UPDATED 13:31 EDT / JULY 12 2011

Law Enforcement Seeks Legislation Requiring Providers to Keep Logs for 18 Months

digital-people Law enforcement representatives plan to endorse proposed legislation that will force communication providers—Internet Service Providers (ISPs), telecom and cable companies—to retain their customers’ logs for 18 months. The mandatory data retention bill is in hearing today before the U.S. House of Representatives. The would-be bill has not yet been drafted or presented, but it is yet being argued out and proponents and detractors are expected to line up to speak their piece.

The proposed legislation appears to have been introduced by Reps. Lamar Smith (R-Texas) and Debbie Wasserman Schultz (D-Fla.). While it would force ISPs and carriers to keep connection logs for up to 18 months, it also currently seems to weirdly exclude wireless carriers.

Covered by CNET, Michael Brown, sheriff in Bedford County, Va., and a board member and executive committee member of the National Sheriffs’ Association, believes that the new law is absolutely necessary to enable law enforcement to do their job in the increasingly Internet-enabled culture that we live in.

“The limited data retention time and lack of uniformity among retention from company to company significantly hinders law enforcement’s ability to identify predators when they come across child pornography,” according to a copy of Brown’s remarks.

Of course, it’s a common tactic for those endorsing an increase in law enforcement powers to use hot-button issues as leverage. Privacy advocates have also found their own hot-button issues in recent events: the escalating media attention towards hackers.

Extended and indiscriminate retention of data on ISP servers also means that customers are put at much greater risk to having their privacy violated.

As technology advances, law enforcement and the justice department do not want to be left behind and there’s a lot of questions to be asked about their relationship between capturing criminals and protecting the privacy and safety of citizens. Already a great deal of our private lives are emitted and stored in the cloud and therefore readily accessible to law enforcement agencies—such as e-mail and shared data in the cloud. Law enforcement advocates and privacy watchdogs tussle over how easily the government should be able to tap into our communications and it’s already extremely easy to do so anyway—the legality is simply often quite dubious.

Requirements for extensive data retention mean that providers would have to also beef up their own security around that data considerably as they became brighter targets for hackers, Marc Rotenberg from the Electronic Privacy Information Center intends to argue before the House committee today. According to The Atlantic, he even intends to mention media-darling hacker group LulzSec in his testimony and their high-publicity antics.

It’s difficult to drill down into what the legislation currently calls for aside from a dramatic increase in data retention across the industry—18 months is considerably longer than any median policy among service providers.

Marc Rotenberg seeks to argue for paring the bill down and removing its more inflammatory elements to make it more palatable to both the industry and the public. Numerous civil liberties groups have expressed deep concerns about these new data retention policies, and industry advocates have called it “dramatically overbroad and fraught with legal, technical, and practical challenges.”

Law enforcement already has many “tools” in their “toolbox” perhaps they should tweak those

Currently, service providers are required by law to preserve data when asked (or by warrant) by law enforcement; but no regulations exist on how long they must retain data when it’s not under investigation. As a result, most routine data retention exists for internal efficiency auditing and not for the perusal of law enforcement. A 1996 federal law called the Electronic Communication Transaction Records Act regulates data preservation when law enforcement requests it, requiring ISPs to keep 90 days worth of logs.

It seems likely that some sort of uniform data retention policies may be required to set policies across the entire industry; however, extended periods of time and large sets of data may be technically impossible for many ISPs. Retaining data on an individual IP address (or customer) according to a warrant is simple—but for an ISP with 10,000 customers to retain information for all of them for 18 months could become insurmountable.

While the privacy angle, the hacker angle, and the legal angle certainly need to be balanced, at some point the rubber will meet the road.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU