New bill to require ISPs retain data

Sensenbrenner bill would create new felonies for anyone who has 'reason to believe' they are facilitating access to child pornography.
Written by ZDNet UK, Contributor

Things are heating up for ISPs as support grows for legislation to require companies to retain user data. News.com reports that Rep. James Sensenbrenner (R-Wisc.), the powerful chairman of the House Judiciary Committee, is ready to introduce legislation, under which:

ISPs be required to record information about Americans' online activities so that police can more easily "conduct criminal investigations." Executives at companies that fail to comply would be fined and imprisoned for up to one year.

In addition, Sensenbrenner's legislation--expected to be announced as early as this week--also would create a federal felony targeted at bloggers, search engines, e-mail service providers and many other Web sites. It's aimed at any site that might have "reason to believe" it facilitates access to child pornography--through hyperlinks or a discussion forum, for instance.

The move follows a speech by Attorney General Alberto Gonzalez in which he warned that the Internet is "used as a tool for sending and receiving large amounts of child pornography on a relatively anonymous basis," Gonzales said.

Some excerpts from the bill:

[Any ISP] or email service provider [who] knowingly engages in ... conduct the provider knows or has reason to believe facilitates access to, or the possession of, child pornography shall be fined under this title or imprisoned not more than 10 years, or both.

"'Internet content hosting provider' means a service that (A) stores ... electronic data, including the content of web pages, electronic mail, documents, images, audio and video files, online discussion boards, and weblogs; and (B) makes such data available via the Internet." ... [T]he Attorney General shall issue regulations governing the retention of records by Internet Service Providers. Such regulations shall, at a minimum, require retention of records, such as the name and address of the subscriber or registered user (and what) user identification or telephone number was assigned..."

At the Electronic Privacy Information Center, Marc Rotenberg called the measure an "open-ended obligation to collect information about all customers for all purposes. It opens the door to government fishing expeditions and unbounded data mining." Rotenberg noted that the bill sets only minimum standards for data retention but leaves the actual requirements up to the Attorney General. "In the absence of clear privacy safeguards, Congress would be wise to remove this provision," Rotenberg said.

All of this follows a proposal by Rep. Diana DeGette (D-Colo) to require enough data retention to allow police to identify individual users. DeGette's proposal says that any Internet service that "enables users to access content" must permanently retain records that would permit police to identify each user. The records could only be discarded at least one year after the user's account was closed.

Editorial standards