...members include representatives of AOL, Verizon, BellSouth and EarthLink.
Dean said she's not sure whether US data retention proposals being discussed are likely to mandate mere address recording or also require the storage of the contents of email messages and Web pages visited. A representative of one large ISP who did not want to be quoted expressed concern that content could be swept up into legislation — and cited the privacy and security risks of having such a massive data warehouse available.
Michigan Congressman Bart Stupak, who's the senior Democrat on the House oversight and investigations subcommittee, expressed scepticism about forcible data retention requirements in an interview on Thursday. He said he would not "be in a rush to support" data retention requirements and would rather see the private sector come up with a better solution.
"I'm against this child porn stuff, but at the same time, let's not further erode the rights of the American people," Stupak said. "That's what I'll be looking for. I'll be looking at [proposed laws] with a very close, constitutional eye as to the validity of the proposals... and I'd like to hear from private industry what they can do."
The European precedent
One question is how closely US proposals will follow those that Europe already has adopted. In December, the European Parliament approved a UK-backed requirement saying that communications providers in its 25 member countries — several of which had enacted their own data retention laws already — must retain customer data for a minimum of six months and a maximum of two years.
The Europe-wide requirement applies to a wide variety of traffic and location data, including the identities of the customers' correspondents; the date, time, and duration of phone calls, VoIP calls, or email messages; and the location of the device used for the communications. But the content of the communications is not supposed to be retained. The rules are expected to take effect in 2008.
According to a memo accompanying the proposed rules, European politicians approved the rules because not all operators of Internet and communications services were storing information about citizens' activities to the extent necessary for law enforcement and national security.
"These developments are making it much harder for public authorities to fulfil their duties in preventing and combating organised crime and terrorism, and easier for criminals to communicate with each other without the fear that their communications data can be used by law enforcement authorities to thwart them," the memo said.
Some US companies are so alarmed by this requirement that they've talked about scaling back their operations in Ireland, which boasts some of the region's most aggressive data retention laws. Joe Macri, managing director of Microsoft Ireland, told the Irish Times last month: "Irish legislation is going beyond what is required from an EU perspective and is going to put significant additional costs on businesses... While we respect and understand the needs and concerns of the law enforcement agencies, there is also a need to take personal privacy concerns and the broader needs of business into consideration."
Jim Harper, director of information policy studies at the free-market Cato Institute, was the member of the Homeland Security's Data Privacy and Integrity Advisory Committee who asked Chertoff about data retention last month.
In an interview this week, Harper warned that mandatory data retention may cause more harm than good. "The true criminals will go and use random Wi-Fi nodes where you can get anonymous access," he said. "You haven't done anything but increase surveillance of law-abiding citizens."
CNET News.com's Anne Broache contributed to this report.
Talkback
Data retention laws may be the wet dream of people sitting behind a desk running their part of the world on paper but in reality it's nothing but a burden that's begging for misuse and abuse by white board criminals and won't stand in the way of professional criminals and illegal "underground" activities it's intented to stop.
The signs are all there. It looks good on paper. It gives more power to those that already have power. It's an excuse why those in power failed to produce meaningfull results so far. Positive results underlining the succes of the project can be generated at will with no real way to proof or disproof such claims. Visa versa, claims from opponents that it isn't working can be waived away because hard evidence is lacking or very limited. And it's backed up by political correct statements the average person will agree to.
In reality however various safety guards are missing. I'm not buying the 'innocents have nothing to fear' retoric because the only way to be innocent nowedays is by a judge ruling. And that's after the investigations and trials. Until then the only thing standing between beeing "uninvestigated" and beeing "under investigation" is one memo from some ill advised or fanatic burocrat who has had some crash cources before becoming the "expert". And that's excluding possible hidden or personal agenda's.
Or did governments suddenly acquire a few thousand electronic forensic veterans overnight to research all those logs and come to the right conclusions? Or are we to believe that all the extra burdens that do not come cheap must be done to make life easier for a handfull of experts that maybe handle a few hundred cases each year?
And how exactly will log tampering be prevented? It's all electronic you see. Manipulated in the right way and a log will tell whatever a real expert wants it to say. Incriminating a person could become as easy as running a query or a script. Or installing a tailormade backdoor. Or high-jacking his/her cell phone. Not to mention the possibilities of finding out some of the more juicy details about someone's behavioural private life and using that to your own advantage. What's next? Retrain all IT administrators to become police agents working for the goverment? Or upload in real-time every log event everywhere to some centralized government data center? Or maybe take a deep breath, take a step back and rethink this data retention thing over?
It is abhorrent that we allow our politicians, supposedly there to serve us and paid by us, to set their employees to spy on the activities of the rest of us.
Where there is already evidence of criminal activity then the present UK system of a surveillance warrant being authorised by a magistrate is perfectly adequate.
It is when those highly paid politicians introduce such as this that I start to consider civil disobedience and anarchy are becoming not only justified but necessary.
But how can it be civil disobedience when we decide to disobey those we pay to serve us when they exceed themselves?