bad guys.
The bad guys will use things like freenet and anonymizers. All this will do is increase the level of fraud, and make business on the Internet more expensive.

Most politisions don't understand the Internet. People fear and want to destroy what they do not understand.
Posted by ralfthedog (1589 comments )
Reply Link Flag
Easy to get around.
The bad guys will use things like freenet and anonymizers. All this will do is increase the level of fraud, and make business on the Internet more expensive.

Most politisions don't understand the Internet. People fear and want to destroy what they do not understand.
Posted by ralfthedog (1589 comments )
Reply Link Flag
But's Let's Not Keep Any Voting Records
Yesiree let's require every company under the sun to keeps records on John Q. Publib for years. But let's make damn sure that electronic voting machines that we paid Diebold a few billion dollars for leave no trace at all of who voted, when they voted, and whom they voted for. No, that would be i-n-c-o-v-e-n-i-e-n-t.
Posted by maxwis (141 comments )
Reply Link Flag
Nonsense
They might as well place police every 100 feet throughout the US to stop all kinds of other crimes as well. (* GRIN *)

End result would be the same. A waste of manpower, money and unnecessary data which will turn up nothing useful in the end.

The real culprits are too smart to get caught that way and have numerous ways to circumvent the system.

They don't even have one iota of an idea of what they're perpondering to say the least.

FWIW
Posted by wbenton (522 comments )
Reply Link Flag
sure they do
They know exactly what they are proposing. The problem is they
are trying to put a spin on it to sell it to the public.

Question: do you really think this has ANYTHING to do with
protecting children? They have the tools to do that now, but
don't use them. Why?

On the other hand, if they can make more of your private data
accessible then they can "get into your home" without cause or
warrants. I guarantee you if this should pass the only time it will
be used against a child predator is when it will make a big
political splash across the front pages. Otherwise, it will be used
exclusively to spy on those who disagree with the government in
any way.

This isn't an attack on child predators, it's an attack on your
constitutional rights against unwarranted search and seizures.
Plain and simple.
Posted by Dalkorian (3000 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.