Fresh calls for ISP data retention laws

US attorney general Alberto Gonzales on Tuesday stepped up his efforts to lobby for federal laws requiring ISPs to keep track of what their customers do online.

Gonzales asked senators to adopt "data retention" legislation that would be likely to force internet providers to keep customer logs for at least a year or two. Those logs, often routinely discarded after a few months, are intended to be used by police investigating crimes.

Gonzales said during a Senate Banking Committee hearing: "This is a national problem that requires federal legislation. We need to figure out a way to have ISPs retain data for a sufficient period of time that would allow us to go back and retrieve it."

As the November election approaches, US politicians have been devoting an unprecedented amount of attention to the topic of children, pornography and the internet: at least three committees are holding hearings on the subject this week alone.

It's unclear what the prospects are for mandatory data retention in Congress this year, or whether politicians will delay action until 2007. One senior House Republican drafted a bill but then backed away from it, and a Democratic proposal has not been voted on.

But with the Bush administration firmly behind the concept, and with state and local law enforcement lending a hand in the lobbying efforts and saying such mandates would help protect children, industry groups and privacy advocates may be hard-pressed to head off new regulations. During Tuesday morning's appearance, for instance, Gonzales favourably cited a June letter endorsing mandatory data retention that was signed by 49 attorneys general. The letter said: "It is clear that something must be done to ensure that ISPs retain data for a reasonable period of time."

Senator John McCain, who presided over the afternoon hearing, scolded internet companies who "were invited to participate and chose not to." He said he would talk to senator Ted Stevens, chairman of the Senate Commerce Committee, about scheduling an additional hearing during which the companies would be grilled.

Montana senator Conrad Burns, a Republican, used the hearing to tout a proposal, now tacked onto a mammoth communications bill and awaiting a vote, that would require all sexually explicit web content to be labelled as such and homepages of all sites to be free of such content.

That measure, he said, "will help children from unwittingly stumbling across these words and images online".

Ernie Allen, president of the National Center for Missing and Exploited Children, echoed Gonzales' calls for ISPs to hang onto customer records. "Some companies have policies on retention but they vary widely, are not implemented consistently, and frankly, most are too short to have meaningful prosecutorial value," he said.

Data retention legislation could follow one of two approaches, and it's not clear which is more likely.

One form could require ISPs and perhaps social-networking sites and search engines to record for a year or two which IP address is used by which user. The other form would be far broader, requiring companies to record data such as the identities of email correspondents, logs of who sent and received instant messages (but not the content of those communications), and the addresses of web pages visited.

During a series of meetings Justice Department officials have held with private companies officials have been ambiguous about how they want legislation worded, private-sector participants say. Companies involved have included AOL, Comcast, Google, Microsoft, Verizon Communications and trade associations.

Suggestions for congressional action at Tuesday afternoon's hearing didn't stop at data retention by private companies.

Sheriff Michael Brown, who heads an Internet Crimes Against Children taskforce called on Congress to ensure that any state, federal, local or educational institution that receives federal funding also conduct "appropriate transactional logging to allow the location of individuals that use that access in the exploitation of children". He said in his testimony the government could not, "in good conscience", make such demands of the private sector if it didn't also do the same.

That concept - restrictions slapped on using federal funds - echoes a 2000 federal law called the Children's Internet Protection Act. Cipa effectively forced schools and libraries to filter sexually explicit websites by tying that requirement to the receipt of federal funds, an approach the US Supreme Court upheld as constitutional in 2003.

The concept of more federal laws was popular at Tuesday's pair of hearings. Sharon Cooper, an adjunct professor of paediatrics at the University of North Carolina, urged politicians to require that all public-school health classes, from elementary to high school, teach "child sexual abuse prevention strategies as well as online and communication technology safety strategies".

On Thursday, the US House of Representatives will have its own hearing on the internet and child pornography.

Declan McCullagh writes for CNET News.com