In a move that will alarm anyone who cares about privacy, the U.S. Federal Bureau of Investigations (FBI) is once again pushing for Internet Service Providers (ISPs) to maintain archived logs of internet browsing history of customers, for a period of at least two years. The FBI asserts that doing so will enhance their capability to investigate criminal activity, such as the viewing, downloading, and distribution of child pornography.
At first glance, the FBI’s intentions seem justifiable, based on the current difficulties they must face when trying to trace down activity to a specific provider and customer. The idea is not a new one. In 2006, Robert Mueller, who still serves as the FBI Director, lobbied for the implementation of the same idea. Though it isn’t clear what the catalyst was for the current push, the agenda at a recent Online Safety and Technology Working Group meeting included input from Greg Motta, Chief of the FBI’s Digital Evidence Section, who again stressed the importance of initiating some type of formal action to ensure ISPs are federally required to comply with the initiative.
According to a February 5, 2010 CNET article by Declan McCullagh, actions could include ISPs being required to maintain records of technical information such as IP addresses, domain names, and associated URLs. The concern that many will have, though, is being certain how deep ISPs are required to delve and log into user activities. Unless the particulars are identified and presented to and approved by Congress, the potential exists to violate statutes of the current Federal Wiretap Act. Up to now, ISPs have remained reticent on the issue. More than likely, many are afraid of the customer backlash that would be directed toward them, instead of the FBI or another federal government entity. In any case, specific guidelines would be required to ensure access and export of data occurs only after the requesting law enforcement organization has established “just cause” and obtained a subpoena or search warrant.
Any network professional will tell you that logging all inbound and outbound traffic on Port 80, the primary one used for internet browsing, would require significant additions and upgrades to existing ISP network infrastructures. Add to that the necessity for the data’s storage and redundancy, and the task becomes even more monumental. Additionally, data collection may not be effective if customers utilize open source tools, such as Tor, or commercial services, like Megaproxy, to remain anonymous in their activities. The only thing certain at this point is that privacy groups are likely to mount a vigorous campaign to ensure the FBI’s initiative doesn’t actually become a reality.
Justin E. Gehrke is the founder and owner of Geek Shui Living. As a right and left-brained geek, he writes Tech articles for MWD and his own site Geek Shui Living. You can also follow his Tech commentary and random geek ramblings, via Twitter, at @GeekShui