U.S. Attorney General Wants ISP Customer Data
In hearings before the Senate Banking Committee this afternoon, the Associated Press reported, United States Attorney General Alberto Gonzales told committee members he would support a tightening of federal requirements for Internet service providers to hand over information on their customers. Specifically, he is asking senators to extend the law to require ISPs to retain data on their customers, should that data become necessary for use in a federal investigation.
"We have to find a way for Internet service providers to retain information for a period of time so we can go back with a legal process to get them," Gonzales was quoted as telling committee members.
The Attorney General's statement echoes sentiments he expressed last April during a speech to the National Center on Missing and Exploited Children, which would be the agency to which ISPs would report this data.
"The investigation and prosecution of child predators depends critically on the availability of evidence that is often in the hands of Internet service providers," Gonzales said at the time. "This evidence will be available for us to use only if the providers retain the records for a reasonable amount of time. Unfortunately, the failure of some Internet service providers to keep records has hampered our ability to conduct investigations in this area."
"Record retention by Internet service providers consistent with the legitimate privacy rights of Americans, is an issue that must be addressed," Gonzales later added.
Under current U.S. law since January 2002, ISPs that become aware of child pornography transactions taking place over their systems must report having witnessed that transaction, as soon as possible, to the NCMEC, or else face a fine of $50,000. However, the law only states the transaction itself must be reported; what the Attorney General seeks is a clarification, stating ISPs should also turn over the personal records of those involved.
In opening remarks, Gonzales said the additions he's requesting "would strengthen [existing law requiring] Internet Service Providers to report violations of child pornography laws, by increasing the criminal penalties for knowing and willful failure to do so, and also establishing a new civil penalty for negligently failing to do so."
In addition, the Justice Department seeks the government to institute a new system of warning labels, declaring that a Web site may contain sexually explicit material.
The New York Times reported last June that the DOJ would ask that ISPs make available not just personal records, but the Web-surfing histories of customers, in case of a possible federal subpoena.
However, one very large potential legal hurdle facing the DOJ is that the NCMEC, which is the designated recipient of child pornography transaction information under existing federal law, is not a U.S. government agency. According to the Center's own Web site, it is "a private, nonprofit organization to provide services nationwide for families and professionals in the prevention of abducted, endangered, and sexually exploited children." As a result, it would not have subpoena power.
So conceivably, any rewrite to the law might have to change the designated recipient of data from the NCMEC to a federal agency, such as the FBI. That fact may not yet have been made clear in testimony today. Attorney General Gonzales did not mention the NCMEC in his opening statements to the Banking Committee.
In June 2004, the U.S. Supreme Court upheld a lower court ruling overturning an earlier law -- the Child Online Protection Act of 1998 -- on the grounds that it overly restricted the rights of adults who might not be engaged in illegal transactions. However, ironically, language in that earlier law exempted ISPs and telecom carriers from liability or responsibility for transactions made by their customers, even if those transactions fell under the guidelines for child pornography spelled out by U.S. Code.