House Committee Passes Bill to Force ISPs to Retain User Data For 12 Months

A controversial bill that would force ISPs to retain records for up to 12 months that would allow them to identify users by IP address has cleared a key hurdle and passed the House Judiciary Committee by a wide margin, setting it up for passage by the full House.

Data retentionA controversial bill that would force ISPs to retain records for up to 12 months that would allow them to identify users by IP address has cleared a key hurdle and passed the House Judiciary Committee by a wide margin, setting it up for passage by the full House.

The bill was introduced with the purported intention of protecting children from online pornography, but it has become a lightning rod for privacy advocates and security experts who have decried the data-retention provision. Under the language currently in H.R. 1981, ISPs would be required to store the IP addresses assigned to each subscriber for 12 months. The idea behind this section is “to assist federal law enforcement in online child pornography and child exploitation investigations”, according to the committee.

But that’s not the way that many outside observers see it. Many privacy advocates and civil liberties groups say that the bill will violate user privacy.

“The data retention mandate in this bill would treat every Internet user
like a criminal and threaten the online privacy and free speech rights
of every American, as lawmakers on both sides of the aisle have
recognized. Requiring Internet companies to redesign and reconfigure
their systems to facilitate government surveillance of Americans’
expressive activities is simply un-American,” Senior Staff Attorney Kevin Bankston of the Electronic Frontier Foundation said in a statement.

“Such a scheme would be as
objectionable to our Founders as the requiring of licenses for printing
presses or the banning of anonymous pamphlets. We hope that
bipartisan opposition will grow as the bill makes its way to the House
floor and more lawmakers are educated about this anti-privacy, anti-free
speech, anti-innovation proposal.”

Retaining the IP addresses of users as they move around the Web forces ISPs to store a huge amount of data they otherwise would not need. But lawmakers in support of the bill said that the privacy concerns were overridden by the need to help law enforcement track down pedophiles.

“When investigators develop leads that might result in saving a
child or apprehending a pedophile, their efforts should not be
frustrated because vital records were destroyed simply because there was
no requirement to retain them. This bill requires ISPs to retain
subscriber records, similar to records retained by telephone companies,
to aid law enforcement officials in their fight against child sexual
exploitation,” Rep. Lamar Smith (R-TX), the sponsor of the bill, said in a statement.

“Every piece of prematurely discarded information could
be the footprint of a child predator. This bill ensures that the online
footprints of predators are not erased.”

Interestingly, several of Smith’s Republican colleagues on the committee took issue with the data-retention portion of the bill and voted against the measure. Rep. Jim Sensenbrenner (R-Wisc.) said during the markup hearing for the bill on Thursday that it would treat ordinary citizens as criminals by default.

“The problem arises when data retention is government mandated. It is the government’s role to conduct criminal investigations through the established legal process, but it is not the role of Government to mandate how private businesses arrange storage procedures independent of the legal process. Simply put, the decision to store data should be a business decision and not a government decision,” Sensenbrenner said.

“The data retention mandate imposed by this bill would also threaten personal privacy at a time when the public is already justifiably concerned about privacy online. A key to protecting privacy is to minimize the amount of data collected and held in the first place. The data retention law would undermine this key principle. The bill would establish surveillance of all Internet users, regardless of whether there is any reason to believe they have engaged in unlawful activity. Ordinary citizens would have a year’s worth of their online activity retained.”

Suggested articles

Cybersecurity for your growing business
Cybersecurity for your growing business