DOJ seeks mandatory data retention requirement for ISPs
Joins police chief organization in calling for law to bolster enforcement efforts to fight child porn, other online crime
Computerworld - The U.S. Department of Justice and an organization representing police chiefs from around the country renewed calls on Tuesday for legislation mandating Internet Service Providers (ISP) to retain certain customer usage data for up to two years.
The calls, which are stoking long standing privacy fears, were made at a hearing convened on Tuesday by a House subcommittee that is chaired by Rep. James Sensenbrenner, a Republican congressman from Wisconsin. Four years ago, Sensenbrenner proposed, and then quickly withdrew, legislation calling for mandatory data retention for ISPs.
In prepared testimony for today's hearing, Jason Weinstein, deputy assistant attorney general at the Justice Department, said that data retention was crucial to fighting Internet crimes (PDF document), especially online child pornography.
Current policies that only require ISPs to preserve usage data at the specific request of law enforcement authorities are just not sufficient, Weinstein said. Increasingly, law enforcement authorities are coming up empty-handed in their efforts to go after online predators and other criminals because of the unavailability of data relating to their online activities, Weinstein said.
"There is no doubt among public safety officials that the gaps between providers' retention policies and law enforcement agencies' needs, can be extremely harmful to the agencies' investigations," he said in written testimony.
In many cases, ISPs are already collecting and maintaining "non-content" records about who is using their services and how for business reasons, and for handling issues such as customer disputes, Weinstein said. Those same records can be extremely useful in criminal investigations too, he said.
However, ISPs have widely varying policies for storing such data, with some deleting it in a manner of days and others retaining it for months, he said. By making it compulsory for them to store usage data for specific lengths of time, law enforcement authorities are assured of getting access to the data when they need it, he said.
In his testimony, Weinstein admitted that a data retention policy on the industry raised valid privacy concerns. However, such concerns need to be addressed and balanced against the need for law enforcement to have access to the data, he said. "Denying law enforcement that evidence prevents law enforcement from identifying those who victimize others online," Weinstein said.
John Douglas, chief of police in Overland Park, Kansas and a representative of the International Association of Chiefs of Police, echoed similar concerns (PDF).
"Clearly, preserving digital evidence is crucial in any modern-day criminal investigation," Douglas said in his prepared testimony for the House subcommittee. On occasion, law enforcement has been able to use existing legal processes to get ISPs to preserve data in connection with specific investigations, he said.
However, because of widely varying data retention policies, sometimes law enforcement requests for protecting data are made too late. "There are cases where we are not able to work quickly enough -- mostly because a 'lead' is discovered after the logs have expired or we are unaware of the specific service provider's protocols concerning data retention time periods," Douglas said.
Calls for a new data retention policy are not new. In the past, numerous others, including FBI director Robert Mueller and former attorney general Alberto Gonzalez, have also urged Congress to consider similar legislation.
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- The Truth About Virtual Computing for CAD If you're a user of graphics-intensive software such as 3D modeling, simulation and analysis, and visualization, you might be skeptical about moving to...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Simplifying Product Design In A Complex World Product design engineering has moved far beyond the confines of ever-more powerful workstations. Companies can't afford to restrict projects to using only local...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different.... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!