> Bill H.R.1981 contains legal responsibility for any Internet Service Provider to keep detailed records of "your Internet activity for 12 months, your name, the address where you live, your bank account numbers, your credit card numbers, and any IP-addresses you've been assigned."
The quotation marks imply that the quoted text, which the entire remainder of the post is built on, is part of the bill. It's not, as far as I can tell. In fact, there's no requirement that resembles those described in any conceivable way. Assuming the version on the Library of Congress website [0] is current, the only section regarding record-keeping by ISPs requires them to keep track of customer IP address assignments for 18 months:
> A provider of an electronic communication service or remote computing service shall retain for a period of at least 18 months the temporarily assigned network addresses the service assigns to each account, unless that address is transmitted by radio communication (as defined in section 3 of the Communications Act of 1934).
The only interpretation I can come up with is that the linked post is a deliberate lie.
Definitely not a deliberate lie. The bill amends previous bills on the topic by adding the retention of IP-adresses etc.
If I was unclear in the post I am very sorry and will amend the post.
That said the core of the post stand. The linking of currently stored data with IP-addresses creates a direct link from internet usage to personal data. Something that should scare most people.
But the part everybody's getting worked up over is the tracking of Internet activity, which is not part of current law, and is not part of the bill in question. I have no idea where that part came from, so I'd be glad if you could make that clear.
I have updated the post to reflect the fact that the amendment or previous bill does not explicitly refer to tracking of internet habits. I will continue to investigate the bills and available data etc.
I would like to thank you for pointing this out and I took the liberty of thanking you in my update of the post.
I think it's great that you're actively open to feedback and fixing it, but basically it means that you started out writing about stuff you, apparently, knew nothing about, so just assumed things.
That sounds a lot like FUD tactics. The internet freedom camp seems to apply these more and more, seriously blurring the debate and screwing it over. Why are you doing these things? Why do you act as bad as the people crafting these laws? Why do you allow both camps in this debate to remove all truth altogether?
To be clear, the full text of that portion of the legislation says:
---
(a) In General- Section 2703 of title 18, United States Code, is amended by adding at the end the following:
`(h) Retention of Certain Records- A provider of an electronic communication service or remote computing service shall retain for a period of at least 18 months the temporarily assigned network addresses the service assigns to each account, unless that address is transmitted by radio communication (as defined in section 3 of the Communications Act of 1934).'.
(b) Sense of Congress- It is the sense of Congress that records retained pursuant to section 2703(h) of title 18, United States Code, should be stored securely to protect customer privacy and prevent against breaches of the records.
---
In other words, it amends the existing language [0] which says (in part):
---
A provider of electronic communication service or remote computing service shall disclose to a governmental entity the—
(A) name;
(B) address;
(C) local and long distance telephone connection records, or records of session times and durations;
(D) length of service (including start date) and types of service utilized;
(E) telephone or instrument number or other subscriber number or identity, including any temporarily assigned network address; and
(F) means and source of payment for such service (including any credit card or bank account number),
of a subscriber to or customer of such service when the governmental entity uses an administrative subpoena authorized by a Federal or State statute or a Federal or State grand jury or trial subpoena or any means available under paragraph (1).
[snip]
(f) Requirement To Preserve Evidence.—
(1) In general.— A provider of wire or electronic communication services or a remote computing service, upon the request of a governmental entity, shall take all necessary steps to preserve records and other evidence in its possession pending the issuance of a court order or other process.
(2) Period of retention.— Records referred to in paragraph (1) shall be retained for a period of 90 days, which shall be extended for an additional 90-day period upon a renewed request by the governmental entity.
---
So you're 100% right: the name, address, etc information is ALREADY being preserved. This legislation mandates that records of IP addresses linked to accounts be stored for at least 18 months, whereas before they would have been retained for 90-180 days.
Why does everyone keep saying that this allows the data (which is already retained) to be accessed without a warrant? The bill doesn't address warrants at all, and the amended code requires them.
The bill addresses Subpoenas, which, in this case, refers to the legal requirement of ISPs to provide evidence for an investigation. Following the amendments back to their source is also insightful. If you read carefully you can see how they use technicalities in related legal code to get what they want. The shocking takeaway is that they do not have to notify you “the subscriber” of any kind of investigation. They write about the need to ensure consumer privacy by putting the information in a safe place under the careful watch of “a government or state organization.” So this could be interpreted as a way of taking your private data and doing whatever they want with it since it will belong to an organization not under the same rules the govt has to play.
After her efforts to substantively alter the bill (to defang it or at least add oversight) were rejected, Rep. Zoe Lofgren proposed to rename the act to, "Keep Every American's Digital Data for Submission to the Federal Government Without a Warrant Act of 2011."
The main daily newspaper in San Francisco had a front page article trumpeting a "takedown" of a child porn ring. I commented online that this was an advertisement by the government to encourage surrendering our rights to "protect the children".
The reaction was pure hate for my posting because it was defending pedophiles (it wasn't). It felt like an angry mob that had nothing but revenge on its mind.
This is why the efforts to destroy all privacy will succeed. For the kids. Yeah, that's it.
The thing is, that takedown, an Ars Technica article about which was on the HN front page briefly last night, was accomplished without this heinous legislation. To my mind, that rather puts the lie to the need for such laws.
The reaction was pure hate for my posting because it was
defending pedophiles (it wasn't).
What do you except? It's sad to see that even usually decent and intelligent people devolve into frothing mobsters when you oppose something that's 'for the children', however ridiculous it may be. It becomes especially despicable when you see the content industry essentially stating that child pornography is a fabulous excuse to justify domain seizures, censorship and other completely outrageous measures to protect their failing business model[1].
It's pretty difficult (if not to say dangerous) to hold a position that's in opposition to such measures. Especially, as in my case, when one is of the opinion that it's not child pornography we should be fighting, but child abuse. The former is, for the most parts, a victimless crime (just look at what's consider child pornography today, it's absolutely ridiculous). I would even say that the holy crusade against child pornography obfuscates and hinders the fight against child abuse severely.
This practice is actually very common. If you can't tack your legislative piece on to some 'sure bet' bill you just name it something that no person would ever vote against.
Got a piece of legislation on drilling for oil in Alaska? Call it the 'Freedom from Terrorism act' and just like that. It's approved. No one reads the entire Bill, so the name is a HUGE part of the process.
I know it's a fairly common practice, but this is like an overly hyperbolic and exaggerated example you would give when describing the practice. A bit like saying "PATRIOT Act? What's next, the 'Protect our Children from Pornography' Act?" Apparently!
The fact that they actually went this far... I don't know whether to laugh or cry.
That's actually helpful levity when considering service offerings like this[1]:
DRDL interconnects control and data sessions of protocols like FTP. During the identification process DRDL aggregates detailed traffic properties like MIME-type, filename, chat channel and SIP caller ID. This granularity enables you not only to see the Xbox Live traffic, but rather the Xbox Live users who are playing Halo 3.
It's not clear whether use of a VPN/SSH would prevent this kind of traffic analysis, but an obfuscation daemon of some kind could surely be written.
While it's kind of interesting, I've never researched how networks like Freenet, or WASTE, etc deal with those issues (or, if they even address them at all).
This sounds vaguely familiar to the Data Retention Directive, already in place in several european countries.
If you ask me, it's bullshit. For the people that would be afraid of getting caught by this, they should know that it takes about 5 seconds to connect to a VPN and then you have bypassed it all together.
This means that the innocent will be watched, while the criminals smart enough just bypass it with ease.
I live in Norway, and the DRD (Data Retention Directive) will be activated July next year (I think). At that time, I will push all my traffic through a VPN. My 5 cents.
How does this affect services like Vyprvpn? Are they an "ISP"? Or is that a loophole so as long as you're using a VPN, you're save from government snoops?
Yes, in the sense that your ISP will still know your IP address (how could they not?) but won't know what you're doing. And the servers that know what you're doing won't know your IP address.
The quotation marks imply that the quoted text, which the entire remainder of the post is built on, is part of the bill. It's not, as far as I can tell. In fact, there's no requirement that resembles those described in any conceivable way. Assuming the version on the Library of Congress website [0] is current, the only section regarding record-keeping by ISPs requires them to keep track of customer IP address assignments for 18 months:
> A provider of an electronic communication service or remote computing service shall retain for a period of at least 18 months the temporarily assigned network addresses the service assigns to each account, unless that address is transmitted by radio communication (as defined in section 3 of the Communications Act of 1934).
The only interpretation I can come up with is that the linked post is a deliberate lie.
[0]: http://thomas.loc.gov/cgi-bin/query/z?c112:H.R.1981: