Hawaii legislators bid aloha to controversial data retention bill
Proposal would have required ISPs to store 'Net browsing data for two years
Computerworld - Lawmakers in Hawaii on Thursday quietly dropped a bill that would have required Internet service providers to collect the detailed browsing histories of Internet users in the state and store the data for at least two years.
The bill, HB 2288, would have required anyone providing access to the Internet in Hawaii to maintain "consumer records" of every Internet user's subscriber information and data such as the IP addresses, domain names and host names of the sites they visit.
In theory at least, the bill would have covered not only ISPs but also libraries, coffee shops and employers, the Electronic Frontier Foundation noted in a blog post Thursday.
"This is one of the most poorly drafted pieces of data retention legislation we've ever seen," the EFF's activism director Rainey Reitman wrote in the blog.
If passed, HB 2288 would have infringed "on the privacy of hundreds of thousands of Hawaiian citizens as well as any tourists who used Internet services while visiting the Aloha State," Reitman said.
The bill was scheduled to be heard on Thursday before the Hawaii State Legislature's House Committee on Economic Revitalization & Business (ERB). It was instead tabled, in what appears to have been a response to overwhelming opposition to the bill from many quarters.
One of those opposing the bill was the U.S. Internet Service Provider Association, which earlier this week sent a letter to the committee's chairman. The bill was overbroad, raised a "myriad privacy concerns," and would be hugely expensive to comply with, wrote the ISP association's Executive Director Kate Dean.
"We do not have a cost estimate in dollars to propose to the Committee due to the sheer breadth of the legislation," Dean wrote. But the potential cost implications for ISPs would be substantial, she said.
In similar testimony, Steve DelBianco, executive director of the NetChoice Coalition, a group of privacy and consumer groups, said the bill raised serious privacy concerns.
"This bill would enable government to find out where a Hawaiian is located every time they check their email, go online with a smartphone, or pay to access the Internet in a hotel room or airport," DelBianco wrote. "Forcing companies to store this for government use opposes the goals of the 4th and 5th Amendments to the Constitution," which protect against unreasonable searches, DelBianco wrote.
Others who wrote in to oppose the measure included the Center for Democracy and Technology, Hawaiian Telecom, T-Mobile and the Hawaii State Privacy and Security Coalition.
"This Hawaiian bill is an incredibly odd piece of legislation that doesn't list penalties, outline when data could be shared, or even touch on secure handling procedures," the EFF's Reitman told Computerworld on Friday. "This is part of a growing movement we're seeing in countries across the globe to mandate Internet companies to spy on users and keep the records just in case it might be useful to law enforcement later," she said.
A national data retention proposal (HR 1981) is making its way through the U.S. House of Representatives, she said. "Governments and other stakeholders are attempting to force the Internet companies which allow us to connect and communicate online to become mechanisms for spying and censorship."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Privacy in Computerworld's Privacy Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Privacy White Papers | Webcasts