Congress and the FBI renew push for new, greater data retention laws

motivez · 04-24-2008, 11:08 AM

WASHINGTON--The FBI and multiple members of Congress said on Wednesday that Internet service providers must be legally required to keep records of their users' activities for later review by police.

Their suggestions for mandatory data retention revive a push for potentially sweeping federal laws--which civil libertarians oppose--that flagged last year after the resignation of Attorney General Alberto Gonzales, the idea's most prominent proponent.

FBI Director Robert Mueller told a House of Representatives committee that Internet service providers should be required to keep records of users' activities for two years.

"From the perspective of an investigator, having that backlog of records would be tremendously important if someone comes up on your screen now," Mueller said. "If those records are only kept 15 days or 30 days, you may lose the information you may need to bring that person to justice."
Also lending their support for data retention were Rep. Ric Keller, R-Fla., who said that Internet chat rooms were crammed with sexual predators, and Rep. Lamar Smith of Texas, the senior Republican on the House Judiciary committee and a previous data retention enthusiast. Rep. John Conyers, the senior Democrat and chairman, added that any proposed data retention legislation submitted by the FBI "would be most welcome."

In a series of events first reported by CNET News.com, Bush administration officials have lobbied to force Internet providers to keep track of what Americans are doing online:
June 2005: Justice Department officials quietly propose data retention rules.
December 2005: European Parliament votes for data retention of up to two years.
April 14, 2006: Data retention proposals surface in Colorado and the U.S. Congress.
April 20, 2006: Attorney General Gonzales says data retention "must be addressed."
April 28, 2006: Rep. DeGette proposes data retention amendment.
May 16, 2006: Rep. Sensenbrenner drafts data retention legislation, but backs away from it two days later.
May 26, 2006: Gonzales and FBI Director Mueller meet with Internet and telecommunications companies.
February 6, 2007: Rep. Smith introduces bill that would give the Justice Department broad authority to write data retention rules.

"Records retention by ISPs would be tremendously helpful in giving us a historic basis to make a case on a number of child pornographers who use the Internet to push their pornography" or lure children, Mueller said.
Replied Smith: "I think a number of us may well follow up on that suggestion."

An aide to Rep. Smith said in response to questions from News.com that the congressman was offering no details and would not be commenting at this point.

Based on the statements at Wednesday's hearing and previous calls for new laws in this area, the scope of a mandatory data retention law remains fuzzy. It could mean forcing companies to store data for two years about what Internet addresses are assigned to which customers (Comcast said in 2006 that it would be retaining those records for six months).

Or it could be far more intrusive. It could mean keeping track of e-mail and instant-messaging correspondence and what Web pages users visit. Some Democratic politicians have called for data retention laws to extend to domain name registries and Web hosting companies and even social-networking sites. During private meetings with industry officials, FBI and Justice Department representatives have said it would be desirable to force search engines to keep logs--a proposal that could gain additional law enforcement support, but raise additional privacy concerns and potentially conflict with European laws.

Kate Dean, director of the U.S. Internet Service Provider Association, which counts as members AT&T, AOL, Comcast, and Verizon, said in an e-mail message:
Without specifics, it's hard to know what Director Mueller is looking for from industry. The idea of data retention is complex, and Congress will need to examine many issues including which providers would be covered by a retention regime, for what period of time would those organizations be required to keep the data, does the policy idea fit with the today's and tomorrow's technologies, and what are the effects on the consumer--what are the potential risks to subscriber privacy and security? US ISPA members have been at the forefront of child protection initiatives with the National Center for Missing and Exploited Children and law enforcement, so we welcome a continued dialogue.
As attorney general until last summer, Gonzales rarely passed up an opportunity to call for data retention. In April 2006, he said Internet providers must retain records for a "reasonable amount of time" and the issue "must be addressed." In September 2006, he added: "This is a national problem that requires federal legislation."

After Gonzales' departure, the Bush administration has been less vocal on lobbying for data retention legislation. During Wednesday's hearing, however, Mueller called for new laws at least three times.

Multiple proposals to mandate data retention have surfaced in the U.S. Congress. One, backed by Rep. Diana DeGette, a Colorado Democrat, said that any Internet service that "enables users to access content" must indefinitely retain records that would permit police to identify each user. Another came from Wisconsin Rep. F. James Sensenbrenner, a close ally of President Bush, and a third was written by Rep. Smith, who endorsed the idea again on Wednesday.

At the moment, Internet service providers typically discard any log file that's no longer required for business reasons such as network monitoring, fraud prevention or billing disputes. Companies do, however, alter that general rule when contacted by police performing an investigation--a practice called data preservation.

A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It requires Internet providers to retain any "record" in their possession for 90 days "upon the request of a governmental entity."

Because Internet addresses remain a relatively scarce commodity, ISPs tend to allocate them to customers from a pool based on whether a computer is in use at the time. (Two standard techniques used are the Dynamic Host Configuration Protocol and Point-to-Point Protocol over Ethernet.)

In addition, Internet providers are required by another federal law to report child pornography sightings to the National Center for Missing and Exploited Children, which is in turn charged with forwarding that report to the appropriate police agency.

News.com's Anne Broache reported from Washington, D.C.

How do you guys feel about this?

I can understand keeping track of what IP address was assigned to each user at what time perfectly, if there's abuse coming from the network they have to know who was responsible for it so they can take the proper action, and if that abuse was illegal, they need to be able to protect themselves..

But the other, more in depth and privacy intrusive stuff?

I don't really feel comfortable having someone keep track of all the sites I visit, knowing what my political leanings are, what blogs I read, what social networking sites I'm a part of, and thus who I know.. Not to mention where I get my news from, where I bank, what credit cards I have.. and especially stuff like IM and email conversations I have with people.. without having to go through the process of getting a warrant for each piece of information they want.

Considering what else we've seen about the FBI's abuse of national security letters and wanting to expand their power to obtain personal information and monitor people without proper judicial oversight, I don't know that I really think a policy that would allow them access to this kind of information at all is appropriate.. especially right now.

7960 · 04-24-2008, 11:13 AM

Originally Posted by motivez

How do you guys feel about this?

<slippery slope warning>

Maybe they should also require the post office to make and keep copies of all the mail that passes through a processing center. I mean, as soon as the mailman leaves it in your mailbox the police "may lose the information (they) may need to bring that person to justice."

</warning>

It's bullshit. They want copies because it's easy to make and keep copies. Whether the law should allow it or not isn't their concern. There is absolutely no reason to assume I'm breaking a law and keep copies of everything I do in case they somehow suspect me so they can go back and investigate and see if I really did break a law.

7960 · 04-24-2008, 11:15 AM

Originally Posted by motivez

....without having to go through the process of getting a warrant for each piece of information they want.

The way I understand it they're still supposed to get a warrant. This is just requiring the ISP to keep the information longer.

I just don't see why they have to keep it at all.

motivez · 04-24-2008, 11:23 AM

I guess the question is whether the company has a RIGHT to do it. You are using their network and services, do they have a right to keep track of what you do while using it?

Is it similar to say, Walmart installing security cameras to watch you while you're in their store, and keeping those tapes in case something goes missing?

7960 · 04-24-2008, 11:51 AM

Originally Posted by motivez

I guess the question is whether the company has a RIGHT to do it. You are using their network and services, do they have a right to keep track of what you do while using it?

Is it similar to say, Walmart installing security cameras to watch you while you're in their store, and keeping those tapes in case something goes missing?

Of course they have a right to keep track of it.

What I've been talking about is the govt thinking it has the right to come in and tell them they *MUST* keep it, and they *MUST* keep it for this certain amount of time, because one of their customers *MAY* be a criminal and the information *MAY* be useful.

WickedLou9 · 04-24-2008, 12:02 PM

It's just the next step the continuing errosion of our 4th ammendment rights.

kinggovernor · 04-24-2008, 12:24 PM

Originally Posted by WickedLou9

It's just the next step the continuing errosion of our 4th ammendment rights.

how so?

WickedLou9 · 04-24-2008, 01:18 PM

Originally Posted by kinggovernor

how so?

They are trying to get more access to our information, what we do, who we call, e-mails, etc. They have already obtained phone records without warrants from several phone companies. If these records exist you can be sure that our government will be getting access to them without warrants.

kinggovernor · 04-24-2008, 01:34 PM

Originally Posted by WickedLou9

They are trying to get more access to our information, what we do, who we call, e-mails, etc. They have already obtained phone records without warrants from several phone companies. If these records exist you can be sure that our government will be getting access to them without warrants.

then go after the warrantless part but retention isn't a violation of the 4th amendment

nbiggershaft · 04-24-2008, 01:41 PM

Originally Posted by kinggovernor

then go after the warrantless part but retention isn't a violation of the 4th amendment

As broadly as the 4th amendment is generally applied, I think it is definitely applicable here. The 4th amendment covers how evidence can be obtained as well as how it is used in a court. This bill is the collection of evidence, which generally requires a warrant. I'd liken it to making telephone companies record all your calls, in case the police want to use them later against you.

WickedLou9 · 04-24-2008, 01:46 PM

Originally Posted by nbiggershaft

As broadly as the 4th amendment is generally applied, I think it is definitely applicable here. The 4th amendment covers how evidence can be obtained as well as how it is used in a court. This bill is the collection of evidence, which generally requires a warrant. I'd liken it to making telephone companies record all your calls, in case the police want to use them later against you.

And they have already established that they can and will use these "national security letters" to obtain access to this sort of data without a warrant. These NSL's are such a crock and should be declared unconstitutional but this court would never rule against them. If they can nullify the 4th, then they can call into question the long held "right to privacy" and then things like abortion come into question.

kinggovernor · 04-24-2008, 02:15 PM

Originally Posted by nbiggershaft

As broadly as the 4th amendment is generally applied, I think it is definitely applicable here. The 4th amendment covers how evidence can be obtained as well as how it is used in a court. This bill is the collection of evidence, which generally requires a warrant. I'd liken it to making telephone companies record all your calls, in case the police want to use them later against you.

I would liken it to making telephone companies or credit card companies to keep records of transactions and phone calls.

thewise1 · 04-24-2008, 02:21 PM

i'm appalled by it, but not surprised.

encryption will eventually become regulated, and if you have encryption that isn't 'allowed' (accessible by police agencies), you'll be presumed guilty by the masses (if he didn't have anything to hide, why did he encrypt it so the all knowing and wise government couldn't see it?).

nbiggershaft · 04-24-2008, 04:38 PM

Originally Posted by kinggovernor

I would liken it to making telephone companies or credit card companies to keep records of transactions and phone calls.

Sure, thats fair. I don't think phone companies should be forced to do that either, as long as they are local calls (to avoid any international communications rules, blah blah blah). If thats a part of their practice, fine. But to require it is collecting evidence without a warrant.

kinggovernor · 04-24-2008, 08:02 PM

Originally Posted by thewise1

i'm appalled by it, but not surprised.

encryption will eventually become regulated, and if you have encryption that isn't 'allowed' (accessible by police agencies), you'll be presumed guilty by the masses (if he didn't have anything to hide, why did he encrypt it so the all knowing and wise government couldn't see it?).

you should make a thread about it. I will get you started with a good article:

Is the Fifth Amendment Password Protected?

Legal Technology - Is the Fifth Amendment Password Protected?

thewise1 · 04-24-2008, 09:21 PM

Originally Posted by kinggovernor

you should make a thread about it. I will get you started with a good article:

Is the Fifth Amendment Password Protected?

Legal Technology - Is the Fifth Amendment Password Protected?

Really interesting article, man. It makes me want to implement full encryption on everything I own and all communications I send out over the wire, at least when able.

kombayn · 04-25-2008, 12:39 PM

Best thing to do is set-up two different fire-walls. That'll give you tons of protection on your computer. On my computer you have to have login information to access my files and I use a program called file vault to keep my documents secured. I would just do Google searches on the best way to protect your computer, the FBI can still jump through these loops but it'll be much harder for them to do it.

WickedLou9 · 04-25-2008, 01:32 PM

Originally Posted by kombayn

Best thing to do is set-up two different fire-walls. That'll give you tons of protection on your computer. On my computer you have to have login information to access my files and I use a program called file vault to keep my documents secured. I would just do Google searches on the best way to protect your computer, the FBI can still jump through these loops but it'll be much harder for them to do it.

PGP everything.
Or... if you really want security, there is a