Lawmakers recently called for a new federal law that would require any provider of Internet access to keep records related to the identity of anyone using its computer networks -- for up to two years.
That means all Internet service providers, businesses providing employees with Internet access, coffee shops and restaurants offering WiFi connections, libraries, and other Internet-enabled places would, at a minimum, be required to maintain records of who used a particular computer to access the Internet and when.
This requirement is problematic enough, but the ambiguity of a key provision in the bill, dubbed the Internet Safety Act, which requires retention of "all records or other information pertaining to the identity of a user" -- even if that usage is temporary -- could sweep in far more sensitive information.
In addition, the data retention requirements might be construed to apply not only to commercial providers but also to any household that has a broadband connection.
Intended to help law enforcement track and prosecute criminals who use the Internet to traffic child pornography, the legislation would in effect require ISPs to keep track of anyone who uses their Internet access.
We know that one of the best ways to protect our online privacy is to keep the amount of information we share and store on the Internet at a minimum.
Asking AOL, Comcast or Verizon to store details of our online activity in a giant database for two years would not only undermine the less-is-best principle, but also would subject a large stockpile of our personal information to theft or accidental disclosure. You might as well paint a bulls-eye on your private files; such a database would be an all-too-tempting target for computer criminals.
The Internet activity of government employees -- members of Congress, law enforcement and other agencies -- could also get swept up in Internet service providers' efforts to comply with this proposed law.
Data about the communication between government agencies and covert operatives who communicate over regular Internet channels would be retained, making the Internet Safety Act problematic for domestic and international security.
That stockpile would be a goldmine for exploitation.
At a time when recent exploits by hackers -- such as the Conficker worm that took control of at least 10 million personal computers -- have exposed the security vulnerabilities of the Internet, mandatory data retention would aggravate the risk of breaches and unauthorized use.
Each time you sign onto to WiFi at the coffee shop, check a social networking site via a mobile phone, or sign on to send an email, your ISP and other providers would be required by the law to store information about you for at least two years to enable law enforcement -- on the off chance that you commit a specific crime -- to use legal process to identify you and track you down.
The burden of keeping that data secure would fall on individual service providers, cable companies, wireless carriers, employers who provide Internet access, universities, WiFi hotspot providers, hotels, libraries, schools -- the list extends as far as the Internet reaches: nearly everywhere, including possibly even homeowners.