Latest Updates

New US bill would require ISPs to retain user info to aid police

Posted at 13 May 2011 00:00 CEST by etdragon

The House Judiciary Committee, lead by Rep. Lamar Smith, is preparing a bill which would require internet service providers to retain information about their users to aid in criminal investigations.  This particular bill would be a smaller part of a large measure to strengthen sanctions against acts such as child pornography.  The most interesting part of this bill however is not who it targets but rather who it does not.  The bill would make wireless companies exempt from the requirement to store user data.

The specific reason for this exemption is unclear and Smith’s spokesperson declined to respond to questions about the new bill until “we are ready for introduction.”  The U.S. Justice Department is unhappy with the exemption, concerned that it will draw very strong opposition from cable and DSL providers.  Opposition may not be exclusive to the cable and DSL providers though.  A Democratic congressional staffer stated that early drafts of the proposed bill had been through his office and they were choosing not to support it because of privacy concerns.

The current draft bill apparently calls for any “temporarily assigned network address” to be logged for 18 months except if the addressed was assigned wirelessly.  This seems to imply that companies providing mobile hotspots to customers such as Starbucks, Dunkin Donuts, or even McDonalds would not be required to log this information but locations offering more traditional wired connections like universities, private business, schools, and hotels would be required by law to keep 18 months of IP data.  This does beg the question of how providers offering multiple connection options would handle this network address retention, would they retain information only for users of their wired connections or would they be required to log all information, both wired and wireless?

The exemption of wireless in this new bill is interesting because it appears to leave a huge hole in user data that could be used for criminal cases.  The deputy attorney general, Jason Weinstein recognized this himself, emphasizing the need to include wireless providers in the legislation because “when this information is not stored, it may, be impossible for law enforcement to collect essential evidence.”

Current service providers rarely hold onto log files longer than necessary, often discarding them immediately unless they are required for billing disputes, or network monitoring.  Legislation, in the form of the 1996 Electronic Communication Transactional Records Act, does exist that requires providers to maintain any records they have for 90 days once requested by a government agency.  There is however no guarantee that the criminal activity would be discovered before the data had been purged from ISP records.

The U.S. is not the only country addressing user data retention.  Legislation approved by the European Parliament in 2007 states that service providers in the 25 member countries must retain user information for a minimum of 6 months and a maximum of 2 years.  The European legislation seems much more specific about the fact that traffic and location data is to be retained but the “content” of phone calls, emails, and other communications is not to be retained.  The European legislation made no exemptions for wireless providers.

Click for more news

industryuser datacybercrimelaw

Click to share

There are 3 comments

MyCE Member
Posted on: 13 May 11 04:59
    This is bullshit. An ISP should not be forced to store a user's history for more than 3 months. What the hell ever happened to privacy?
    MyCE Resident
    Posted on: 13 May 11 05:22
      These laws are written by lobbyists, not someone who has an interest in protecting or serving the public. Pretty sad.
      Mr. Belvedere
      MyCE Resident
      Posted on: 13 May 11 09:06
        Originally Posted by Grim107
        This is bullshit. An ISP should not be forced to store a user's history for more than 3 months. What the hell ever happened to privacy?
        It seems it devolved.

        Post your comment

        You need to register before you can comment

        Like us

        Most popular headlines

        Windows XP security fix hangs systems and leaves them partly unprotected

        An update to the Anti Malware Service for Windows XP is causing systems to slow ...

        DVDFab decryption only available with paid licenses from now on

        DVDFab has posted a clarification on of their disc decryption policy on our foru...

        Crucial M550 512GB SSD Review - Pure speed

        • Mon 14 Apr 04:04 by Vroom

        Review: Crucial M550 Reviewed by: ANTONIS SAPANIDIS Provided by: Cr...

        Microsoft releases fixes for Windows 8.1 Spring Update install errors

        Microsoft released two patches already for users who received error codes 800700...

        Nexus 5 running Android 4.4.3 screenshot leaks

        The Chromium issue tracker reveals a screenshot of a Nexus 5 running Android 4.4...

        See all headlines