(photo: Project Counsel)

The House Judiciary Subcommittee on Crime & Terrorism, chaired by GOP Representative James Sensenbrunner, is holding a hearing on the “Protecting Children from Internet Pornographers Act” at 10 am ET. The bill might seem like something that would be free from debate, as we all should agree children do not deserve to be subjected to pornography. But, the legislation includes a “data retention” requirement that should fuel debate over rights to privacy.

[*Watch the hearing here.]

The proposed legislation includes a section that reads:

Retention of Certain Records- A provider of an electronic communication service or remote computing service shall retain for a period of at least 18 months the temporarily assigned network addresses the service assigns to each account, unless that address is transmitted by radio communication (as defined in section 3 of the Communications Act of 1934).’. [emphasis added]

Julian Sanchez of the CATO Institute argues, “The handful of provisions in the bill that really deal specifically with child porn are a fig leaf for its true purpose: A sweeping data retention requirement meant to turn Internet Service Providers and online companies into surrogate snoops for the government’s convenience.” And, the Electronic Frontier Foundation (EFF), in a page outlining the issue of data retention, notes not only is storing large databases of IP data expensive but “mandatory data retention harms individuals’ anonymity, which is crucial for whistleblowers, investigators, journalists, and for political speech.”

I will be live blogging this hearing. The witnesses coming before the committee include: Mr. Ernie Allen, President and CEO of the National Center for Missing and Exploited Children; Sheriff Michael J. Brown, Bedford County Sheriff’s Office and Mr. Marc Rotenberg, President of the Electronic Privacy Information Center (EPIC). [Statements that are to be put into the public record will be posted on this blog, as they are made available.]

Here’s the live blog of today’s hearing:

11:32 AM Rep. Sensenbrunner concerned that data retention will be used to investigate crimes other than child pornography.

Sheriff Brown says he is more interested in 18 months. He wants a standard, a uniformed amount of time. Sheriff Brown doesn’t like that there is no standard among ISPs.

Rep. Sensenbrunner addresses subpoena authority in the legislation in Section 11. From the ISP address, how do you know if someone is a registered sex offender?

Allen says that 95% of cases where marshals are able to locate child predators is through Internet-based or communication data.Currently, they have to get all writs act that can take two months. Very nature that he is a fugitive means there has been judicial review. This would allow circumventing the all writs act.

Rep. Sensenbrunner, why do marshals need additional subpoena authority if they are already going after these people? They’re fugitives.

Allen says this is essential tool.

Rep. Sensenbrunner says he has always felt negatively about administrative subpoenas. I fought to keep administrative subpoena authority out of the PATRIOT Act. And what does law enforcement do? They use national security letters (NSLs) to get around the fact that they didn’t get authority.

This could be used for fishing expedition like law enforcement did on PATRIOT Act with NSLs. You should be concerned about that, says Rep. Sensenbrunner.

Thank you witnesses. This bill needs a lot of fixing up. This bill is “not ready for prime time.” Statements being introduced into the record now.

Hearing is adjourned.

11:24 AM Rep. Thomas Marino respects Rotenberg’s opinion but fails to see concern he has over 18 month period of data retention because of what happens to these children and many times the child does not bring information on being victimized til quite some time later. Law enforcement is already finding new techniques for finding perpetrators. Enlighten me.

Rotenberg addresses this remark saying that resources should be given so that law enforcement can go through enormous amounts of data and they would work to focus investigations on perpetrators. Data retention doesn’t focus on the problem. It says we don’t know the problem and will go fishing.

Rep. Marino – Data retention is critical. I’ve been in hospitals with children…Please do more research so you can see what they are put through. We have to double the punishment for child predators. I’ve seen situations where 3 months old children have been exposed.

I can’t find any defense in not increasing 18 month period, concludes Rep. Marino.

11:17 AM Rep. Dan Lungren says sad to say that my own area of Sacramento is one of the top areas for trafficking problems, at least under FBI statistics. There does appear to be a nexus between trafficking and children, trafficking and young women and trafficking and images of child pornography.

He says this is a bipartisan bill and he introduced form of this legislation in the last Congress.

Lungren asks Marc Rotenberg of EPIC, is there a problem that you have with the access to this information by law enforcement in the event or that the extension of time for which they are required to hold this information allows the potential for abuses in other circumstances?

Rotenberg is concerned with government mandate requiring private companies to keep data it wouldn’t otherwise keep. Congress have made adjustments over time to deal with exigencies (like if you can’t get a warrant). Techniques have developed but this would cross line because up to this time in history of Electronic Privacy Act this has not been allowed.

Here’s more from what I think is a critical exchange:

REP. LUNGREN: Our bill provides that it be 18 months. So, why is that different in nature in terms of the action, the activity of the business and the activity of law enforcement when they have a need to get this data?

ROTENBERG: It’s truly a very different view of wiretap law because up to this point in time the general approach has been to say we will come to you when we have some reason to believe that one of your customers is doing something wrong—

REP. LUNGREN: That’s exactly what they are doing here. All they are saying is they want to make sure that the data is retained.

ROTENBERG: No, because the way data retention works and the distinction between data retention and the current data preservation is data retention says at the outset that you are going to keep this information on everybody because we don’t know at this point in time –

LUNGREN: You’re keeping the information on everybody but you are not making a request for everybody. They’re coming to you with a request based on some information they have on a crime having been committed, allegedly.

ROTENBERG: Yes, so there are at least two concerns there. And this goes to the second part of your question. The two concerns are one, everybody and I do mean everybody know is looking more closely at data minimization techniques because they are realizing just how difficult it is to safeguard the information they’re storing.

REP. LUNGREN: So, when you are talking about data minimization, you are talking about cutting down on the amount of information they store as opposed to criminal minimization…

ROTENBERG: That’s correct.

Time expired.

11:11 AM Rep. Cohen asks if sentencing for child predators should be doubled and if that would be effective deterrent?

Sheriff Brown says we need to impose sentences as judges issue them. I would not say they need to be doubled but judges should give predators their due.

Rep. Cohen says judges find sentencing guidelines are too high. He says 71% think sentencing should not be increased.

Rep. Cohen now describing friend who was convicted of having child porn on his computer and he thinks there could have been alternative ways to handle his crime. There is no proof he did anything to children. And he probably had a brother who had some problem… Anyways, I don’t need to go into those details…

11:09 AM Rep. Steve Cohen now asking questions about system of penalties for child predators.

11:07 AM Rep. Ted Poe asks how many cases are going right now and Sheriff Brown says several hundred.

Rep. Poe asks if there would be an issue in civil litigation. Would anyone want to subpoena data that will be available for 18 months?

Rotenberg says yes, if you’re a good lawyer, you might want to subpoena data.

On Rep. Poe’s question on how they could do better job, Sheriff Brown says they could use more funding.

11:07 AM Allen says that many of the perpetrators are parents, someone trusted and in their lives. Already a hurdle to prosecutions.

11:05 AM First nugget that could make significant headlines: Ernie Allen suggests Attorney General Eric J. Holder is for data retention on all crimes. In Rep. Conyers’ line of questioning, Allen doesn’t argue against having data to go after all crimes. This just feeds into the idea that this is a way to start a system that could be expanded to track all users and not just go after child predators. This is the spread of suspect society into cyberspace.

11:00 AM Rotenberg agrees that there would have to be no wireless provider exemption if this were to work.

Rep. Conyers notes the bill might institute accidentally a data retention policy for all crime and is that over the top, Mr. Rotenberg, or just an exaggeration?

Rotenberg says that is clear from the bill. Let’s establish the ability to identify in ISP record every single user.

Rep. Conyers asks Sheriff Brown asks if he might be troubled by idea that we might set up a system that would have retention of all crime. That isn’t what you came to testify for.

Sheriff Brown says his primary concern was with the retention. I am here for that. We need more time for investigations.

Rep. Conyers says that Allen already noted you are already under-resourced. The big problem is that you don’t have resources necessary.

Sheriff Brown agrees law enforcement already needs more.

Rep. Conyers asks again if they want all crime. Don’t you just want to get at child pornography?

Sheriff Brown doesn’t quite know what to say. He is here for child porn cases, only.

10:53 AM Rep. Trey Gowdy asks if Rotenberg is willing to help a sheriff investigate a crime to strike balance between protecting privacy and

It is not clear that this proposal would make it easier to investigate child predators. This has the potential to turn 99.97% of users into criminals.

Rep. Gowdy asks if Rotenberg has a different way of doing this.

Rotenberg suggests their be more strict penalties for child predators.

Rep. Gowdy wants to know how to get computers if you cannot link to an IP address.

Rotenberg talks about information available to get access to data already available. He concedes it won’t be perfect and there may be cases that won’t be able to be solved.

Rep. Gowdy moves on to Ernie Allen and asks if computer generated images are still defended as not a real image of a child. Allen says defenses in cases still argue images aren’t really kids. And this is why we started a unit to identify child victims.

Rep. Gowdy says this is one more layer that law enforcement has to overcome. The fact we have to prove is real child and not computer-generated. He asks if other countries are cooperative.

Allen says virtual global task force is making progress. Absolutely. Interpol is working with us to collect images.

Rep. Gowdy thanks Sheriff Brown for service.

10:51 AM Rep. Scott asks if sheriffs need probable cause to sift through data. Sheriff Brown says they receive “cyber tip” and then they go to ISP to track that information.

Rep. Scott follows up and ask Rotenberg what is retained. Rotenberg then describes what’s logged and says there can be names of files that were transferred and you could see what information was transferred by reading name of files.

10:50 AM Rep. Scott, what would this data be available for?

Rotenberg says that this data could be used, if retained, for other cases like divorce, contract disputes, copyright infringement and civil subpoena cases. It may not be limited to child porn cases if the ISPs have it.

10:48 AM Rep. Scott asking if law enforcement has enough resources to pursue child predators. Allen confirms this is a problem.

10:44 AM Allen now says child pornography is exploding; 13 million child pornography images and videos reviewed last year, he alleges

We hear all the time isn’t child pornography just adult pornography. Based on what’s sent to us, overwhelmingly there is problem with kids who don’t tell when their image or video of them is put up.

Allen talks about percentage of child predators victimizing children.

Rep. Smith says he took comments from Rotenberg as sincere, constructive criticism. If it is a 50/50 decision, we are going to give law enforcement benefit of doubt.

10:43 AM Rep. Smith asks Sheriff Brown for examples of cases where ISPs were unable to not obtain data so child predators went free; Sheriff Brown essentially repeats what he said in prepared remarks

10:38 AM Marc Rotenberg’s remarks: Purpose of privacy laws is to protect privacy data that companies obtain from consumers. “Good faith” reason can push companies to turn data over governments.

Draws attention to serious concerns about data retention: We live in time where there is a great deal of data breaches. Companies are not able to provide protection. This would mandate retention of information companies might not keep. The problem is also that Section 5 and 6 create new type of immunity that has never existed. At same time that ISPs might be told to keep information, what ever happens, if improperly accessed or used, you are off the hook.

As we read Section 5 it doesn’t have qualifying language that normally exists when ISPs cooperate with investigations.

Section 6, that creates “good faith” defense is quite broad and would apply under any other law. There are many state laws that require companies to notify consumers when a breach occurs. Now it appears ISPs will not be obligated to notify consumers of harms.

Problem is not just data retention obligation but also the immunity being offered.

Additionally, clearly a movement toward data minimization in security field. It’s a sensible approach that prevents misues. Data retention pulls in wrong direction.

European countries have tried to implement sweeping data retention requirement and users have objected. Users, ISPs and others have objected. Coruts have found obligations unconstitutional. Please consider this.

10:36 AM Sheriff Brown concludes that the act will ensure the predators, most vilest of society, are punished. It will allow us to protect against evil in the world.

10:35 AM ISPs hold data records for days or months. Lack of uniformity in data retention time can significantly hinder law enforcement’s ability to track down child predators. Rep. Lamar Smith and Rep. Debbie Wasserman-Schultz have introduced this legislation to address this problem and ensure that when law enforcement contacts ISPs identifying information will still exist.

Sheriff Brown describes a case where they were trying to get information on child predator and the ISP only kept information for 30 days. He says this and hundreds like it demonstrate need to make sure ISPs retain data for significant and standard period of time.

10:33 AM Expansion and development of technology has allowed child porn to become epidemic, says Sheriff Brown. Law enforcement often has tough time unmasking child predators on Internet.

10:31 AM Sheriff Brown begins remarks. He’s a retired officer and part of a National Sheriff’s Association.

10:25 AM Allen says center identifies child porn sites with method of payment. Law enforcement makes purchases and captures information that is reported to payment company so they are able to stop payments.

On Section 2, want to make sure nothing in bill prevents financial companies from stopping payments

On Section 4, we think data retention is reasonable and balanced approach. It doesn’t mean content retained but that connectivity data is retained. We have to establish linkage between IP address and a persons. This is analogous to records phone companies are required to keep.

Many companies have policy on data retention but very widely policies are not kept consistently.

10:22 AM Ernie Allen giving remarks now.

10:21 AM Rep. Conyers concludes: Limit law enforcement’s access to Internet pornography crimes against children. It would institute a data retention requirement for all crimes including street crimes.

The bill’s title is a misnomer. It’s not really about protecting children from this crime. It would not exempt wireless providers and would target child exploitation

10:20 AM Rep. Lamar Smith stops Rep. Conyers to say they are working out way to not exempt wireless providers

10:18 AM Rep. John Conyers continues The ACLU, Center for Democracy & Technology, EPIC and some Internet providers and advocates of children oppose the bill. It fails to protect children from Internet pornographers.

First, eliminate exemption of data retention mandate for wireless providers. They’ve got to be included. If it’s important, why wouldn’t we include them? The bill in current form exempts every wireless service that exists. If it’s good enough for others, it might be very important for wireless internet providers.

10:15 AM Rep. John Conyers (D-MI) discussing the legislation. He says protecting children from child pornographers is laudable and a noble objective but the problem is that the legislation, if enacted, would not achieve that goal. It does other damage that doesn’t exist, would create whole new host of problems. It is not accidental that there are negative views about this proposal that are shared by a wide group of leaders and other organizations.

10:14 PM Internet has become virtual playground for sex predators. Rep. Lamar Smith concludes remarks.

10:13 AM Data retention allows law enforcement to get the abusers and stop children from being abused. By the time investigators discover child pornographers, ISPs have already purged the records. Claims both Democrats and Republicans have wanted data retention for decade. ISPs in deleting records delete data to save a child.

The bill strengthens child witnesses and victims.

10:10 AM Rep. Lamar Smith reading his prepared remarks says that this will protect our children from pornography. He claims that ISPs make it difficult if not impossible to access data to apprehend child pornographers.

Bill does not threaten any legitimate privacy interest of Internet users, Smith claims.

Smith says the 18-month data retention requirement mirrors a requirement that has been placed on phone companies.

10:06 AM Rep. Bobby Scott  reads prepared remarks and says  data retention requirement, which adds unknown costs to ISPs. Information before me doesn’t indicate there will be benefit.

In 80% of cases they are able to obtained the data they need. ISPs already hold data for 6-12 months. Rather than addressing the myriad factors against child pornography prosecutions, bill focuses on data retention requirements.

Bill ignores issues of resources and it could add data that would exacerbate an already growing back log of cases.

DOJ has more data than it has adequate personnel to investigate. Budgets cuts already call for cuts to number of FBI agents.

Blanket exemption for all wireless providers, in addition to child porn cases, is concerning. By the end of the year, there were over 300 million wireless connections in the US. This exemption undermines the legislation.

Could data be vulnerable to hacking? Concerns we need to look into.

I too am concerned about the administrative subpoena.