US citizen web-tracking hitting hurdles

Internet providers and telecommunications companies expressed concern on Wednesday about the feasibility of recording US citizens' online activities, a proposal that attorney general Alberto Gonzales has recently endorsed.

In a meeting last Friday, first reported by silicon.com sister site CNET News.com, Gonzales and FBI director Robert Mueller said the war on terror would be aided by two years' worth of data retention - a requirement industry representatives say would be accompanied by technical, security and privacy challenges.

Mark Uncapher, senior vice president of the Information Technology Association of America (Itaa), said: "We have real reservations about data retention requirements because of the security and privacy risks attached to it." Itaa's board members include representatives of AT&T, Fujitsu, Sybase and Unisys.

A Justice Department representative said this week the government is not seeking to require the retention of the content of communications but did not elaborate. If the European Union's approach were adopted, internet companies would be required to save logs showing the identities of email and perhaps instant messaging correspondents in addition to data about which customer was assigned which internet address.

That suggestion alarms many internet providers, which worry about the cost and complexity of recording what their customers are doing online. In some cases, especially among libraries, coffee shops and universities, no records may be stored at all.

Rick Weingarten, director of the American Library Association's Office for Information Technology Policy, said: "In general, libraries only keep records on users to the extent required to provide their services."

Based on the limited information that has been made public so far - including in a speech by Gonzales last month - Weingarten said the library association would not favour such a requirement. "Absolutely we have concerns about users' privacy," he said.

The Justice Department also proposed that websites such as email providers be required to store data about their users' activities for future law enforcement and national security investigations, according to one industry representative familiar with last week's meeting.

That could create privacy and security complications for Google's Gmail, Microsoft's Hotmail, Yahoo! Mail and numerous other email services, industry representatives said privately.

In response to a query from silicon.com sister site CNET News.com, Microsoft provided a statement that said it supported working with law enforcement to ensure internet safety and protect children from online predators.

The statement said: "But data retention is a complicated issue with implications not only for efforts to combat child pornography but also for security, privacy, safety and availability of low-cost or free internet services."

Google said it would continue discussions with Justice Department officials about how to prevent child pornography and related crimes - and, like Microsoft, sounded a note of caution about sweeping data retention rules.

Google said in a statement: "We are aware of a number of proposals in the US and Europe regarding data retention and data preservation requirements for internet companies. We believe these proposals deserve careful review and must consider the legitimate interests of individual users, law enforcement agencies and internet companies."

A Yahoo! representative said on Wednesday that the company was going to decline to comment until it had details about what the Justice Department wanted.

An AT&T spokesman said: "We will follow the law." He declined further comment.

A second meeting at the Justice Department has been scheduled for Friday.

CNET News.com's Anne Broache contributed to this report

Declan McCullagh writes for CNET News.com