H.R. 1981, the “Protecting Children from Internet Pornographers Act of 2011” was the subject of a hearing today in the Subcommittee on Crime, Terrorism and Homeland Security of the House of Representatives. The bill would require Internet Service Providers to retain customer logs which could be used to reconstruct the Internet activity all subscribers, not just those who are suspected of engaging in criminal conduct.
Under current law, ISPs may be required to preserve records for 90 days at the request of law enforcement in connection with a particular investigation, plus a 90-day extension if the request is renewed. H.R. 1981 would require ISPs to retain everything for 18 months.
H.R. 1981 is unfortunately not a good example of transparency in lawmaking. Although the focus of this legislation is child pornography, as CNET’s Declan McCullagh reported, the bill would permit the use of any stored logs to prosecute any type of crime.
One problem is the bill targets Internet Service Providers, while ignoring smartphones and WiFi networks. Marc Rotenberg of the Electronic Privacy Information Center pointed out at the hearing that an effective bill would have to cast a much wider net.
If this Committee intends for the bill to address the threat from all people using the Internet, it would need to require that every coffee shop require ID before a consumer can browse the web, and establish penalties to prohibit consumers from leaving their own WiFi connections open to the world.
Of course, the data will also be a tempting target for hackers. Moreover, it will also be available to civil litigants. At an an oversight hearing on this subject earlier in the year, John B. Morris of the Center for Democracy & Technology said
[W]e understand that the great majority of requests that ISPs and others receive for customer information come not from the government but from private litigants in divorce cases, copyright enforcement actions, and commercial lawsuits.
As I have previously noted, the task of protecting our children has not received the resources it needs in the past. This may still be a problem, according to Morris.
Although no data is publicly available, and law enforcement officials have consistently refused to release information of this type when asked, a common perception in the child safety world is that law enforcement agencies already have far more child pornography cases on their plates than they can investigate and prosecute. In other words, even if a vast data retention regime were imposed on the American Internet industry, and even if data were retained for a lengthy period of time, law enforcement agencies would still not be able to investigate and prosecute more child pornography cases.
The same Internet that makes it easier to distribute child pornography, also provides law enforcement with powerful tools to detect and document crimes against children in real time. If police and prosecutors do not have the resources to take advantage of these opportunities, that ought to be the focus of well-intentioned lawmakers. By getting law enforcement the resources they need we can and should continue to protect the liberties the Constitution guarantees us as Americans by rejecting ill-conceived data retention schemes.