August 2, 2011
How The New ‘Protecting Children’ Bill Puts You At Risk
By Violet Blue | August 1, 2011, 11:37pm PDT
Violet Blue is a Forbes Web Celeb, SF Appeal contributor, a high-profile tech personality and one of Wired's Faces of Innovation. She is regarded as the foremost expert in the field of sex and technology, a sex-positive pundit in mainstream media (MacLife, Forbes.com, The Oprah Winfrey Show, others) and is regularly interviewed, quoted and featured prominently by major media outlets (from ABC News to the Wall Street Journal). A published feature writer and columnist, Violet also has many award-winning, best-selling books; her books are featured on Oprah's website. She was the notorious sex columnist for the San Francisco Chronicle. She headlines at conferences ranging from ETech, LeWeb and SXSW: Interactive, to Google Tech Talks at Google, Inc. The London Times named Blue one of the 40 bloggers who really count.
The Republican-majority sponsored bill is called the Protecting Children From Internet Pornographers Act of 2011 .
It has nothing to do with pornography, and was opposed by over 30 civil liberties and consumer advocacy organizations, as well as one brave indie ISP that is urging its customers to do everything they can to protest the invasion of privacy.
“Protecting Children” forces ISPs to retain customer names, addresses, phone numbers, credit card numbers, bank account numbers, and dynamic IP addresses.
It’s like having your wallet plus the web sites you visit tracked and handed over on request. These logs are now going to be retained for the scope of one and a half years.
(I have to wonder if ISPs can sell this data, too.)
This has nothing to do with porn. In case you’re like the Reps that passed this nightmare and you’ve forgotten: pornography is legal in the United States.
It is pedophilia that is illegal. But for the sake of harnessing hysteria to get a bill passed, clearly these particular Republicans find it convenient to conflate “pornographers” as pedophiles. Last time I checked in on the matter, pedophiles did not operate within the laws surrounding adult pornography.
Personally, I’m insulted as a porn-loving American girl to be included by way of consumer participation in this disgusting and misleading characterization. And that my privacy has just been sold for something that doesn’t actually help the children.
I don’t feel confident that treating us all like the criminals our system can’t catch is going to protect any children, especially when the people who passed the bill can’t – or won’t – distinguish the difference between legal adult pornography and pedophilia.
CNET’s Declan McCullagh reminds us that “the mandatory logs would be accessible to police investigating any crime and perhaps attorneys litigating civil disputes in divorce, insurance fraud, and other cases as well.” CNET reported that mandatory data retention was being fast-tracked in January, 2011.
The fact that civil litigants could subpoena your internet activity and the contents of your wallet has nothing to do with the labeled and stated purpose of this bill.
“The bill is mislabeled,” said Rep. John Conyers of Michigan, the senior Democrat on the panel. “This is not protecting children from Internet pornography. It’s creating a database for everybody in this country for a lot of other purposes.”
The Electronic Frontier Foundation spearheaded consumer and privacy groups’ opposition to the bill and hosted a one-click letter-writing campaign . This included the ACLU, the Bill of Rights Defense Committee, Patient Privacy Rights and many more.
Because of the way the bill requires information to be collected and stored, the EFF called the bill “ripe for abuse by law enforcement officials” and said that because the laws designed to protect the private data of consumers from government access are insufficient and out-of-date, it creates “a perfect storm for government abuse.”
Small ISPs Are Ringing The Alarm
While consumer groups opposed it and tech news outlets I trust are spelling out concerns, it was when my own ISP made a blog post that it was clear that this bill isn’t just a problem for privacy proponents.
Today we retain most IP allocation logs for just two weeks; we don’t need them beyond that period, so they are deleted. Storing logs longer presents an attractive nuisance, and would potentially make our customers the target of invasions of privacy.
Any lawyer can simply file a Doe lawsuit, draft up a subpoena and request a customer’s identity. It’s far too easy.
Do the wheels of justice – or investigation – move too slowly, and should data be retained for a long time to allow for legitimate investigation? No, there are already tools in place that law enforcement can easily use to ask ISPs to preserve log information of real online criminals.
The 1996 Electronic Communication Transactional Records Act allows law enforcement to require an ISP to keep data for 90 days upon law enforcement request, giving time for a legitimate search warrant to be reviewed by a judge and issued.
The CEO points out that because the bill applies to commercial providers, naturally it won’t catch people pursuing criminal activity, who can simply use public Wi-Fi.
Or 4G wireless, such as through a cell carrier.
Lifehacker points this out in What You Need to Know About the Internet Snooping Bill (and How You Can Protect Yourself) :
One nice feature of the PCFIPA of 2011 bill is that it doesn’t include cellular data, so if you’ve thought about switching to 4G wireless data at home you’ll soon have another reason.
That’s right: wireless carriers are exempt from having to store all your data and provide it on notice. This is likely because unlike small ISPs such as Sonic, wireless carriers lobbied the bill authors to get out of it .
The Department of Justice fought against the mobile exemption .
Obviously if someone is going to distribute pedophilia they could do it over a 4G wireless card just as easily as their DSL account, so in a certain context, the wireless carriers have lobbied their way out of the cost burden.
That also makes this bill anti-small business, because smaller ISPs like Sonic have to bear the costs, while Verizon and friends, don’t.
I think that ultimately, the ones bearing the true costs will be us.
And don’t give me that ‘if you’re not doing anything wrong you shouldn’t worry’ line. It’s as ripe as Congressman Weiner’s old line, ‘my account was hacked.’