Data retention measure would force ISPs to store user information and hand it over to authorities
July 13, 2011
A prominent online rights group has urged US lawmakers to scrap a proposal that would see all internet providers required by federal law to store information on their customers.
The Electronic Privacy Information Center (EPIC) appealed before a House Judiciary Committee hearing this week, asking that Congress recognize the fact that retaining identifying information would put at risk “99.9% of Internet users.”
The legislation in question is H.R. 1981, a bill to address concerns about children pornography. EPIC is concerned, however, over provisions within the bill that will require Internet Service Providers to store temporarily assigned IP addresses for future government use.
EPIC President Marc Rotenberg pointed out that it is more prudent to seek data minimization rather than data retention, in the wake of increased risk of data breaches and identity theft. Rotenberg noted that enforced data retention would make ISPs more vulnerable to hackers, citing the LulzSec group, which recently claimed responsibility for temporarily shutting down a CIA website and other high-profile hacks.
“Minimizing stored user data reduces incentives for hackers to attack data storage systems by reducing the amount of data available to steal. Minimization also reduces the costs of data breaches,” Rotenberg said in prepared testimony.
Rotenberg suggested that the data could be used to bring criminal charges that were unrelated to child pornography, a concern that was shared by Michigan Rep. John Conyers.
“Although this data retention requirement has been introduced as part of a bill focused on child sexual exploitation, there is no evidence to suggest that the majority of law enforcement requests for customer subscriber information relate to child protection cases.” Rotenberg argued.
Advocates for the legislation include the National Sheriffs’ Association, which has said it “strongly supports” mandatory data retention. The bill has also attracted endorsements from the National Center for Missing and Exploited Children, as well as the FBI.
“It would give the government sweeping authority to mandate the collection and retention of personal information obtained by business from their customers, or generated by the business in the course of providing services, for subsequent examination without any reason to believe that information is relevant or necessary for a criminal investigation,” Rotenberg further testified.
The EPIC President also noted that the bill would create a new immunity that hasn’t previously existed under the Wiretap Act, allowing ISPs to escape liability if problems resulted.
“By extending blanket immunity and a good faith defense to these ISPs, Congress would foreclose the ability for consumers to seek damages under [the Electronic Communications Privacy Act] for violations of that law,”
“Instead, ISPs would be free to share their retained IP address information with law enforcement at any time, even if the current legal exceptions, such as those for voluntary disclosure, are not met.” Rotenberg said.
EPIC wishes to see the relevant sections of the bill re-written by House Judiciary Committee Chairman Lamar Smith (R-Texas) and Rep. Debbie Wasserman Schultz (D-Fla.), who introduced the legislation in May.
Smith told Rotenberg that he would take on board EPIC’s suggestions and look into them, but added that he would “give the benefit of the doubt to saving the children.”
EPIC noted that the prospect for passage of H.R. 1981 was significantly diminished at the hearing after Chairman James Sensenbrenner (R-WI) said he would oppose the measure.
Further reading: http://epic.org/privacy/intl/data_retention.html
Steve Watson is the London based writer and editor for Alex Jones’ Infowars.net, and Prisonplanet.com. He has a Masters Degree in International Relations from the School of Politics at The University of Nottingham in England.