Home page logo

interesting-people logo Interesting People mailing list archives

DoJ to Propose Major New Internet Controls
From: David Farber <dave () farber net>
Date: Sun, 23 Apr 2006 07:15:41 -0400

Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: April 23, 2006 2:51:05 AM EDT
To: dave () farber net
Cc: lauren () vortex com
Subject: DoJ to Propose Major New Internet Controls


In a speech a few days ago, Attorney General Gonzales announced DoJ
plans to send Congress new legislation to control "pornography" and
(apparently) ultimately to require activity log and other data
retention by Internet Services (in follow-up interviews, Google and
other search engines have been specifically discussed).

Gonzales is pitching this legislation using child abuse as the hook.
That is, he is arguing for tools to use against child abuse and
child pornography -- certainly a "third rail" issue these days where
virtually everyone will support enforcement efforts.

However, it's also clear that the DoJ seems to have no intention
of limiting such tools *only* to child-related areas.  The legislation
itself is currently titled:

  "Child Pornography and Obscenity Prevention Amendments of 2006"

A transcript of the Attorney General's speech is here:


Note this key quote:

   "This legislation will help ensure that communications providers
    report the presence of child pornography on their systems by
    strengthening criminal penalties for failing to report it.
    It will also prevent people from inadvertently stumbling across
    pornographic images on the Internet."

Requiring the reporting of child pornography on systems (when it is
known to exist) is something that few people would argue against,
obviously.  But let's examine the second sentence again:

   "It will also prevent people from inadvertently stumbling across
    pornographic images on the Internet."

This seems to be addressing the entire broad category of non-child
"pornography" (which of course can be defined in any number of ways
in different locales and contexts), and suggests a requirement (here
we go again!) for proactive ratings/controls (presumably ID or credit
card based for "offensive" materials) for all (U.S.) Web sites.  So
this isn't just about children, it's likely about broader government
controls over many U.S.-based Internet entities (of course, Gonzales
doesn't effectively address the issue of Web sites outside the

Gonzales goes a lot further in another quote:

   "The investigation and prosecution of child predators depends
    critically on the availability of evidence that is often in the
    hands of Internet service providers. This evidence will be
    available for us to use only if the providers retain the records
    for a reasonable amount of time. Unfortunately, the failure of some
    Internet service providers to keep records has hampered our ability
    to conduct investigations in this area.

    As a result, I have asked the appropriate experts at the Department
    to examine this issue and provide me with proposed recommendations.
    And I am going to reach out personally to the CEOs of the leading
    service providers and to other industry leaders to solicit their
    input and assistance.

    Record retention by Internet service providers consistent with
    the legitimate privacy rights of Americans, is an issue that must
    be addressed."

Again, we see that protecting children -- the goal that we all
support -- is being used as the raison d'etre to likely later
propose broad data retention requirements on all manner of Internet
services.  Ironically, this is occurring shortly after calls for
mandated data *destruction* legislation that arose in the wake of
the DoJ vs. Google records battle (where I strongly supported
Google's stance).  I predicted that this sequence would occur --
though it is happening even faster than I expected.

Record retention is a particularly risky area.  DoJ might be expected
to argue (as Gonzales implies) that such records would only be
demanded in cases involving children.  That's today's line.  But in
a general records retention environment, you cannot a priori retain
only the records related to child abusers whom you don't already
know about -- you must retain *everyone's* records.

While the criteria for records access might be child abuse today,
does anyone seriously believe that calls for access to user log data
will not massively expand over time, to the extent that such data is
available?  Of course it will.  If the data exists, all manner of
ostensibly laudable reasons for government digging through users'
Internet activities will be forthcoming.  And that will create a
wholly different kind of Internet, where ultimately our every action
on the Net may be subject to retroactive inspection.  The term
"slippery slope" is definitely applicable.

We need to see the specifics of legislation before detailed comments
will be possible.  But the handwriting is on the wall, and it does
not bode well for either Internet users or Internet-related services.

Lauren Weinstein
lauren () vortex com or lauren () pfir org
Tel: +1 (818) 225-2800
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org
Co-Founder, IOIC
   - International Open Internet Coalition - http://www.ioic.net
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com

You are subscribed as lists-ip () insecure org
To manage your subscription, go to

Archives at: http://www.interesting-people.org/archives/interesting-people/

  By Date           By Thread  

Current thread:
  • DoJ to Propose Major New Internet Controls David Farber (Apr 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]