[Infowarrior] - Congress Tries To Hide Massive Data Retention Law By Pretending It's An Anti-Child Porn Law

[Richard Forno]

Congress Tries To Hide Massive Data Retention Law By Pretending It's An Anti-Child Porn Law

from the oh-come-on dept

http://www.techdirt.com/articles/20110707/04402514995/congress-tries-to-hide-massive-data-retention-law-pretending-its-anti-child-porn-law.shtml

We all know the cynical and obnoxious trick by politicians to get questionable laws passed by claiming that it's "for the children." The latest, however, is particularly nefarious. Some politicians (and lots of folks in law enforcement) have been pushing for the US government to adopt data retention laws for years. These laws would require online service providers to keep all sorts of data about users for many months, just in case law enforcement wants to come knocking later to get the details. Of course, data retention is controversial. You know what's not controversial? Being against child porn. We're all against child porn... so, rather than calling your bill a data retention law, why not refer to it as the Protecting Children from Internet Pornographers Act of 2011. Yes, that's the bill put forth by Texas Congressional Rep. Lamar Smith, and co-sponsored by Reps. Bill Flores, Randy Forbes, Dutch Ruppersberger and Debbie Wasserman Schultz.
   
The bill actually has very little to do with stopping child pornographers, but a lot to do with requiring online service providers to retain certain information (mainly IP addresses) on users for 18 months. Of course, as Chris Soghoian points out, the bill exempts WiFi providers, so it's woefully ineffective at stopping child porn, since anyone who wanted to do that just needs to go to Starbucks. 

But, for legitimate service providers, there are serious costs. On top of that, there are significant privacy issues -- and this is at the same time that we keep hearing about data leaks. You want to encourage more data leaks? Require companies hold onto data much longer than they need to do so. The really pernicious part in all of this is that it's really just a way for law enforcement to do an end run around the 4th Amendment. Julian Sanchez explains how this works:
Thanks to an unwise Supreme Court decision dating from the 70s, information about your private activites loses its Fourth Amendment protection when its held by a “third party” corporation, like a phone company or Internet provider. As many legal scholars have noted, however, this allows constitutional privacy safeguards to be circumvented via a clever two-step process. Step one: The government forces private businesses (ideally the kind a citizen in the modern world can’t easily avoid dealing with) to collect and store certain kinds of information about everyone—anyone might turn out to be a criminal, after all. No Fourth Amendment issue there, because it’s not  the government gathering it! Step two: The government gets a subpoena or court order to obtain that information, quite possibly without your knowledge. No Fourth Amendment problem here either, according to the Supreme Court, because now they’re just getting a corporation’s business records, not your private records. It makes no difference that they’re only keeping those records because the government said they had to. 

Current law already allows law enforcement to require retention of data about specific suspects—including e-mails and other information as well as IP addresses—to ensure that evidence isn’t erased while they build up enough evidence for a court order. But why spearfish when you can lower a dragnet? Blanket data requirements ensure easy access to a year-and-a-half snapshot of the online activities of millions of Americans—every one a potential criminal.

But, of course, if you complain about this or argue against the law, the title alone makes it sound like you're defending child pornography. How nice.