A Hawaiian legislator has introduced a broadly worded data-retention bill that require ISPs and other service providers to retain their customers’ Internet activity records for at least two years. The bill, introduced by state Rep. John Mizuno, does not have any provisions for exclusions or privacy considerations and would force the ISPs to hold the customer data, but it does not make any mention of how the data should be protected.
The bill was introduced Jan. 20 in the Hawaii state House of Representatives and is short and to the point. If passed, it would mean that ISPs would need keep detailed records of their customers’ online activities and retain that data for a minimum of two years.
“Any internet service provider that provides internet service to a consumer in the State shall retain consumer records for no less than two years. The required data for the consumer records shall include each subscriber’s information and internet destination history information,” the bill says.
The required “destination history information” would include IP addresses, domain names and host names. The definition of what constitutes a service provider is also worded quite broadly, and could be read to include more than just typical ISPs. The definition in the bill, H.R. 2288, simply says that an Internet service provider is “a company that provides access to the Internet.” That could include mobile phone companies, hotels and any other entity that gives users access to the Internet.
There have been a variety of attempts to pass national data-retention laws in recent years, including one that’s still making its way through the House of Representatives right now. That bill, the Protecting Children From Internet Pornographers Act, would require ISPs to retain IP addresses assigned to customers for at least 18 months. But it does not include provisions like those in the Hawaii measure that require retention of domain names and host names that users visits.