Data Retention Bill Is Dangerous Expansion of Government Power; Costly Mandate
Instead of requiring that providers retain more data about their customers’ Internet activities, Congress should update the 25-year old law [the Electronic Communications Privacy Act] that sets low standards for government access to the vast amount of information already collected.
Washington—Today a House committee approved what one Member of Congress called the "Keep Every American’s Digital Data for Submission to the Federal Government Without a Warrant Act." The bill would require ISPs, hotels, coffee shops and others to retain information that could be used to identify their customers and would be a dangerous expansion of government power, a costly mandate that could discourage Internet access, and unnecessary to serve any legitimate need, said the Center for Democracy & Technology.
The "data retention" mandate was approved by the House Judiciary Committee on a 19-10 vote after a contentious two-day markup. The legislation mandates retention for 12 months of Internet addresses and could be interpreted to require collection of the name, home address, and credit card information of people who pay to access the Internet at a WiFi hotspot.
"This bill puts Americans' cherished privacy rights at risk and treats all law-abiding citizens as if they were suspected of heinous crimes. To protect privacy and discourage identity theft and other fraud, companies should be minimizing the data they collect,” said Leslie Harris, President and CEO of the Center for Democracy & Technology. "This legislation moves in the wrong direction by mandating the retention of personally identifiable information when there is no business reason for doing so and even when there is no evidence whatsoever that the data retained would aid an investigation."
Gregory T. Nojeim, director of CDT’s Project on Freedom, Security & Technology added, "Instead of requiring that providers retain more data about their customers' Internet activities, Congress should update the 25-year old law [the Electronic Communications Privacy Act] that sets low standards for government access to the vast amount of information already collected."
CDT is a member of Digital Due Process, a broad coalition of tech and telecom companies, NGOs spanning the political spectrum, and academics that has proposed changes to clarify ECPA and subject communications content and geolocation information to a warrant requirement.
The House bill approved today, while labeled the Protecting Children from Internet Pornographer’s Act, would require the retention of data about the activities of any person that uses the Internet, not just of those suspected of trafficking in child pornography, and the data would be available to government agents in all investigations, not just those concerning child pornography. Toward the end of the markup, Rep. Zoe Lofgren (D-CA) offered an amendment to re-title the bill to more accurately reflect its impact, calling the bill the “Keep Every American’s Digital Data for Submission to the Federal Government Without a Warrant Act.” Unfortunately, Lofgren’s effort at truth in naming failed.
For more detailed comments on this bill, see our blog post here.