Blog Post

Justice Department Wants ISPs To Turn Over More User Data

There’s a vigorous privacy debate in Washington, spurred by the Federal Trade Commission and others, that is questioning whether internet companies have too much data about users’ net-browsing activities. The House Judiciary Committee looked like a parallel universe yesterday–although nobody seemed to recognize the irony. A lawyer from the Department of Justice told Congress that in order to hunt down child pornographers and other criminals, ISPs need to retain data, such as records of which users are at which IP addresses, for a much longer period–perhaps a year. That would be a big change for ISPs, which have varying data-retention practices and aren’t currently required to hold data at all, although most do for a short period.

Politicians from both parties were annoyed by the DOJ request, but mainly because it lacked specifics. The senior Democrat on the committee, John Conyers, noted that this isn’t the first time such a proposal has come before Congress, according to a report by CNET. “How many years is this going to take?” he asked, adding that he was going to call Attorney General Eric Holder immediately after the hearing “and see if we can get this moving.”

And while House Republicans strenuously object to the FCC’s new net neutrality rules for ISPs, calling them unnecessary government regulation of the internet, Judiciary Committee Chairman Rep. Lamar Smith, (R-Texas) sounded more than ready to order ISPs to hand over more user data to cops, saying the Internet has become a “virtual playground for sex predators and pedophiles.” He added: “More robust data retention” will help hunt down those types of criminals.

The DOJ lawyer, Jason Weinstein, essentially said that the efforts by law enforcement to get data, such as IP addresses, were being hampered by the fact that ISPs often didn’t have the data they were looking for. As an example, he cited a 2006 case in which a Wyoming federal agent was seeking the IP address believed to have been transmitting child pornography over a peer-to-peer network; but because the initial transmission had happened four months earlier, the service provider couldn’t come up with the user’s identity.

To law-enforcement agencies, companies that aren’t holding any user data are undermining law enforcement. Without naming names, Weinstein mentioned that “one mid-size cellphone company does not retain any records, and others are moving in that direction.” One cable internet provider doesn’t keep track of the IP addresses it gives customers, he said, while another holds such information for only seven days. While some privacy groups support these types of practices, to law enforcement, they are a growing danger.

Kate Dean, the executive director of the Internet Service Provider Association, which represents broadband industry, said a better solution would be to preserve data around specific users that were of interest to law enforcement, as opposed to creating a blanket data-retention rule that could increase storage costs. .

Because there’s not much clarity at this point over exactly what law enforcement is asking for, it isn’t clear if it would apply only to internet service providers or also to other types of social-media companies that hold user data. Cops are increasingly using social networks like Facebook to track down suspects, but in the few examples Weinstein offered Congress where cops were looking through social networks to investigate suspects, they were able to acquire the suspects’ IP addresses, which suggests that the social sites did hold onto such data and provide it to law enforcement. The roadblock came when they asked ISPs or cellphone providers to turn that IP address into a specific person’s identity.