Hawaiian politician backs away from Web dossier law

A Hawaii politician who proposed requiring Internet providers to record every Web site their customers visit is now backing away from the controversial legislation.

Rep. Kymberly Pine, an Oahu Republican and the House minority floor leader, told CNET this evening that her intention was to protect "victims of crime," not compile virtual dossiers on every resident of--or visitor to--the Aloha State who uses the Internet.

"We do not want to know where everyone goes on the Internet," Pine said. "That's not our interest. We just want the ability for law enforcement to be able to capture the activities of crime."

Pine acknowledged that civil libertarians and industry representatives have leveled severe criticism of the unprecedented legislation, which even the U.S. Justice Department did not propose when calling for new data retention laws last year. A Hawaii House of Representatives committee met this morning to consider the bill (PDF), which was tabled.

The bill, H.B. 2288, will likely now be revised, Pine said. The idea of compiling dossiers "was a little broad," said Pine, who became interested in the topic after becoming the subject of a political attack Web site last year. "And we deserved what we heard at the committee hearing."

What the House Committee on Economic Revitalization and Business heard from opponents today was that the bill was anti-business and fraught with civil rights issues.

Laurie Temple, a staff attorney at the American Civil Liberties Union of Hawaii, wrote a letter (PDF) calling H.B. 2288 a "direct assault on bedrock privacy principles." Instead of keeping more and more records about users, good privacy practices require deleting data that's no longer needed, the ACLU said.

NetChoice, a trade association in Washington, D.C., that counts eBay, Facebook, and Yahoo as members, sent a letter (PDF) warning that H.B. 2288's data collection requirements "could be misused in lawsuits." And the U.S. Internet Service Provider Association warned in its own letter (PDF) that H.B. 2288 would be incredibly expensive to comply with. "Narrower" national requirements would cost much more than $500 million in just short-term compliance costs, the letter said, and Hawaii's legislation is broader.

On the other side was the city of Honolulu. Christopher Van Marter, the city's senior deputy prosecuting attorney, wrote a letter (PDF) to the committee saying H.B. 2288 was perfectly reasonable: "We recognize that some smaller service providers may not currently retain records of a customer's internet history. However, many of the larger service providers do keep and maintain such content."

Last summer, U.S. Rep. Lamar Smith (R-Texas) persuaded a divided committee in the U.S. House of Representatives to approve his data retention proposal, which doesn't go nearly as far as Hawaii's. (Smith, currently Hollywood's favorite Republican, has become better known as the author of the controversial Stop Online Piracy Act, or SOPA.)

Even though H.B. 2288 was just introduced last Friday, it's already being savaged by members of the Hawaiian Internet community, some of whom showed up at today's hearing. "This bill represents a radical violation of privacy and opens the door to rampant Fourth Amendment violations," says Daniel Leuck, chief executive of Honolulu-based software design boutique Ikayzo, who submitted testimony opposing the bill. He adds: "Even forcing telephone companies to record everyone's conversations, which is unthinkable, would be less of an intrusion."

For her part, Pine told CNET:

• H.B. 2288 wasn't primarily based on her own experience of being subjected to a political attack site. "It's really all the victims that have come forward after this," she said. And crimes "relating to child pedophiles and things like that."

• Hawaiians should not be alarmed by how broad the bill is, because there's time to fix it. "Sometimes things are drafted by our legislative drafting office, and it was brought to us, and we talk about it in committee and agree on changes." The Hawaiian phrase for it, she said, is ho'oponopono.

• Internet providers and prosecutors have only a short time to reach a deal. "We asked the two sides to get together, and they have a month to discuss it and present to us what they'll be happy with," she said.

The lead sponsor of H.B. 2288 in the House is Democratic Rep. John Mizuno of Oahu; Mizuno also introduced H.B. 2287, a computer crime bill, at the same time last week. Democrat Jill Tokuda, the Hawaii Senate's majority whip, has introduced a companion bill, S.B. 2530.

Pine was targeted by a disgruntled former contractor, Eric Ryan, who launched KymPineIsACrook.com and claims she owes him money, according to an article last summer in the Hawaii Reporter. The article said Pine would advocate for "tougher cyber laws at the Hawaii State Capitol" as a result, and Tokuda says Pine's "own personal experience in this area" was instructive. (Ryan told CNET that Pine is "the biggest cyber-criminal in Hawaii," and Pine says "I'll be taking him to court very soon.")

H.B. 2288 currently specifies no privacy protections, such as placing restrictions on what Internet providers can do with this information (like selling user profiles to advertisers) or requiring that police obtain a court order before perusing the virtual dossiers of Hawaiian citizens. Also absent are security requirements such as mandating the use of encryption.

After today's public outcry, in an echo of the SOPA and Protect IP experience last week, even some sponsors are backing away from their own legislation. "Rep. Lee is a co-sponsor but not a primary introducer," a spokesman for Democratic Rep. Marilyn Lee said today. "Primary introducers are strong supporters. Co-sponsors may generally agree with the proposal but may not be fully comfortable with the legislation."

Even the Justice Department has only lobbied the U.S. Congress to record Internet Protocol addresses assigned to individuals--users' origin IP address, in other words. It hasn't publicly demanded that companies record the destination IP addresses as well.

In Washington, D.C., the fight over data retention requirements has been simmering since the Justice Department pushed the topic in 2005, a development that was first reported by CNET. Proposals publicly surfaced in the U.S. Congress the following year, and President Bush's attorney general, Alberto Gonzales said it's an issue that "must be addressed." So, eventually, did FBI director Robert Mueller.

Editors' note, March 6, 2012: A screenshot of KymPineIsACrook.com that originally accompanied this story was removed following a takedown request from Rep. Pine, who said that it infringed her copyright because that Web site had used images from Pine's own Web site without permission.