House Committee passes bill requiring your ISP to retain your assigned IP for 12 months

Instead of working on the debt ceiling...

Law • July 2011 • Views: 1,609

Yesterday, the House Judiciary Committee voted 19-10 for H.R. 1981, a data-retention bill that will require your ISP to spy on everything you do online and save records of it for 12 months. California Rep Zoe Lofgren, one of the Democrats who opposed the bill, called it a ‘data bank of every digital act by every American’ that would ‘let us find out where every single American visited Web sites.’

Actually the bill requires they retain the IP address that is assigned to you. That, with access to the website logs could make a picture of your web presence.

Recent Pages by Buck (Buck):
'Israeli Apartheid? I Know What Apartheid Really Is' Guess Who's Valedictorian at Israel's Top Medical School? The Most Racist/Misogynist Commercial In History

Jump to bottom

13 comments

jvic Fri, Jul 29, 2011 11:43:43am

1. Thanks for posting this. I was about to.

2. Deal with the fiscal mess they created? Too hard for Congress.

Authorize surveillance of their constituents? Bipartisan consensus.

3. I’ve said this before: gunning down citizens in the streets is not the only way a government can show it is illegitimate.

Gus Fri, Jul 29, 2011 12:16:34pm

OK, it looked a little worrisome at first but here’s the actual section from the text of the bill regarding data retention:

SEC. 4. RETENTION OF CERTAIN RECORDS BY ELECTRONIC COMMUNICATION SERVICE PROVIDERS.

(a) In General- Section 2703 of title 18, United States Code, is amended by adding at the end the following:

‘(h) Retention of Certain Records- A provider of an electronic communication service or remote computing service shall retain for a period of at least 18 months the temporarily assigned network addresses the service assigns to each account, unless that address is transmitted by radio communication (as defined in section 3 of the Communications Act of 1934).’.

(b) Sense of Congress- It is the sense of Congress that records retained pursuant to section 2703(h) of title 18, United States Code, should be stored securely to protect customer privacy and prevent against breaches of the records.

From Text of H.R. 1981: Protecting Children From Internet Pornographers Act of 2011

I already received an email about this bill. It does require further study but right now all I am seeing is the “temporarily assigned network addresses the service assigns to each account” being retained. No other information and every “click and keystroke” does not seem to be part of the mandate. Could this be a slippery slope?

Gus Fri, Jul 29, 2011 12:23:53pm

And here is US Code TITLE 18 > PART I > CHAPTER 121 > § 2703 § 2703. Required disclosure of customer communications or records

Excerpt:

(c) Records Concerning Electronic Communication Service or Remote Computing Service.—

(1) A governmental entity may require a provider of electronic communication service or remote computing service to disclose a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications) only when the governmental entity—
(A) obtains a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) by a court of competent jurisdiction;
(B) obtains a court order for such disclosure under subsection (d) of this section;
(C) has the consent of the subscriber or customer to such disclosure;
(D) submits a formal written request relevant to a law enforcement investigation concerning telemarketing fraud for the name, address, and place of business of a subscriber or customer of such provider, which subscriber or customer is engaged in telemarketing (as such term is defined in section 2325 of this title); or
(E) seeks information under paragraph (2).
(2) A provider of electronic communication service or remote computing service shall disclose to a governmental entity the—
(A) name;
(B) address;
(C) local and long distance telephone connection records, or records of session times and durations;
(D) length of service (including start date) and types of service utilized;
(E) telephone or instrument number or other subscriber number or identity, including any temporarily assigned network address; and
(F) means and source of payment for such service (including any credit card or bank account number),

As you can see “temporarily assigned network addresses” is also required to be disclosed already but it seems to only require a shorted retention period. Means of payment is already required to be disclosed when requested. I would say there isn’t much change here other than an extension of the retention period.

Achilles Tang Fri, Jul 29, 2011 12:38:34pm

re: #2 Gus 802

Isn’t this something that we would want if we needed to backtrack hacking or other internet crimes? If the data were needed would it not require a warrant?

I thought it was only Teabaggers who thought all government was bad.

Randall Gross Fri, Jul 29, 2011 12:44:32pm

Ok, after further reading it appears that you still need a warrant, court order, or reasonable cause from an open investigation to actually get the data, so I’m not worried. Everyone freaks about this stuff, but the “trap, trace” etc language is pertinent to telephony in particular, and again you need a complaint, an ongoing investigation, and a court order for the above. For years we lived with everyone able to find exactly where everyone else’s telephone was at due to the nature of the old telephone voice network, but now everyone freaks if law authorities want to know where your computer connected to the much more powerful data network is.
I’m almost in favor of ending all anonymity at the ISP level as long as there are protections in place requiring the usual stuff of law enforcement before the ISP spillz ur beanz.

Gus Fri, Jul 29, 2011 12:45:25pm

re: #4 Naso Tang

Isn’t this something that we would want if we needed to backtrack hacking or other internet crimes? If the data were needed would it not require a warrant?

I thought it was only Teabaggers who thought all government was bad.

Yes. It would require a warrant according to US Code as I linked above:

(c) Records Concerning Electronic Communication Service or Remote Computing Service.—

(1) A governmental entity may require a provider of electronic communication service or remote computing service to disclose a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications) only when the governmental entity—

(A) obtains a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) by a court of competent jurisdiction;

(B) obtains a court order for such disclosure under subsection (d) of this section;

(C) has the consent of the subscriber or customer to such disclosure;

(D) submits a formal written request relevant to a law enforcement investigation concerning telemarketing fraud for the name, address, and place of business of a subscriber or customer of such provider, which subscriber or customer is engaged in telemarketing (as such term is defined in section 2325 of this title); or

(E) seeks information under paragraph (2).

A lot of this information is already being used by telemarketers. And to repeat, the only information I see that’s required here is temporarily assigned network address. For law enforcement, if you don’t know the source of the suspect through this address you’d never be able to locate the suspect or at least help improve that effort.

Gus Fri, Jul 29, 2011 12:53:44pm

The headline should read:

House Committee passes bill requiring your ISP to ~~spy on every click and keystroke you make online and retain for 12 months~~ retain for a period of at least 18 months the temporarily assigned network addresses the service assigns to each account, unless that address is transmitted by radio communication.

Buck Fri, Jul 29, 2011 1:01:28pm

Strange that Boing would get this so wrong.

Although, your “network address” can be considered “personal information” and it could be used to identify what web sites you visit and what content you post online…

Although not keystroke by keystroke…

Velvet Elvis Fri, Jul 29, 2011 1:39:37pm

How are they defining ISPs I wonder?

Anyone who’s wanting to be evasive will use tor and/or VPNs anyway.

Gus Fri, Jul 29, 2011 2:01:18pm

It’s 18 months not 12 months or from HR 1981:

Retention of Certain Records- A provider of an electronic communication service or remote computing service shall retain for a period of at least 18 months the temporarily assigned network addresses the service assigns to each account…

And to review what I already pointed out.

If this wasn’t pointed out already. This is for child pornography only. This rule already exists but is limited to 180 days or 6 months as in section 2703 of the USC:

(a) Contents of Wire or Electronic Communications in Electronic Storage.— A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication, that is in electronic storage in an electronic communications system for one hundred and eighty days or less, only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) by a court of competent jurisdiction. A governmental entity may require the disclosure by a provider of electronic communications services of the contents of a wire or electronic communication that has been in electronic storage in an electronic communications system for more than one hundred and eighty days by the means available under subsection (b) of this section.

Specifically applied and similar to this same bill and again from section 2703:

A provider of electronic communication service or remote computing service shall disclose to a governmental entity the…any temporarily assigned network address.

In summary, HR 1981 is effectively adding 12 months to the already existing 180 days (6 months) for a total of 18 months.

jvic Fri, Jul 29, 2011 4:55:43pm

A few thoughts, in no particular order, wrt foregoing comments:

1. The Electronic Frontier Foundation’s take is here; the Center for Democracy and Technology’s, here. They are neither pleased nor reassured.

2. Fourth Amendment protections like court-ordered search warrants are not as robust as they used to be: Destroying Hard Drive Leads to Conviction for Obstructing Federal Investigation…a child pornography suspect destroyed his hard drive in response to learning of the investigation. No search warrant was issued; no prosecution for child porn was initiated.

3. The conviction described in the link above was obtained by invoking the Sarbanes-Oxley Law. This legislation, supposedly designed to deter financial fraud, was “creatively” adapted to a child porn prosecution. I assume—it goes without saying, afaic—that special interests have deliberately made H.R. 1981 extensible in ways that are not superficially apparent.

4. Per the previous remark, unless the bill explicitly restricts itself to child porn in the text, its provisions apply across the board. Naming the bill the Protecting Children From Internet Pornographers Act of 2011 is, IMO, a veiled threat to undecided Representatives. “Representative ______ opposed efforts to protect our children from Internet pornographers.”

5. Here is a letter to Congress from a number of civil-liberties organizations, including the ACLU. Among other things, it expressly addresses the foregoing point: Contrary to the title of the legislation, there (is) nothing in the bill that would limit the use of these records to child exploitation cases.

6. IMO this rant about Microsoft’s recent call for an “Internet Driver’s License” serves to put H.R. 1981 in context.

(I Stand By What I Said Whatever It Was) Wed, Aug 3, 2011 9:55:20am

re: #11 jvic

Thanks. A lot of people here automatically assume a system put in place will not be abused. But I haven’t found one rational argument against the simple fact that forcing ISPs to retain private data of their customers for long ammounts of time equals to a higher risk of abuse of that data.

Between 2007 and 2010, when the Federal Constitutional Court of Germany struck down the law as unconstitutional, federal data retention legislation was in place in Germany. Every once in a while, still and presumably for some time to come, news comes out about some kind of abuse from police and other authorities in relation to this.

(I Stand By What I Said Whatever It Was) Wed, Aug 3, 2011 10:00:02am

Also note this CNET article I posted elsewhere: news.cnet.com

Auto

This page has been archived.
Comments are closed.

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2023-04-04 11:11 am PDT LGF User's Guide RSS Feeds

Help support Little Green Footballs!