Republican politico endorses data retention

Aide to House committee chairman expresses support for law prohibiting ISPs from deleting customer activity records.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
2 min read
WASHINGTON--A key Republican in the U.S. House of Representatives plans to find a way to force Internet providers to keep records of their customers' activities, an aide said Friday.

The aide said Rep. Joe Barton of Texas, who chairs the House committee responsible for writing Internet and telecommunications law, has pledged to work on legislation related to mandatory data retention--a concept recently endorsed by the Bush administration as a way to crack down on child pornographers.

"We have made a commitment with the congresswoman to address that issue," David Cavicke, general counsel to the House Committee on Energy and Commerce, said at the Computers, Freedom & Privacy conference here. Cavicke was referring to Rep. Diana DeGette, a Colorado Democrat, who has drafted legislation making it unlawful for an Internet provider to delete certain types of customer information.

In response to a question from CNET News.com, Cavicke said he didn't know what form the legislation will take--whether, that is, it'll be a standalone bill or an amendment to a much broader proposal to rewrite telecommunications laws.

It involves figuring out "how to protect consumers' personal information and protect American citizens from scourges like child pornography," Cavicke said.

CNET News.com was the first to report last June that the U.S. Department of Justice was quietly shopping around the idea of legally required data retention. In a move that may have led to broader interest among U.S. politicians, the European Parliament in December approved such a requirement for Internet, telephone and voice over Internet Protocol (VoIP) providers.

DeGette's proposal says any Internet service that "enables users to access content" must permanently retain records that would permit police to identify each user. The records could only be discarded at least one year after the user's account was closed.

It's not clear whether the DeGette language would be limited to commercial e-mail providers and Internet providers, and to places like coffeehouses, bookstores or home users that provide Wi-Fi access at no charge. An expansive reading of DeGette's measure would require every Web site to retain those records. (Details would be left to the Federal Communications Commission.)

For their part, Internet providers say they have a long history of helping law enforcement in child porn cases and point out that two federal laws already require them to cooperate.

At the moment, Internet service providers typically discard any log file that's no longer required for business reasons such as network monitoring, fraud prevention or billing disputes. Companies do, however, alter that general rule when contacted by police performing an investigation--a practice called data preservation.

A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It requires Internet providers to retain any "record" in their possession for 90 days "upon the request of a governmental entity."

In addition, Internet providers are required by another federal law to report child pornography sightings to the National Center for Missing & Exploited Children, which is, in turn, charged with forwarding that report to the appropriate police agency.