Discovery Institute
disco-tech | Discovery Institute's Technology Blog: Data retention Archives

April 6, 2014
Can NSA Force Telecom Companies To Collect More Data?

Recent reports highlight that the telephone meta-data collection efforts of the National Security Agency are being undermined by the proliferation of flat-rate, unlimited voice calling plans. The agency is collecting data for less than a third of domestic voice traffic, according to one estimate.

It's been clear for the past couple months that officials want to fix this, and President Obama's plan for leaving meta-data in the hands of telecom companies--for NSA to access with a court order--might provide a back door opportunity to expand collection to include all calling data. There was a potential new twist last week, when Reuters seemed to imply that carriers could be forced to collect data for all voice traffic pursuant to a reinterpretation of the current rule.

While the Federal Communications Commission requires phone companies to retain for 18 months records on "toll" or long-distance calls, the rule's application is vague (emphasis added) for subscribers of unlimited phone plans because they do not get billed for individual calls.
The current FCC rule (47 C.F.R. � 42.6) requires carriers to retain billing information for "toll telephone service," but the FCC doesn't define this familiar term. There is a statutory definition, but you have to go to the Internal Revenue Code to find it. According to 26 U.S.C. � 4252(b),
the term "toll telephone service" means--

(1) a telephonic quality communication for which

(A) there is a toll charge which varies in amount with the distance and elapsed transmission time of each individual communication...

Continue reading at Technology Liberation Front


December 8, 2009
Behavioral advertising: Poor excuse for regulation

With U.S. Rep. Rick Boucher (D-VA) and now the Federal Trade Commission holding hearings on privacy and online advertising, it seemed like a good time to visit the Google Privacy Center to see what categories Google believes I fall into based on my online behavior.

My interests were:

News & Current Events
That was it.

I could opt out of interest-based advertising or manage my ad preferences at the Google site, but, I figured, what's the point?

A Google representative told the New York Times that the Privacy Center pulls in tens of thousands of visitors each week. For every one person who opts out, four people change the categories they have fallen into, and 10 people do nothing, just look over the information on the site.

The same article quotes an academic who notes that some consumers do not understand behavioral advertising, and that "people are confused about which part of a Web page is advertising." So apparently the argument is regulation is justified because it would relieve some people of the responsibility to get educated.

But one of the chief problems with any regulation -- no matter how well-intentioned -- is the difficulty containing it. For example, "a number of parties have suggested it would be appropriate to extend these privacy rights as a consumer protection to the offline side as well," Rep. Boucher says.


February 15, 2007
Will data retention make our communities safe?

Legislation in the House of Representatives would require Internet service providers to store subscriber data specified by Attorney General Alberto R. Gonzales. The Attorney General would also get to decide how long the data would be stored. The bill, H.R. 837, provides:

SEC. 6. RECORD RETENTION REQUIREMENTS FOR INTERNET SERVICE PROVIDERS.

(a) Regulations- Not later than 90 days after the date of the enactment of this section, the Attorney General shall issue regulations governing the retention of records by Internet Service Providers. Such regulations shall, at a minimum, require retention of records, such as the name and address of the subscriber or registered user to whom an Internet Protocol address, user identification or telephone number was assigned, in order to permit compliance with court orders that may require production of such information.

(b) Failure To Comply- Whoever knowingly fails to retain any record required under this section shall be fined under title 18, United States Code, and imprisoned for not more than one year, or both.

Giving law enforcement the tools to protect our children and put creeps behind bars obviously sounds appealing. And I gather it polls very well in Republican suburbs, too. But as I have pointed out here, the real problem is inadequate prison terms for child molesters and the fact that, once released, child molesters have been allowed to evade registration and notification requirements. Data retention is an attempt to outsource the enforcement and supervision burden.

But it may not be as simple as some people hope. Criminals are learning that they can access municipal and private Wi-Fi networks anonymously, according to a report in the Washington Post:

With nearly 46,000 public access points across the country -- many of them free -- hundreds of thousands of computer users are logging on every day to wireless networks at cafes, hotels, airports and even while sitting on park benches. And although the majority of those people are simply checking their e-mail and surfing the Web, authorities said an increasing number of criminals are taking advantage of the anonymity offered by the wireless signals to commit a raft of serious crimes -- from identity theft to the sexual solicitation of children.

"We're not sure yet how to combat that," said Kevin R. West, a federal agent who oversees the computer crimes unit in North Carolina's State Bureau of Investigation. "Free wireless spots are everywhere, and it makes it easy for people . . . to sit there and do their nefarious acts. The fear is that if we talk about it, people will learn about it and say, 'I can go to a parking lot, and no one will catch me.' But we need to talk about it so that we can figure out how to solve it."

The way it works is simple: Anyone who has a wireless card installed in his or her computer -- and most new computers are equipped with one -- can access the Internet from any of the public WiFi "hotspots," as they're known. In an age of portability and instant gratification, getting online has never been easier -- for law-abiding folks and those with bad intentions.

And in especially dense areas such as the Washington region, some neighborhoods might offer users a dozen or more open wireless signals from which to choose.

The article, by Jamie Stockwell, which is here, includes the humorous anecdote of an elderly woman who innocently maintained one such network and had to answer for it.

So, in order for data retention to work, networks will have to be secure. Even the one in your home. There will have to be a law, you know.

Cities will have to modify their networks, as well, to record who accesses them and which web sites subscribers visit. One way would be to require pre-registration and access codes. Cities will incur administrative costs, but since they will know who their subscribers are, it would be easy to pass these costs along to the people who use the service (and who thought they were getting it for free).

Data retention seems extraordinarly unwise when you consider that it could impose significant costs on consumers, create opportunities for hackers and other criminals that we can't even imagine, magnify the devastation that trial attorneys and divorce lawyers can cause, not to mention the possibility for misuse by officials.


February 7, 2007
Data retention bill reintroduced

A proposal to require Internet service providers to preserve a complete record of customer online activities has been re-introduced in the House of Representatives.

Although a Justice Department spokesman recently said that certain safeguards would apply to protect the innocent ("The actual content that customers looked at on the Web will not be stored; all data will be stored by the companies, not the government; and the government will have access to the data only by current means, such as warrants and subpoenas"), the legislation says nothing about it.

SEC. 6. RECORD RETENTION REQUIREMENTS FOR INTERNET SERVICE PROVIDERS.

(a) Regulations- Not later than 90 days after the date of the enactment of this section, the Attorney General shall issue regulations governing the retention of records by Internet Service Providers. Such regulations shall, at a minimum, require retention of records, such as the name and address of the subscriber or registered user to whom an Internet Protocol address, user identification or telephone number was assigned, in order to permit compliance with court orders that may require production of such information.

(b) Failure To Comply- Whoever knowingly fails to retain any record required under this section shall be fined under title 18, United States Code, and imprisoned for not more than one year, or both.


The bill is entitled the "Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act (SAFETY) of 2007 (H.R. 837) and can be found here.

Dotted Divider Line





Contact Us
Discovery Institute Logo

Click here for additional contact information