Do you think Congress has given any thought to what its latest effort to police the Internet is going to cost? Not just the cost to Internet Service Providers, like AT&T and Comcast, but also to anyone who offers Internet access to anyone, potentially including you and me?
Two bills currently under consideration both include the same language: "A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user."
The bills, S.436 in the Senate and H.R.1076 in the House, are both titled "Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act of 2009" or the "SAFETY Act." Just as an aside, I hate the cutesy names used to try to make questionable legislation such as this seem friendly.
For an ISP the logging requirement might be easily met, though not without considerable new cost. Is this someone's idea of an economic stimulus?
But, what about the increasing numbers of businesses that offer free Internet to customers and even the general public? And how do I maintain such records if you come over to my house and I give you a password for my access point?
Many public libraries provide free Internet access to patrons, including low-income people and the jobless. It appears each of these users would have to be positively identified and associated with an IP address.
How will this law treat VOIP telephone calls? Will call data also need to be recorded?
Because these bills are associated with "protecting our children," the legislation is likely to sail through. My bet, however, is that in practice the data collected won't be used to fight the exploitation of children nearly so often as it's used in other types of investigations.
I disagree with my PC World colleague, Scott Nichols when he says, "I wonder most about the effectiveness of this bill. It seems to me all that will be retained is the identity of who was using a dynamic IP address at a particular time. The bill is ambiguous enough that it may not include any information about that person's activity, which seems to me a crucial part of determining whether someone is engaging in illegal activities."
While Scott is right as far as he goes, my bet is the information that's collected will mostly be used when it's already known that someone has done something--like downloaded child pornography or sent e-mail to a terrorist cell--and law enforcement only needs to know who did it.
This might partially negate the obvious privacy concerns these bills raise. Instead of sifting though the surfing histories of all users looking for crimes, police would just search to see who was using a specific IP address at the specific time when an offense was committed.
The logical extension of this would be to require that every telephone caller be positively identified and a log kept of every telephone call that is placed. If I yet you browse using my iPhone or home computer, will I need to keep a log?
I think most people would consider this to be an unreasonable burden and an invasion of privacy, despite the positive effect it might have on the apprehension of criminals.
If Congress is intent on collecting this information for law enforcement, and I am not saying it is necessarily a bad idea, we should reengineer the Internet to collect this information automatically. Heck, we could all login using our new national identity cards, affirm our allegiance to Big Brother, and communicate safe in the knowledge that someone is watching over us.
While I am not siding with criminals and have generally been supportive of reasonable wiretap laws and other surveillance, what's being proposed here seems at least a little excessive.
David Coursey has been working in and writing about technology for more than 25 years. Contact him at firstname.lastname@example.org.