Attorney General Alberto Gonzales today testified before a Senate panel and called for Congress to require Internet service providers (ISPs) to preserve customer records, asserting that prosecutors need them to fight child pornography, according to The Associated Press.
“This is a problem that requires federal legislation,” said Gonzales. He called the government’s lack of access to customer data the biggest obstacle to deterring child porn. “We respect civil liberties, but we have to harmonize this so we can get more information,” he said. Gonzales added that he agrees with a letter sent in June to Congress by 49 state attorneys general, requesting federal legislation to require ISPs to hold onto customer data longer.
Despite concerns from some ISP company executives that they proposed legislation may be overly intrusive and encroach on the privacy rights of consumers, Gonzales stated the growing threat of online child pornography was too great.
“This is a problem that requires federal legislation,” Gonzales told the Senate Banking Committee. “We need information. Information helps us makes cases.”
The attorney general claims the government’s lack of access to customer data is the biggest obstacle to deterring child porn.
“We have to find a way for Internet service providers to retain information for a period of time so we can go back with a legal process to get them,” said Gonzales.
In meetings held with some Internet service providers, including Time Warner Inc.’s AOL, Comcast Corp., Google Inc., Microsoft Corp., and Verizon Communications Inc., Gonzales and FBI Director Robert Mueller indicated the companies must retain customer records, possibly for two years. The companies have discussed strengthening their retention periods, currently ranging from a few days to about a year, to help avoid legislation.
U.S. Justice Department officials have said that any proposal would not call for the content of communications to be preserved and would keep the information in the companies’ hands. The data could be obtained by the government through a subpoena or other lawful process.
Under current U.S. law since January 2002, ISPs that become aware of child pornography transactions taking place over their systems must report having witnessed that transaction—as soon as possible—to the National Center for Missing and Exploited Children (NCMEC) or else face a fine of $50,000. However, the law only states the transaction itself must be reported; what the attorney general seeks is a clarification, stating ISPs should also turn over the personal records of those involved.
In addition, the DOJ seeks the institution of a new system of warning labels, declaring that a website may contain sexually explicit material.
The New York Times in June reported that the DOJ would ask that ISPs make available not just personal records, but the Web-surfing histories of customers, in case of a possible federal subpoena.
However, one very large potential legal hurdle facing the DOJ is that the NCMEC is not a U.S. government agency. According to the center’s site, it is “a private, nonprofit organization to provide services nationwide for families and professionals in the prevention of abducted, endangered, and sexually exploited children.” As a result, it would not have subpoena power. Any rewrite to the law may have to change the designated recipient of data from the NCMEC to a federal agency, such as the FBI. That fact may not yet have been made clear in today’s testimony. Gonzales did not mention the NCMEC in his opening statements to the Banking Committee.
The U.S. Supreme Court upheld a lower court ruling in June 2004, overturning an earlier law—the Child Online Protection Act of 1998—on the grounds that it overly restricted the rights of adults who may not be engaged in illegal transactions.
Ironically, language in that earlier law exempted ISPs and telecom carriers from liability or responsibility for transactions made by their customers, even if those transactions fell under the guidelines for child pornography spelled out by U.S. Code.
