July 27, 2011
Chairman Lamar Smith
U.S. House Judiciary Committee
2138 Rayburn House Office Building
Washington, DC 20515
Ranking Member John Conyers
U.S. House Judiciary Committee
2138 Rayburn House Office Building
Washington, DC 20515
Re: Sign on Letter in Opposition to Section 4 of H.R. 1981
Dear Chairman Smith and Ranking Member Conyers:
The undersigned groups write today to express our opposition to section 4 of H.R. 1981, the ―Protecting Children From Internet Pornographers Act of 2011.‖ We believe that any data retention mandate is a direct assault on bedrock privacy principles.
Section 4 of H.R. 1981 would impose sweeping new requirements on companies that provide internet access, forcing them for the first time to keep large volumes of records on their customers — impacting hundreds of millions of individuals who have no connection to the sexual exploitation of children whatsoever. The scope of this new requirement is very broad. Contrary to the title of the legislation, there nothing in the bill that would limit the use of these records to child exploitation cases. In fact, the records would involve all internet users everywhere and they would be available to law enforcement for any purpose.
This new mandate is a direct assault on the privacy of internet users. Temporarily assigned network addresses, also known as IP addresses, are the direct link between individuals and their online activity. In many ways, an IP address is similar to an individual’s name or other identifier online. Access to this information can allow anyone to determine the websites users visit and, consequently, what their interests are, where they bank, what online accounts they have.
For more than 40 years it has been a core privacy principle that records should only be created for a specific purpose and deleted as soon as that purpose is complete. But the data retention mandate of H. R. 1981 moves in exactly the opposite direction and creates a true slippery slope. If law enforcement officials are faced with the tempting prospect of access to such a vast treasure trove of private online records, they will be hard-pressed not to desire more retention of those records. And who could blame them? Some internet records – such as identifiers for email and other services – could be useful in criminal investigations – or they could more easily be irrelevant to any criminal investigation. Location information from cell phones could certainly provide help to law enforcement in many cases – but the vast majority of such data has no bearing on any crime. While any record could in theory be useful in nvestigating some crime somewhere the vast majority are simply the records on innocent Americans.
We live in an age where our devices and the way we use the internet are constantly generating records – what we read, where we go, who our friends are. If those records must always be saved for future use, they become a persistent and pervasive assault on our privacy and an irresistible temptation to law enforcement. That is why best practices in privacy demand the deletion of records as soon as they are no longer necessary – exactly the opposite of the mandate of H. R. 1981.
Existing laws are wholly insufficient in protecting against access to such records. As this Committee has recognized in previous hearings, the Electronic Communications Privacy Act (ECPA) has not been substantially updated since 1986, while the type and detail of records have increased dramatically since that time. The data retention mandate of H.R. 1981 would exacerbate ECPA’s problems, making records available and identifiable for even longer periods of time.
For all of these reasons, we urge the committee to withhold approval of H.R. 1981 in any form containing section 4 or any other data retention mandate.
Sincerely,
Advocacy for Principled Action in Government
American Booksellers Foundation for Free Expression
American Civil Liberties Union
American Library Association
Association of Research Libraries
Bill of Rights Defense committee
Center for Democracy & Technology
Center for Digital Democracy
Center for Financial Privacy and Human Rights
Center for Media and Democracy
Center for National Security Studies
Consumer Action
Consumer Federation of America
Consumer Watchdog
Council on American-Islamic Relations
Defending Dissent Foundation
Demand Progress
DownsizeDC.org, Inc.
Electronic Frontier Foundation
Electronic Privacy Information Center
Friends of Privacy USA
Liberty Coalition
Muslim Public Affairs Council
National Association of Criminal Defense Lawyers
National Workrights Institute
Patient Privacy Rights
Privacy Activism
Privacy Journal, Robert Ellis Smith, Publisher
Privacy Rights Clearinghouse
World Privacy Forum