ISP data retention bill gets hung up on Captiol Hill

It seems that the legislation that would make Internet service providers responsible for logging relevant information about users for a period of 18 months, has hit a road block. A previous supporter of the bill, Rep. F. James Sensenbrenner, isn’t happy with the bill as it stands right now and insists, “It’s not ready for prime time.”

The bill in question would require ISPs to hold onto a log containing at least the temporary internet address assigned to users, for a period of 18 months. The one exception that is proving to be problematic is if the service provider was a wireless carrier, in which case they are exempt from this proposed legislation.

The fact that Sensenbrenner is unhappy with the bill as it has been proposed is a bit surprising. Sensenbrenner has been a supporter of this type of legislation and in 2006, drafted a bill that was very similar and would require ISPs to log whatever data was deemed necessary by the attorny general. The penalty in that legislation would be jail time for ISPs that did not comply.

At a subcommittee meeting just today issues were expressed by many regarding the language of the legislation. What was the biggest issue? The fact that wireless providers were exempt. The official sponsor of the bill, Judiciary chairman Lamar Smith, expressed this succinctly stating they want to “figure out a way so that we do not exempt wireless providers.” The wireless provider exemption was especially problematic right from the beginning and is rumored to have come from lobbying on the part of the wireless carriers.

Another issue was also raised about forcing ISPs to log customer information for the 18 month period. It was brought to the committee’s attention by a Democrat from Michigan Rep. John Conyers. Conyers is concerned because the aim of the bill is to protect children from internet pornographers (the title of the bill in fact) but the data could potentially be used to prosecute a number of other crimes.

“The bill’s title, Protecting Children From Internet Pornographers Act, is a misnomer because the legislation is really not about those types of crimes at all,” the Democrat said. “Because if it were, it would certainly not contain a broad exemption for the largest Internet service providers such as AT&T, and it would target child exploitation.”

The bill in it’s current form has received support from law enforcement including the National Sheriff’s Office and the The National Center for Missing and Exploited Children, however these organizations seem to be the only ones supporting the legislation as is. The Electronic Privacy Information Center is pushing for a rewrite of the bill with their executive director, Marc Rotenberg explicitly stating his concerns over the current wording,

“Although this data retention requirement has been introduced as part of a bill focused on child sexual exploitation, there is no evidence to suggest that the majority of law enforcement requests for customer subscriber information relate to child protection cases. Congress showed great wisdom in the past by requiring the creation of annual reports that detail the use of wiretap authorities.

Child pornography is certainly a substantial and difficult issue. But the data retention solution proposed in this bill is overly expansive and invasive. This collection of user data will, in fact, create a new threat for millions of internet users: the threat of dragnet law enforcement and data breaches. The experience with Europe is telling.”

It seems clear that with the bill’s primary supporting expressing concerns this legislation won’t be passed in it’s current state. Will the scope of the bill be expanded beyond child protection or will it be contracted to better suit it’s name? More importantly are wireless carriers going to be included in this whole fiasco?