...the Davos economic forum, were part of Mueller's support of harmonising national laws dealing with computer crime.
Neither the FBI nor Homeland Security responded to a request for comment late last week.
Agitation by state investigators
Federal politicians also are being lobbied by state law enforcement agencies, which say strict data retention laws will help them investigate crimes that have taken place a while ago.
Sergeant Frank Kardasz, head of Arizona's Internet Crimes Against Children Task Force, surveyed his colleagues in other states last month asking them what new law would help them do their jobs. "The most frequent response involved data retention by ISPs," Kardasz told ZDNet UK sister site CNET News.com in an email message on Thursday.
Because IP addresses remain a relatively scarce commodity, ISPs tend to allocate them to customers from a pool based on when the connection is actually in use. (Two standard techniques used are the DHCP and PPPoE.)
Police typically rely on subpoenas to find which customer was assigned which Internet address. "When subscriber information is not preserved by the ISPs the investigation dead-ends," said Kardaz, who has testified before Whitfield's subcommittee. "Ideally, we would like to have ISPs preserve subscriber information for one year."
Flint Waters, head of the Wyoming's Internet Crimes Against Children task force, also is pressing for federal data retention laws. He's interested in mandating records of who used what Internet address — not content such as chat conversations, email messages, and so on.
"Individuals will activate their Webcam when they're abusing a child and they'll record the sexual assault live, and it may be 45 days before law enforcement finally gets notified," Waters said. "We reach out to service providers and they say they don't maintain those records, so the child remains in that environment, and there's nothing we can do to help them."
Waters said that Comcast was unable to help police in an investigation dealing with the rape of a 2-year-old child because logs are routinely deleted as is standard business practice. "We'd like to see one year minimum" for data retention, Waters said. "Two years would be even better."
Comcast did not take a position on data retention laws when asked on Thursday. But Jeanne Russo, a Comcast spokeswoman, said: "Comcast is horrified by any act of violence inflicted upon a child and takes this issue very seriously. Comcast promptly processes and responds to valid legal and law enforcement requests according to law and as described in our applicable privacy policy."
Colorado's legislature is considering an amendment to a bill dealing with sex offenders.
The amendment, sponsored by state Senator Ron Tupa, a Democrat, requires Internet providers to "maintain, for at least 180 days after assignment, a record of the Internet protocol address" assigned to each customer. Violations can be punished by fines of up to $10,000 per incident.
"Preservation" vs. "Retention"
At the moment, ISPs typically discard any log file that's no longer required for business reasons such as network monitoring, fraud prevention or billing disputes. Companies do, however, alter that general rule when contacted by police performing an investigation — a practice called data preservation.
A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It requires Internet providers to retain any "record" in their possession for 90 days "upon the request of a governmental entity."
In addition, Internet providers are required by another federal law to report child pornography sightings to the National Centre for Missing and Exploited Children, which is in turn charged with forwarding that report to the appropriate police agency.
That pair of laws — coupled with Internet providers' willingness to cooperate when a child is being harmed — has created a system that works today, says Kate Dean, director of the US Internet Service Provider Association.
"Law enforcement has not demonstrated that the absence of mandatory data retention is detrimental to the public interest," said Dean, whose board...
Talkback
Data retention laws may be the wet dream of people sitting behind a desk running their part of the world on paper but in reality it's nothing but a burden that's begging for misuse and abuse by white board criminals and won't stand in the way of professional criminals and illegal "underground" activities it's intented to stop.
The signs are all there. It looks good on paper. It gives more power to those that already have power. It's an excuse why those in power failed to produce meaningfull results so far. Positive results underlining the succes of the project can be generated at will with no real way to proof or disproof such claims. Visa versa, claims from opponents that it isn't working can be waived away because hard evidence is lacking or very limited. And it's backed up by political correct statements the average person will agree to.
In reality however various safety guards are missing. I'm not buying the 'innocents have nothing to fear' retoric because the only way to be innocent nowedays is by a judge ruling. And that's after the investigations and trials. Until then the only thing standing between beeing "uninvestigated" and beeing "under investigation" is one memo from some ill advised or fanatic burocrat who has had some crash cources before becoming the "expert". And that's excluding possible hidden or personal agenda's.
Or did governments suddenly acquire a few thousand electronic forensic veterans overnight to research all those logs and come to the right conclusions? Or are we to believe that all the extra burdens that do not come cheap must be done to make life easier for a handfull of experts that maybe handle a few hundred cases each year?
And how exactly will log tampering be prevented? It's all electronic you see. Manipulated in the right way and a log will tell whatever a real expert wants it to say. Incriminating a person could become as easy as running a query or a script. Or installing a tailormade backdoor. Or high-jacking his/her cell phone. Not to mention the possibilities of finding out some of the more juicy details about someone's behavioural private life and using that to your own advantage. What's next? Retrain all IT administrators to become police agents working for the goverment? Or upload in real-time every log event everywhere to some centralized government data center? Or maybe take a deep breath, take a step back and rethink this data retention thing over?
It is abhorrent that we allow our politicians, supposedly there to serve us and paid by us, to set their employees to spy on the activities of the rest of us.
Where there is already evidence of criminal activity then the present UK system of a surveillance warrant being authorised by a magistrate is perfectly adequate.
It is when those highly paid politicians introduce such as this that I start to consider civil disobedience and anarchy are becoming not only justified but necessary.
But how can it be civil disobedience when we decide to disobey those we pay to serve us when they exceed themselves?