A proposed U.S. law would require Internet service providers to store information about every user of their services and keep that data for at least two years, in a bid to crack down on Internet-based predators and child pornographers.
The language of the law may even apply to owners of home Wi-Fi routers, according to a digital rights attorney.
U.S. Senator John Cornyn and Representative Lamar Smith, both Republicans from Texas, held a press conference Thursday to announce separate bills in the Senate and House of Representatives, both called the Internet Safety Act. Along with sections stipulating stiffer penalties for activities related to accessing child pornography on the Internet, the law would require Internet and e-mail service providers to retain "all records or other information" about anyone using a network address temporarily assigned by the service. The provision about retention would apply to any provider of "an electronic communication service or remote computing service," as well as someone who receives the content and recipient list of e-mail messages that it "transmits, receives, or stores," according to the text of the Senate bill.
"While the Internet has generated many positive changes in the way we communicate and do business, its limitless nature offers anonymity that has opened the door to criminals looking to harm innocent children," Cornyn said in a press release.
Cornyn and Smith said the law would require ISPs to hold on to subscriber records similar to those retained by telecommunications carriers. But civil liberties advocates pointed out that those phone records are not retained for use in investigations.
"There absolutely is no data retention requirement for phone companies for the purposes of law enforcement," said Kevin Bankston, senior staff attorney at the Electronic Frontier Foundation.
Both carriers and ISPs already are required to preserve any information related to specific communications on their networks that are involved in a criminal investigation, he said. Preservation requests last just 90 days but can be renewed, giving prosecutors as much as six months to obtain a court order to seize the information as evidence, Bankston said.
The Internet Safety Act would amount to service providers storing personal information about their customers just in case they are later accused of a crime, said Leslie Harris, president of the Center for Democracy and Technology.
The law might impose a heavy burden on private citizens and enterprises with wireless networks, even ones that are password-protected, EFF's Bankston said. It could mean Wi-Fi routers would need hard drives to store data on every user who gets on the network.
"It's incredibly overbroad, and it doesn't just reach the AT&Ts and Comcasts of the world; it reaches your corner coffee shop, and even you at home," he said. "The current definition of electronic communication providers certainly reaches people who run wireless routers."
Because the bills are being pushed by Republicans, without any cosponsors from the Democratic Party, which controls the House and Senate as well as the White House, they are unlikely to make it very far. But Bankston said the Internet Safety Act won't be the last proposal of its kind.
"Data retention proposals are sort of like zombies, in that they're kind of easy to knock down, but they tend to come back," Bankston said.