June 16, 2005 4:00 AM PDT

Your ISP as Net watchdog

The U.S. Department of Justice is quietly shopping around the explosive idea of requiring Internet service providers to retain records of their customers' online activities.

Data retention rules could permit police to obtain records of e-mail chatter, Web browsing or chat-room activity months after Internet providers ordinarily would have deleted the logs--that is, if logs were ever kept in the first place. No U.S. law currently mandates that such logs be kept.

In theory, at least, data retention could permit successful criminal and terrorism prosecutions that otherwise would have failed because of insufficient evidence. But privacy worries and questions about the practicality of assembling massive databases of customer behavior have caused a similar proposal to stall in Europe and could engender stiff opposition domestically.


What's new:
The U.S. Department of Justice is mulling data retention rules that could permit police to obtain records of e-mail, browsing or chat-room activity months after ISPs ordinarily would have deleted the logs--if they were ever kept in the first place.

Bottom line:
Data retention could aid criminal and terrorism prosecutions, but privacy worries and questions about the practicality of assembling massive databases of customer behavior could engender stiff opposition to the proposal.

More stories on this topic

In Europe, the Council of Justice and Home Affairs ministers say logs must be kept for between one and three years. One U.S. industry representative, who spoke on condition of anonymity, said the Justice Department is interested in at least a two-month requirement.

Justice Department officials endorsed the concept at a private meeting with Internet service providers and the National Center for Missing and Exploited Children, according to interviews with multiple people who were present. The meeting took place on April 27 at the Holiday Inn Select in Alexandria, Va.

"It was raised not once but several times in the meeting, very emphatically," said Dave McClure, president of the U.S. Internet Industry Association, which represents small to midsize companies. "We were told, 'You're going to have to start thinking about data retention if you don't want people to think you're soft on child porn.'"

McClure said that while the Justice Department representatives argued that Internet service providers should cooperate voluntarily, they also raised the "possibility that we should create by law a standard period of data retention." McClure added that "my sense was that this is something that they've been working on for a long time."

This represents an abrupt shift in the Justice Department's long-held position that data retention is unnecessary and imposes an unacceptable burden on Internet providers. In 2001, the Bush administration expressed "serious reservations about broad mandatory data retention regimes."

The current proposal appears to originate with the Justice Department's Child Exploitation and Obscenity Section, which enforces federal child pornography laws. But once mandated by law, the logs likely would be mined during terrorism, copyright infringement and even routine criminal investigations. (The Justice Department did not respond to a request for comment on Wednesday.)

"Preservation" vs. "Retention"
At the moment, Internet service providers typically discard any log file that's no longer required for business reasons such as network monitoring, fraud prevention or billing disputes. Companies do, however, alter that general rule when contacted by police performing an investigation--a practice called data preservation.

A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It requires Internet providers to retain any "record" in their possession for 90 days "upon the request of a governmental entity."

"We were told, 'You're going to have to start thinking about data retention if you don't want people to think you're soft on child porn.'"
--Dave McClure, president, U.S. Internet Industry Association

Child protection advocates say that this process can lead police to dead ends if they don't move quickly enough and log files are discarded automatically. Also, many Internet service providers don't record information about instant-messaging conversations or Web sites visited--data that would prove vital to an investigation.

"Law enforcement agencies are often having 20 reports referred to them a week by the National Center," said Michelle Collins, director of the exploited child unit for the National Center for Missing and Exploited Children. "By the time legal process is drafted, it could be 10, 15, 20 days. They're completely dependent on information from the ISPs to trace back an individual offender."

Collins, who participated in the April meeting, said that she had not reached a conclusion about how long log files should be retained. "There are so many various business models...I don't know that there's going to be a clear-cut answer to what would be the optimum amount of time for a company to maintain information," she said.

McClure, from the U.S. Internet Industry Association, said he counter-proposed the idea of police agencies establishing their own

Page 1 | 2


Join the conversation!
Add your comment
Privacy Concern
See-through X-Ray machines, VoIP monitoring, RFID, GPS mobile phone, high-speed internet monitoring...Is everyone ready to give up all their privacy for a safer country?
Posted by (1 comment )
Reply Link Flag
Where do you figure we're safer?

Monitoring and Surveillance activities are all about the oligarch's "safty", not about YOUR safty. Others want to control you (and me) because one day we *might* be a threat. Frankly, that's a self-fulfilling prophesey.
Posted by Richard G. (137 comments )
Link Flag
safer country?
hell no! none of it is really making anyone safer anyhow. well, I take that back.. I do sleep better at night knowing that some maniac shoewearing grandma won't get past security at the airports and hijack an airliner with her little rascal.
Posted by (3 comments )
Link Flag
Life under a Microscope.
It's not that I don't understand the need to try and create a safer world for everyone, but I think the government is trying to take this to far.

I think these so called "necessary" invasions of privacy aren't going to stop terrorist or child preditors from doing business as usuall. I think all they are really doing is turning normal people into government hating, paranoid, recluses. I think of this as kind of like taking medicine to stop a cold before you catch it. It may help, but sooner or later your still going to catch a cold.

I think we should instead try better educating our citizens and making sure they stay healthy. Build a good, strong armed forces. And try not to start wars everytime we get a new president.

At the rate we are going I give America another 100 years before we have another revolution.
Posted by System Tyrant (1453 comments )
Reply Link Flag
when will it end?
obviously our government needs a refresher on democracy, freedom, and rights.

Doing all of this 'watching' doesn't stop crime, or even thwart it. People will go on doing what they've always been doing through other methods. While the average joe citizen has to suffer and lose all privacy.

I'll take my chances with the terrorists.
Posted by hugh dunnit (35 comments )
Reply Link Flag
excellent point
this will make the bad people even worse
Posted by (3 comments )
Link Flag
A Prediction
Soon. Quite soon there will be a "terrorist event that will dwarf
911 in scope and loss of life. My guess would be that a major
American city would have some kind of nuclear "event". No one
will ever be able to positively trace the origins of the "device". Al
Quida will be the de-facto villain. Yet some US military storage
facility somewhere will be missing a warhead or uranium or
plutonium. In reality, no terrorists will be involved. Only
members of a clandestine arm of our own government. The
extraordinary powers that will be willingly and enthusiastically
granted government and law enforcement subsequent to this
event will make the patriot act look like a pooper scooper law by
comparison. And then ladies and gentlemen, we will all wake up
in a country that no longer belongs to us.
Posted by Willie Winkie (123 comments )
Reply Link Flag
Here's another prediction
The irrational fear of terrorism and the more irrational fear that it can be eliminated by technical means and by the creation of a police state will create a bigger and bigger dragnet that causes more and more innocent Americans to go broke, ending up with nothing to lose, defending themselves against bogus charges.

When that number gets high enough there will be a civil war.

Let's not forget that all law is there to provide recourse. Once enough people lack recourse, they will find a way to get it outside the law.

The law would do very well to step back from criminalizing victimless actions and refine the prosecution of those crimes that have actual victims.
Posted by phenyl (2 comments )
Link Flag
Privacy was non-existent in the 18th century when this country was founded. The average person had little privacy and the wealthy had none. The reason that the founders of this country were so adamant about freedom for both political thought and economic activity is due in part to their lack of privacy. Their answer was to legislate a situation where this lack made no difference - you couldn't be accused or prosecuted for your opinions. Just because the government has collected a mound of data does NOT mean that the 4th admendment has been abolished or due process ignored. All of the stuff collected will have to go through due process just as any evidence collected has. The due process clause had been the defense and the protection of us since the beginning and it will continue to do so.

That being said, the idea simply won't work - your ISP might store everything you put on their computers - email etc. But that doesn't mean that your email uses their computers. Or your IM's, your WebCams, your web pages. Anyone with a bit of technical expertise can set up their own server to do all of this and be beyond the reach of the ISP logs. Even attempts to trap all traffic from specific ports wouldn't work as the volume would be enormous and services can be run on non-standard ports. Copying all traffic and storing it not really technologically feasable, given the volume of internet traffic on even a small ISP. This idea simply won't work.
Posted by smfriedland (9 comments )
Reply Link Flag
Re: Effectiveness
Yes. but every packet of data you sent DOES go through their system. What will be mandated is that every packet your system sends out will be translated/decrypted/etc. and stored in their end system.

On another note, Isn't this what Echelon was supposed to be for ?
Posted by Sir Geek (114 comments )
Link Flag
Watergate, Filegate And More
The Justice Department, FBI, CIA, and NSA all report to the Executive Branch. We have seen over the years, starting with Nixon and Watergate to Clinton and Filegate (remember that one -- FBI files that mysteriously appeared in the White House), that there are few real protections and NO OVERSIGHT as to what goes on behind White House closed doors. Having access to individuals' web and email activity will provide a boon to corrupt administrations that want to compile dirt on their opposition and wage character assasination. This is the real danger -- that the opposition will effectively be neutralized. The govenerance of the country then basically becomes a dictatorship.
Posted by Stating (869 comments )
Reply Link Flag
The Gestapo....American Style
For those too young to remember, the tactics of this Justice Department are getting more and more frighteningly remiscent of Nazi Germany's Gestapo,
i.e. secret police fifty years ago.

How long will the American public put up with these fascist policies????
Posted by papasy (1 comment )
Reply Link Flag
How long will the American public put up with these ?
You asked this question How long will the American public put up with these fascist policies????. As long as the U.S. Government uses the tactics that they sell to the American public on their families safety. They will get what they want. It not to protect us from terrorist attacks. They have and had the means and ways to prevent that along time ago. It not to protect our children from evil preys. If that is a concern then it up to the parents or guardians to monitor and control the way the internet is used in the homes. For child porn ISPs can monitor websites that has that and block the IP number from accessing it. IMs services like Yahoo, AIM, and others can shut down room that has child porn or evil prey. They can band the IPs from using their services. We have the tools that can be used toward these issues. What it is, and it been preached for many years. That the Government wants to take our freedom away. The goals for the U.S. Government is full control. That goes for most all the Governments in the world. It called NEW WORLD ODER!!!! ONE Government controlling all of the world and the people. Some may not agree with what I say and there the ones that are allowing this to happen without putting up a fight. So as long as the Government keeps Blowing Sunshine Up The Backsides of the American Fools. There is no hope for the future for Freedom and or Privacy.
Posted by (22 comments )
Link Flag
"Clipper-chip"opponents were decried as "nuts"...
You know, there were many individuals that pointed out that the "Clipper-Chip" concept had broader ramifications, as well as, intended-expansions.

But, those people were just called "paranoid...", by those that did not want to accept what was going on.

Now, we have absolute PROOF (in the form of declassified government-documents) that the "Government" HAD intended to "mandate" the technology from the beginning.

Later, many discussed "Echelon", ...and were "pooh-poohed" for their troubles. Furthermore, at first, the U.S. Government actively DENIED ITS VERY EXISTENCE. Now, you can read numerous official publications on the program, its people and the installations involved.

The simple fact of the matter is that, "our government" (both Democrats AND Republicans) HAVE been working for decades to turn America into a TOTALITARIAN SURVEILLANCE-STATE (to serve itself AND a powerful-few).

If you do not believe it...

Try to walk down a city street without being recorded by a government video-camera.

Or, travel by bus, train, or airplane, without being registered in a government-accessible data-base.

Your phone is tapped by "CALEA" requirements. And, your car (if made after 1996) is required (by Federal-law) to have a "travel-data recorder-port".

Your banking-transactions are available to the Government, without a warrant.

Your Library activities are subject to government-seizure, and scrutiny, without "probable-cause".

You can be stopped, without cause, and be ordered to show ID just to walk down a public-street. And, you can be ARRESTED and SEARCHED for simply asking "why..?".

And, this is just the TIP of the iceberg.

But, at least the FBI (by Federal-Law and at TAXPAYER-EXPENSE) must now treat allegations of "copyright infringement" as a serious FEDERAL-CRIME.

Boy, I feel safer. Dont you..?
Posted by Gayle-Edwards (30 comments )
Reply Link Flag
Doesn't China Do This?
It's getting harder and harder to tell the difference between the way the Chinese government operates and "our" government. China has Internet access locked down tight as a drum. They claim it is for the good of their people. Any difference from what DOJ is claiming?

In another 10 years the only difference between China and the United States will be that China has all the jobs and economic growth. I think we all better start learning Mandarin.
Posted by Stating (869 comments )
Reply Link Flag
Welcome to The USSA comrade
Where we are watching you but you are safe. That is all that matters.
Posted by Jonathan (832 comments )
Link Flag
Big Brother tightening his grip
This is yet another attempt by the government to keep tabs on the activities of ordinary citizens - a blatant invasion of privacy in the name of reducing crime and national security. This blatant attempt should be strongly deplored, and everybody should give their ISPs an earful of what they think of this shameful attempt.
Posted by pankajraj2002 (1 comment )
Reply Link Flag
This seems to be an alarming trend. Our privacy and rights are being trampled on and our society lies down and allows it to happen. Am I missing something? At some point in time was the Constitution declared null and void? Very silently, America the beautiful has become America the police state. The idea that this country was founded on, freedom(s), is no more. Sure, we can walk around freely, we can write what we want, we can say what we want, but, every single thing we do is being watched and archived. These ridiculous laws that have gone into effect, such as the patriot act, have completely eroded our expectation of privacy and chewed up and spit out our constitution. Let's face it, society is sleeping. Society is allowing every facet of our daily life to be invaded and archived. Sure, its in the name of fighting terrorism, which is a noble thing, but bottom line is THEY VIOLATE OUR CONSTITUTION. I ask this: Since when can we pick and choose which parts of our constitution we wish to follow? The direction this country is heading saddens me.
Posted by (7 comments )
Reply Link Flag
Is this worth losing our freedom over?
Let me be clear: child porn and exploitation are wrong, vile, evil
things that people should be locked up forever and kept far
away from. Enforcement of child porn laws should be vigorous.

BUT: In our great free country, preserving our democracy and
liberty are far more important. Maybe we can trust today's FBI,
but who knows if we can trust tomorrow's? This is why we have
the 4th and 5th amendments: to make sure we are free of abuse
from government.

These log retention laws are a violation of our civil rights. No
matter how bad child porn and exploitation are (and they are
awful!), it would be a shame to sacrifice our freedom for what
would amount to be an incremental improvement (if any!) in
child porn law enforcement.

It irritates me to hear people attack those who are in favor of
draconian laws like these claim that people who attempt to fight
them are 'soft on child porn.' It's only fair for me to retaliate
with an equally absurd claim of my own. To them (and only
them) I say, child porn and exploitation would be less of a
problem if those people kept a closer watch on their kids and
taught their kids how to handle inappropriate situations.

I wouldn't make the same charge against people who don't try to
get these laws passed.
Posted by (27 comments )
Reply Link Flag
Oh, Brother - BIG Brother!
While I understand the concerns rearding public safety, the line needs to be drawn somewhere and drawn quickly. This retention or whatever of everyone's email chat & browsing habits is unconstitutional. This is the sort of thing a judge needs to issue a warrant for. You can't issue a blanket warrant to cover everyone in the world. This is a gross invasion of privacy. With this sort of privacy invasion condoned and put into practice, soon eveyone everywhere will have access to medical & banking records, etc. If identity theft is bad now, it'll get very much worse if data retention becomes the law of the land. Seems to me our government is way more paranoid than it is intelligent. Or fair.
Posted by (1 comment )
Reply Link Flag
Hitler Tipe Law
I said it before & I'll say it again. If what they,THE GOV. does this it will be the same as Hitler had Germeny.
Privicy is what freedom is built on.
As for as the 9/11,They had the tools,but didn't use them.
I myself don't care that much about them listening on me,but if they can listen to me I want the same to listen on them, The Gov.has more to hide than I do.
I told a friend more than 10yr. ago what #3 said.
They have tried to back the constitution for quite some time.
Besides who would able to determent what one is saying to another. I learned that one word could change the meaning of a sentence,& a sentence could change the meaning of a paragraph, so how would they know what you are talking about,who would determent this?
Posted by Earl (60 comments )
Reply Link Flag
Problem, Reaction Solution
Child pornography is a problem granted. But the solution proposed by the government is just another loss of our individual freedoms. Initially, the ruse was internet secords needed to be kept by ISP's to track terrorists. Fortunately, the Internet honcho's had the intelligence to see through that one. So now, the ISP owners will be the bad guys, by letting the child pornographers ply their trade and customers surf to the wretched sites.

The Internet is the last bastion of free speech in America. Sure, Echelon watches over it all, so they can catch the baddies if they really want to. This is just another case of eroding our disappearing rights even further.

Give it a rest, guys. The Internet is free territory.
Posted by Curlybird (1 comment )
Reply Link Flag
If Law Enforcement wants someone's logs bad enough, THEY should provide the mechanisms to "perserve" this data. Bandwidth, Storage Space and Human Resources are expensive. You can't have the entire business Internet community keep all this data for 2 months! On the other hand, businesses who have good Disaster Recover processes in place will keep a few days to a few weeks but this is ONLY for Disasters not Law Enforcement because it costs lots of $$$$ money!!! to recover it.

A simple method is if LE wants it, the request a customer's logs and then the business entity forwards/re-directs, etc the information to the LE location.
Posted by (3 comments )
Link Flag
we (USA) fought wars against governments that pulled this sort of crap on their people! The land of the free eh? today yeah, not so sure about our tomorrows though.
Posted by (3 comments )
Reply Link Flag
Just apply this to postal mail.
What if, 30 years ago before e-mail, the government declared it would open and photocopy all personal postal mail just in case they wanted to investigate any person in the future? If the government even suggesed it, do you think there would not be a torrential public outcry?
Posted by (1 comment )
Reply Link Flag
Differance in law
Federal law prohibits the unauthorized viewing of snail mail. There is no such law regrading email, there never has been. Email is NOT private, it is public.
Posted by Prndll (382 comments )
Link Flag
Not quite the same
Your analogy isn't quite accurate.

The US DJO isn't pushing for the govt to have instant and unquestioned access to this information - only that ISPs would be required to keep it. Law enforcement agencies, or individuals in civil matters, would still need to go through the process of getting warrants/subpoenas.

I've outlined how not keeping these records threatens our safety elsewhere. Something you might not be aware of is the growing amount of electronic harassment that occurs, and one of the biggest problems in protecting people from it is this lack of records.

I've read many accounts of the victims of electronic harassment and a common theme is both ISPs and the "law" ignoring such harassment, which can go on for years. Without logs (which some ISPs do keep) they can't substantiate or disprove a claim - so they just don't deal with it.

As far as privacy concerns go, if you're not doing anything wrong (and most of us don't), then you have nothing to fear from ISPs keeping account logs.
Posted by (2 comments )
Link Flag
Whenever politicians get teary-eyed over children, puppies and such, the public is about to get screwed again. This record keeping is simply another government empowerment scheme to undermine the constitutional rights of individuals.
Posted by (1 comment )
Reply Link Flag
How activity logs protect you
I've been in communication with Yahoo for almost a year, in relation to some email fraud. I had requested originally an account log. They're a standard where I live (outside the US) and it never occurred to me that Yahoo doesn't keep them. They also never suggested, in their many communications with me, that they didn't keep them. It's taken an enormous amount of effort and the involvement of a government agency for them to just admit that they don't.

An individual faked some death and rape threat emails which she claimed originated from my Tahoo account. I wasn't worried - I thought there'd be logs. I contacted Yahoo - they said sure, but we can't just give it to you, you need to subpoena it. I had a subpoena issued. Yahoo ignored it. etc. etc.

Luckily for me, the woman who faked these emails took them to the police, who quickly figured out she was lying. Her story when the police asked to actually see these emails (not just the printed copies) was that she printed them and immediately deleted them. Add to this her established history of harassing me and psychiatric history and it all smells a bit funny. Even better for me, her email provider does keep logs - the police issued warrants and voila - proof positive they had been fabricated. The police warned to leave me alone - a happy ending?

Not quite. That all took some time though, especially since the police (to save their time) were waiting for Yahoo to honour the subpoena and provide the activity log. This lunatic took me to a civil proceeding in the meantime, and an older magistrate, obviously with no knowledge of how easily these can be faked, believed her.

That's the danger you face, without these logs being kept. As things currently stand, if someone doesn't like you, this is all they have to do to cause you some very serious grief:

Step one - create an account using your name (eg. yourname@yahoo.com) or something close.

Step two - using the account with your name on it, they send themselves (preferably to an address with a provider who also doesn't keep account logs) that is somehow illegal in nature (eg. threats)

Result - you're in a lot of trouble.

I was horrified when the govt agency helping me to sort this out with Yahoo told me that Yahoo had (after some months of communicating with them) finally admitted to not keeping the logs. Then I did a web search, found this article and WOW. I'm amazed that they aren't kept, but I'm glad there seems to be some pressure for change, and possibly even legislation.

For those who cite "privacy" concerns - the only reason you have to fear such logs is if you're doing something you shouldn't be doing. If you're like the majority of people in our civilisation, you have nothing to fear from these logs, and in fact they protect you.

I sincerely hope such logs become a standard in the near future.
Posted by (2 comments )
Reply Link Flag
Big Brother and the ISP watchdogs....
Tell me...why should I trust my ISP? Because they had more money to get started in the ISP biz than I did or do?
Who can you trust nowdays....I liked Terorism Schmerrorism.......BUSH is who should be under the microscope here!
Check me out...I'm clean except for dirty UA's which I believe to be unconstitutional and against the law....I get cut off meds I need because I like drugs? Something wrong with this country BAD!
Posted by (1 comment )
Reply Link Flag
Somebody Who Sees It
Finally, somebody who seems to see the situation for what it is.

Title 18 secton 2252 contains provisions for outlawing the production and sale of child porn. The process of doing these two things takes an awful toll on some children, and the parts of 2252 that punish such behavior are appropriate.

However, there is a section of 2252 that is unbelievably restrictive regarding the simple possession of child porn. The punishment for simply viewing such a picture is absurdly draconian, and is mandatory.

I find it creepy that someone would want to view this stuff. But combine the miniscule behavior that results in a horrific sentence with the ease of having that "contraband" hacked onto your computer, and this is obviously nothing more than a way to induce terror into the computer-using public's mind.

Let's not forget that it was written, in part, by Mark Foley, of sexual-pervert fame.

All of this is a recipe to, at very minimum, force unknowing and innocent victims to spend all their life's savings to prove they had no idea such a thing was on their computers.

This is the wrong way to attack this problem. Prosecute manufacturers and sellers, yes. Prosecute hapless net users who know little of the security issues and dangers, and you have definitely stepped over the line.

Here is my solution, and I am implementing it immediately.

Every week in the mail, for years, I have received a little card with two photos of missing children on it. Usually, it is actually one missing child and one person with whom that child was last seen. I RELIGIOUSLY (and I don't do much else religiously) made DAMN SURE I looked at those photos carefully, just to see whether I had run across anyone in them in recent memory.

Starting today, ALL such cards will be the first into the shredder, and I'll make the trip from the mailbox to the shredder with my driving glasses on so I cannot see the pictures.

Same with billboards. I will NEVER call any toll-free number, even if I recognize a missing child. And I will not report any crime I see being committed against a person I perceive to be under the age of 18.

These new rules will remain in effect as long as the ridiculous, jack-booted thug section of 2252 is on the books.

The cause of protecting children has lost a very valuable asset. I hope that it loses yet more, and realizes that it better get back to the job of protecting actual children rather than terrorizing innocent computer users.
Posted by phenyl (2 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.