Saturday, January 21, 2012

HR 1981 intrudes on home Internet privacy

Congressman Lamar Smith (R-TX) and Debbie Wassermann-Schultz (D-FL) are sponsoring a bad bill,  H.R. 1981,  that requires Internet Service providers (ISP) to build huge databases that document their customer's activity on the Internet.

Law enforcement officials must obtain a subpoena and then request from the Internet Service Provider the name and address of the user of the IP address.

H.R. 1981 directs Internet Service Providers to retain Internet Protocol addresses for all of its customers for 18 months. This is a shotgun approach that could result in a lot of abuse by the police.

We suspect the police will query these databases looking for users that access certain IP addresses.

Informants could browse these ISP databases looking for violations and then tip off the police.

It would cost the ISPS in the US billions to maintain the huge databases that police want. 

The police can already request data be logged on a specif customer for a 90 day period. This is a more sensible approach and saves the ISPs billions in server upgrades and manpower to meet the onerous requirements of the new law.

Congressman Smith thinks  the bill does not threaten any legitimate privacy interests of Internet users. Rightardia disagrees. Users with virtual private networks (VPN) can easily defeat the intent of the law because a user's web activity in encrypted.

Some Internet Service Providers currently retain browsed IP addresses for business purposes. But the period of retention varies widely among providers, from a few days to a few months. Law enforcement think the  lack of uniform data retention impedes the investigation of Internet crimes.

H.R. 1981 requires providers to retain these records for 18 months. This mirrors an existing FCC regulation that requires telephone companies to retain for 18 months telephone toll records, including the name, address and telephone number of the caller, plus each telephone number called and the date, time and length of the call.

In effect, this bill merely applies to the Internet what has already applied to telephones for decades.Rightardia suggests this is an apples and oranges analogy.

The Justice Department describes a disturbing trend in child pornography – that pedophiles who document their sexual abuse of children will only exchange images with other pedophiles who do the same. 

The Justice Department concludes  that people who may have previously only viewed pornographic images now have the incentive to sexually abuse children and produce their own images.

Rightrdia thinks that conclusion is unsubstantiated and needs based on some empirical data.

Some law enforcement suggests this and retention enables law enforcement officials to catch the abusers and save the children being abused. 

Again, how retention of browsed IP addresses will help law enforcement is unclear.

Critics contend that data retention is unnecessary because current law already requires ISPs to preserve records at the request of law enforcement agents for 90 days. But ISPs can only preserve the information they still have. 

 By the time investigators discover the Internet child pornography and make the request under this provision, the provider has often already purged the Internet Protocol (IP) address records.

Rightrdia's comment: so what?

The key issue appears to be law enforcement wants browsing record retained for an 18 month period for all of the ISP subscribers.

In hearings before the Committee this spring, both Attorney General Holder and FBI Director Mueller testified that data retention is invaluable to investigating child pornography and other Internet-based crimes.

H.R. 1981 also creates a new federal offense allowing for federal prosecution of any person who conducts a financial transaction knowing that it will facilitate access to child pornography.

This bill strengthens protections for child witnesses and victims, who are often subjected to harassment and intimidation throughout the trial period. The bill allows a federal court to issue a protective order if it determines that a child victim or witness is being harassed or intimidated and imposes criminal penalties for violation of a protective order.

The bill also increases penalties for child pornography offenders in cases that involve children less than 12 years old.

Rightardia would suggest the bill has some law changes that are merited. Logging a user's browser history for 18 months is unwarranted. 

if this act become a law, it would be easy to defeat.

Simply find a VPN provider in Canada, Sweden,Russia or some other country that doesn't respond to a US subpoena. 

Because data is encysted in a user's home, your ISP will be unable to log your Internet activity when your VPN is active,

OpenVPN is more secure than the Point-to-Point tunneling protocol that is built into Windows and was originally  developed for dial-up service. 

Subscribe to the Rightardia feed:  

Creative Commons License

Rightardia by Rightard Whitey of Rightardia is licensed under a Creative Commons Attribution 3.0 Unported License.

Permissions beyond the scope of this license may be available at


instantinsurance said...

Este blog é uma representação exata de competências. Eu gosto da sua recomendação. Um grande conceito que reflete os pensamentos do escritor. Consultoria RH

Rightardia said...

Obrigado pelo elogio. Nós não temos comentários em Português, muitas vezes.