X

Feds: Details of ISP snooping haven't been decided

DOJ attorney says there has been no "official" decision on what data providers might be required to retain or for how long.

Anne Broache Staff Writer, CNET News.com
Anne Broache
covers Capitol Hill goings-on and technology policy from Washington, D.C.
See full bio
Anne Broache
2 min read
WASHINGTON--The Bush administration hasn't settled on what data it would like Internet service providers to retain about their subscribers or for how long, a U.S. Department of Justice attorney said Tuesday.

U.S. Attorney General Alberto Gonzales made it clear last fall that he planned to seek national legislation requiring the controversial practice known as data retention, but "we don't have any position officially about how long records would have to be retained or what records would have to be retained," said Eric Wenger, a trial attorney with the Justice Department's computer crime unit.

During an event here hosted by the Federal Communications Bar Association, Wenger also said police already have ready access to other legal tools, such as the power to send letters to ISPs requesting "preservation" of existing data for up to 90 days while law enforcement obtains the necessary court authority to obtain that data.

But he categorized the lack of consistent data retention by ISPs as a "roadblock" to some investigations. He described, for example, a situation in which an investigator may be able to secure an IP address for a suspected phisher from Microsoft's Hotmail service. By the time the investigator took that IP address to the Internet service provider for more information about the suspect's identity, he may be told by the ISP that such information has already been purged.

"We've been talking to some of the companies to explain the needs we have for the records," he said, although he did not expressly urge adoption of new laws. Another possibility is that a data retention requirement could be extended beyond ISPs to search engines, which was discussed in private Justice Department meetings in October.

As first reported by CNET News.com in June 2005, Justice Department officials began quietly discussing the idea of data retention requirements, akin to what the European Union has already enacted.

Last week, Gonzales told members of the Senate Judiciary Committee that he planned to resume discussions with Congress about data retention legislation this year. The attorney general did not elaborate on his plans, but last year, he repeatedly said the practice was necessary to help investigators nab elusive online criminals, particularly sexual predators.

Privacy advocates have long resisted such mandates, arguing that they allow police to obtain records of e-mail chatter, Web browsing or chat room activity that normally would have been discarded after a few months--or in some cases, never kept at all.

CNET News.com's Declan McCullagh contributed to this report.