EFF claims of "ISP Spying" in Internet Legislation HR 1981 are Baseless Scare Tactics

The Electronic Frontiers Foundation (EFF) is making hay about internet legislation HR 1981 – a bill that adds a money laundering crime to the books. They are claiming that this bill “Orders Internet Companies to Spy On You.”

https://secure.eff.org/site/Advocacy?cmd=display&page=UserAction&id=497

Well I don’t know who is running the EFF these days, but this is bunk. This is the relevant clause from the proposed legislation (which the EFF does not bother to link to).

`(h) Retention of Certain Records- A provider of an electronic communication service or remote computing service shall retain for a period of at least 18 months the temporarily assigned network addresses the service assigns to each account, unless that address is transmitted by radio communication (as defined in section 3 of the Communications Act of 1934).’.

http://thomas.loc.gov/cgi-bin/query/z?c112:H.R.1981:

I’ve run an ISP for 16 years and so have some insight as to what this means.

As you may know, the Internet uses numeric “IP Addresses” to define the endpoints of a communication. When most users log on to the Internet, they share a big pool of those IP Addresses with other users – you’re not all online at the same time, so this helps to share the scarce IP Address resources. For purposes of billing, security, and (yes) law enforcement, all Internet Providers (ISPs) keep a history of what user had what IP address at a given time.

Now, it’s important to understand the limits of this information. This information exists at your ISP only. It would be given to the government only under a court order such as a subpoena. The government does not automatically have access to this. My company has a strict privacy policy, as do most ISPs. If an ISP did give this information without a court order, they could be subject to prosecution under privacy laws, or sued for violation of their own user contracts.

The other thing that is important to understand, is that this does not tell the government what web sites you have been visiting. That information exists only in two places: on your computer (in your web browser history), and on the access logs of each individual web site you visit – that information is decentralized and distributed across thousands of computers on the Internet. The government would have to issue subpoenas to every web site in the world to try to reconstruct it. I can assure you that is not practical, and it has never been done. Thus EFF’s claim that this law “lets the government force ISPs to spy on you” is laughable, and grossly inaccurate.

A requirement that ISPs keep this information for 18 months facilitates law enforcement and to my mind is perfectly reasonable. Given the facts above, it can be time consuming for law enforcement to track down actual criminal activity on the Internet. 18 months is not burdensome. (Some previous versions of this same requirement in other legislation were for 5 years).

My conclusion is that the EFF has been taken over by folks who happily hyperventilate and attempt to scare people into doing their bidding. It’s sad.

So, don’t contribute to the scare!

Now, there may be valid reasons to oppose this bill – the bill creates a new Federal crime of “Financial facilitation of access to child pornography”, with hooks in the money laundering code. This may or may not be a good idea. But let’s at least oppose the bill for the right reasons – for real reasons – and not unfounded scare-tactics.