Last December, an anti-child pornography bill co-authored by House Judiciary Committee Chairman Lamar Smith (R - Texas) and Democratic National Committee Chair Debbie Wasserman-Schultz (D - Fla.) passed the markup phase and was referred to the House floor. Though the bill's chief provision is to enable law enforcement authorities to arrest and prosecute entities that knowingly provide financial transaction services to child pornographers, the bill would also require Internet service providers to maintain records of the IP addresses they lease to their customers, for no less than 12 months (18 as originally drafted).
In the wake of the historic failure in the House of the Stop Online Piracy Act, which was co-authored by Rep. Smith and sponsored by Rep. Wasserman-Schultz, a newly empowered, and enlarged, wave of protesters aims to stop any bill that would leverage popular sentiment to force ISPs to retain customer data for use by government.
The portion of H.R. 1981 that's drawing criticism would, like SOPA, assign ISPs the responsibility of intelligence gathering. Section 4(a) would insert this language into USC 18(h)(1):
A commercial provider of an electronic communication service shall retain for a period of at least one year a log of the temporarily assigned network addresses the provider assigns to a subscriber to or customer of such service that enables the identification of the corresponding customer or subscriber information under subsection (c)(2) of this section... Access to a record or information required to be retained under this subsection may not be compelled by any person or other entity that is not a governmental entity.
Missing from this bill is any type of mechanism for law enforcement agencies to seek a court order. Instead, H.R. 1981 uses very broad language to open up the ISP's database of subscriber information to "a governmental entity." Such language refrains even from restricting access to law enforcement entities.
In a statement to the press at the time the bill was introduced last July, Rep. Smith characterized the omission of a court order provision in the bill as a feature, going so far as to suggest that, in the course of conducting investigations against suspected child pornographers, courts tend to merely get in the way.
"H.R. 1981 enables law enforcement officials to successfully locate and prosecute those who want to hurt our children," Smith stated. "Often, the only way to identify a pedophile who operates a Web site or exchanges child pornography images with other pedophiles is by an Internet Protocol address. Law enforcement officials must obtain a subpoena and then request from the Internet Service Provider the name and address of the user of the IP address. Unfortunately, Internet Service Providers regularly purge these records, making it difficult if not impossible for investigators to apprehend child pornographers on the Internet. H.R. 1981 directs ISPs to retain Internet Protocol addresses to assist federal law enforcement officials with child pornography and other Internet investigations."
Although the bill itself does not mention the possibility of extending the database to "other Internet investigations" by "a government entity," the American Civil Liberties Union pounced on the proposed legislation immediately. It also suggested that the creation of the database itself may give ISPs a green light to do something it says they've been wanting to do anyway: track and profile Web users' habits.
As the Union's Christopher Calabrese wrote, "The ACLU has long been concerned about companies that follow us around the Web and track our viewing habits for the purposes of advertising. They use this tracking to build personal profiles about us that can be widely shared. Forcing companies to retain data for long periods would bolster this practice. It would also make it much easier for the government to track everything we do online. No company would be able to promise not to record your visit - that would be barred by law. Respect for your anonymity online would be a thing of the past."
But one other potential defect of the bill as written - which, amid the less technical issues, may have been missed - has to do with IP addresses themselves. There's considerable legal precedent supporting the principle that an IP address cannot be used to identify a person. It may be used to identify a computer used by a person. Or it could identify a phone, or more often these days, a proxy that the very class of subjects the bill would target might use to anonymize their online sessions. Conceivably, a defendant could argue, with plenty of evidence to back him up, that an IP address is not enough to link an Internet session with a person.
At any rate, this afternoon the advocacy group Demand Progress reports that an online petition for opponents of H.R. 1981 has garnered over 70,000 signatures thus far. The petition cites a statement from Rep. John Conyers, Jr. (D - Mich.), which reads, "The bill is mislabeled. This is not protecting children from Internet pornography. It's creating a database for everybody in this country for a lot of other purposes."
Photo credit: Shutterstock Images