Should ISPs be mandated to keep internet records of their customers? It is a question that I’ve debated with others for a while now without any real resolutions. Phone companies, I believe, are required to keep records of their customers for 3 years. It does make sense on occasion, if the information is required for a criminal investigation. The issues with doing something similar for internet records are three-fold, as I see it:
- The hard disk space/processing power required to keep such records are much more intensive than for a phone company. ISPs don’t want to have to invest in such technologies.
- People are used to a free (not as in beer) and somewhat anonymous internet. It will take an entire generation of users to come and go before such legislations will be accepted.
- The potential for misuse of a persons web-surfing habits is much higher than with a persons phone record. If keeping reocords is mandated, then there need to be strict safeguards against its misuse.
Internet crime is on the rise and as more of the worlds economy and infrastructure moves online, so will crime. While some form of record keeping is necessary and perhaps inevitable, such a legislation needs to be carefully considered before it is implemented. The New York Times has an article that reports that the US is asking companies to now do this.
The article is reproduced below with all credit going to the author and the NY Times.
U.S. Wants Companies to Keep Web Usage Records
The Justice Department is asking Internet companies to keep records on the Web-surfing activities of their customers to aid law enforcement, and may propose legislation to force them to do so.
The director of the Federal Bureau of Investigation, Robert S. Mueller III, and Attorney General Alberto R. Gonzales held a meeting in Washington last Friday where they offered a general proposal on record-keeping to a group of senior executives from Internet companies, said Brian Roehrkasse, a spokesman for the department. The meeting included representatives from America Online, Microsoft, Google, Verizon and Comcast.
The attorney general has appointed a task force of department officials to explore the issue, and that group is holding another meeting with a broader group of Internet executives today, Mr. Roehrkasse said. The department also met yesterday with a group of privacy experts.
The Justice Department is not asking the Internet companies to give it data about users, but rather to retain information that could be subpoenaed through existing laws and procedures, Mr. Roehrkasse said.
While initial proposals were vague, executives from companies that attended the meeting said they gathered that the department was interested in records that would allow them to identify which individuals visited certain Web sites and possibly conducted searches using certain terms.
It also wants the Internet companies to retain records about whom their users exchange e-mail with, but not the contents of e-mail messages, the executives said. The executives spoke on the condition that they not be identified because they did not want to offend the Justice Department.
The proposal and the initial meeting were first reported by USA Today and CNet News.com.
The department proposed that the records be retained for as long as two years. Most Internet companies discard such records after a few weeks or months.In its current proposal, the department appears to be trying to determine whether Internet companies will voluntarily agree to keep certain information or if it will need to seek legislation to require them to do so.
The request comes as the government has been trying to extend its power to review electronic communications in several ways. The New York Times reported in December that the National Security Agency had gained access to phone and e-mail traffic with the cooperation of telecommunications companies, and USA Today reported last month that the agency had collected telephone calling records. The Justice Department has subpoenaed information on Internet search patterns — but not the searches of individuals — as it tries to defend a law meant to protect children from pornography.
In a speech in April, Mr. Gonzales said that investigations into child pornography had been hampered because Internet companies had not always kept records that would help prosecutors identify people who traded in illegal images.
“The investigation and prosecution of child predators depends critically on the availability of evidence that is often in the hands of Internet service providers,” Mr. Gonzales said in remarks at the National Center for Missing and Exploited Children in Alexandria, Va. “This evidence will be available for us to use only if the providers retain the records for a reasonable amount of time,” he said.
An executive of one Internet provider that was represented at the first meeting said Mr. Gonzales began the discussion by showing slides of child pornography from the Internet. But later, one participant asked Mr. Mueller why he was interested in the Internet records. The executive said Mr. Mueller’s reply was, “We want this for terrorism.”
At the meeting with privacy experts yesterday, Justice Department officials focused on wanting to retain the records for use in child pornography and terrorism investigations. But they also talked of their value in investigating other crimes like intellectual property theft and fraud, said Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington, who attended the session.
“It was clear that they would go beyond kiddie porn and terrorism and use it for general law enforcement,” Mr. Rotenberg said.
Kate Dean, the executive director of the United States Internet Service Provider Association, a trade group, said: “When they said they were talking about child pornography, we spent a lot of time developing proposals for what could be done. Now they are talking about a whole different ball of wax.”
At the meeting with privacy groups, officials sought to assuage concerns that the retention of the records could compromise the privacy of Americans. But Mr. Rotenberg said he left with lingering concerns.
“This is a sharp departure from current practice,” he said. “Data retention is an open-ended obligation to retain all information on all customers for all purposes, and from a traditional Fourth Amendment perspective, that really turns things upside down.”
Executives of several Internet companies that participated in the first meeting said the department’s initial proposals seemed expensive and unwieldy.
At the meeting scheduled for today with executives of Internet access companies, Justice Department officials plan to go into more detail about what types of records they would like to see retained and for how long, said a Justice Department official who spoke on condition of anonymity. “It will be much more nuts-and-bolts discussions,” he said, adding that the department would stop short of offering formal proposals.
Krishna Srinivasan 
I was wondering how they’d enforce something like this? cookies?
Not cookies, no. They’d have tracking hardware/software on the ISPs end that would log the IP address of the user and the address of site that he/she is visiting. Simple enough really, if the approrpiate amount of money is spent.
I think that the US is just gettin a little TOO paranoid wit their damn security!!!! I had a discussion with an uncle of mine some time ago, and he made a very valid point, which was – That the United States is just a big coward!!!! they have not had a war on American soil in a long long time, but absolutely LOVE to go to other countries n bomb the hell outta the poor nation!!!!
F***ING B*****D’s!!!!!
n wat r they gonna do wit the terrorists who are mailing and accessing the net from outside the US?? I would just like to tell the US govt. “UP YOURS”!!!!!
Regardless of how it is going to affect web-surfers, I wonder if the amount of investment required for this will bring any fruitful returns in the long run. Even if it is implemented somehow, it might just end up being a lot of money wasted.