[Infowarrior] - Feds: Details of ISP snooping haven't been decided

Tue Jan 23 16:34:19 EST 2007

Feds: Details of ISP snooping haven't been decided

By Anne Broache
http://news.com.com/Feds+Details+of+ISP+snooping+havent+been+decided/2100-10
28_3-6152598.html

Story last modified Tue Jan 23 13:08:21 PST 2007

WASHINGTON--The Bush administration hasn't settled on what data it would
like Internet service providers to retain about their subscribers or for how
long, a U.S. Department of Justice attorney said Tuesday.

U.S. Attorney General Alberto Gonzales made it clear last fall that he
planned to seek national legislation requiring the controversial practice
known as data retention, but "we don't have any position officially about
how long records would have to be retained or what records would have to be
retained," said Eric Wenger, a trial attorney with the Justice Department's
computer crime unit.

During an event here hosted by the Federal Communications Bar Association,
Wenger also said police already have ready access to other legal tools, such
as the power to send letters to ISPs requesting "preservation" of existing
data for up to 90 days while law enforcement obtains the necessary court
authority to obtain that data.

But he categorized the lack of consistent data retention by ISPs as a
"roadblock" to some investigations. He described, for example, a situation
in which an investigator may be able to secure an IP address for a suspected
phisher from Microsoft's Hotmail service. By the time the investigator took
that IP address to the Internet service provider for more information about
the suspect's identity, he may be told by the ISP that such information has
already been purged.

"We've been talking to some of the companies to explain the needs we have
for the records," he said, although he did not expressly urge adoption of
new laws. Another possibility is that a data retention requirement could be
extended beyond ISPs to search engines, which was discussed in private
Justice Department meetings in October.

As first reported by CNET News.com in June 2005, Justice Department
officials began quietly discussing the idea of data retention requirements,
akin to what the European Union has already enacted.

Last week, Gonzales told members of the Senate Judiciary Committee that he
planned to resume discussions with Congress about data retention legislation
this year. The attorney general did not elaborate on his plans, but last
year, he repeatedly said the practice was necessary to help investigators
nab elusive online criminals, particularly sexual predators.

Privacy advocates have long resisted such mandates, arguing that they allow
police to obtain records of e-mail chatter, Web browsing or chat room
activity that normally would have been discarded after a few months--or in
some cases, never kept at all.

CNET News.com's Declan McCullagh contributed to this report.