

H.R.1981, the end of online privacy as we know it. - SODaniel
https://spideroak.com/blog/20110803172630-hr1981-the-end-of-online-privacy-as-we-know-it

======
skymt
> Bill H.R.1981 contains legal responsibility for any Internet Service
> Provider to keep detailed records of "your Internet activity for 12 months,
> your name, the address where you live, your bank account numbers, your
> credit card numbers, and any IP-addresses you've been assigned."

The quotation marks imply that the quoted text, which the entire remainder of
the post is built on, is part of the bill. It's not, as far as I can tell. In
fact, there's no requirement that resembles those described in any conceivable
way. Assuming the version on the Library of Congress website [0] is current,
the only section regarding record-keeping by ISPs requires them to keep track
of customer IP address assignments for 18 months:

> A provider of an electronic communication service or remote computing
> service shall retain for a period of at least 18 months the temporarily
> assigned network addresses the service assigns to each account, unless that
> address is transmitted by radio communication (as defined in section 3 of
> the Communications Act of 1934).

The only interpretation I can come up with is that the linked post is a
deliberate lie.

[0]: <http://thomas.loc.gov/cgi-bin/query/z?c112:H.R.1981>:

~~~
SODaniel
Definitely not a deliberate lie. The bill amends previous bills on the topic
by adding the retention of IP-adresses etc.

If I was unclear in the post I am very sorry and will amend the post.

That said the core of the post stand. The linking of currently stored data
with IP-addresses creates a direct link from internet usage to personal data.
Something that should scare most people.

~~~
skymt
But the part everybody's getting worked up over is the tracking of Internet
activity, which is not part of current law, and is not part of the bill in
question. I have no idea where that part came from, so I'd be glad if you
could make that clear.

~~~
SODaniel
I have updated the post to reflect the fact that the amendment or previous
bill does not explicitly refer to tracking of internet habits. I will continue
to investigate the bills and available data etc.

I would like to thank you for pointing this out and I took the liberty of
thanking you in my update of the post.

~~~
skrebbel
I think it's great that you're actively open to feedback and fixing it, but
basically it means that you started out writing about stuff you, apparently,
knew nothing about, so just assumed things.

That sounds a lot like FUD tactics. The internet freedom camp seems to apply
these more and more, seriously blurring the debate and screwing it over. Why
are you doing these things? Why do you act as bad as the people crafting these
laws? Why do you allow both camps in this debate to remove all truth
altogether?

------
alex_c
Wait, they actually called it "Protecting Children From Internet Pornographers
Act"?

I'm speechless.

~~~
pstuart
The main daily newspaper in San Francisco had a front page article trumpeting
a "takedown" of a child porn ring. I commented online that this was an
advertisement by the government to encourage surrendering our rights to
"protect the children".

The reaction was pure hate for my posting because it was defending pedophiles
(it wasn't). It felt like an angry mob that had nothing but revenge on its
mind.

This is why the efforts to destroy all privacy will succeed. For the kids.
Yeah, that's it.

~~~
rosser
The thing is, that takedown, an Ars Technica article about which was on the HN
front page briefly last night, was accomplished without this heinous
legislation. To my mind, that rather puts the lie to the need for such laws.

------
rio517
If they'd just waited a little longer it could have been H.R. 1984.

~~~
espeed
Sure enough! -- maybe that's what everyone should start calling it anyway :)

~~~
Vivtek
That is most _definitely_ what everyone should start calling it.

------
forgotAgain
For me it's worthwhile to actually read the resolution and the law. It just
makes it more real for me rather than a random internet posting.

The resolution is here: <http://thomas.loc.gov/cgi-bin/query/z?c112:H.R.1981>:

The resolution modifies the legal code (law) given here:
[http://www.law.cornell.edu/uscode/18/usc_sec_18_00002703----...](http://www.law.cornell.edu/uscode/18/usc_sec_18_00002703
----000-.html)

[Edit] There is a reasonable write-up of the action from an ACLU blog here:
<http://www.aclu.org/blog/tag/HR%201981>

~~~
anigbrowl
Booooooring. I'd much rather just battle against dystopian strawmen as a cover
for my lack of interest in voting or knowledge of civics.

------
TobbenTM
This sounds vaguely familiar to the Data Retention Directive, already in place
in several european countries. If you ask me, it's bullshit. For the people
that would be afraid of getting caught by this, they should know that it takes
about 5 seconds to connect to a VPN and then you have bypassed it all
together. This means that the innocent will be watched, while the criminals
smart enough just bypass it with ease.

I live in Norway, and the DRD (Data Retention Directive) will be activated
July next year (I think). At that time, I will push all my traffic through a
VPN. My 5 cents.

------
heyrhett
If everyone in the world clicks that "one click petition" to protest the bill,
what happens?

------
sudonim
How does this affect services like Vyprvpn? Are they an "ISP"? Or is that a
loophole so as long as you're using a VPN, you're save from government snoops?

------
razzmataz
So, is there any reliable estimate of how much it will cost to implement this
kind of records retention?

------
ddw
Could an anonymizer such as Tor help get around this?

~~~
wmf
Yes, in the sense that your ISP will still know your IP address (how could
they not?) but won't know what you're doing. And the servers that know what
you're doing won't know your IP address.

~~~
pyre
Only if you ignore the possibility of compromised exit nodes.

~~~
wmf
A compromised exit node also doesn't know your IP address.

