Thanks to Rep. Lamar Smith (R-TX), aided by co-sponsors Rep. Steve Chabot (R-OH), Rep. Tom Feeney (R-FL), Rep. J. Randy Forbes (R-VA), Rep. Trent Franks (R-AZ), Rep. Elton Gallegly (R-CA), Rep. Dan Lungren (R-CA), and Rep. Mike Pence (R-IN), the House Judiciary Committee is now considering the Stopping Adults Facilitating the Exploitation of Today’s Youth (SAFETY) Act.
Here’s one of the main problems with this bill:
SEC. 6. RECORD RETENTION REQUIREMENTS FOR INTERNET SERVICE PROVIDERS.
(a) Regulations- Not later than 90 days after the date of the enactment of this section, the Attorney General shall issue regulations governing the retention of records by Internet Service Providers. Such regulations shall, at a minimum, require retention of records, such as the name and address of the subscriber or registered user to whom an Internet Protocol address, user identification or telephone number was assigned, in order to permit compliance with court orders that may require production of such information.
(b) Failure To Comply- Whoever knowingly fails to retain any record required under this section shall be fined under title 18, United States Code, and imprisoned for not more than one year, or both.
As others have pointed out, this measure places an onerous burden on ISPs and network operators. Note that although the section quoted above only directly mentions retention of records that pertain to subscriber information (who purchased what account/services), it specifies those records as a minimum. It leaves discretion to the Attorney General to define the specific retention regulations, and there is more than ample reason to believe that the current law enforcement climate would stop there. (I’ll point out that any competently run business retains that information already for tax reasons.) In fact, this wording gives leave to the Attorney General to require ISPs (or any organization that puts up a web or email server!) to retain all sorts of records on your Internet usage: who you get email from, who you send it to, contents of those messages, websites you visit, etc. — and these records would need to be retained all the time, for every user, whether or not that user was suspected of wrongdoing.
In short, this bill would give authority to the Attorney General to require all ISPs and companies with an Internet Presence to keep complete records on all Internet activity. Once this data is there, do you want to take bets as to whether or not law enforcement wouldn’t start finding reasons to do more and more browsing (not just focused on stopping online child exploitation)? In Europe, where they already have some mandatory level of records keeping, the entertainment industry is already agitating to get access to those records to investigate piracy — not to help prosecute people they’ve already identified, but to troll for people to prosecute.
Call your Congressmen today. Protest this bill now, while you can.