Today, the House Judiciary Committee is voting whether to approve legislation that would create a sweeping new provision requiring Internet companies (email, cloud, social networking, and more) to collect and retain hundreds of millions of records about the identity of online users. The bill, HR 1981, the "Protecting Children From Internet Pornographers Act of 2011," – if only it were that narrow! – is a direct assault on the privacy of Internet users and overlooks some key fixes that could actually help to address the very real problem of child exploitation.
The bill requires Internet companies to log all temporarily assigned network addresses, also known as IP addresses, for a minimum of one year. IP addresses directly link individuals to their online activity and can reveal very private information about everything from health concerns to political interests. And once all of this personal information about innocent Americans is collected, it would be available to law enforcement for any purpose.
Broad immunity provisions for companies in the bill also threaten to undermine state data breach laws and data security protections as well as potentially immunize companies against tort and other claims. At a time when high profile data breaches are daily news stories and identity theft is widespread, this provision seems ill-considered at best.
The bill also ignore steps recommended by the Government Accountability Office to make child exploitation investigations more effective, including devoting more resources to forensic analysis of computers and better coordination between law enforcement agencies.
We all want to catch those responsible for sexually exploiting children. But right now, the government is already taking advantage of outdated electronic privacy laws, like the Electronic Communications Privacy Act (ECPA) of 1986, to access a treasure trove of information collected by online companies about who we are, what we do, and where we go, often without a warrant and with little oversight. The provisions of this bill would exacerbate these problems, making more records available and identifiable for even longer periods of time.
There are better ways to address child exploitation, while maintaining safeguards for online privacy. That's why the ACLU and other privacy organizations have drafted a letter to the members of the House Judiciary Committee discussing concerns with the legislation and urging them to reject H.R. 1981. We hope that you will join us and contact your member of Congress today to let them know that online privacy is important to you. It's time to demand a privacy upgrade. It's time to Demand our dotRights!