The US government proposed mandatory data retention for ISPs to keep logs of citizens’ online activities for up to two years, raising privacy concerns. There are different models of data retention, some retaining only basic address information, while others retain content as well. The logistics and security of ISP snooping are also concerns. Proponents argue it is necessary for catching child abusers or terrorists, but opponents argue it erodes basic rights and expands data mining potential. The EU passed data retention laws in 2005, while organizations such as EPIC and CDT oppose ISP snooping.
Internet service provider (ISP) snooping refers to mandatory requirements proposed in the United States to keep logs of everything citizens do online. Archives of each individual’s online activities would automatically be held for law enforcement in logs that could last up to two years. Only the oldest records would be purged at the end of the retention period, while new online businesses would continue to build the archives. The proposed requirement, known as data retention, is a controversial measure that opens the door to a number of concerns for both ISPs and privacy advocates.
There are several data retention or ISP snooping models that differ in the amount of data actually retained. In the “address” template, basic address information is stored. This would include a date and time stamp of the Internet Protocol (IP) address assigned to each individual, email addresses that the individual corresponded with, addresses of websites visited, chat rooms or newsgroups visited, and telephone numbers of VoIP calls (Voice over IP) performed . This model would not necessarily preserve the content of email messages, web pages or chat rooms.
Other ISP snooping models require a more robust approach to retaining not only address information, but content as well. This includes all e-mail messages, web page content viewed, chat room conversations, newsgroup conversations, VoIP, and more. Regardless of model, ISP spying dictates what can arguably be described as an Orwellian-style online society in which the government has essentially removed the word “private” from “private citizen.” Currently, ISPs don’t keep logs beyond a short period of time, used only to maintain their services.
Privacy concerns aside, the sheer logistics of ISP snooping are significant. Concerned ISPs argue that the task of maintaining such huge archives is an unfair burden. Security issues are also under discussion. Who exactly will have access to these databases? Furthermore, if such archives are created, it is almost certain that there will eventually be breaches. Does the potential downside, loss of privacy, and cost justify the ISP snooping?
Proponents of ISP snooping include the Justice Department, the Federal Bureau of Investigation (FBI), and United States Attorney General Alberto Gonzales, among others. In mid-April 2006, Gonzales was widely reported to have said that the proposed data retention laws were needed primarily to catch child abusers. Opponents responded by pointing to existing laws for dealing with illegal online activities, including child pornography. During an investigation, law enforcement agencies can require an ISP to keep related logs for 90 days, while a simple subpoena is all that is needed for IP information to identify an online suspect. It is also federal law that ISPs must report any known occurrence of child pornography to the National Center for Missing and Exploited Children.
A few weeks later, Gonzales changed his previous stance, citing terrorism as the primary reason for the data retention laws. Opponents argue that ISP spying is an impractical counter-solution that further erodes the basic rights of law-abiding Americans out of proportion to the stated goal. It also expands data mining potential exponentially and would unnecessarily create a mother database too easily misused. Additionally, terrorists would likely take steps to avoid identification through data rental using anonymous means such as Internet cafes, anonymous proxies, disposable mobile cards, and other measures.
The European Union passed data retention laws in December 2005, which are expected to take effect in 2008. ISP snooping in the US is backed by the Bush administration and is getting some support from Congress. Organizations such as the Electronic Privacy Information Center (EPIC) and the Center for Democracy in Technology (CDT) oppose spying on ISPs.
Protect your devices with Threat Protection by NordVPN