Gonzales Continues to Push ISPs to Retain Data
Posted by K.M. Das
On Friday, May 26, 2006, United States Attorney General Alberto Gonzales and FBI Director Robert Mueller met with representatives of several Internet Service Providers (ISPs), including AOL, Comcast, Google, Microsoft and Verizon Communications, to urge them to consider retaining subscriber data for periods as long as two years. Although the initial justification for requiring ISPs to agree to retaining data was to fight child pornography, law enforcement officials now state that requiring ISPs to retain subscriber data for as long as two years will also help in the fight against terrorism.
There are currently, at least two proposals to mandate data retention by ISPs floating around in Congress. The one proposed by Colorado Representative Diana DeGette would require ISPs to retain subscriber information for one year after a subscriber ceases to subscribe to such services. The other, drafted by aides of Wisconsin Representative F. James Sensenbrenner, is currently on hold.
Perhaps because of concerns that Congress will not act quickly enough, the Justice Department and other law enforcement agencies are now encouraging ISPs to voluntarily retain subscriber data for much longer than they would for business reasons. On Friday, June 2, ten government officials and fifteen industry representatives met again to discuss data retention. According to reports, the parties did not reach consensus. News.com quotes one industry representative as saying "[t]hey want to do something, but they don’t have a proposal yet."
Also on Friday, the Center for Democracy & Technology released a memorandum to "Interested Persons" identifying nine "risks that well outweigh any possible benefits." Among the risks that the CDT identifies are:
1. Data retention laws threaten personal privacy and pose a security risk, at the very time the public is justifiably concerned about security and privacy online; 2. Data retention laws are unnecessary because authority already exists to preserve records; 3. Proceeding with data retention would require a full-scale reexamination of data privacy laws; 4. Data retention laws are not likely to be effective; and 5. Data retention laws undermine public trust in the Internet. Given the legislation proposed in Congress and the pressure on ISPs by law enforcement agencies to voluntarily agree to retaining subscriber information for as long as two years, it would be surprising if data retention by ISPs does not become a reality in the not too distant future. The more interesting question is whether the recent, and much publicized, loss of the personal information of approximately 26.5 million veterans and their families will cause the authorities to take a more prudent and cautious approach to data retention by ISPs.
