Does your ISP store records of your online activity? Whether they have a policy of data retention or not (and some of them do), the Department of Justice is trying to get Congress to pass a law that would require all ISPs to retain all user data for an as-yet-undefined length of time.
The Huffington Post reports that the DOJ testified before Congress this week about their desire for mandated data storage at the ISP level. The DOJ fights online crime like fraud, hacking and child porn, but they say that, in order to do their job effectively, they need a record of online activity available for all 230 million U.S. web users.
Is this reasonable, or is it Big Brother in action? Some would say there’s a solid basis for the need for reliable records; in one child porn investigation currently underway, the DOJ requested IP identities for a list of suspected offenders, but the ISPs in question were only able to provide IP info for 19 percent of the list. Since there’s no data storage law currently in place and ISPs can store (or not store) user data for as long as they see fit, the authorities have no way to ensure that the info they need in an online investigation will be available when they come looking for it.
But on the flip side, there are concerns. First, data storage could be problematic for the ISPs, since storing huge quantities of records could become difficult and costly. Also, while the DOJ has made assurances that they’ll keep a “good balance” between user privacy and investigations, they haven’t been forthcoming about the details of the data retention: how long the data would be stored, just what data they’re talking about, and whether the data could be used for any other purposes down the road.
What about user privacy? The vast majority of Americans using the web are completely innocent of hacking, identity theft, fraud or child porn charges. Would storing everyone’s data be an unnecessary intrusion into the privacy of users like you and me? Many privacy advocates think so. While the DOJ can try to promise that any stored data would not be used for purposes other than legitimate investigations, that does not preclude the possibility of data breaches, hacks into ISP storage systems or even the chance that the data might eventually be used for other purposes, with or without the user’s consent. Keeping a database of online activity for every American who goes online means that the possibility for infringement on free speech or privacy rights is significant.
The idea of storing online user records has been around almost as long as online users have been surfing. Attempts during the Bush administration to propose data retention were shot down because of privacy concerns; in an administration where illegal wiretapping was considered a reasonable and necessary step to protecting national security, the fact that privacy arguments stymied online data storage is telling. As much as we all want online criminals to be caught and punished, if we ask ourselves whether we’d be fine with the government watching our every move online, I think most of us would be hesitant to agree.
In the end, our American laws are built in part on the concept that freedom means a certain amount of privacy, even when it might logically create more “security” to infringe on that privacy. After all, the police could catch far more criminals if they stopped every single car on the road or checked every single home for illegal activity, but that would be unconstitutionally intrusive. Our property cannot be searched, nor our conversations recorded, without just cause that’s supported by a legal authority; our online activities should be no different. We are not required by law to keep records of all of our offline activities just to make law enforcement’s job easier, and while the idea of retaining all online data might seem attractive to DOJ officials (or to those who think they have “nothing to hide”), the slippery slope of privacy loss and free speech concerns is not one we should be volunteering to hurtle down.
I’ll wrap this post with one of my favorite Ben Franklin quotes, one that I think sums up the situation every time we knock around the idea of invading the privacy of all Americans in the name of national security:
“Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.”
