House panel approves broadened ISP snooping bill
Internet providers would be forced to keep logs of their customers’ activities for one year—in case police want to review them in the future—under legislation that a U.S. House of Representatives committee approved today.
The 19 to 10 vote represents a victory for conservative Republicans, who made data retention their first major technology initiative after last fall’s elections, and the Justice Department officials who have quietly lobbied for the sweeping new requirements, a development first reported by CNET.
A last-minute rewrite of the bill expands the information that commercial Internet providers are required to store to include customers’ names, addresses, phone numbers, credit card numbers, bank account numbers, and temporarily-assigned IP addresses, some committee members suggested. By a 7-16 vote, the panel rejected an amendment that would have clarified that only IP addresses must be stored.
It represents “a data bank of every digital act by every American” that would “let us find out where every single American visited Web sites,” said Rep. Zoe Lofgren of California, who led Democratic opposition to the bill.
Lofgren said the data retention requirements are easily avoided because they only apply to “commercial” providers. Criminals would simply go to libraries or Starbucks coffeehouses and use the Web anonymously, she said, while law-abiding Americans would have their activities recorded.
To make it politically difficult to oppose, proponents of the data retention requirements dubbed the bill the Protecting Children From Internet Pornographers Act of 2011, even though the mandatory logs would be accessible to police investigating any crime and perhaps attorneys litigating civil disputes in divorce, insurance fraud, and other cases as well.
“The bill is mislabeled,” said Rep. John Conyers of Michigan, the senior Democrat on the panel. “This is not protecting children from Internet pornography. It’s creating a database for everybody in this country for a lot of other purposes.”
At the moment, Internet service providers typically discard any log file that’s no longer required for business reasons such as network monitoring, fraud prevention, or billing disputes. Companies do, however, alter that general rule when contacted by police performing an investigation—a practice called data preservation.
A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It requires Internet providers to retain any “record” in their possession for 90 days “upon the request of a governmental entity.”