Proposed legislation, aimed at protecting children from Internet predators, has also introduced frightening wording when it comes to log retention. Part of the proposed plan would call for ISPs and those who operate Wi-Fi access points to retain access logs for at least two years. However, the wording of the proposal is what will shock most in the privacy and security world. The way it’s framed, it includes everyone, end-users as well.
Proposed legislation, aimed at protecting children from Internet predators, has also introduced frightening wording when it comes to log retention. Image: Rob Crawley/Flickr.
On Thursday, House Judiciary Committee Ranking Member Lamar Smith (R-Texas) and Senator John Cornyn (R-Texas) introduced the Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act of 2009, or the Internet SAFETY Act. (S.436 and H. R. 1076)
While the proposed legislation is aimed and pitched at protecting children, a good thing on all levels, the section changes to Section 2703 of title 18, United States Code should leave some worried about how far the government will go to protect them.
The proposed changes to Section 2703 state, “Retention of Certain Records and Information- A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user.”
However, when you consider the definition of the terms “electronic communication service” or “remote computing service” then you start to see more problems to the wording of this law.
Electronic communication services are defined by the Department of Justice as, “…any service which provides to users thereof the ability to send or receive wire or electronic communications.” According to documentation by the DOJ, this includes telephone companies and Email providers, such as your ISP.
Remote computing is defined as, “…a provision to the public of computer storage or processing services by means of an electronic communications system. An electronic communications system is "any wire, radio, electromagnetic, photooptical, or photoelectronic facilities for the transmission of wire or electronic communications, and any computer facilities or related electronic equipment for the electronic storage of such communications."
What makes these changes worse, is that they are using the fear of a parent to attempt to get this passed. The entire Internet SAFETY Act is aimed at protecting children, according to statements released by both Smith and Cornyn. They tout it as a coordinated effort to “strengthen penalties for Internet predators and enhance safety measures to protect Texas children.”
Sure, they hit the sick and twisted people who prey on kids hard, but they also worded the law that would require levels of data retention most computer users wouldn't even begin to understand how to comply with. Yet, they are selling this with fear, and it looks as if they hope that if parents are frightened enough, they will forgive the laws that could make them criminals without even knowing.
Most home routers use DHCP to assign an IP address, this is a temporary address. Businesses use DHCP as well. Since DHCP is a temporary assignment of identification on a network, used for communication, then everyone online is affected by this proposal.
So what will a user do when their Linksys or D-Link router dies? The logs, if there were any on that type of wireless router available, are gone. The end user is now out of compliance with the proposed law.
What if the company who provided the wireless router, doesn’t include the ability to retain logs at all? Is the company at fault or the end user who owns the device that was made without this ability? Another thing not covered in the proposal.
Do they even know the types of logs they are asking for? Do they even understand the costs associated with keeping these logs? Businesses might be able to deal with the upkeep costs, but the average consumer wouldn’t have a clue as to what they needed to buy and add to a network for compliance, let alone how to manage the logs properly.
The problem is the wording. End users are not defined, and there is no evidence that the two Republicans who made the proposed changes to the law understand that enforcing this change on the normal citizen - who may allow open access to a wireless connection without their knowledge or consent and has neither the knowledge, or in most cases the ability to comply - would make the effort useless
Protecting kids online is a great thing. No one will argue those aspects of the proposal. Yet, the lack of wording and clear terms will end up making some of those concerned parents criminals the second it is approved, if they are asked for the logs in connection with a child pornography case.
Another problem is that they have used fear to attempt to move the proposal forward. The provision and proposed change to the law regarding logging is only one small part of a bill that offers harsh punishments for those who traffic in kiddy porn. The rest of the proposed bill is great, it should stay, but if you want to make a law that works, then remove the data retention rules.
The Tech Herald: Should spammers have legal protections for what they do?
The Tech Herald: NCSAM: Kids and the Internet (Part 1)
The Tech Herald: NCSAM: Kids and the Internet (Part 2)
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story