Last Thursday the U.S. House of Representatives' judiciary committee passed a bill that makes the online activity of every American available to police and attorneys upon request under the guise of protecting children from pornography.
Note: Update with citizen petitions on page 2.
The Republican-majority sponsored bill is called the Protecting Children From Internet Pornographers Act of 2011.
It has nothing to do with pornography, and was opposed by over 30 civil liberties and consumer advocacy organizations, as well as one brave indie ISP that is urging its customers to do everything they can to protest the invasion of privacy.
"Protecting Children" forces ISPs to retain customer names, addresses, phone numbers, credit card numbers, bank account numbers, and dynamic IP addresses.
It's like having your wallet plus the web sites you visit tracked and handed over on request. These logs are now going to be retained for the scope of one and a half years.
(I have to wonder if ISPs can sell this data, too.)
This has nothing to do with porn. In case you're like the Reps that passed this nightmare and you've forgotten: pornography is legal in the United States.
It is pedophilia that is illegal. But for the sake of harnessing hysteria to get a bill passed, clearly these particular Republicans find it convenient to conflate "pornographers" as pedophiles. Last time I checked in on the matter, pedophiles did not operate within the laws surrounding adult pornography.
Personally, I'm insulted as a porn-loving American girl to be included by way of consumer participation in this disgusting and misleading characterization. And that my privacy has just been sold for something that doesn't actually help the children.
I don't feel confident that treating us all like the criminals our system can't catch is going to protect any children, especially when the people who passed the bill can't - or won't - distinguish the difference between legal adult pornography and pedophilia.
CNET's Declan McCullagh reminds us that "the mandatory logs would be accessible to police investigating any crime and perhaps attorneys litigating civil disputes in divorce, insurance fraud, and other cases as well." CNET reported that mandatory data retention was being fast-tracked in January, 2011.
The fact that civil litigants could subpoena your internet activity and the contents of your wallet has nothing to do with the labeled and stated purpose of this bill.
"The bill is mislabeled," said Rep. John Conyers of Michigan, the senior Democrat on the panel. "This is not protecting children from Internet pornography. It's creating a database for everybody in this country for a lot of other purposes."
However, this bill has a provision stating that a court does not need to approve administrative subpoenas used by U.S. Marshals who might use it to 'track down unregistered sex offenders.' This received strong arguments against giving Marshals too much power.
The Electronic Frontier Foundation spearheaded consumer and privacy groups' opposition to the bill and hosted a one-click letter-writing campaign. This included the ACLU, the Bill of Rights Defense Committee, Patient Privacy Rights and many more.
Because of the way the bill requires information to be collected and stored, the EFF called the bill "ripe for abuse by law enforcement officials" and said that because the laws designed to protect the private data of consumers from government access are insufficient and out-of-date, it creates "a perfect storm for government abuse."
Small ISPs Are Ringing The Alarm
While consumer groups opposed it and tech news outlets I trust are spelling out concerns, it was when my own ISP made a blog post that it was clear that this bill isn't just a problem for privacy proponents.
Today we retain most IP allocation logs for just two weeks; we don’t need them beyond that period, so they are deleted. Storing logs longer presents an attractive nuisance, and would potentially make our customers the target of invasions of privacy.
Any lawyer can simply file a Doe lawsuit, draft up a subpoena and request a customer’s identity. It’s far too easy.
Do the wheels of justice – or investigation – move too slowly, and should data be retained for a long time to allow for legitimate investigation? No, there are already tools in place that law enforcement can easily use to ask ISPs to preserve log information of real online criminals.
The 1996 Electronic Communication Transactional Records Act allows law enforcement to require an ISP to keep data for 90 days upon law enforcement request, giving time for a legitimate search warrant to be reviewed by a judge and issued.
The CEO points out that because the bill applies to commercial providers, naturally it won't catch people pursuing criminal activity, who can simply use public Wi-Fi.
Or 4G wireless, such as through a cell carrier.
Lifehacker points this out in What You Need to Know About the Internet Snooping Bill (and How You Can Protect Yourself):
One nice feature of the PCFIPA of 2011 bill is that it doesn't include cellular data, so if you've thought about switching to 4G wireless data at home you'll soon have another reason.
That's right: wireless carriers are exempt from having to store all your data and provide it on notice. This is likely because unlike small ISPs such as Sonic, wireless carriers lobbied the bill authors to get out of it.
The Department of Justice fought against the mobile exemption.
Obviously if someone is going to distribute pedophilia they could do it over a 4G wireless card just as easily as their DSL account, so in a certain context, the wireless carriers have lobbied their way out of the cost burden.
That also makes this bill anti-small business, because smaller ISPs like Sonic have to bear the costs, while Verizon and friends, don't.
I think that ultimately, the ones bearing the true costs will be us.
And don't give me that 'if you're not doing anything wrong you shouldn't worry' line. It's as ripe as Congressman Weiner's old line, 'my account was hacked.'
UPDATE: There is now a Change.org petition against the internet snooping bill - Repeal H.R. 1981: Protect our privacy and lives. The EFF also has a one-click email campaign you can use to alert your representatives.