ISP snooping plans take backseat

Republican committee chair says he won't go ahead with proposal to require Net providers to store data on customers.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
3 min read
A prominent Republican in the U.S. Congress has backed away from plans to rewrite Internet privacy rules by requiring that logs of Americans' online activities be stored.

Wisconsin Rep. F. James Sensenbrenner, the chairman of the House Judiciary Committee, said through a representative this week that he will not be introducing that legislation after all.

The statement came after CNET News.com reported on Tuesday that Sensenbrenner wanted to require Internet service providers to track what their users were doing so police might more easily "conduct criminal investigations," including inquiries into cases involving child exploitation and pornography. The concept is generally called data retention.

Rep. F. James Sensenbrenner, R-Wisc. Rep. F. James Sensenbrenner, R-Wisc.

Jeff Lungren, communications director for the House Judiciary Committee, said an aide had drafted the proposed bill without Sensenbrenner's direct involvement. "Staff sometimes starts working on issues--throwing around ideas, doing oversight--and (they) get ahead of where the members are and what they want to tackle," Lungren said in an e-mail message.

Sensenbrenner also canceled a May 23 hearing that was scheduled to include a discussion of data retention.

Technology companies and Internet providers had quietly expressed strong objections to Sensenbrenner after the CNET News.com article appeared, according to two people with knowledge of the communications. They also criticized a second portion of the proposal that would make it a felony for Web sites to facilitate access to child pornography--through hyperlinks or by offering a discussion forum, for instance.

New Internet felonies proposed

Following are excerpts from Rep. Sensenbrenner's Internet SAFETY Act:

"Whoever, being an Internet content hosting provider or e-mail service provider, knowingly engages in any conduct the provider knows or has reason to believe facilitates access to, or the possession of, child pornography shall be fined under this title or imprisoned not more than 10 years, or both.

"'Internet content hosting provider' means a service that (A) stores, through electromagnetic or other means, electronic data, including the content of Web pages, electronic mail, documents, images, audio and video files, online discussion boards, and Web logs; and (B) makes such data available via the Internet."

"Not later than 90 days after the date of the enactment of this section, the Attorney General shall issue regulations governing the retention of records by Internet service providers. Such regulations shall, at a minimum, require retention of records, such as the name and address of the subscriber or registered user (and what) user identification or telephone number was assigned..."

Sensenbrenner is a close ally of President Bush, and his office began drafting the proposal soon after Attorney General Alberto Gonzales gave a speech last month saying Internet providers should retain records of user activities for a "reasonable" amount of time.

"Legislation on this issue will not be introduced by Chairman Sensenbrenner, and he is not interested in considering any legislation like it," Lungren said in e-mail. "Our committee's agenda is tremendously overcrowded already."

Until Gonzales' speech, the Bush administration had explicitly opposed laws requiring data retention, saying it had "serious reservations" (click here for PDF) about them. But after the European Parliament last December approved such a requirement for Internet, telephone and voice over Internet Protocol (VoIP) providers, top administration officials began talking about it more favorably.

"It would be burdensome--it would be excessive" if enacted into law, said Will Rodger, director of public policy at the Computer & Communications Industry Association, which represents companies including Microsoft, Sun Microsystems, Nortel, Verizon and Yahoo. "This says let's start snooping on people just in case we find they've been up to something no good later on."

Peter Swire, a fellow at the liberal Center for American Progress and a law professor at Ohio State University, said he was concerned about the security implications of Sensenbrenner's proposal. "Data retention becomes a single point of failure for revealing government and other legitimate activities" if the Internet activities of police are recorded, Swire said.

Mandatory data retention legislation could still advance through a different House committee, however. Rep. Diana DeGette, a Colorado Democrat, announced legislation (click here for PDF) last month--which could be appended to a telecommunications bill--that also would require Internet providers to store records that would permit police to identify each user.