A proposed law designed to fight child pornography has rankled privacy advocates because it would require Internet service providers to keep 12-month logs of customers' names, credit card information and other identifying information that are tied to temporarily assigned network addresses.
Opponents say the law wouldn't markedly help lock up child pornographers and pedophiles, but rather would treat all Americans as criminals so that if law enforcement feels it has a need to find out who visited a website or posted a particular bit of content online, it can.
[ Get your websites up to speed with HTML5 today using the techniques in InfoWorld's HTML5 Deep Dive PDF how-to report. | Learn how to secure your Web browsers in InfoWorld's "Web Browser Security Deep Dive" PDF guide. ]
The Electronic Frontier Foundation notes that the same data could become available to civil litigants in private lawsuits -- whether it's the recording industry trying to identify downloaders, a company trying to uncover and retaliate against an anonymous critic, or a divorce lawyer looking for dirty laundry. The group, which is asking people to contact lawmakers about the issue, also says that the database created would be a new and valuable target for hackers.
"Essentially what this bill is attempting to do is make it such that you can never post anything online without there being a record indicating that you posted it," said Kevin Bankston, senior staff attorney with the EFF.
H.R. 1981 passed through the House Judiciary Committee on Thursday.
Bankston said it doesn't appear the bill would substantially aid in the enforcement of child exploitation laws, which is its stated purpose.
Rather, he said, it would "drive those exploiters to places that offer free Internet service such as your coffee shop or your library because [the bill] only applies to those who provide Internet access for a fee."
Gregory Nojeim, director of the Project and Freedom Security and Technology at the Center for Democracy and Technology, also doesn't see that the bill, if eventually made into law, would markedly help catch criminals involved in child pornography.
"It's likely that child pornography cases will be a teeny tiny percentage of the cases in which law enforcement uses data that is retained under the mandate in this bill," he said.
Instead, he thinks government and law enforcement entities will use the data to investigate other things such as criminal drug activity or for intelligence investigations.
Nojeim said tens of thousands of national security letters are issued every year. Most of them go to the Internet service providers and they request information that includes IP address information as well as email and other electronic communications information that is not content, he said.
The American Civil Liberties Union has a lot to say about those NSLs on its website. Among other things, it says the Justice Department's Inspector General has reported that between 2003 and 2006, the FBI issued nearly 200,000 NSLs. The inspector General has also found serious FBI abuses of the NSL power, the ACLU says.
So while it appears the government has been asking ISPs for online information for a while, it's also not clear exactly what information all ISPs are currently tracking.