Reasonable Data Retention: An Important Tool for Law Enforcement or Further Erosion on Privacy?
Posted by K.M. Das
In December 2005, the European Parliament passed a far-reaching directive requiring Internet service providers and telephone companies to retain data on every electronic message sent and phone call, including VoIP, made for six months to two years. Although ISPs and telephone companies will not be required to maintain the content of the communications, they will be required to keep data such as the time of a call, whether the call is answered or not, the times customers were connected to the Internet, their IP addresses, and other details related to e-mails and VoIP calls. The European parliament's rationale for passing the directive was to combat terrorism and serious crimes.
On Thursday, April 20, in a speech to staff at the National Center for Missing and Exploited Children, Attorney General Alberto Gonzales indicated that similar data retention rules might soon be implemented in the United States. The Attorney General's comments follow the comments of Congressional staffers and members of Congress that data retention laws for ISPs would be a valuable tool for law enforcement in combating crimes against children. Although the primary rationale for the data retention rules in the United States appears to be combating crimes against children, this information could be used for anything from tracking terrorist activities to tax fraud.
ISPs have offered three reasons why such a data retention law is not necessary and likely to create more problems than it solves. First, it is unclear who will be allowed to have access to this information. Second, echoing a concern of their European counterparts, ISPs are concerned about the cost of implementing such a mandatory data retention program. Third, such a law may not be needed as current laws allow law enforcement officers access to such data if they move quickly enough. CNET's News.Com quotes Dave McClure, president of the U.S. Internet Industry Association as saying, "What we haven't seen is any evidence where the data would have been helpful, where the problem was not caused by law enforcement taking too long when they knew a problem existed."
Investigators of Internet sex crimes have indicated they would like to see the U.S. adopt a data retention law for ISPs that require them to retain data related to their customers' Internet use for at least several months, if not a year or more. Current federal law already requires ISPs to retain records for 90 days when requested by a governmental entity, and to report online child pornography to the National Center for Missing and Exploited Children. The data retention laws being considered by Congress and lobbied for by Attorney General Gonzales would make the retention of records mandatory and may require ISPs to retain information regarding not only the Internet address assigned to their customers at any given time, but would also require them to keep track of telephone numbers dialed (in using VoIP), contents of web pages visited, and recipients of e-mail messages.
Privacy advocates note that this suggestion for mandatory data retention appears to be a further extension of the Department of Justice's request for data relating to searches earlier this year. They fear that this data retention law will give law enforcement officials access to records of e-mail content, web browsing, and chat room activity that is currently discarded after a few months or not recorded at all.
They should be firstly ensuring that they catch those who are producing illegal stuff before they catch those who are viewing it. This would be better, in my opinion, to really curb the problem. This is because a lot of people stumbled onto this stuff on the internet and became addicted due to many phsycological issues. I mean, all that is debatable, but definitely true.
However, I do think ISP's ought to be more responsible all round. They probably are wanting to place their customers first, but ought to be responsible at the same time. And not so much take it out on their customers (ie, report who is viewing what) but rather take it out on where their customers are going (ie, reporting the sites not the viewers.) This is where I think ISP's are severely lacking. We won't need privacy policy issues like this if they were more proactive.
If this scheme is to be implemented here in our place, I'm pretty sure graft and corruption will be minimized. But since most of the officials are too intelligent for this, they will use other people from other places to make the call for them.
Ever heard of the Hello Garci scandal involving President GMA of the Philippines and a Commission of Election Officer? Their constant call during an election was known to be done in order to manipulate election results.
And there's former Philippines President Joseph Estrada who used other names or personalities for every transactions of his ill gotten wealth.
This scheme may have pros and cons just like all other strategies. But as long as it's not abused it will always be to the people's advantage.