Your ISP as Net watchdog

By Declan McCullagh
Staff Writer, CNET News.com Published: June 16, 2005 4:00 AM PDT

Tools

Related Stories: Europe to push ahead with ISP snooping law
June 9, 2005; FBI adds to wiretap wish list
March 12, 2004; My (brief) career as an ISP
October 10, 2003; FBI targets Net phoning
July 29, 2003; Perspective: Privacy lessons from Europe
October 23, 2002

The U.S. Department of Justice is quietly shopping around the explosive idea of requiring Internet service providers to retain records of their customers' online activities.

Data retention rules could permit police to obtain records of e-mail chatter, Web browsing or chat-room activity months after Internet providers ordinarily would have deleted the logs--that is, if logs were ever kept in the first place. No U.S. law currently mandates that such logs be kept.

In theory, at least, data retention could permit successful criminal and terrorism prosecutions that otherwise would have failed because of insufficient evidence. But privacy worries and questions about the practicality of assembling massive databases of customer behavior have caused a similar proposal to stall in Europe and could engender stiff opposition domestically.

News.context

What's new:
The U.S. Department of Justice is mulling data retention rules that could permit police to obtain records of e-mail, browsing or chat-room activity months after ISPs ordinarily would have deleted the logs--if they were ever kept in the first place.

Bottom line:
Data retention could aid criminal and terrorism prosecutions, but privacy worries and questions about the practicality of assembling massive databases of customer behavior could engender stiff opposition to the proposal.

More stories on this topic

In Europe, the Council of Justice and Home Affairs ministers say logs must be kept for between one and three years. One U.S. industry representative, who spoke on condition of anonymity, said the Justice Department is interested in at least a two-month requirement.

Justice Department officials endorsed the concept at a private meeting with Internet service providers and the National Center for Missing and Exploited Children, according to interviews with multiple people who were present. The meeting took place on April 27 at the Holiday Inn Select in Alexandria, Va.

"It was raised not once but several times in the meeting, very emphatically," said Dave McClure, president of the U.S. Internet Industry Association, which represents small to midsize companies. "We were told, 'You're going to have to start thinking about data retention if you don't want people to think you're soft on child porn.'"

McClure said that while the Justice Department representatives argued that Internet service providers should cooperate voluntarily, they also raised the "possibility that we should create by law a standard period of data retention." McClure added that "my sense was that this is something that they've been working on for a long time."

This represents an abrupt shift in the Justice Department's long-held position that data retention is unnecessary and imposes an unacceptable burden on Internet providers. In 2001, the Bush administration expressed "serious reservations about broad mandatory data retention regimes."

The current proposal appears to originate with the Justice Department's Child Exploitation and Obscenity Section, which enforces federal child pornography laws. But once mandated by law, the logs likely would be mined during terrorism, copyright infringement and even routine criminal investigations. (The Justice Department did not respond to a request for comment on Wednesday.)

"Preservation" vs. "Retention"
At the moment, Internet service providers typically discard any log file that's no longer required for business reasons such as network monitoring, fraud prevention or billing disputes. Companies do, however, alter that general rule when contacted by police performing an investigation--a practice called data preservation.

A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It requires Internet providers to retain any "record" in their possession for 90 days "upon the request of a governmental entity."

"We were told, 'You're going to have to start thinking about data retention if you don't want people to think you're soft on child porn.'"

--Dave McClure, president, U.S. Internet Industry Association

Child protection advocates say that this process can lead police to dead ends if they don't move quickly enough and log files are discarded automatically. Also, many Internet service providers don't record information about instant-messaging conversations or Web sites visited--data that would prove vital to an investigation.

"Law enforcement agencies are often having 20 reports referred to them a week by the National Center," said Michelle Collins, director of the exploited child unit for the National Center for Missing and Exploited Children. "By the time legal process is drafted, it could be 10, 15, 20 days. They're completely dependent on information from the ISPs to trace back an individual offender."

Collins, who participated in the April meeting, said that she had not reached a conclusion about how long log files should be retained. "There are so many various business models...I don't know that there's going to be a clear-cut answer to what would be the optimum amount of time for a company to maintain information," she said.

McClure, from the U.S. Internet Industry Association, said he counter-proposed the idea of police agencies establishing their own

CONTINUED: ...
Page 1 | 2

More from News.com on this story's topics: Federal government
Create an email alert | RSS feed; Data security
Create an email alert | RSS feed; Internet
Create an email alert | RSS feed; Privacy
Create an email alert | RSS feed

See more CNET content tagged:
terrorism, Internet Service Provider, log, Internet service, Internet provider

35 comments (Page 1 of 3)

Privacy Concern
by June 16, 2005 5:57 AM PDT: See-through X-Ray machines, VoIP monitoring, RFID, GPS mobile phone, high-speed internet monitoring...Is everyone ready to give up all their privacy for a safer country?; Reply to this comment View all 2 replies
Processing

Life under a Microscope.
by System Tyrant June 16, 2005 7:52 AM PDT: It's not that I don't understand the need to try and create a safer world for everyone, but I think the government is trying to take this to far. I think these so called "necessary" invasions of privacy aren't going to stop terrorist or child preditors from doing business as usuall. I think all they are really doing is turning normal people into government hating, paranoid, recluses. I think of this as kind of like taking medicine to stop a cold before you catch it. It may help, but sooner or later your still going to catch a cold. I think we should instead try better educating our citizens and making sure they stay healthy. Build a good, strong armed forces. And try not to start wars everytime we get a new president. At the rate we are going I give America another 100 years before we have another revolution.; Reply to this comment

when will it end?
by hugh dunnit June 16, 2005 8:19 AM PDT: obviously our government needs a refresher on democracy, freedom, and rights. Doing all of this 'watching' doesn't stop crime, or even thwart it. People will go on doing what they've always been doing through other methods. While the average joe citizen has to suffer and lose all privacy. I'll take my chances with the terrorists.; Reply to this comment View reply
Processing

A Prediction
by Willie Winkie June 16, 2005 8:57 AM PDT: Soon. Quite soon there will be a "terrorist event? that will dwarf 911 in scope and loss of life. My guess would be that a major American city would have some kind of nuclear "event". No one will ever be able to positively trace the origins of the "device". Al Quida will be the de-facto villain. Yet some US military storage facility somewhere will be missing a warhead or uranium or plutonium. In reality, no terrorists will be involved. Only members of a clandestine arm of our own government. The extraordinary powers that will be willingly and enthusiastically granted government and law enforcement subsequent to this event will make the patriot act look like a pooper scooper law by comparison. And then ladies and gentlemen, we will all wake up in a country that no longer belongs to us.; Reply to this comment View reply
Processing

Effectiveness
by smfriedland June 16, 2005 9:09 AM PDT: Privacy was non-existent in the 18th century when this country was founded. The average person had little privacy and the wealthy had none. The reason that the founders of this country were so adamant about freedom for both political thought and economic activity is due in part to their lack of privacy. Their answer was to legislate a situation where this lack made no difference - you couldn't be accused or prosecuted for your opinions. Just because the government has collected a mound of data does NOT mean that the 4th admendment has been abolished or due process ignored. All of the stuff collected will have to go through due process just as any evidence collected has. The due process clause had been the defense and the protection of us since the beginning and it will continue to do so. That being said, the idea simply won't work - your ISP might store everything you put on their computers - email etc. But that doesn't mean that your email uses their computers. Or your IM's, your WebCams, your web pages. Anyone with a bit of technical expertise can set up their own server to do all of this and be beyond the reach of the ISP logs. Even attempts to trap all traffic from specific ports wouldn't work as the volume would be enormous and services can be run on non-standard ports. Copying all traffic and storing it not really technologically feasable, given the volume of internet traffic on even a small ISP. This idea simply won't work.; Reply to this comment View reply
Processing

Watergate, Filegate And More
by Stating June 16, 2005 9:29 AM PDT: The Justice Department, FBI, CIA, and NSA all report to the Executive Branch. We have seen over the years, starting with Nixon and Watergate to Clinton and Filegate (remember that one -- FBI files that mysteriously appeared in the White House), that there are few real protections and NO OVERSIGHT as to what goes on behind White House closed doors. Having access to individuals' web and email activity will provide a boon to corrupt administrations that want to compile dirt on their opposition and wage character assasination. This is the real danger -- that the opposition will effectively be neutralized. The govenerance of the country then basically becomes a dictatorship.; Reply to this comment

The Gestapo....American Style
by papasy June 16, 2005 2:49 PM PDT: For those too young to remember, the tactics of this Justice Department are getting more and more frighteningly remiscent of Nazi Germany's Gestapo, i.e. secret police fifty years ago. How long will the American public put up with these fascist policies????; Reply to this comment View reply
Processing

"Clipper-chip"opponents were decried as "nuts"...
by Gayle-Edwards June 16, 2005 9:47 PM PDT: You know, there were many individuals that pointed out that the "Clipper-Chip" concept had broader ramifications, as well as, intended-expansions. But, those people were just called "paranoid...", by those that did not want to accept what was going on. Now, we have absolute PROOF (in the form of declassified government-documents) that the "Government" HAD intended to "mandate" the technology from the beginning. Later, many discussed "Echelon", ...and were "pooh-poohed" for their troubles. Furthermore, at first, the U.S. Government actively DENIED ITS VERY EXISTENCE. Now, you can read numerous official publications on the program, its people and the installations involved. The simple fact of the matter is that, "our government" (both Democrats AND Republicans) HAVE been working for decades to turn America into a TOTALITARIAN SURVEILLANCE-STATE (to serve itself AND a powerful-few). If you do not believe it... Try to walk down a city street without being recorded by a government video-camera. Or, travel by bus, train, or airplane, without being registered in a government-accessible data-base. Your phone is tapped by "CALEA" requirements. And, your car (if made after 1996) is required (by Federal-law) to have a "travel-data recorder-port". Your banking-transactions are available to the Government, without a warrant. Your Library activities are subject to government-seizure, and scrutiny, without "probable-cause". You can be stopped, without cause, and be ordered to show ID just to walk down a public-street. And, you can be ARRESTED and SEARCHED for simply asking "why..?". And, this is just the TIP of the iceberg. But, at least the FBI (by Federal-Law and at TAXPAYER-EXPENSE) must now treat allegations of "copyright infringement" as a serious FEDERAL-CRIME. Boy, I feel safer. Dont you..?; Reply to this comment

Doesn't China Do This?
by Stating June 16, 2005 10:47 PM PDT: It's getting harder and harder to tell the difference between the way the Chinese government operates and "our" government. China has Internet access locked down tight as a drum. They claim it is for the good of their people. Any difference from what DOJ is claiming? In another 10 years the only difference between China and the United States will be that China has all the jobs and economic growth. I think we all better start learning Mandarin.; Reply to this comment View reply
Processing

Big Brother tightening his grip
by pankajraj2002 June 17, 2005 4:49 AM PDT: This is yet another attempt by the government to keep tabs on the activities of ordinary citizens - a blatant invasion of privacy in the name of reducing crime and national security. This blatant attempt should be strongly deplored, and everybody should give their ISPs an earful of what they think of this shameful attempt.; Reply to this comment