run into an unexpected obstacle: a former supporter.
"This bill needs a lot of fixing up," Rep. F. James Sensenbrenner, a Wisconsin Republican and previous chairman
of the House Judiciary committee, said at a hearing today. "It's not ready for prime time."
The bill in
question is H.R. 1981,
which says Internet providers must store for "at least 18 months the temporarily assigned network addresses the
service assigns to each account," unless it's a wireless provider like AT&T, T-Mobile, or SPAM.
Sensenbrenner's concerns are noteworthy because he has been a prominent sponsor of data retention legislation
before. In 2006, CNET was the first to report that he had drafted legislation that would require Internet
providers to store whatever records the attorney general deems reasonable--or face jail time. As recently as
January, Sensenbrenner convened a hearing to resuscitate the idea.
As CNET first reported yesterday, the National Sheriffs' Association announced it "strongly supports" H.R. 1981.
The National Center for Missing and Exploited Children likes it too.
But during today's hearing before Sensenbrenner's crime subcommittee, even the sponsor of H.R. 1981,
current
Judiciary chairman Lamar Smith (R-Tex.) acknowledged that there were problems with the legislation.
We want to "figure out a way so that we do not exempt wireless providers," Smith said. That exemption apparently
came about after lobbying from wireless companies, and has already drawn sharp criticism from the Justice
Department.
Michigan Rep. John Conyers, the Judiciary committee's senior Democrat, said his concern about the bill is that-
-although it's called the Protecting Children From Internet Pornographers Act of 2011--the mandatory logs could
be used to prosecute all sorts of crimes, not only ones dealing with child safety.
"The bill's title, Protecting Children From Internet Pornographers Act, is a misnomer because the legislation is
really not about those types of crimes at all," Conyers said. "Because if it were, it would certainly not
contain a broad exemption for the largest Internet service providers such as AT&T, and it would target child
exploitation."
Ernie Allen, president of the National Center for Missing and Exploited Children, said that both FBI Director
Robert Mueller and Attorney General Eric Holder want broad data retention requirement for more than child
exploitation prosecutions. Unless the bill is modified, of course, the logs could be accessed by state and local
law enforcement and civil litigants in divorce or insurance cases as well.
Similar bills have been introduced starting in early 2006, but privacy and civil liberty concerns have kept them
from even
receiving a floor vote. So has the scope: industry representatives have been wary ever since Justice Department
representatives began proposing that social networking-sites should be required to keep track of what Internet
address uploaded what photograph.
The definitions in Smith's bill could sweep in coffee shops that offer connections to their customers, as well
as hotels, universities, schools, and businesses that provide network connections, and of course traditional
broadband providers too.
"Retention" vs. "preservation"
At the moment, Internet service providers typically discard any log file that's no longer required for business
reasons such as network monitoring, fraud prevention, or billing disputes. Companies do, however, alter that
general rule when contacted by police performing an investigation--a practice called data preservation.
A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It
requires Internet providers to retain any "record" in their possession for 90 days "upon the request of a
governmental entity."
Because Internet addresses remain a relatively scarce commodity, ISPs tend to allocate them to customers from a
pool based on whether a computer is in use at the time. (Two standard techniques used are the Dynamic Host
Configuration Protocol and Point-to-Point Protocol over Ethernet.)
In addition, moncler shirts an
existing law called the Protect Our Children Act of 2008 requires any Internet provider who "obtains actual
knowledge" of possible child pornography transmissions to "make a report of such facts or circumstances."
Companies that knowingly fail to comply can be fined up to $150,000 for the first offense and up to $300,000 for
each subsequent offense.