May 31st, 2006

Justice wants companies to retain data

Posted by ZDNet @ May 31, 2006 @ 4:46 PM

Categories: Government technology, Justice

Tags: Internet, Justice, ZDNet

Attorney General Alberto Gonzales and FBI Director Robert Mueller urged telecom companies and service providers to retain user data for two years in a closed-door meeting held Friday at the Justice Dept., News.com reported last week.

During Friday’s meeting, Justice Department officials passed around pixellated (that is, slightly obscured) photographs of child pornography to emphasize the lurid nature of the crimes police are trying to prevent, according to one source.

The Justice Department also proposed that Web sites such as e-mail providers be required to store data about their users’ activities for future law enforcement and national security investigations, according to one industry representative familiar with last week’s meeting.

Now, reporter Declan McCullaugh writes, Internet providers and telecoms are pushing back against the idea, even as several pieces of legislation in Congress threaten to make long-term retention the law.

"We have real reservations about data retention requirements because of the security and privacy risks attached to it," said Mark Uncapher, senior vice president of the Information Technology Association of America. ITAA’s board members include representatives of AT&T, Sybase, Fujitsu and Unisys.

"Ddata retention is a complicated issue with implications not only for efforts to combat child pornography but also for security, privacy, safety and availability of low-cost or free Internet services," a statement from Microsoft said. (Click here to read the complete statement.)">

In a vaguely worded statement, Google said the various proposals must "consider the legitimate interests of individual users, law enforcement agencies and Internet companies."

At the moment, Internet service providers typically discard any log file that’s no longer required for business reasons such as network monitoring, fraud prevention or billing disputes. Companies do, however, alter that general rule when contacted by police performing an investigation–a practice called data preservation.

A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It requires Internet providers to retain any "record" in their possession for 90 days "upon the request of a governmental entity."