RealTime IT News

Feds Still Stumping For Data Retention Regs

The Bush administration shifted from child pornography to terrorism this week in its campaign for greater customer data retention by Internet service providers.

After months of using the issue of online child pornography as a rationale for new data retention regulations, both Homeland Security Secretary Michael Chertoff and FBI Director Robert Mueller pointed to the war on terrorism as further justification.

Speaking at a Boston convention of police chiefs earlier this week, Mueller said the FBI needs ISPs to increase the amount of time and data they retain on customers because terrorists are moving their operations online.

"Today, terrorists coordinate their plans cloaked in the anonymity of the Internet," Mueller told the International Association of Chiefs of Police.

"All too often, we find that before we can catch these offenders, Internet service providers have unwittingly deleted the very records that would help us identify these offenders."

Chertoff told the same group that terrorism is a "threat that may be borne over the Internet, maybe as collected only in a very small group of operatives, that could pose a serious potential of harm to our communities all across the country.

"We're going to have to adapt ourselves at all levels for this emerging threat."

Under the 1996 Electronic Communication Transactional Records Act, ISPs are required to keep subscriber records for 90 days if requested to do so by the government.

Since last summer, the Bush administration has been negotiating with ISPs to keep more customer data for longer periods of time.

In June, the Department of Justice convened a private meeting of the country's major ISPs and Internet companies to discuss the issue.

Mark Uncapher, vice president and counsel for the Information Technology Association of America (ITAA), was one of the few Washington IT executives willing to speak on the record about the meeting.

"The biggest barrier is whether the information [that the DoJ is seeking] is being stored or not," he told internetnews.com after the meeting. "Once past that hurdle, whether it's six months or whatever [for retention] it can be dealt with."

In the interim, the European Union passed regulations requiring ISPs in member countries to retain customer records for no fewer than six months and up to two years.

The issue of greater data retention by U.S. ISPs has drawn criticism from privacy advocates who fear the larger pool of available information will lead to more data breaches and increased ID theft.

"We must find a balance between the legitimate need for privacy and law enforcement's clear need for access," Mueller said Tuesday.