Right this moment, your Internet service provider is almost certainly aware you are reading this article. If the Department of Justice gets its way, that ISP will make a note of that fact and keep it on file until 2013.
At the moment whether that happens — and for how long — is a matter of individual ISP policy. In Congressional testimony this week, the DoJ said it was time for a mandatory requirement for ISPs to hold on to data, suggesting a minimum period of two years.
The department’s Jason Weinstein said that in many cases such data was the only evidence in cases of online crimes, citing an investigation into the trade in child abuse imagery where potentially crucial records had been deleted by the ISP in 19 percent of cases.
Clearly anticipating the ensuing criticism, Weinstein even argued that the move could help boost privacy — by making it easier to prove the crimes of those who illegally accessed private data.
Not surprisingly, that doesn’t convince the Electronic Frontier Foundation, which says “A legal obligation to log users’ Internet use, paired with weak federal privacy laws that allow the government to easily obtain those records, would dangerously expand the government’s ability to surveil its citizens, damage privacy, and chill freedom of expression.”
It also suggests such records could be open to abuse in civil cases with lawyers demanding access to the data, for example in a divorce case.
The idea doesn’t seem to be finding much favor with ISPs either: the head of one industry association is quoted as saying it would bring “legal, technical and practical challenges.”
Whether Congress will take any notice remains to be seen, though it’s notable that the chairman of the committee that heard the DoJ testimony has previously attempted to introduce legislation that would do exactly what the department is asking for, right down to the two year limit.