Last Thursday the U.S. House of Representatives' judiciary committee passed a bill that makes the online activity of every American available to police and attorneys upon request under the guise of protecting children from pornography.
It has nothing to do with pornography, and was opposed by over 30 civil liberties and consumer advocacy organizations, as well as one brave indie ISP that is urging its customers to do everything they can to protest the invasion of privacy.
"Protecting Children" forces ISPs to retain customer names, addresses, phone numbers, credit card numbers, bank account numbers, and dynamic IP addresses.
It's like having your wallet plus the web sites you visit tracked and handed over on request. These logs are now going to be retained for the scope of one and a half years.
(I have to wonder if ISPs can sell this data, too.)
This has nothing to do with porn. In case you're like the Reps that passed this nightmare and you've forgotten: pornography is legal in the United States.
It is pedophilia that is illegal. But for the sake of harnessing hysteria to get a bill passed, clearly these particular Republicans find it convenient to conflate "pornographers" as pedophiles. Last time I checked in on the matter, pedophiles did not operate within the laws surrounding adult pornography.
Personally, I'm insulted as a porn-loving American girl to be included by way of consumer participation in this disgusting and misleading characterization. And that my privacy has just been sold for something that doesn't actually help the children.
I don't feel confident that treating us all like the criminals our system can't catch is going to protect any children, especially when the people who passed the bill can't - or won't - distinguish the difference between legal adult pornography and pedophilia.
CNET's Declan McCullagh reminds us that "the mandatory logs would be accessible to police investigating any crime and perhaps attorneys litigating civil disputes in divorce, insurance fraud, and other cases as well." CNET reported that mandatory data retention was being fast-tracked in January, 2011.
The fact that civil litigants could subpoena your internet activity and the contents of your wallet has nothing to do with the labeled and stated purpose of this bill.
"The bill is mislabeled," said Rep. John Conyers of Michigan, the senior Democrat on the panel. "This is not protecting children from Internet pornography. It's creating a database for everybody in this country for a lot of other purposes."
The Electronic Frontier Foundation spearheaded consumer and privacy groups' opposition to the bill and hosted a one-click letter-writing campaign. This included the ACLU, the Bill of Rights Defense Committee, Patient Privacy Rights and many more.
Because of the way the bill requires information to be collected and stored, the EFF called the bill "ripe for abuse by law enforcement officials" and said that because the laws designed to protect the private data of consumers from government access are insufficient and out-of-date, it creates "a perfect storm for government abuse."
While consumer groups opposed it and tech news outlets I trust are spelling out concerns, it was when my own ISP made a blog post that it was clear that this bill isn't just a problem for privacy proponents.
Today we retain most IP allocation logs for just two weeks; we don’t need them beyond that period, so they are deleted. Storing logs longer presents an attractive nuisance, and would potentially make our customers the target of invasions of privacy.
Any lawyer can simply file a Doe lawsuit, draft up a subpoena and request a customer’s identity. It’s far too easy.
Do the wheels of justice – or investigation – move too slowly, and should data be retained for a long time to allow for legitimate investigation? No, there are already tools in place that law enforcement can easily use to ask ISPs to preserve log information of real online criminals.
The 1996 Electronic Communication Transactional Records Act allows law enforcement to require an ISP to keep data for 90 days upon law enforcement request, giving time for a legitimate search warrant to be reviewed by a judge and issued.
The CEO points out that because the bill applies to commercial providers, naturally it won't catch people pursuing criminal activity, who can simply use public Wi-Fi.
Obviously if someone is going to distribute pedophilia they could do it over a 4G wireless card just as easily as their DSL account, so in a certain context, the wireless carriers have lobbied their way out of the cost burden.
That also makes this bill anti-small business, because smaller ISPs like Sonic have to bear the costs, while Verizon and friends, don't.
I think that ultimately, the ones bearing the true costs will be us.
And don't give me that 'if you're not doing anything wrong you shouldn't worry' line. It's as ripe as Congressman Weiner's old line, 'my account was hacked.'