[Politech] Data retention endorsed by International Association of Chiefs of Police [priv]

From: Declan McCullagh (declan@private)
Date: Mon Oct 23 2006 - 22:46:05 PDT

The idea of data retention -- forcing Internet companies to keep track 
of what their customers are doing -- will probably be one of the biggest 
Politech topics of 2007. That's when the new Congress will convene and 
the FBI will resume its push for federal legislation.

The groundwork is being laid right now. The International Association of 
Chiefs of Police endorsed the concept in a resolution, and FBI director 
Robert Mueller applauded them a few hours later:

"Today, terrorists coordinate their plans cloaked in the anonymity of 
the Internet, as do violent sexual predators prowling chat rooms... 
Before we can catch these offenders, Internet service providers have 
unwittingly deleted the very records that would help us identify these 
offenders and protect future victims. We must find a balance between the 
legitimate need for privacy and law enforcement’s clear need for access. 
Your resolution on records retention passed this morning will help put 
us on the right path."

Here's a timeline so far:

The IACP resolution follows (I converted it from a Word document, so the 
formatting isn't quite perfect). Note that data retention is being 
extended from ISPs to registrars and registries. Search engines have 
also been talked about as potential targets.



The International Association of Chiefs of Police

Adopted at the 113th Annual Conference
Boston, Massachusetts
October 17, 2006

Support For Data Retention In Aid Of The Investigation Of Crimes 
Facilitated Or Committed
Through The Use Of The Internet And Telephony-Based Communications Services
Submitted by the Communications & Technology Committee

WHEREAS, the lawful investigation of Internet data and telephonic 
communications has historically proven to be one of the most valuable 
tools available to law enforcement in identifying both the perpetrators 
and victims of crimes;
WHEREAS, the Internet is global in nature, and as such, poses challenges 
when conducting multi-agency international investigations, including 
delays imposed when obtaining local and international legal process;
WHEREAS, the IACP has previously noted in its Resolution of September 
27, 2005 entitled “Support for Preservation of Access to Publicly 
Available Resources in Cyber Investigations, ” CT23.a05, that electronic 
forensic evidence is fleeting in nature, and law enforcement officials 
must obtain timely access to this information to fulfill law enforcement 
duties before the information is destroyed or otherwise becomes unavailable;
WHEREAS, criminals use the anonymity and international nature of the 
Internet, and the fleeting nature of electronic evidence, to enhance 
their ability to victimize citizens and thwart law enforcement 
WHEREAS, publicly available “whois” databases containing information 
involving the allocation of Internet resources, such as Internet 
Protocol address space and domain names, are a critical tool used by law 
enforcement, but may not remain publicly available, which would severely 
hamper or eliminate the ability for law enforcement agencies to conduct 
investigations in a timely manner;
WHEREAS, the failure of Internet access provider industry to retain 
subscriber information, and source or destination information for any 
uniform, predictable reasonable period, has resulted in the absence of 
data, which has become a significant hindrance and even an obstacle in 
certain investigations such as computer intrusion investigations and 
child obscenity and exploitation investigations, although law 
enforcement has generally acted expeditiously in processing lawful 
requests to Internet providers;
WHEREAS, the migration in telephony from "toll service" to a nationwide 
or continental flat rate billing system has substantially eroded law 
enforcement’s ability to utilize lawful process to obtain telephone toll 
records historically critical to the identification, detection and 
prevention terrorist threat and the investigation of serious criminal 
WHEREAS, the effect of the lack of uniform retention periods of 
customer/subscriber records, and communication source and destination 
data in various industries and amongst various providers in the same 
industry has been to undermine law enforcement’s ability to predictably 
prioritize investigations or strategically assign resources to those 
investigations which are largely dependant upon the existence of such 
data, and;
WHEREAS, the European Union addressed this problem in March 2006 by 
passing a Directive on Data Retention, Directive 2006/24/EC, requiring 
Member States to adopt laws to combat serious crime and terrorism by 
requiring the retention of customer information and communication source 
and destination information for a uniform minimum period, now, 
therefore, be it -‑
RESOLVED, that the IACP strongly urges national legislatures, the 
Internet administration and telephony communities, including regional 
Internet registries, the Internet Corporation for Assigned Names and 
Numbers, domain-name registries, domain-name registrars, Internet access 
and service providers and telecommunication providers to develop an 
appropriate but uniform data retention mandate for both the 
aforementioned Internet administration community and telephony service 
providers requiring the retention of customer subscriber information, 
and source and destination information for a minimum specified 
reasonable period of time so that it will be available to the law 
enforcement community, upon applicable legal process, to enhance public 
safety and prevent, deter or detect terrorists and criminals through the 
ability to investigate offenses facilitate by use of the Internet and 
FURTHER RESOLVED, that the IACP membership actively engage their 
respective governmental executive and legislative components, Internet 
administration, and telephony industry communities and coordinate their 
efforts to achieve the goal of providing consistent, equal, and uniform 
lawful access to the above-referenced resources for all of the law 
enforcement community.

Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)

This archive was generated by hypermail 2.1.3 : Mon Oct 23 2006 - 23:17:17 PDT