Hawaii legislators bid aloha to controversial data retention bill
Proposal would have required ISPs to store 'Net browsing data for two years
Computerworld - Lawmakers in Hawaii on Thursday quietly dropped a bill that would have required Internet service providers to collect the detailed browsing histories of Internet users in the state and store the data for at least two years.
The bill, HB 2288, would have required anyone providing access to the Internet in Hawaii to maintain "consumer records" of every Internet user's subscriber information and data such as the IP addresses, domain names and host names of the sites they visit.
In theory at least, the bill would have covered not only ISPs but also libraries, coffee shops and employers, the Electronic Frontier Foundation noted in a blog post Thursday.
"This is one of the most poorly drafted pieces of data retention legislation we've ever seen," the EFF's activism director Rainey Reitman wrote in the blog.
If passed, HB 2288 would have infringed "on the privacy of hundreds of thousands of Hawaiian citizens as well as any tourists who used Internet services while visiting the Aloha State," Reitman said.
The bill was scheduled to be heard on Thursday before the Hawaii State Legislature's House Committee on Economic Revitalization & Business (ERB). It was instead tabled, in what appears to have been a response to overwhelming opposition to the bill from many quarters.
One of those opposing the bill was the U.S. Internet Service Provider Association, which earlier this week sent a letter to the committee's chairman. The bill was overbroad, raised a "myriad privacy concerns," and would be hugely expensive to comply with, wrote the ISP association's Executive Director Kate Dean.
"We do not have a cost estimate in dollars to propose to the Committee due to the sheer breadth of the legislation," Dean wrote. But the potential cost implications for ISPs would be substantial, she said.
In similar testimony, Steve DelBianco, executive director of the NetChoice Coalition, a group of privacy and consumer groups, said the bill raised serious privacy concerns.
"This bill would enable government to find out where a Hawaiian is located every time they check their email, go online with a smartphone, or pay to access the Internet in a hotel room or airport," DelBianco wrote. "Forcing companies to store this for government use opposes the goals of the 4th and 5th Amendments to the Constitution," which protect against unreasonable searches, DelBianco wrote.
Others who wrote in to oppose the measure included the Center for Democracy and Technology, Hawaiian Telecom, T-Mobile and the Hawaii State Privacy and Security Coalition.
"This Hawaiian bill is an incredibly odd piece of legislation that doesn't list penalties, outline when data could be shared, or even touch on secure handling procedures," the EFF's Reitman told Computerworld on Friday. "This is part of a growing movement we're seeing in countries across the globe to mandate Internet companies to spy on users and keep the records just in case it might be useful to law enforcement later," she said.
A national data retention proposal (HR 1981) is making its way through the U.S. House of Representatives, she said. "Governments and other stakeholders are attempting to force the Internet companies which allow us to connect and communicate online to become mechanisms for spying and censorship."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about Privacy in Computerworld's Privacy Topic Center.
- Combating Identity Theft in a Mobile, Social World Offering identity theft protection and remediation allows businesses to give their workforce the confidence to efficiently engage while bringing financial reward to the...
- After a Breach: Managing Identity Theft Effectively This white paper from LifeLock Business Solutions notes that FIs in addition to managing fraud should strive to turn a negative event for...
- Combating Identity Fraud in a Virtual World This slide presentation reveals findings from the Javelin Strategy & Research 2012 Identity Fraud Report about mobile and social trends, the real risks...
- Securing Mobile App Data - Comparing Containers and App Wrappers Analysts agree that Mobile Device Management (MDM) is not enough when it comes to securing app data. Although it remains a critical component...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Accelerate your innovation with IBM Bluemix™ Join us for a webcast introducing the new IBM BluemixTM. IBM Bluemix (www.bluemix.net) is a developer oriented Platform as a Service (PaaS) environment... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!