GOP revives ISP-tracking legislation

New "law and order agenda" proposes data retention requirements. Also, owners of racy Web sites would have to post labels or go to prison.

All Internet service providers would need to track their customers' online activities to aid police in future investigations under legislation introduced Tuesday as part of a Republican "law and order agenda."

Employees of any Internet provider who fail to store that information face fines and prison terms of up to one year, the bill says. The U.S. Justice Department could order the companies to store those records forever.

Rep. Lamar Smith of Texas, the top Republican on the House Judiciary Committee, called it a necessary anti-cybercrime measure. "The legislation introduced today will give law enforcement the tools it needs to find and prosecute criminals," he said in a statement.

A second requirement, also embedded in Smith's so-dubbed Safety Act (PDF), requires owners of sexually explicit Web sites to post warning labels on their pages or face imprisonment. This echoes, nearly word for word, a proposal from last year that was approved by a Senate committee but never made it to a floor vote.

Even though both requirements are central to a Republican-led effort, neither data retention nor Web labeling are that partisan. A Senate committee approved a telecommunications bill that included Web labeling by a 15-7 vote in June. And Rep. Diana DeGette, a Colorado Democrat, has been the most vocal proponent of data retention in the entire Congress.

Other bills in the Republicans' "law and order" agenda are related to terrorism, the death penalty, gangs, computer data breaches and drug trafficking.

ISP snooping timeline

In events that were first reported by CNET, Bush administration officials have said Internet providers must keep track of what Americans are doing online. Here's the timeline:

June 2005: Justice Department officials quietly propose data retention rules.

December 2005: European Parliament votes for data retention of up to two years.

April 14, 2006: Data retention proposals surface in Colorado and the U.S. Congress.

April 20, 2006: Attorney General Alberto Gonzales says data retention "must be addressed."

April 28, 2006: Democrat proposes data retention amendment.

May 16, 2006: Rep. Jim Sensenbrenner drafts data retention legislation but backs away from it two days later.

May 26, 2006: Gonzales and FBI Director Robert Mueller meet with Internet and telecom companies.

October 17, 2006: FBI director calls for data retention.

January 18, 2007: Bush administration says it will approach Congress for data retention laws.

The legislative fusillade marks the renewal of a political tussle that began in earnest last April, when Attorney General Alberto Gonzales called on Congress to target Internet providers with new regulations, which have been generally opposed by telecommunications companies and civil liberties organizations. CNET was the first to report that the Bush administration has been pushing for such a rule privately since mid-2005.

Until this week, however, no formal bill had been introduced in the U.S. Congress.

Supporters of the proposal say it's necessary to help track criminals if police don't respond immediately to reports of illegal activity and the relevant logs are deleted by Internet providers. They cite cases of child molestation, for instance. Industry representatives respond by saying there's no evidence that Internet providers have dragged their feet when responding to subpoenas from law enforcement.

Details about data retention requirements would be left to Gonzales. At a minimum, the bill says, the regulations must require storing records "such as the name and address of the subscriber or registered user to whom an Internet Protocol address, user identification or telephone number was assigned, in order to permit compliance with court orders."

Featured Video