Lawmakers in Hawaii on Thursday quietly dropped a bill that would have required Internet service providers to collect the detailed browsing histories of Internet users in the state and store the data for at least two years.
The bill, HB 2288, would have required anyone providing access to the Internet in Hawaii to maintain "consumer records" of every Internet user's subscriber information and data such as the IP addresses, domain names and host names of the sites they visit.
In theory at least, the bill would have covered not only ISPs but also libraries, coffee shops and employers, the Electronic Frontier Foundation noted in a blog post Thursday.
"This is one of the most poorly drafted pieces of data retention legislation we've ever seen," the EFF's activism director Rainey Reitman wrote in the blog.
If passed, HB 2288 would have infringed "on the privacy of hundreds of thousands of Hawaiian citizens as well as any tourists who used Internet services while visiting the Aloha State," Reitman said.
The bill was scheduled to be heard on Thursday before the Hawaii State Legislature's House Committee on Economic Revitalization & Business (ERB). It was instead tabled, in what appears to have been a response to overwhelming opposition to the bill from many quarters.
One of those opposing the bill was the U.S. Internet Service Provider Association, which earlier this week sent a letter to the committee's chairman. The bill was overbroad, raised a "myriad privacy concerns," and would be hugely expensive to comply with, wrote the ISP association's Executive Director Kate Dean.
"We do not have a cost estimate in dollars to propose to the Committee due to the sheer breadth of the legislation," Dean wrote. But the potential cost implications for ISPs would be substantial, she said.
In similar testimony, Steve DelBianco, executive director of the NetChoice Coalition, a group of privacy and consumer groups, said the bill raised serious privacy concerns.
"This bill would enable government to find out where a Hawaiian is located every time they check their email, go online with a smartphone, or pay to access the Internet in a hotel room or airport," DelBianco wrote. "Forcing companies to store this for government use opposes the goals of the 4th and 5th Amendments to the Constitution," which protect against unreasonable searches, DelBianco wrote.
Others who wrote in to oppose the measure included the Center for Democracy and Technology, Hawaiian Telecom, T-Mobile and the Hawaii State Privacy and Security Coalition.
"This Hawaiian bill is an incredibly odd piece of legislation that doesn't list penalties, outline when data could be shared, or even touch on secure handling procedures," the EFF's Reitman told Computerworld on Friday. "This is part of a growing movement we're seeing in countries across the globe to mandate Internet companies to spy on users and keep the records just in case it might be useful to law enforcement later," she said.
A national data retention proposal (HR 1981) is making its way through the U.S. House of Representatives, she said. "Governments and other stakeholders are attempting to force the Internet companies which allow us to connect and communicate online to become mechanisms for spying and censorship."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.