New Bill proposes ISPs, Wi-Fi keep data of users for police…Would you approve of it?

Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations. It would require providers to keep records for two years to aid police investigations. The Internet Safety Act is broader than just data retention. Other portions add criminal penalties to other child pornography-related offenses, increase penalties for sexual exploitation of minors, and give the FBI an extra $30 million for the “Innocent Images National Initiative.”
Republican-led bill is certain to draw fire from businesses and privacy advocates. The Internet Safety Act applies not just to AT&T, Comcast, Verizon, and so on–but also to the tens of millions of homes with Wi-Fi access points or wired routers that use the standard method of dynamically assigning temporary addresses. (Dynamic Host Configuration Protocol, or DHCP.) Not just public Wi-Fi access points, but password-protected ones too, and applies to individuals, small businesses, large corporations, libraries, schools, universities, and even government agencies. Voice over IP services may be covered too.
Can someone pass a law that says that any politician who proposes a law “for the sake of the children” or “to protect the children” automatically gets thrown out of elected office? Protecting children is great — but why is it that every law that is supposedly there to protect the children never actually has anything to do with protecting children?



21 Comments

  • My answer is NO. I believe that a law like this will not protect anyone.

  • The more interesting provision is:
    “Whoever, being an Internet content hosting provider or e-mail service provider, knowingly engages in any conduct the provider knows or has reason to believe facilitates access to, or the possession of, child pornography…shall be fined under this title or imprisoned not more than 10 years, or both.”
    So any ISP that innocently carries an e-mail inviting a user to a URL containing child pornography commits an offense. Now that is an exciting idea.

  • Any time governments want to take away rights, or more usually extend their power over an individual, they frequently claim it is “for the children.” That term is merely a cloak for “extending our power.”
    Note also that legislators here in the USA rail against “activist judges” when the judiciary actually does its job, namely declaring such legislation unconstitutional.
    As for your “throw them out of office’ idea, that is what the ballot box is for. Until the next election cycle comes along write your legislator and tell them as your representative they should not vote for these inane, unconstitutional laws.
    I think a better idea would be to mandate that Congress be forced to read the Constitution, out loud, in unison once a week. Then every time a bill is voted on have a debate SPECIFICALLY about how this Bill should become law within the framework of the Constitution. If it doesn’t fit, it doesn’t pass.

  • No. Especially, since they’d undoubtedly exempt themselves.
    Of course, we all know what models of exemplary moral behaviour Congress consists of.

  • Here’s the long and short of it. Whoever proposed this bill is either just heeding lip service to the plight to crack down on child porn, or they really don’t know how the internet works. The assumption is that when folks “log in” to wireless access points, that some sort of information that is personally identifiable is gathered. That is NOT the case with public, free wi-fi hot spots. With pay-for hotspots, it’s a little different since you need to pay for them and a login is provided for you. This will just cause all free wi-fi hotspots to disappear. What use, if any would a MAC address (the ONLY thing that a computer tells the hotspot about itself) have to investigators in tracking down a child pornographer? NONE.
    Secondly, i have ALOT of issue with the “transmits, receives, or stores” line in this proposal. This is a HUGE privacy breach. This means that all service providers will now need to look at all the internet traffic that you send. This is almost as bad as a warrantless wire tap. ANY internet provider can now “listen in” on your internet conversations, and will need to store that information for 6 months. Imagine all the personal information stored within that just ripe for identity thieves and general hackers’ picking. No thank you!!!

  • If the facts you present are credible the simplest assessment is STUPID!

  • This is just another example of the Left trying to control your life and every move you make.

  • No, this is a violation of people’s privacy and can never be enforced down to the individual

  • Absolutely not!
    This proposal is absurd on many levels; clearly a product of ignorance and fear.

  • “Whoever proposed this bill is either just heeding lip service to the plight to crack down on child porn, or they really don’t know how the internet works.”
    But, the internet is just a “series of tubes” right? 😉 [Most] lawmakers understand politics — not technology… and they often fail to consult even their own technology advisers before trying to pass policy and speaking publicly regarding these issues. If you’ve ever been through a SOX audit, you’ll know that the rules don’t often make sense from a technology perspective.
    Sadly, rulings like these are often put into practice with no concern for the infrastructure issues being imposed on the carriers. While log files and user data is (normally) highly compressible, the amount of data to be collected from public network access points, alone, will still require a great deal of storage of some form — not to mention the transport required to transmit the data to be stored — overhead to maintain the system — and (potentially) software to audit and/or analyze the transcripts.
    Just another slant on this issue, aside from the privacy concerns already stated above. Perhaps one of the best uses of the data to be gleaned would be for Homeland Security, rather than child pornography prevention. Any conspiracy theorist worth his salt will now mumble “Eschelon” and “AT&T/NSA eavesdropping” under his breath, and mention that the government will happily do the post-processing for you.
    Personally, I feel that it is good practice to keep the logs anyway — not for the same reason, perhaps — but for your own troubleshooting and usage analysis… but two years? That’s a long time to keep logs that should be highly perishable. Frankly, there can be no expectation of privacy for access to these systems anyway.
    I worry more about the loss of public access points when providers find out they can no longer afford to give out “free” access because of the logging requirements. So much for ‘net ubiquity.
    Links:
    * http://en.wikipedia.org/wiki/Series_of_tubes
    * http://en.wikipedia.org/wiki/ECHELON
    * http://www.eff.org/cases/att/attachments/eff-complaint
    Clarification :
    By the way, the quote at the top was from a previous responder, Christopher Hurley. Sorry for not citing my source!

  • If this passes, buy stock in EMC 🙂
    I believe this is an over reach and would further make the US a Nanny / Police state. Hopefully this idea will quickly go away.

  • I would not support this. While a very serious issue, I believe child pornography would become a very small portion of what this would be used for.

  • I am with the others here. This sort of thing protects no one.
    It is a poor attempt by politicians to play up to peoples fear, uncertainty and doubt.
    Equally worrying (or a good opportunity depending on your take…) is the amount of user-identifiable data this will create. This will all have to be secured and protected – who will bear the costs?
    In a nutshell, this just means increased costs for no increased protection. Pretty poor policy really.

  • I am regularly involved in prosecuting criminal cases involving child exploitation. Neither I nor any other prosecutors I’ve heard of have run into serious problems getting IP records (ISP’s and sites usually keep this data for some reasonable amount of time, though not for 2 years) and subscriber info. It should be noted that the bill, as described above, would not give the government authority to monitor or read your internet traffic, as that would require a court order for a wiretap.
    I also don’t think it takes a political science degree to know that it makes it harder to oppose a bill when it’s presented as a child protection measure.

  • Well, it seems after God, Guns and Gays (oh ya and flag burning) stopped working for them, after people got so fed up with the nightmare of the Bush White House Residency and the Rubber Stamp Republican congress, and with the strongly positive response of the population to Obama and Stimulus package, they are desperate to find something else.
    This time they want to go “high tech”?
    Protect the children!
    Don’t worry about health care for them or feeding them, or helping kids not have more of them, ….
    I guess Republican National Committee Chairman Michael S. Steele plans for an “off the hook” public relations effort for the GOP to go Hip Hop did not resonant with the elected Republican officials

  • No, this is typical of many Washington solutions that come out to “protect children”, but wind up being more far-reaching in their possible impact.
    I don’t think it’s particularly practical or would be ultimately useful for law enforcement for its stated purpose. It’s just something to get some political points from particular conservative constituents.

  • Not in the least. The creators of the bill show they have little, if any, understanding of how the internet works

  • As someone said “What use, if any would a MAC address (the ONLY thing that a computer tells the hotspot about itself) have to investigators in tracking down a child pornographer? NONE. ”
    To take this one step farther. MAC addresses can be easily spoofed. So a MAC address, an IP address or anything else, offers zero identification. Even if the world adopted some form of mutual authentication to connect to these hotspots, such as the requirement of person certificates, it still is something that could be circumvented.

  • Have read these posts and agree with everyone, but just wanted to pick up on David Marshalls point…”Whoever, being an Internet content hosting provider or e-mail service provider, knowingly engages in any conduct the provider knows or has reason to believe facilitates access to, or the possession of, child pornography…shall be fined under this title or imprisoned not more than 10 years, or both.”
    The KEY word here is ‘knowingly, and it would, i believe, be up to the prosecutor to prove the ‘provider’ was knowingly involved?
    Given their billions in profits, I fear the large I.S.P.’s would easily fend off court proceedings on that issue!
    However, one wonders how Joe Bloggs with his free wireless hotspot in his cafe, hotel etc. would fare in similar cirumstances – faced with a Governmental accusation?

  • Wow, the Republican party sure does look out of touch these days. Instead of being nimble and strategic and growing with the times, they keep with their rigid, scare tactic ways. Sounds like a great way to get that majority back guys.

  • The problem will eventually need to be addressed, I’m a privacy fan, but IF you had a search warrant already for a MAC address it would be reasonable to expect wifi access points to be able to track when that MAC address signs on.
    That said today it would be impossible, we could require all FUTURE wifi access points to be albe to log this info and IF THEY ARE ON THE INTERNET (i.e. NOT private networks) then upload the data in real time to a central server.
    Storing it for the individual provider would be useless IMHO.
    The problem with the above solution is it’s anti-privacy, I’d be against it, but technologically speaking it would meet what this bill is TRYING to accomplish as access points are replaced.
    Forcing everyone to replace access points / DHCP servers would be very unreasonbale.

Leave a Reply to Christopher Hurley Cancel reply