The idea of data retention -- forcing Internet companies to keep track of what their customers are doing -- will probably be one of the biggest Politech topics of 2007. That's when the new Congress will convene and the FBI will resume its push for federal legislation. The groundwork is being laid right now. The International Association of Chiefs of Police endorsed the concept in a resolution, and FBI director Robert Mueller applauded them a few hours later: http://www.fbi.gov/pressrel/speeches/mueller101706.htm "Today, terrorists coordinate their plans cloaked in the anonymity of the Internet, as do violent sexual predators prowling chat rooms... Before we can catch these offenders, Internet service providers have unwittingly deleted the very records that would help us identify these offenders and protect future victims. We must find a balance between the legitimate need for privacy and law enforcement’s clear need for access. Your resolution on records retention passed this morning will help put us on the right path." Here's a timeline so far: http://news.com.com/2100-7348_3-6126877.html The IACP resolution follows (I converted it from a Word document, so the formatting isn't quite perfect). Note that data retention is being extended from ISPs to registrars and registries. Search engines have also been talked about as potential targets. -Declan --------------------- The International Association of Chiefs of Police Adopted at the 113th Annual Conference Boston, Massachusetts October 17, 2006 Support For Data Retention In Aid Of The Investigation Of Crimes Facilitated Or Committed Through The Use Of The Internet And Telephony-Based Communications Services Submitted by the Communications & Technology Committee WHEREAS, the lawful investigation of Internet data and telephonic communications has historically proven to be one of the most valuable tools available to law enforcement in identifying both the perpetrators and victims of crimes; WHEREAS, the Internet is global in nature, and as such, poses challenges when conducting multi-agency international investigations, including delays imposed when obtaining local and international legal process; WHEREAS, the IACP has previously noted in its Resolution of September 27, 2005 entitled “Support for Preservation of Access to Publicly Available Resources in Cyber Investigations, ” CT23.a05, that electronic forensic evidence is fleeting in nature, and law enforcement officials must obtain timely access to this information to fulfill law enforcement duties before the information is destroyed or otherwise becomes unavailable; WHEREAS, criminals use the anonymity and international nature of the Internet, and the fleeting nature of electronic evidence, to enhance their ability to victimize citizens and thwart law enforcement investigations; WHEREAS, publicly available “whois” databases containing information involving the allocation of Internet resources, such as Internet Protocol address space and domain names, are a critical tool used by law enforcement, but may not remain publicly available, which would severely hamper or eliminate the ability for law enforcement agencies to conduct investigations in a timely manner; WHEREAS, the failure of Internet access provider industry to retain subscriber information, and source or destination information for any uniform, predictable reasonable period, has resulted in the absence of data, which has become a significant hindrance and even an obstacle in certain investigations such as computer intrusion investigations and child obscenity and exploitation investigations, although law enforcement has generally acted expeditiously in processing lawful requests to Internet providers; WHEREAS, the migration in telephony from "toll service" to a nationwide or continental flat rate billing system has substantially eroded law enforcement’s ability to utilize lawful process to obtain telephone toll records historically critical to the identification, detection and prevention terrorist threat and the investigation of serious criminal conspiracies; WHEREAS, the effect of the lack of uniform retention periods of customer/subscriber records, and communication source and destination data in various industries and amongst various providers in the same industry has been to undermine law enforcement’s ability to predictably prioritize investigations or strategically assign resources to those investigations which are largely dependant upon the existence of such data, and; WHEREAS, the European Union addressed this problem in March 2006 by passing a Directive on Data Retention, Directive 2006/24/EC, requiring Member States to adopt laws to combat serious crime and terrorism by requiring the retention of customer information and communication source and destination information for a uniform minimum period, now, therefore, be it -‑ RESOLVED, that the IACP strongly urges national legislatures, the Internet administration and telephony communities, including regional Internet registries, the Internet Corporation for Assigned Names and Numbers, domain-name registries, domain-name registrars, Internet access and service providers and telecommunication providers to develop an appropriate but uniform data retention mandate for both the aforementioned Internet administration community and telephony service providers requiring the retention of customer subscriber information, and source and destination information for a minimum specified reasonable period of time so that it will be available to the law enforcement community, upon applicable legal process, to enhance public safety and prevent, deter or detect terrorists and criminals through the ability to investigate offenses facilitate by use of the Internet and telephony. FURTHER RESOLVED, that the IACP membership actively engage their respective governmental executive and legislative components, Internet administration, and telephony industry communities and coordinate their efforts to achieve the goal of providing consistent, equal, and uniform lawful access to the above-referenced resources for all of the law enforcement community. _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2.1.3 : Mon Oct 23 2006 - 23:17:17 PDT