Crossposted at burn after writing
Rep. Lamar Smith (R-TX) is back with a new anti-privacy bill that's been on the radar of civil liberties organizations for several months now, though it hasn't yet received much attention in the mainstream media. He introduced H.R. 1981, euphemistically the "Protecting Children from Internet Pornographers Act of 2011" back in May 2011 and on July 28, 2011 it was passed onto the floor by the House Judiciary Committee where it is currently awaiting action.
The ACLU explains the ostensible purpose behind the proposed bill as well as the current privacy-related problems with the amended version:
The bill, HR 1981, the "Protecting Children From Internet Pornographers Act of 2011," – if only it were that narrow! – is a direct assault on the privacy of Internet users and overlooks some key fixes that could actually help to address the very real problem of child exploitation.
The bill requires Internet companies to log all temporarily assigned network addresses, also known as IP addresses, for a minimum of one year. IP addresses directly link individuals to their online activity and can reveal very private information about everything from health concerns to political interests. And once all of this personal information about innocent Americans is collected, it would be available to law enforcement for any purpose.
Broad immunity provisions for companies in the bill also threaten to undermine state data breach laws and data security protections as well as potentially immunize companies against tort and other claims. At a time when high profile data breaches are daily news stories and identity theft is widespread, this provision seems ill-considered at best.
The bill also ignore steps recommended by the Government Accountability Office to make child exploitation investigations more effective, including devoting more resources to forensic analysis of computers and better coordination between law enforcement agencies.
The Electronic Frontier Foundation had this to say back when the bill was voted out of Committee:
Despite serious privacy concerns being voiced by both Democratic and Republican leaders and by thousands of digital rights activists using EFF's Action Center, this afternoon the House Judiciary Committee voted 19 to 10 to recommend passage of H.R. 1981. That bill contains a mandatory data retention provision that would require your Internet service providers to retain 12 months' worth of personal information that could be used to identify what web sites you visit and what content you post online. EFF had previously joined with 29 other civil liberties and consumer privacy groups in signing a letter to the Committee members that condemned the bill as a "direct assault on the privacy of Internet users."
They note that the bill would "treat every internet user like a criminal and threaten the online privacy and free speech rights of every American[.]" The bill goes far beyond SOPA/PIPA. It is being called "Orwellian" both for its name - which has absolutely nothing to do with keeping children away from porn and everything to do with intruding into Americans' privacy rights - and for the fact that it would allow the government to view a lot more of your daily activities than they've ever been legally allowed access to. It actually mandates that internet service providers keep a database of everything you do online and hand it over to the government when they want to see it.
It's a very broad and sweeping proposal:
This is serious threat to our privacy. The ACLU has long been concerned about companies that follow us around the web and track our viewing habits for the purposes of advertising. They use this tracking to build personal profiles about us that can be widely shared. Forcing companies to retain data for long periods would bolster this practice. It would also make it much easier for the government to track everything we do online. No company would be able to promise not to record your visit — that would be barred by law. Respect for your anonymity online would be a thing of the past.
The legislation applies to a broad swath of internet sites and services. It would include all email providers (Gmail, Yahoo, Hotmail), all cloud computing services (Google-web based services like Picasa and Google Docs), all social networking sites and a whole lot more. In layman's terms, the bill applies to every site that allows you to communicate with others or stores or processes your data — almost everybody.
Aside from the problems with civil liberties and privacy, there is the issue of cost to private businesses. In pushing strongly for this bill's enactment, Rep. Smith and his 39 cosponsors are asking the government to impose a de facto tax on businesses in order for the provisions to be enforced (to the extent that the provisions of a bill of this magnitude could be enforced):
More recently, Rep. Lamar Smith (R-TX) has fast-tracked H.R. 1981, commonly known as “Protecting Children From Internet Pornographers Act of 2011,″ a title rich with pathos and seemingly morally impregnable, though it will actually mandate tech companies and Internet Service Providers (ISPs) create massive user data bases to be made available to the U.S. government.
As noted by The Center for Democracy and Technology (CDT) in its report “Compliance with a Data Retention Mandate – Costs Will Skyrocket with Trends in Internet Addressing,” the data retention policy contained in the bill is troubling, not only because of privacy and civil liberty concerns, but because of the immense costs that will be levied upon tech companies and ISPs to create the Orwellian databases.
It’s rather odd that a Republican such as Rep. Smith would place such a financial burden on the tech business sector, which would create a de facto internet tax on their operations. Indeed, the operating costs have long been a barrier to this legislation, which was originally introduced six years ago by Rep. James Sensenbrenner (R-WI), a porcine slime ball if there ever was one.
The bipartisan Congressional Budget Office took note of the private sector costs:
CBO estimates that the total costs to private entities of the mandates in the bill would exceed the annual threshold established in UMRA for private-sector mandates ($142 million in 2011, adjusted annually for inflation). According to data from the Census Bureau, there are approximately 3,000 providers of electronic communications services. Based on information from industry experts and data technology professionals about current practices and the cost to design and install the data systems that would be required by the bill, CBO estimates that the aggregate cost of this mandate to the private sector would be more than $200 million.
The one thing it doesn't do is protect children from internet pornography. [It's very difficult for me to avoid making a "That would be socialism!" joke here.]
It really seems like extreme overreach from our 'small-government conservatives' in Congress. They are mandating yearlong recording of our computer records, taxing our businesses, ignoring responsible and effective ways to investigate the exploitation and abuse of children and imposing their own will on the populace under the guise of "protecting children."
But there is some hope - while this may be a bad bill, it's not the only option:
There is an alternative: Sen. Ron Wyden (D-Ore.) has been a leader in ensuring an open Internet. Last March, Wyden introduced a bill that would protect children from sex trafficking and support victims of sex crimes. The bill does not, however, require the tracking of individuals' online activity or financial transactions, essentially making it a safer alternative to the Protecting Children From Internet Pornographers Act.
Known as the Domestic Minor Sex Trafficking Deterrence and Victims Support Act, it has 12 sponsors but has been tied up for months in the Senate Judiciary Committee.
If we need potentially ineffective laws for absolutely everything we may be afraid of, we should at least make sure it's the less intrusive bill that becomes law.