To aid investigations into terrorism and pornography
WASHINGTON/NEW YORK – The Federal Bureau of Investigation wants U.S. Internet providers to retain Web address records for up to two years to aid investigations into terrorism and pornography, a source familiar with the matter said.
The request came during a May 26 meeting between U.S. Attorney General Alberto Gonzales and FBI Director Robert Mueller with top executives at companies like Google Inc., Microsoft Corp. and Time Warner Inc.’s AOL.
"I think there is less of a willingness to passively go along with this type of request than there might have been a year ago," said the source, mentioning the recent uproar over a report that telephone companies had provided call records to the National Security Agency.
A Justice Department spokesman confirmed the meeting but was not immediately available to comment on how long law enforcement officials wanted the records retained.
"This meeting was an initial discussion for the Attorney General to gather information and to solicit input from Internet service provider executives on the issues associated with data retention," said spokesman Brian Roehrkasse.
The source, who spoke on condition of anonymity, said Gonzales presented blurred images of child pornography and explained why he thought retaining data was important to those investigations. At issue was Internet protocol addresses.
When one industry executive questioned how long the government wanted the records kept, Mueller said for two years and that the data would also be used for anti-terrorism purposes, said the source.
The Justice Department has tangled before with Internet companies over gaining access to records, subpoenaing search data from Google to defend an online pornography law. The government cut the size of its demand and Google acquiesced.
In that instance, Microsoft and Yahoo Inc. had turned over search information after receiving assurances that no specific customer data was involved.
The IP address is key to unlocking what a person does online, what site they visited what terms they searched, who they e-mailed and what they downloaded, the source noted. Internet providers usually change the address data within several days to several weeks.
Two big high-speed Internet service providers, Verizon Communications and Comcast Corp., also attended the meeting last week, the source said.
The Justice Department spokesman said Internet companies would retain the information and the government would only gain access to the records through legal means like a subpoena. "Internet service providers would retain the information," Roehrkasse said.
If Congress is going to be asked to pass legislation ordering Internet providers to retain data they won’t be asked for content of that data but rather addresses e-mails were sent and sites they visited, Roehrkasse said.
Recommendations are expected to be submitted to Gonzales in the next several weeks, according to another source.
Data retention is a "complicated issue with implications not only for efforts to combat child pornography but also for security, privacy, safety, and availability of low-cost or free Internet services," said Microsoft senior security strategist Phil Reitinger.
Google spokesman Steve Langdon said proposals by the United States and European Union on data retention "require careful review and must balance the legitimate interests of individual users, law enforcement agencies, and Internet companies."
The Justice Department’s chief privacy officer on Thursday met with a group of officials from rights groups including the Electronic Privacy Information Center, the Center for American Progress, Cato Institute, the Center for Democracy and Technology, Roehrkasse said.
The American Civil Liberties Union was also invited but did not attend, he said. Other Justice Department officials were meeting with victims rights groups and law enforcement groups to discuss the same issues.
Firms wary about holding customer records
Top U.S. law enforcement officials have told Internet companies they must retain customer records longer to help in child pornography and terrorism investigations, and they are considering asking Congress to require preservation of records.
Industry representatives are expected to meet Friday with Justice Department officials, a week after Attorney General Alberto Gonzales and FBI Director Robert Mueller first raised the issue with executives from several Internet service providers, including AOL, Comcast Corp., Google Inc., Microsoft Corp. and Verizon Communications Inc.
The subject has prompted alarm from some executives and privacy advocates, especially after Gonzales’ Justice Department took Google to court earlier this year to force it to turn over information on customer searches. Civil liberties groups also have sued Verizon and other telephone companies, alleging they are working with the government to provide information without search warrants on subscriber calling records.
Assistant Attorney General Rachel Brand, who attended the first meeting, said Thursday that some executives raised privacy concerns at the meeting. But she said Gonzales has not made any decisions about how to proceed and that the department would be mindful of the privacy issue.
"We are looking at whether requiring longer data retention or asking ISPs to do it informally is something we want to pursue," Brand said.
Mueller suggested a period of two years and said terrorism investigations also would be helped by such a rule, several people who attended the meeting said. Gonzales was focused on child pornography cases, they said.
Any proposal would not call for the content of communications to be preserved, would keep the information in the companies’ hands and could be obtained by the government through a subpoena or other lawful process, Brand said.
Still, one Internet executive familiar with the meeting said one worry is that once retained, the records could be made available for any criminal investigation or civil case, "down to a bad divorce, up to a music company asking for people who visited a file trading site."
The executive, who requested anonymity because it was private meeting and the talks were still continuing, said the industry was likely to oppose any legislation for financial, privacy and technical reasons. The department’s recent clash with Google probably will make the companies more resolute in their opposition, the executive said.
Several companies said they work hard to protect children online and often work with law enforcement.
"But data retention is a complicated issue with implications not only for efforts to combat child pornography but also for security, privacy, safety, and availability of low-cost or free Internet services," Microsoft said in a statement.
In a statement, Google said, "Any proposals related to data require careful review and must balance the legitimate interests of individual users, law enforcement agencies and Internet companies."
The meetings are an outgrowth of Gonzales’ interest in beefing up child porn investigations, some of which he said have been hampered by Internet companies’ failure to retain records long enough.
Gonzales, who first raised the issue in an April speech, did not name any companies or cases. But a Justice Department official said some of the information provided by Justin Berry, a child pornography victim who testified to Congress in April, did not lead to arrests because authorities who sought help from ISPs were told the records no longer existed.
Berry criticized the department for acting too slowly on information he provided on 1,500 pedophiles. The official spoke on condition of anonymity because investigators still are looking into Berry’s case.
At the moment, there are no broad requirements for preservation of data, although federal authorities can request records be maintained for up to six months when they suspect a crime has been committed.