A House committee approved a bill that would require Internet service providers to retain details of customer online activity for 12 months for law enforcement use.
The
House Judiciary Committee approved a controversial bill that would require
Internet service providers to retain customer data for 12 months.
The
data retention clause would require ISPs to keep subscriber information
including IP addresses for 12 months for use to investigate cases of child
exploitation. After two days of intense negotiations, committee members voted
19 to 10 on July 28 to send the amended bill to the full House of
Representatives for debate.
The
data retention bill has the backing of law enforcement organizations and the
National Cable and Telecommunications Association. Along with IP addresses, law
enforcement will have access to full subscriber records that can be tied to the
Websites each person visited as well as any content posted without having to
first obtain a court order.
"When
investigators develop leads that might result in saving a child or apprehending
a pedophile, their efforts should not be frustrated because vital records were
destroyed simply because there was no requirement to retain them," said
Chairman Lamar Smith, R-Texas, the bill's co-sponsor.
The
original version of the bill had requested 18 months. Smith offered an
amendment to cut time to 12 months, which passed. Zoe Lofgren, D-Calif.,
proposed one to strike the data retention requirements from the bill entirely,
which failed by a 15-8 vote.
Opponents
to the bill, both Republican and Democrat, added various amendments to block
the legislation, arguing it would place an unfair burden on smaller ISPs and
would essentially create a trove of consumer data that law enforcement
officials would be able to freely access.
Lofgren
proposed an amendment to rename the bill the "Keep Every American's
Digital Data for Submission to the Federal Government Without a Warrant Act."
Privacy
advocates noted that increasing data retention requirement runs counter to best
practices in data security and would actually increase the risks of data
breaches.
"We
live in an age where our devices and the way we use the Internet are constantly
generating records-what we read, where we go, who our friends are," the
Electronic Frontier Foundation said in a statement. By saving those records for
future use, "they become a persistent and pervasive assault on"
privacy and pose an "irresistible temptation to law enforcement," the
EFF said.
As
it stands, the bill would also protect ISPs from liability for retaining the
data. Lofgren tried to minimize the blanket immunity so that ISPs could be held
liable if the data was hacked due to negligence in securing the data.
Lofgren
argued that a targeted approach is better than a database of "every
digital act by every American." She proposed an amendment to require the
ISPs to inform the courts when faced with requests from law enforcement,
similar to how phone companies currently have to report wiretapping requests.
She also sought to specify that ISPs can't add other types of consumer data to
be collected and retained.
All
of Lofgren's amendments were defeated.
Lofgren
said the bill wouldn't achieve its goals because the data retention applies to
only "commercial" providers. Criminals would simply go to libraries
or Starbucks coffeehouses and use the Web anonymously, while law-abiding
Americans would have their activities recorded, she said. The ISPs would know
criminals used library machines but law enforcement would not be able to
identify the user, while all the activity from a home computer would be
retained, she said.
"I
oppose this bill. It can be amended, but I don't think it can be fixed," said
Rep. F. James Sensenbrenner, R-Wis., adding that "numerous risks"
outweigh any benefits and will probably not do much toward protecting children.
Email
Print
