I am not a lawyer; I am a person that can read something that is written in the English language, and considered by some to be a "reasonable man". So please don't consider this to be legal advice. Also, although I am posting from a Cisco account, this note represents my understanding based on a reading of the text of the bill, not an opinion of or advice by Cisco. Further, I do not represent myself as either for or against the legislation or the implied technology. I have opinions on all that, but I'll save them for another email. #include <any other disclaimers that are important> The text of the bill, which is in committee, is at http://www.govtrack.us/congress/billtext.xpd?bill=s111-436 . Read the text of the bill before continuing with my comments on it or on Declan's article. Most of the bill is about defining "child pornography", such as " inserting ‘1466A (relating to obscene visual representation of the abuse of children),’ before ‘section 1708’", or about changing penalties. Data retention is discussed in section 5:
SEC. 5. RETENTION OF RECORDS BY ELECTRONIC COMMUNICATION SERVICE PROVIDERS. Section 2703 of title 18, United States Code, is amended by adding at the end the following: ‘(h) Retention of Certain Records and Information- A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user.’.
In context, this is about providers of a service. BTW, it doesn't talk about *creating* a record that doesn't exist, it talks about *retaining* records that have already been created, such as billing records or other records that would support billing and maintenance. IANAL, so run this by your lawyers, but a provider of a service is in the FCC definitions someone that sells a service to random purchasers, not someone that provides communications to his own employees, students, or family members. This came up during the discussion by the FCC about lawful intercept and what constituted a network that had to implement it several years ago. This is confirmed, says the "reasonable man", by the definition of the offense in Section 3:
‘(a) Offense- Whoever, being an Internet content hosting provider or email service provider, knowingly engages in any conduct the provider knows or has reason to believe facilitates access to, or the possession of, child pornography (as defined in section 2256) shall be fined under this title or imprisoned not more than 10 years, or both.
Note the lack of reference to home routers, wireless in any form, or any of the other stuff Declan mentions in his article:
(CNET) -- Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations.
I would ask you, how many local coffee shops or hotels that you know of operate their own Internet access? How many instead contract with T- Mobile or some other provider? Since the billing record is done with the provider (you somehow pay a bill to T-Mobile-or-whoever for use of the wifi and you identify yourself to them at the time you access the service), whom would you expect might be required to "retain" those records? I would also be a trifle careful with Declan's repeated references to the party of the person who submitted the bill. The bill is, or at least looks like, enabling legislation required by the Cybercrime Treaty (http://tinyurl.com/6m9ey, Article 20 of which calls for what is now called "Data Retention"), and is pretty much in line with the current EU directive on the topic (http://tinyurl.com/2maatj). Both major parties in the US have been on deck during the negotiation of the CyberCrime Treaty, and whatever your opinion of it might be, this bill is in line with Obama campaign promises and actions as president as I understand them. I personally tend to ignore stuff written by Declan. It requires too much work to drill through the political activism and sensationalism- portrayed-as-journalism to find the germ of truth that inspired the article. On Feb 25, 2009, at 7:06 AM, Jim Willis wrote:
After having a brief conversation with a friend of mine over the weekend about this new proposed legislation I was horrified to find that I could not dig anything up on it in NANOG. Surely this sort of short minded legislation should have been a bit more thought through in its effects on those that would have to implement these changes. My major concern is not just for myself but for a much broader picture.
"Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations."
http://www.cnn.com/2009/TECH/02/20/internet.records.bill/index.html
I understand and agree that minors should be protected and I think child pornography is awful, however I think how the government is going about catching these criminals with this new legislation will not really be any more efficient than there current methods. Having a log of all IP's that come across my or anyone in America's "home" Wi-Fi for two years is not going to help "police investigations" but will cause me to have to go buy a more expensive router.
So I'm just wondering, how would this legislation effect some of you on the NANOG list?
-Jim