Anti-SOPA forces have ISP snooping bill in their crosshairs

It took an Internet-wide outcry from millions of voters to prompt Rep. Lamar Smith, author of the Stop Online Piracy Act, to postpone a vote on the controversial Hollywood-backed bill.

Now Smith, a conservative Texas Republican, is being targeted a second time: for championing legislation that would require Internet service providers to keep track of their customers, in case police want to review those logs in the future. His bill is called H.R. 1981.

The latest campaign is designed to build on last month's remarkable protests, which included Wikipedia going dark for a day and Google and Amazon.com posting anti-SOPA warnings on their home pages. Irate voters overwhelmed the U.S. Senate's Web site and, importantly, demonstrated to politicians that Internet users could be a potent political force.

"This is yet another government assault on the Internet and its users," said Demand Progress Executive Director David Segal. "We taught Congress a lesson last month: we need to do to H.R. 1981 what we did to SOPA, and make it clear to Lamar Smith and the rest of Congress that they can't run roughshod over Internet freedom."

Demand Progress, a liberal advocacy group and enthusiastic adversary of large copyright holders, claims to have generated more than 86,000 e-mails as of this afternoon to politicians opposing H.R. 1981. (The SOPA-supporting Motion Picture Association of America has accused Demand Progress of being allied with "offshore rogue Web sites that promote the theft and illegal marketing of American products like movies, video games, and software.")

Other Web sites involved in the anti-SOPA protests are now joining the anti-H.R. 1981 chorus. A DailyKos article says Smith "is back with a new antiprivacy bill"; a Reddit thread yesterday calls Smith's proposal a "crazy snooping bill"; a Virginia patriot group warns that "the time to stop this bill is NOW"; a Ron Paul forum yesterday claims that, with H.R. 1981, "one way or another the government is going to censor the Internet."

A spokeswoman for Smith's House Judiciary committee told CNET that "Demand Progress is claiming 70,000 for the petition, but thus far, they have not been willing or able to offer information go back up that claim." She also said that there has been plenty of misinformation circulating around the Internet about H.R. 1981, including statements alleging that it would require the retention of e-mails or that it applies to telephone companies' records.

Demand Progress' Segal told CNET that he stands behind the claim of more than 86,000 e-mails, and said that because they go to individual politicians, Smith wouldn't know the total tally. "Smith must be forgetting that his bill hasn't passed, so he's not yet able to monitor all Internet communications," Segal quipped.

Just as challengers tried to wield SOPA against incumbents--prompting Rep. Paul Ryan, one of the most influential House Republicans, to denounce it--a challenger to Maine Republican Olympia Snowe is invoking H.R. 1981.

Maine's Tea Party Patriots state coordinator, Andrew Ian Dodge, now a Senate candidate, said today that: "I hope all our Maine representatives will join me in condemning this attack on our right to privacy."

First free speech, now privacy
Because the Motion Picture Association of America was the most public supporter of SOPA, opponents were able to argue that Hollywood doesn't understand technology and remind everyone that the late MPAA chief Jack Valenti once likened the humble analog VCR to "the Boston strangler."

Their task will be more difficult this time. The most public champion of data retention is the U.S. Department of Justice, which has been quietly lobbying for the sweeping new requirements under the Obama and Bush administrations, a development first reported by CNET in 2005.

One potential pressure point is the White House, which has yet to formally endorse H.R. 1981. An online outcry in the last week did prompt a Hawaii state representative, John Mizuno, a Democrat, to withdraw his data retention bill that went even further than Smith's.

After repeated prodding by the Justice Department and other police agencies, Smith's committee approved H.R. 1981 by a divided 19 to 10 vote last July.

H.R. 1981 represents "a data bank of every digital act by every American" that would "let us find out where every single American visited Web sites," Rep. Zoe Lofgren of California, who led Democratic opposition to the bill, warned at the time. Rep. F. James Sensenbrenner, a Wisconsin Republican and previous supporter of data retention, changed his mind and now opposes it.

The latest version of H.R. 1981 expands the information that commercial Internet providers would be required to store to include customers' names, addresses, phone numbers, credit card numbers, bank account numbers, and temporarily-assigned IP addresses, some committee members suggested. By a 7-16 vote in July, the House Judiciary committee rejected an amendment that would have clarified that only IP addresses must be stored.

Even though H.R. 1981 is titled the "Protecting Children From Internet Pornographers Act," it would give police the power to review the companies' user logs for nearly any crime. Even Smith, during a January 2011 hearing, pointed to the problems of "illegal gambling, cigarette and prescription drug distribution, and child exploitation." Civil litigants, for instance in divorce cases, might also be able to gain access to the logs.

A year ago, CNET was the first to report that the Obama Justice Department was planning to endorse the concept of mandatory data retention. Jason Weinstein, the deputy assistant attorney general for the criminal division, warned at the time investigations would be "stymied" without it.

The original version of Smith's bill required Internet providers to "retain for a period of at least 18 months the temporarily assigned network addresses the service assigns to each account, unless that address is transmitted by radio communication." The wireless exemption appeared to be the result of lobbying from major carriers such as AT&T and Verizon Wireless, but drew the ire of the Justice Department, which argued successfully that they should be included.

At the moment, Internet service providers typically discard any log file that's no longer required for business reasons such as network monitoring, fraud prevention, or billing disputes. Companies do, however, alter that general rule when contacted by police performing an investigation--a practice called data preservation.

A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It requires Internet providers to retain any "record" in their possession for 90 days "upon the request of a governmental entity."

Because IPv4 Internet addresses remain a relatively scarce commodity, a problem that IPv6 is designed to fix, ISPs tend to allocate them to customers from a pool based on whether a computer is in use at the time. (Two standard techniques used are the Dynamic Host Configuration Protocol and Point-to-Point Protocol over Ethernet.)

In addition, an existing law called the Protect Our Children Act of 2008 requires any Internet provider who "obtains actual knowledge" of possible child pornography transmissions to "make a report of such facts or circumstances." Companies that knowingly fail to comply can be fined up to $150,000 for the first offense and up to $300,000 for each subsequent offense.