Internet Service Provider (ISP) snooping refers to proposed mandatory requirements in the United States to retain records of everything citizens do online. Archives of each individual’s online activities would be automatically retained for law enforcement in logs that would span up to two years. Only the oldest records would be purged at the end of the retainment period, while new online activities would continuously build the archives. The proposed requirement, known as data retention, is a controversial measure that opens the door to a host of concerns for ISPs and privacy advocates alike.
There are several models of data retention or ISP snooping that differ in how much data is actually retained. In the “address” model, basic address information is archived. This would include a date and time stamp of the Internet Protocol (IP) address assigned to each individual, email addresses the individual corresponded with, website addresses visited, chat rooms or newsgroups visited, and phone numbers of voice over IP (VoIP) calls made. This model would not necessarily retain the contents of the email messages, Web pages, or chat rooms.
Other models of ISP snooping call for a more robust approach of retaining not only address information, but content as well. This would include all email messages, webpage content viewed, chat room conversations, newsgroup conversations, VoIP and more. Regardless of the model, ISP snooping dictates what can arguably be described as an Orwellian-style online society where the government has essentially removed the word “private” from “private citizen.” Currently, ISPs do not retain logs beyond a short period of time, used only to maintain their services.
Aside from privacy issues, the sheer logistics of ISP snooping are significant. Concerned ISPs argue that the task of maintaining such huge archives is an unfair burden. Security concerns are also at question. Who exactly will have access to these databases? Moreover, if such archives are created, it is all but certain there will eventually be breaches. Does the potential downside, the loss of privacy, and the cost justify ISP snooping?
Proponents of ISP snooping include, among others, the Department of Justice, the Federal Bureau of Investigation (FBI), and U.S. Attorney General Alberto Gonzales. In mid-April 2006, it was widely reported that Gonzales claimed proposed data retention laws were necessary chiefly to catch child pornographers. Opponents responded by pointing to existing laws for dealing with illegal online activities, including child pornography. In the course of an investigation, law enforcement can request an ISP to preserve related logs for 90 days, while a simple subpoena is all that is required for IP information to identify an online suspect. It is also federal law that ISPs must report any known occurrences of child pornography to the National Center for Missing and Exploited Children.
Some weeks later, Gonzales shifted his earlier position, citing terrorism as the chief reason for data retention laws. Opponents argue that ISP snooping is an impractical counter-solution that further erodes the basic rights of law-abiding Americans in disproportionate measure to the stated goal. It also expands data mining potential exponentially and would unnecessarily create a mother-database too easily misused. Moreover, terrorists would likely take steps to avoid identification through data rention by using anonymous means such as Internet cafes, anonymous proxies, disposable mobile cards and other measures.
The European Union passed data retention laws in December 2005, slated to go into effect in 2008. ISP snooping in the United States is backed by the Bush administration and is getting some support in Congress. Organizations like the Electronic Privacy Information Center (EPIC), and the Center for Democracy in Technology (CDT) are opposed to ISP snooping.