Hawaiian Internet-dossier bill is dead... for now
Rep. John Mizuno says that after "thousands of e-mails," he's decided to pull the plug on his data retention bill--but will try again in 2013.
The Hawaii politician behind a proposed Internet tracking law acknowledged defeat today, saying that he recommends "that we kill this bill" this year.
State Representative John Mizuno, the lead sponsor of H.B. 2288 (PDF), bowed to what he described as an "incredible" national outcry that arose after a CNET article last week. His proposal would have required virtual dossiers to be compiled on state residents: two years' worth of their Internet browsing.
"It's generated a lot of national attention," Mizuno, a Democrat from Oahu, told CNET this afternoon. "I've taken into consideration the thousands of e-mails (which were often) colorful and passionate, which is absolutely fine... This bill just isn't ready. It needs a lot of work."
What would have normally been a routine committee hearing last week on H.B. 2288 was marked by a broad outcry against Mizuno's legislation -- an echo of the recent protests over the Stop Online Piracy Act -- which went further than other data retention proposals to date. Members of Hawaii's Internet community showed up to warn against the legislation, while industry representatives and groups including the ACLU wrote letters (PDF) opposing it.
H.B. 2288 says "Internet destination history information" and "subscriber's information" such as name and address must be saved for two years.
Mizuno said he believes that approach -- recording both the origin and destination Internet address of Aloha State residents -- is valuable and plans to return to it in 2013.
Police would then have a record of pedophiles "going after the kids, trolling for the kids," he said. "I think both would be very strong pieces of evidence if there's going to be a criminal proceeding."
"While I respect Rep. Mizuno's attempt to assist law enforcement in catching dangerous criminals, his approach is dangerously flawed," Daniel Leuck, chief executive of Honolulu-based software design boutique Ikayzo, told CNET this afternoon. "There is no question that having two years of browsing history for every resident would make it easier for law enforcement. So would warrantless searches of people's homes."
Aryn Nakaoka, president of Hawaii Internet provider Lava.net, who reassured customers last week that his company will "never" store customer data, says he's happy to hear that H.B. 2288 has been withdrawn. Though even if it became law, he said, you wouldn't be able to know what a criminal was doing without "looking at their content or subpoenaing websites which would be the next and very scary step of content monitoring.
Last summer, U.S. Rep. Lamar Smith (R-Texas) managed to persuade a divided committee in the U.S. House of Representatives to approve his data retention proposal, which doesn't go nearly as far as Hawaii's. (Smith, currently Hollywood's favorite Republican, has become better known as the author of SOPA.)
Mizuno's proposal specified no privacy protections, such as placing restrictions on what Internet providers can do with this information (like selling user profiles to advertisers) or requiring that police obtain a court order before perusing the virtual dossiers of Hawaiian citizens. Also absent were security requirements such as mandating the use of encryption.
Because the wording was so broad and applies to any company that "provides access to the Internet," Mizuno's legislation could sweep in far more than AT&T, Verizon, and Hawaii's local Internet providers. It could also impose sweeping new requirements on coffee shops, bookstores, and hotels frequented by the over 6 million tourists who visit the islands each year.
NetChoice, a trade association in Washington, D.C. that counts eBay, Facebook, and Yahoo as members, sent a letter (PDF) to the state legislature warning that H.B. 2288's data collection requirements "could be misused in lawsuits," including in divorce cases.
Even the Justice Department has only lobbied the U.S. Congress to record Internet Protocol addresses assigned to individuals--users' origin IP address, in other words. It hasn't publicly demanded that companies record the destination IP addresses as well.