[LINK] FBI wants to snoop US net usage

Sun Oct 22 15:23:30 AEST 2006

FBI director wants ISPs to track users

By Declan McCullagh
http://news.com.com/FBI+director+wants+ISPs+to+track+users/2100-7348_3-6126877.html

Story last modified Wed Oct 18 06:41:42 PDT 2006

FBI Director Robert Mueller on Tuesday called on 
Internet service providers to record their 
customers' online activities, a move that 
anticipates a fierce debate over privacy and law 
enforcement in Washington next year.

"Terrorists coordinate their plans cloaked in the 
anonymity of the Internet, as do violent sexual 
predators prowling chat rooms," Mueller said in a 
speech at the International Association of Chiefs 
of Police conference in Boston.
ISP snooping time line

In events that were first reported by CNET 
News.com, Bush administration officials have said 
Internet providers must keep track of what Americans are doing online.

"All too often, we find that before we can catch 
these offenders, Internet service providers have 
unwittingly deleted the very records that would 
help us identify these offenders and protect 
future victims," Mueller said. "We must find a 
balance between the legitimate need for privacy 
and law enforcement's clear need for access."

The speech to the law enforcement group, which 
approved a resolution on the topic earlier in the 
day, echoes other calls from Bush administration 
officials to force private firms to record 
information about customers. Attorney General 
Alberto Gonzales, for instance, told Congress 
last month that "this is a national problem that requires federal legislation."

Justice Department officials admit privately that 
data retention legislation is controversial 
enough that there wasn't time to ease it through 
the U.S. Congress before politicians left to 
campaign for re-election. Instead, the idea is 
expected to surface in early 2007, and one 
Democratic politician has already promised legislation.

Law enforcement groups claim that by the time 
they contact Internet service providers, 
customers' records may have been deleted in the 
routine course of business. Industry 
representatives, however, say that if police 
respond to tips promptly instead of dawdling, it 
would be difficult to imagine any investigation that would be imperiled.

It's not clear exactly what a data retention law 
would require. One proposal would go beyond 
Internet providers and require registrars, the 
companies that sell domain names, to maintain 
records too. And during private meetings with 
industry officials, FBI and Justice Department 
representatives have cited the desirability of 
also forcing search engines to keep logs--a 
proposal that could gain additional law 
enforcement support after AOL showed how useful 
such records could be in investigations.

A representative of the International Association 
of Chiefs of Police said he was not able to provide a copy of the resolution.

Preservation vs. retention
At the moment, Internet service providers 
typically discard any log file that's no longer 
required for business reasons such as network 
monitoring, fraud prevention or billing disputes. 
Companies do, however, alter that general rule 
when contacted by police performing an 
investigation--a practice called data preservation.

A 1996 federal law called the Electronic 
Communication Transactional Records Act regulates 
data preservation. It requires Internet providers 
to retain any "record" in their possession for 90 
days "upon the request of a governmental entity."

Because Internet addresses remain a relatively 
scarce commodity, ISPs tend to allocate them to 
customers from a pool based on whether a computer 
is in use at the time. (Two standard techniques 
used are the Dynamic Host Configuration Protocol 
and Point-to-Point Protocol over Ethernet.)

In addition, Internet providers are required by 
another federal law to report child pornography 
sightings to the National Center for Missing and 
Exploited Children, which is in turn charged with 
forwarding that report to the appropriate police agency.

When adopting its data retention rules, the 
European Parliament approved U.K.-backed 
requirements saying that communications providers 
in its 25 member countries--several of which had 
enacted their own data retention laws 
already--must retain customer data for a minimum 
of six months and a maximum of two years.

The Europe-wide requirement applies to a wide 
variety of "traffic" and "location" data, 
including: the identities of the customers' 
correspondents; the date, time and duration of 
phone calls, VoIP (voice over Internet Protocol) 
calls or e-mail messages; and the location of the 
device used for the communications. But the 
"content" of the communications is not supposed 
to be retained. The rules are expected to take effect in 2008.

CNET News.com's Anne Broache contributed to this report.

Timeline:
June 2005: Justice Department officials quietly propose data retention rules.

December 2005: European Parliament votes for data retention of up to two years.

April 14, 2006: Data retention proposals surface 
in Colorado and the U.S. Congress.

April 20, 2006: Attorney General Alberto Gonzales 
says data retention "must be addressed."

April 28, 2006: Rep. Diana DeGette proposes data retention amendment.

May 16, 2006: Rep. James Sensenbrenner drafts 
data retention legislation--but backs away from it two days later.

May 26, 2006: Gonzales and FBI Director Robert 
Mueller meet with Internet and telecommunications companies.

June 27, 2006: Rep. Joe Barton, chair of a House 
committee, calls new child protection legislation "highest priority."

Jan Whitaker
JLWhitaker Associates, Melbourne Victoria
jwhit at janwhitaker.com
business: http://www.janwhitaker.com
personal: http://www.janwhitaker.com/personal/
commentary: http://janwhitaker.com/jansblog/

'Seed planting is often the most important step. 
Without the seed, there is no plant.' - JW, April 2005
_ __________________ _