ABC News' Mary Bruce reports: Criminal investigations are “being frustrated” because internet providers are not required by law to retain information on what their customers are doing online, the Department of Justice testified before a House hearing today.
“The gap between providers retention practices and the needs of law enforcement can be extremely harmful to investigations that are critical to protecting the public from predators,” Justice Department Deputy Assistant Attorney General Jason Weinstein told a House Justice Committee hearing on “data retention as a tool for investigating internet child pornography and other internet crimes.”
“The lack of adequate, uniform and consistent data retention policies threatens our ability to use the legal tools Congress has provided to law enforcement to protect public safety,” he said.
While some internet providers voluntarily retain user data for months or years, others do not retain data at all. Under current law, officers can issue subpoenas, court orders and search warrants to require an internet service provider to hand over user data. The problem, Weinstein testified, is that “those authorities are only useful if the data is still in existence at the time the government seeks to obtain it.”
Judiciary Committee Chair Rep. Lamar Smith, R-Texas, agreed. “When law enforcement officers do develop leads that might ultimately result in saving a child or apprehending a pornographer, their efforts should not be frustrated because vital records were destroyed simply because there was no requirement to retain them. Every piece of discarded information could be the footprint of a child predator,” he said.
Other committee members and the Internet Service Provider Association expressed concern, however, that retaining internet data could infringe on users’ privacy.
“A data retention mandate would raise a number of serious privacy and free speech concerns… Congress should be very hesitant to require service providers to create databases to track the internet activities of 230 million innocent Americans,” said John Morris, General Counsel for the Center for Democracy and Technology.
Florida Democrat Rep. Debbie Wasserman Schultz reiterated “this is not about watching or tracking people’s behavior online… it’s about helping law enforcement connect the dots.”
Beyond privacy concerns, Morris argued that requiring internet providers to extend their data retention for longer periods would be so cost prohibitive that it would harm competition, innovation and ultimately internet users.
Kate Dean, the Executive Director of the Internet Service Provider Association, questioned how companies would keep track of a growing amount of personal user data.
“We’re dealing with people’s lives and liberty here and out of all of this data we have to make sure that, say 18 months down the road, that tiny particular piece of information is exactly the right information linking that exact target,” she said.
Looking ahead, Rep. Jim Sensenbrenner, R-Wis., asked Dean if, in place of a Congressional mandate, her member companies would be willing to come together and develop their own voluntary compliance order.
“I am a firm believer in carrots and sticks and I am tossing you a carrot now… If you aren’t a good rabbit and don’t start eating the carrot, I’m afraid that we’re all going to be throwing the stick at you. So this is an opportunity for you to come up with some kind of a solution,” Sensenbrenner said.
Dean said the Association would be willing to sit down with all parties involved and take an active role in a larger dialogue.