Government Wants ISPs to Spy On You

Submitted by Gene Howington, Guest Blogger

While everyone was distracted with the hullabaloo surround the artificial “debt ceiling crisis”, Congress did manage to get some work done.  Unfortunately that work was in furtherance of eroding your right to privacy.  Thursday, July 28, the House of Representatives Judiciary Committee submitted a bill (H.R. 1981) under the politically motivated and misleading name Protecting Children From Internet Pornographers Act of 2011, which was quietly lobbied for by conservative Republicans and the Department of Justice, voted in committee to advance regulations requiring Internet service providers to retain your account information.  This information preserved would include not just your IP address, but customers’ names, addresses, phone numbers, credit card numbers and bank account numbers as well.  The Judiciary Committee approved this bill in a 19-0 vote, rejecting a last minute amendment that would have required the retention of IP addresses only by 7-16.

It is helpful to note there is a distinction between “data retention” and “data preservation”.  ISPs regularly destroy log records no longer required for business purposed.  However, under the existing Electronic Communication Transactional Records Act, ISP’s can be required to retain log files or any record in their possession for up to 90 days at the request of a governmental entity.  This data preservation policy would require ISPs to keep all log files and records related to commercial Internet accounts for 18 months.  As this requirement would not apply to non-commercial accounts such as public access provided in Internet cafes and public libraries, any intelligent criminal could simply avoid logging by going to a public access point or by hacking into an improperly secured wireless network while the Internet traffic of individual law-abiding account holders across America would be recorded.  As Rep. John Conyers (D – MI) succinctly put it, “The bill is mislabeled.  This is not protecting children from Internet pornography. It’s creating a database for everybody in this country for a lot of other purposes.”  Criticism of the bill came from both sides of the aisle with  Rep. F. James Sensenbrenner (R – WI), the previous chairman of the House Judiciary committee,  noting “I oppose this bill.  It can be amended, but I don’t think it can be fixed… It poses numerous risks that well outweigh any benefits, and I’m not convinced it will contribute in a significant way to protecting children.”

Given that the  Electronic Communication Transactional Records Act already provides for data retention upon request and the Protect Our Children Act of 2008, requires any ISP that “obtains actual knowledge” of possible child pornography transmissions to “make a report of such facts or circumstances” and backs that requirement with a $150,000 fine for the first offense and up to $300,000 for each subsequent offense, does H.R. 1981 do anything to further protect children or is it simply an invasion of your privacy and erosion of your rights that serves no legitimate governmental interest not already met by existing law?  What do you think?

Source: CNETNews

~Submitted by Gene Howington, Guest Blogger

103 thoughts on “Government Wants ISPs to Spy On You”

  1. kderosa “Personally, I don’t mind that kind of requirement if businesses do it voluntarily.”

    Do you have a problem with pawn shops keeping records? Are the records they maintain mandated by law?

    Do you think the bad guys would use the pawn shop that doesn’t maintain records? Wouldn’t they do the same with the ISPs that don’t maintain the records?

    “and in the few cases where they couldn’t, investigators could often obtain them by other means”

    When they say “by other means”, they mean the ISP, or one of their employees turns them over without a warrant or subpoena.

    I know the technology. I know the capabilities and the limitations.

    “My problem is with the underlying theory as to why government thinks it has a right to have this data avaialble to it from law-abiding citizens.”

    There’s the problem. They don’t. All of the records are sent to the government. Only the specific record, identified in the subpoena/warrant is turned over to the government.

    BTW: you’ve got mail

  2. @Noway, I think the point of disagreement we have is the voluntary/compulsion issue. I don’t have a problem with the former. I do have a problem with the latter. And, it’s becasue I favor a limited government that respects my right not to infringe my rights against unreasonable searches and seizures.

    You analysis is a good counterpoint, but my objections are at a more fundamental level.

  3. @Noway

    “The data is not collected on the government’s behalf. It is generated in the normal course of business. Just like your credit card company maintains a record of your purchases. Don’t like that? Don’t involve a third party in your transactions. Even then, most retail businesses have video surveillance. As those video files become easier to store for long periods of time, they will also be retained for longer periods.”

    It may be generated in the normal course of business, but the requirements for storage and the period of storage are not necessarily normal business requirements. Personally, I don’t mind that kind of requirement if businesses do it voluntarily. I do not like that they are being coerced by Government. For some that value their privacy rights more than I, they should have the option of picking an ISP with strong privacy protections.

    “Without going into he reason you think your ISP can’t keep a record of the IP address assigned to you, I am interested in how you think the government can otherwise obtain these records…while being less intrusive?”

    Since most ISP’s already store the info voluntarily, all government needs to do is obtain a warant and get the info they need for suspected criminals.

    Also, I suspect the info can be obtained in the manner as allegedly set forth in the referenced GAO report — “A Government Accountability Office report released in March concluded that Internet providers usually could provide subpoenaed records — and in the few cases where they couldn’t, investigators could often obtain them by other means.

    So basically, I don’t have a problem with the requirements of the bill per se. My problem is with the underlying theory as to why government thinks it has a right to have this data avaialble to it from law-abiding citizens. It is a dodge around my 4th amendment protections.

  4. Analysis of the article provided by kderosa

    But because it’s disguised as the “Protecting Children from Internet Pornographers Act,” the House Judiciary Committee approved it last week by a wide margin — even though it’s got little to do with child porn and won’t do much to protect kids.

    As explained in my last post, it does help to protect children. It does so by being able to go after the source; the people who take and upload child pornography.

    The centerpiece of this ill-conceived law is a sweeping requirement that commercial Internet providers retain a one-year log of all the temporary Internet Protocol addresses they assign to their users, along with customer-identification information. The Justice Department says this will help track down child-porn peddlers by linking online activity and real-world identities. But the government would be able to access that sensitive data for all kinds of investigations, most of which would have nothing to do with child porn.

    No. Not a “one-year log” a year and a half. As I stated yesterday, many ISPs already voluntarily maintain them for longer than that. You should also notice that there is no requirement for those logs to be destroyed after 18 months. I know of ISPs who have those logs going back over ten years.

    Traditionally, citizens in a free society are presumed innocent. If the police want to look through your computer files, the Fourth Amendment requires them to show a judge that there’s “probable cause” to suspect wrongdoing. The PCIPA turns that assumption on its head, treating every Internet user as a presumptive criminal and exploiting a serious Fourth Amendment loophole. [KD: a judge created loophole from the70s]

    This law has nothing to do with anyone looking through your computer files. Notice how the author claims that a judge created a loophole, but fails to cite anything to support that claim. The logs are nothing more than your name and number. They don’t say where you went. They don’t say who you talked to. They are basically a phone book that keeps getting updated because you change your phone number. Where’s the outrage because the phone company distributes phone books? And the phone company provides that information, not just to the government, but to the general public, without a warrant!

    You want privacy? Don’t involve a third party. Doing so should be recognized to significantly decrease any expectation.

    The Constitution protects privacy against government intrusion, but it doesn’t stop the government from forcing private companies to do its dirty work. Records held by a corporation don’t enjoy the same Fourth Amendment protection as does the data on your personal computer — so a search warrant isn’t necessary.

    But there’s no evidence that law enforcement has a systematic problem obtaining Internet records in child-porn investigations. A Government Accountability Office report released in March concluded that Internet providers usually could provide subpoenaed records — and in the few cases where they couldn’t, investigators could often obtain them by other means.

    That’s a pretty deceptive argument. The author is correct when stating that corporate records are not as protected as your personal records, but it does not apply. A warrant would be required. However, some ISPs have no problem with voluntarily providing this information. In most cases, a subpoena is all that most require.

    Moreover, the government gets more than 100,000 tips volunteered by Internet Service Providers each year — typically, with user information already attached — although it can only investigate a small fraction of those. The true bottleneck in such investigations, the GAO suggests, isn’t a records shortage but delays in doing forensic analysis of computers.

    Is that a big surprise to anyone? If someone surfing the internet stumbles across a website hosting child pornography, the are pretty likely to report it to their ISP or law enforcement. Don’t most good citizens report crimes?

    Should the reasonable delay in doing forensic analysis prevent law enforcement from hunting down the bad guys, because the records are only maintained for 90 days?

    In fact, the Justice Department still hasn’t finished a mandatory study of the information-sharing system established by the last major child-porn legislation, in 2008. That means Congress is rushing to impose costly legislation on the basis of a few anecdotes about pedophiles who eluded police, without a serious, evidence-based understanding of what works (or doesn’t) about the existing system.

    Another claim of “costly” without identifying the cause of any cost increase. That’s because the cost increase (data storage) is negligible. To give you an idea; a pickup truck load of printed text will fit into a single gigabyte. How much does a 1000 gigabyte hard drive cost? Last I checked, you can get one for about $50. This type of log has been maintained by every radius database I have ever seen. Nothing new is being created.

    Ironically, this is happening even as many European countries are rejecting the invasive and ineffective data-retention mandates they’ve established in recent years — mandates that the Bush administration wisely criticized when they were introduced. [KD: Ahem]
    Why didn’t the author identify the specifics of those mandates? Could it be because they weren’t just the retention of the IP address associated with the username? Could it be because those mandates also included tracking every website the user visited? Yes Directive 2006/24/EC is far more intrusive than the proposed law we have here.

    Unfortunately, nobody has explained to Congress that tech-savvy criminals can easily evade detection even if ISPs are required to retain data, by using such anonymity tools as proxy servers or software like TOR, which routes communications through dozens of relay points.
    The smartest of criminals don’t get caught. TOR is too slow to be of much use, and some of the proxy servers, well, let’s just say that they don’t seem to mind keeping records.

    The real costs will be borne by innocent Internet users, whose data pile up in ever-larger databases that are sure to make an attractive target for hackers and identity thieves.

    Yep. And banks are where the money is kept. Known targets employ security measure. They encrypt the files. They lock the server rooms. And what records are we talking about? The username and the IP address they were using in the past! That information would be useless when it comes to hackers and identity thieves. The author is trying to use fear, but presents nothing substantial.

    They’re also apt to show up on your wireless bill, as carriers scramble to overhaul mobile networks that may assign dozens of IP addresses to the same device over the span of a few minutes — or share a single IP address across hundred of phones and tablets.

    Now the author is just making things up. More scare tactics?

    Going forward, the architecture of data networks will be determined not by what makes the best business or engineering sense, but by the legal mandate to facilitate centralized tracking. The design of the Internet used by the vast innocent majority will be determined by a guilty few, who will still evade detection.

    The future is scary. It has to be for the author to sell his bullshit to you. I thought we were discussing a proposed law, not some future Sci-fi thriller.

    In short, the PCIPA is an intrusive, costly, confused “solution” that won’t work to a “problem” it’s not even clear exists. But there’s no idea so misguided or ineffective that it can’t become a law if it’s “for the children.”

    The problem does exist. The records retention is not costly. And the retained records do not intrude on your privacy. The records retained serve a legitimate function, and are generated in the normal course of business. Most ISPs already voluntarily maintain those records for much longer than the proposed law would require.

  5. kderosa “but I also believe that absent a warrant or criminal suspicion, the government has no business compelling third parties to collect and store this information on their behalf.”

    The data is not collected on the government’s behalf. It is generated in the normal course of business. Just like your credit card company maintains a record of your purchases. Don’t like that? Don’t involve a third party in your transactions. Even then, most retail businesses have video surveillance. As those video files become easier to store for long periods of time, they will also be retained for longer periods.

    As I keep repeating, most ISPs already retain the records for longer than the proposed mandate. The storage is not a big deal.

    “There are other less intrusive ways that the government can obtain this or similar data without trampling on my 4th amendment rights.”

    Without going into he reason you think your ISP can’t keep a record of the IP address assigned to you, I am interested in how you think the government can otherwise obtain these records…while being less intrusive?

  6. @NoWay, I understand the counter-argument and I undestand that this article is advocacy. I understand why the government would like to obtain this information, but I also believe that absent a warrant or criminal suspicion, the government has no business compelling third parties to collect and store this information on their behalf. There are other less intrusive ways that the government can obtain this or similar data without trampling on my 4th amendment rights. Will there be more crimes committed, possibly; but that is the price we pay for living in a free society and under limited government.

  7. kderosa,

    I’ll admit that what you posted is not partisan, but it is still flawed. It relies on the ignorance of the reader to sell its position.

    Costly? How is it costly to retain a text file for 18 months? The ISP is not required to print the contents, only to maintain the data. The data is not turned over to the government without a warrant. Nobody is spying on anyone.

    Let me explain how this information is used and why it is important to retain it (for the purpose of protecting children):

    Bad people force children to engage in sex acts. They then upload pictures of those children,engaged in those acts, to websites where sick people download them. These websites don’t advertise. The URL for the site is passed from sicko to sicko. Sometimes the site can operate for many months before being discovered. When the site is discovered, law enforcement obtains a warrant to seize the computers. They perform a forensic analysis on the computers, and hopefully find the IP address of the SOBs who are uploading the images (those are the real bad guys in the child pornography ring).

    Since the pool of IP addresses are assigned to an ISP, a warrant is then obtained to get the account who was using that IP address on the specific date, and for that specific time. Law enforcement can then get a warrant to search the property and/or the computer of that user.

    Sometimes they get lucky. Sometimes they find the children who are being forced to engage in these acts. Sometimes those children have been kidnapped. Sometimes it’s their own parents who are taking the pictures.

    I suggest you make contact with your local FBI office. Have them show you the pictures of the children whom they have not yet been able to identify. Ask them about the children that have been saved.

    In my next post, I will break it down, paragraph by paragraph, the reasons that the article you posted is skewed.

  8. @Howington, this is how you write a non-partisan article on a proposed bill with perceived faults and strong bipartisan support. This way the focus is on the bad bill and not your political cheapshots and phone claims to non-partisanship. Read and learn.

    If Congress had to name laws honestly, it would be called the “Forcing Your Internet Provider to Spy On You Just In Case You’re a Criminal Act of 2011” — a costly, invasive mandate that even the co-author of the Patriot Act, Rep. James Sensenbrenner (R-Wisc.), says “runs roughshod over the rights of people who use the Internet.”

    But because it’s disguised as the “Protecting Children from Internet Pornographers Act,” the House Judiciary Committee approved it last week by a wide margin — even though it’s got little to do with child porn and won’t do much to protect kids.

    The centerpiece of this ill-conceived law is a sweeping requirement that commercial Internet providers retain a one-year log of all the temporary Internet Protocol addresses they assign to their users, along with customer-identification information. The Justice Department says this will help track down child-porn peddlers by linking online activity and real-world identities. But the government would be able to access that sensitive data for all kinds of investigations, most of which would have nothing to do with child porn.

    Traditionally, citizens in a free society are presumed innocent. If the police want to look through your computer files, the Fourth Amendment requires them to show a judge that there’s “probable cause” to suspect wrongdoing. The PCIPA turns that assumption on its head, treating every Internet user as a presumptive criminal and exploiting a serious Fourth Amendment loophole. [KD: a judge created loophole from the70s]

    The Constitution protects privacy against government intrusion, but it doesn’t stop the government from forcing private companies to do its dirty work. Records held by a corporation don’t enjoy the same Fourth Amendment protection as does the data on your personal computer — so a search warrant isn’t necessary.

    But there’s no evidence that law enforcement has a systematic problem obtaining Internet records in child-porn investigations. A Government Accountability Office report released in March concluded that Internet providers usually could provide subpoenaed records — and in the few cases where they couldn’t, investigators could often obtain them by other means.

    Moreover, the government gets more than 100,000 tips volunteered by Internet Service Providers each year — typically, with user information already attached — although it can only investigate a small fraction of those. The true bottleneck in such investigations, the GAO suggests, isn’t a records shortage but delays in doing forensic analysis of computers.

    In fact, the Justice Department still hasn’t finished a mandatory study of the information-sharing system established by the last major child-porn legislation, in 2008. That means Congress is rushing to impose costly legislation on the basis of a few anecdotes about pedophiles who eluded police, without a serious, evidence-based understanding of what works (or doesn’t) about the existing system.

    Ironically, this is happening even as many European countries are rejecting the invasive and ineffective data-retention mandates they’ve established in recent years — mandates that the Bush administration wisely criticized when they were introduced. [KD: Ahem]

    Unfortunately, nobody has explained to Congress that tech-savvy criminals can easily evade detection even if ISPs are required to retain data, by using such anonymity tools as proxy servers or software like TOR, which routes communications through dozens of relay points.

    The real costs will be borne by innocent Internet users, whose data pile up in ever-larger databases that are sure to make an attractive target for hackers and identity thieves.

    They’re also apt to show up on your wireless bill, as carriers scramble to overhaul mobile networks that may assign dozens of IP addresses to the same device over the span of a few minutes — or share a single IP address across hundred of phones and tablets.

    Going forward, the architecture of data networks will be determined not by what makes the best business or engineering sense, but by the legal mandate to facilitate centralized tracking. The design of the Internet used by the vast innocent majority will be determined by a guilty few, who will still evade detection.

    In short, the PCIPA is an intrusive, costly, confused “solution” that won’t work to a “problem” it’s not even clear exists. But there’s no idea so misguided or ineffective that it can’t become a law if it’s “for the children.”

    (Source)

  9. @NoWay, I understand that position, but I think it’s clear that the government needs those IP address/account info to track criminals down once they’ve committed crimes. The problem is, as I see it, I should as a law abiding citizen be free from such governmental tracking if I choose not to be. It is a tough call, but I don’t remember giving up that liberty right no matter how much it benefits government crime fighting efforts.

  10. @LK, See here and here . Innocuous but it does invite like kind responses. It does pale in comparison to what comes out of the rest of the regulars. If they all were as polite as you this forum would have better discourse.

  11. @kderosa all parties of the government are owned by the world bankers. dont know who they are?? i suggest you do some serious research. they are the ones who’ve been pushing for the new world order for hundreds of years and are no longer bothering to try to hide the fact that we the people are enslaved to them, they are no longer bothering to hide the fact that they only want 2 class of people. them the so called rulers and masters and us the slaves or servilie class. i suggest you research the destruction of american education

    http://www.hermes-press.com/education_index.htm

    and i definitely recommend you go to this site right here and find out any and everything you need to know…

    http://educate-yourself.org/

    don’t think your enslaved heres a few questions for you to think about.

    if driving is a right not a privilege? then why must we ask the government for permission via license?

    same with getting married?

    working a job?

    owning a car or home?

    why are we forced to give our children vaccinations that don’t really do them any good?

    why are we forced to send our children to their schools instead of being allowed to home school now?

    the list goes on and on. its a game between parties. wht one party likes the other trashes and vice versa and its designed to keep you occupied so that you’re not paying attention to what the government and its band of po-lie-tricksters are really doing!!!!!@

  12. K to L: “As you point out, you were treated better as soon as you ended the personal attacks.”

    ——-

    ?

    I have attacked 2 people on this board- what I would consider attacks anyway, and those after a lot of provocation. I don’t recall ever attacking you, I prefer to ignore posters I have a personal problem with. Either you are incorrect or it was a piss-poor attack on my part, otherwise I would have remembered 🙂

  13. kderosa,

    I highly recommend that you read the text of the Bill.

    The only thing the ISPs are being directed to maintain is the dynamically assigned IP address associated with the account.

    If I hacked into your bank account, the only way that anyone could prove the source of that hacking would be to find out who was using the IP address at that period in time. The bank being hacked into would only know the IP address that gained access to the account. Without the ISP mainaining a list of who that IP address was assigned to, at that point in time, there would be no way to track down the hacker.

    The same scenario would be applied to someone using your credit card over the internet. If the IP addressed cannot be tracked any further than it belonging to an ISP, no one could be prosecuted. (Unless you want to hold the ISP accountable for the illegal activities committed by one of their subscribers.

    The Bill clearly states that only the ip address assigned to that account, for that point in time, is to be maintained.

    If they were required to maintain a log of every website I visited, I too would have a problem with that. That is not what the Bill requires.

  14. @LK, I adjust my attitude to the attitude of the comments directed toward me. I have always started off with a good attitude. Those who behave are treated with respect. Those who don’t, are not. The problem with this forum is that most of the regulars are hostile to anyone who disagrees with them. I have seen it repeatedly in the last month. So basically they get the level of discourse they deserve. GeneH, like Buddha before him, is a disrespectful blowhard who thinks he knows more than he actually does. He deserves all that he gets. All he has to do is behave himself and he’ll get treated better. He just can’t seem to do it. He is incapable.

    As you point out, you were treated better as soon as you ended the personal attacks. You should encourage GeneH to do the same.

  15. @GeneH, if you are not Buddha, and that is highly unlikely at this point, you are certainly as delusional as he is.

    @NoWay, I haven’t read the Bill in its entirety, but I do not think Government should be permitted to force ISPs to collect and store information from all people (criminals and non-criminals) unless there is a compelling reason. They wouldn’t be permitted to collect and store the information on their own absent a warrant. And, now that they’ve compelled the information to be stored, it is an easy matter to subpoena it when needed. So I don’t necessarily worse than any other similar attempt; But I think they are all instances of government overreach. And, that is why there is such strong bi-partisan support, despite Howington’s suggestions to the contrary.

  16. Gene “Maybe you didn’t bother to read section 2 of the bill or 18 U.S.C. 1956.”

    I read the entire bill and am familiar with 18 U.S.C. 1956. Neith support the premise of your article.

  17. You know K, you said you were attacked right off the bat and one presumes if that gives you the presumption of the doubt, that is the reason for your combative postings. ADD probably accounts for the inability to stay on topic.

    We have posted to each other without rancor on occasion. We disagree in major part but we have posted, recently, like normal people. If I were you instead of worrying about the ability of people to change online personas if they choose, I would do just that and establish myself as a non-reactionary poster and lose the attitude. It kind of puts you on the moral high ground.

    And srsly, no one but you and one or two others cares about Gene’s bona fide’s. It’s only 1’s and 0’s. Gene is a reasonable, valued poster. Gene could be a baby-raping con doing life without parole that has internet privileges for his good behavior. Nobody care’s. He’s Gene and his input is entertaining. You and NoWay and whoever else just need to get past whatever problem you have with him. With all due respect you’re the one looking like a douche, not him. Unless you like being a disruptive poster- not with ideas but with attitude and attacks, you need to clean up your act.

  18. kderosa,

    Just stating the facts. I have yet to see you win an argument against anyone, but the beat down you got on that thread was particularly brutal. It’s no wonder it stuck in your craw.

Comments are closed.