[LINK] FBI wants to snoop US net usage
jwhit at janwhitaker.com
Sun Oct 22 15:23:30 AEST 2006
FBI director wants ISPs to track users
By Declan McCullagh
Story last modified Wed Oct 18 06:41:42 PDT 2006
FBI Director Robert Mueller on Tuesday called on
Internet service providers to record their
customers' online activities, a move that
anticipates a fierce debate over privacy and law
enforcement in Washington next year.
"Terrorists coordinate their plans cloaked in the
anonymity of the Internet, as do violent sexual
predators prowling chat rooms," Mueller said in a
speech at the International Association of Chiefs
of Police conference in Boston.
ISP snooping time line
In events that were first reported by CNET
News.com, Bush administration officials have said
Internet providers must keep track of what Americans are doing online.
"All too often, we find that before we can catch
these offenders, Internet service providers have
unwittingly deleted the very records that would
help us identify these offenders and protect
future victims," Mueller said. "We must find a
balance between the legitimate need for privacy
and law enforcement's clear need for access."
The speech to the law enforcement group, which
approved a resolution on the topic earlier in the
day, echoes other calls from Bush administration
officials to force private firms to record
information about customers. Attorney General
Alberto Gonzales, for instance, told Congress
last month that "this is a national problem that requires federal legislation."
Justice Department officials admit privately that
data retention legislation is controversial
enough that there wasn't time to ease it through
the U.S. Congress before politicians left to
campaign for re-election. Instead, the idea is
expected to surface in early 2007, and one
Democratic politician has already promised legislation.
Law enforcement groups claim that by the time
they contact Internet service providers,
customers' records may have been deleted in the
routine course of business. Industry
representatives, however, say that if police
respond to tips promptly instead of dawdling, it
would be difficult to imagine any investigation that would be imperiled.
It's not clear exactly what a data retention law
would require. One proposal would go beyond
Internet providers and require registrars, the
companies that sell domain names, to maintain
records too. And during private meetings with
industry officials, FBI and Justice Department
representatives have cited the desirability of
also forcing search engines to keep logs--a
proposal that could gain additional law
enforcement support after AOL showed how useful
such records could be in investigations.
A representative of the International Association
of Chiefs of Police said he was not able to provide a copy of the resolution.
Preservation vs. retention
At the moment, Internet service providers
typically discard any log file that's no longer
required for business reasons such as network
monitoring, fraud prevention or billing disputes.
Companies do, however, alter that general rule
when contacted by police performing an
investigation--a practice called data preservation.
A 1996 federal law called the Electronic
Communication Transactional Records Act regulates
data preservation. It requires Internet providers
to retain any "record" in their possession for 90
days "upon the request of a governmental entity."
Because Internet addresses remain a relatively
scarce commodity, ISPs tend to allocate them to
customers from a pool based on whether a computer
is in use at the time. (Two standard techniques
used are the Dynamic Host Configuration Protocol
and Point-to-Point Protocol over Ethernet.)
In addition, Internet providers are required by
another federal law to report child pornography
sightings to the National Center for Missing and
Exploited Children, which is in turn charged with
forwarding that report to the appropriate police agency.
When adopting its data retention rules, the
European Parliament approved U.K.-backed
requirements saying that communications providers
in its 25 member countries--several of which had
enacted their own data retention laws
already--must retain customer data for a minimum
of six months and a maximum of two years.
The Europe-wide requirement applies to a wide
variety of "traffic" and "location" data,
including: the identities of the customers'
correspondents; the date, time and duration of
phone calls, VoIP (voice over Internet Protocol)
calls or e-mail messages; and the location of the
device used for the communications. But the
"content" of the communications is not supposed
to be retained. The rules are expected to take effect in 2008.
CNET News.com's Anne Broache contributed to this report.
June 2005: Justice Department officials quietly propose data retention rules.
December 2005: European Parliament votes for data retention of up to two years.
April 14, 2006: Data retention proposals surface
in Colorado and the U.S. Congress.
April 20, 2006: Attorney General Alberto Gonzales
says data retention "must be addressed."
April 28, 2006: Rep. Diana DeGette proposes data retention amendment.
May 16, 2006: Rep. James Sensenbrenner drafts
data retention legislation--but backs away from it two days later.
May 26, 2006: Gonzales and FBI Director Robert
Mueller meet with Internet and telecommunications companies.
June 27, 2006: Rep. Joe Barton, chair of a House
committee, calls new child protection legislation "highest priority."
Copyright ©1995-2006 CNET Networks, Inc. All rights reserved.
JLWhitaker Associates, Melbourne Victoria
jwhit at janwhitaker.com
'Seed planting is often the most important step.
Without the seed, there is no plant.' - JW, April 2005
_ __________________ _
More information about the Link