Declan McCullagh at CNET:
The FBI is pressing Internet service providers to record which Web sites customers visit and retain those logs for two years, a requirement that law enforcement believes could help it in investigations of child pornography and other serious crimes.
FBI Director Robert Mueller supports storing Internet users’ “origin and destination information,” a bureau attorney said at a federal task force meeting on Thursday.
As far back as a 2006 speech, Mueller had called for data retention on the part of Internet providers, and emphasized the point two years later when explicitly asking Congress to enact a law making it mandatory. But it had not been clear before that the FBI was asking companies to begin to keep logs of what Web sites are visited, which few if any currently do.
The FBI is not alone in renewing its push for data retention. As CNET reported earlier this week, a survey of state computer crime investigators found them to be nearly unanimous in supporting the idea. Matt Dunn, an Immigration and Customs Enforcement agent in the Department of Homeland Security, also expressed support for the idea during the task force meeting.
Samuel Axon at Mashable:
That would mean monitoring the IP addresses, domains and exact websites users visit, and then storing that information for months. If officials who support this measure get their way, federal, state and local law enforcement would be able to access the information via search warrant or subpoena.
Access to exact URLs would require deep-packet inspection, which could be a violation of the Wiretap Act. The courts would end up having to make a ruling one way or the other if authorities try it.
The argument in favor is that the FBI has long been able to do this with telephone call information, but since so much telephone communication has been replaced by web activity, this would just be a preservation of existing powers. And those in favor insist that no actual content would be released to authorities — only points of contact. For example, authorities can see that a phone call was made from one number to another, but they don’t know what was said unless they wiretap.
Jeralyn at Talk Left:
The panel was very confrontational (it was live-streamed and an archived version should become available)
At the meeting, the FBI’s Gregg Motta said that the FBI director wants 2 year data retention for non-content data. He disagreed with a CDT paper by Nancy Libin, Chief Privacy Officer for DOJ, arguing that data retention is “invasive and risky.”
Kardasz claimed that ISPs delay compliance with subpoenas and fail to retain data long enough for investigations. He suggested data be kept for 5 years. He says ISP are facilitating crime and suggested ISPs be co-defendants in child p*rn cases. Subcommittee Chair Chris Bubb from AOL called Kardasz’ comments outrageous.
DOJ’s Paul Almanza says it does not have a position on data retention requirements and that the lack of data retention harms investigations of crimes against children.
From one report:
[T]he strongest objection came from John Morris of the Center for Democracy & Technology, who rightly noted that no amount of government subsidies for data retention could prevent leakage of sensitive private data. For this reason and because of the basic civil liberties at stake whenever the government has access to large pools of data about its citizens, Morris argued that we need to strike a balance between how we protect children & the values of free society. Dave McClure of the US Internet Industry Association (USIIA) seconded this point powerfully: If such vast data is retained, it will be abused.
And get this: Verizon stores your e-mail forever, unless the user deletes it.
Drew Arena of Verizon says it stores information to correlate IP addresses & subscriber information for 12 months and e-mail forever.
While the emphasis is being placed on “routing” information and not “content”, a lot of content can be gleaned from these connections.
One has to wonder how all of that information is going to be useful. If you’re trying to parse everything that an ISP’s customer has done over the course of two years, you’re going to end up in the territory of Excel spreadsheets that bring even the mightiest CPUs to a crawl.
Another concern is whether or not such a law for logging data explicitly for the purpose of federal investigation in some way violates the Constitution. For example, American citizens are entitled to an expectation of privacy. In my opinion, this if you’re just visiting a website in your home that doesn’t have any social features, this activity should be considered private. If, on the other hand, you’re on a site interacting with users, then you’re being less private.
Personally, any proposals for data logging set off my internal Orwellian sensors. The FBI argument will be that more data will allow for better policing of criminal activity, but that’s also the problem: all of the user data collected would be more or less for the purpose of prosecuting people. And the last thing we need in the US is more ways to put people in jail.