January 26, 2011
Government Wants ISPs To Hold Customer Records Longer
The U.S. Justice Department wants Internet service providers and cell phone companies to hold on to records longer to help with criminal prosecutions.
"Data retention is fundamental to the department's work in investigating and prosecuting almost every type of crime," US deputy assistant attorney general Jason Weinstein told a congressional subcommittee on Tuesday."Some records are kept for weeks or months; others are stored very briefly before being purged," Weinstein said in remarks prepared for delivery to the House Judiciary Subcommittee on Crime, Terrorism and Homeland Security.
He said Internet records are often "the only available evidence that allows us to investigate who committed crimes on the Internet."
Weinstein said Internet and phone records can be "crucial evidence" in a variety of cases, such as child exploitation, violent crime, fraud terrorism, public corruption, drug trafficking, online piracy and computer hacking.
"In some ways, the problem of investigations being stymied by a lack of data retention is growing worse," he told lawmakers.
He said inconsistencies in data retention, with one mid-sized cell phone company not keeping records, a cable Internet provider not tracking the Internet protocol addresses it assigns to customers and another only keeping them for seven days.
Weinstein said that law enforcement is hampered by a "legal regime that does not require providers to retain non-content data for any period of time" while investigators must request records on a case-by-case basis through the courts.
"The investigator must realize he needs the records before the provider deletes them, but providers are free to delete records after a short period of time, or to destroy them immediately," Weinstein added.
The justice official said greater data retention requirements raise legitimate privacy concerns but "any privacy concerns about data retention should be balanced against the needs of law enforcement to keep the public safe."
John Morris, general counsel at the non-profit Center for Democracy & Technology, told AFP that mandatory data retention "raises serious privacy and free speech concerns."
"A key to protecting privacy is to minimize the amount of data collected and held by ISPs and online companies in the first place," he said.
"Mandatory data retention laws would require companies to maintain large databases of subscribers' personal information, which would be vulnerable to hackers, accidental disclosure, and government or other third party access."
Kate Dean, executive director of the Internet Service Provider Association, told AFP that broad mandatory data retention requirements would be "fraught with legal, technical and practical challenges."
Dean said they would require "an entire industry to retain billions of discrete electronic records due to the possibility that a tiny percentage of them might contain evidence related to a crime."
"We think that it is important to weigh that potential value against the impact on the millions of innocent Internet users' privacy," she said.
On the Net:
- U.S. Justice Department
- House Judiciary Subcommittee on Crime, Terrorism and Homeland Security
- Center for Democracy & Technology
- Internet Service Provider Association