While the U.S. Justice Department "quietly" shops requiring Internet service providers to track and report customer activity online – using child porn as a threatening wedge – an industry survey says most respondents want Congress to make the Net safer but don't trust government to do it.
Published reports indicate the Justice Department is pushing the idea of data-retention rules that would enable law enforcement to obtain records of email text, Internet browsing, and chat room activity. The idea is said to be based on proposals from its Child Exploitation and Obscenity Section.
If they go into effect, the new rules would mean a shift in the department's former position that data retention isn't necessary and is an unreasonable burden on ISPs. The Bush Administration itself had "serious reservations" about mandatory data retention "regimes" in 2001.
The issue was brought up "not once but several times in the meeting, very emphatically," U.S. Internet Industry Association president Dave McClure told reporters, about an April meeting between Justice officials, ISP leaders, and the National Center for Missing and Exploited Children. "We were told, 'You're going to have to start thinking about data retention if you don't want people to think you're soft on child porn.'"
The meeting was also said to include Justice officials stressing the preference was voluntary cooperation from the ISPs before any legal mandate could be enacted.
No federal law mandates such ISP data logging now. And while Justice may believe it might allow criminal and terrorism prosecution to succeed where lack of evidence would kill such cases, the reports suggested, privacy and practical concerns sank a comparable idea in Europe and might stir domestic opposition.
European justice and home affairs ministers want a requirement that logs be kept between one and three years. Three years ago, Britain sought and lost a two-year requirement, when European data commissioners rejected the British proposal on grounds they held dubious legitimacy and created potential excessive financial burden on telecommunications companies and ISPs. Justice is believed to want to begin with a two-month requirement.
Meanwhile, a survey taken by the Cyber Security Industry Alliance found bipartisan agreement that online safety has them nervous enough not to do business online, and they think that government should do more and can't really be trusted to do it right.
The CSIA survey found that 93 percent of respondents called spyware a serious problem, 97 percent feared both identity theft and spyware, and 71 percent said new online privacy protection laws were needed. But only 28 percent of those respondents think government puts the right emphasis on information system and network protection, only 32 percent trusted Congress to do what's right for cyberspace, and 63 percent sooner trusted consumer advocacy groups like the Better Business Bureau to do the job.
"We must be careful about the public policy course we chart in the next few years, as it will have long-term consequences for innovation and economic growth," said CSIA executive director Paul Kurtz about the survey results.
"When legislation is deemed necessary, such as in the case of securing sensitive personal information, Congress should not duplicate requirements already set forth under existing federal law, but should address ‘gaps’ in existing law and encourage the adoption of widely accepted cyber security standards," Kurtz said.
