Home / Blogs

Proposed Law Seeks to Expose Internet Addressing for Child Safety

U.S. Republican politicians on Thursday introduced a bill that would require Internet service providers and network operators to track the use of and maintain records for their publicly accessible wired and wireless networks. Two bills have been introduced — S.436 in the Senate and H.R.1076 in the House. Each of the bills carries the title "Internet Stopping Adults Facilitating the Exploitation of Today’s Youth Act," and is referred to as the "Internet SAFETY Act." Senator John Cornyn and Representative Lamar Smith, both Republicans from Texas, held a press conference on Thursday, February 19th, 2009 to announce the separate bills in the Senate and House of Representatives. The new law would require Internet and email service providers to retain "all records or other information" about anyone using a temporary network address assigned by the provider. The provision for a two-year retention period would apply to any provider of "an electronic communication service or remote computing service," as well as someone who receives the content and recipient list of an email message that it "transmits, receives, or stores," according to the text of the Senate bill.

The newly proposed legislation would benefit law enforcement by providing a means to track the use of Internet addresses temporarily assigned to each network connection and to maintain those records for a period of two years. The IP addresses, assigned automatically by the provider using such protocols as Dynamic Host Configuration Protocol (DHCP) and Point-to-Point Protocol over Ethernet (PPPoE), allow service providers to utilize a smaller pool of addresses to service a large group of customers. By assigning the address only for the duration of the connection the service provider can recycle the address once the connection ends, allowing it to be used for a future connection.

The use of the same address by multiple users has in the past been a legal roadblock for law enforcement personnel as they seek to track the Internet access of an individual during an investigation. The lack of historical records for the assignment of these addresses can make it difficult for investigators to prove an Internet-related case such as child pornography or Internet-based wire fraud. The bill seeks to cover the assignment of all temporarily assigned IP addresses, including those provided to millions of home broadband connections.

The U.S. Justice Department’s position is that any service "that provides others with means of communicating electronically" qualifies under the Internet Safety Act. This would appear to apply to not only public service providers but to any organization providing the temporary assignment of IP addresses to its users. This would include the wired and wireless networks of small businesses, large corporations, universities, and even government agencies. In essence, any organization utilizing DHCP on their network would be subject to this legislation and required to maintain records for at least two years.

The legislation would impose unprecedented rules for the retention of data by Internet Service Providers (ISPs) and is sure to draw opposition from privacy advocates. Internet privacy has long been the rallying cause of privacy groups, arguing that online privacy is an extension of our personal privacy. The collection and storage of personally identifiable information by an ISP for potential use of law enforcement is seen as a loss of both Constitutional rights and personal freedoms, and is viewed by many as a direct violation of the Constitution.

On the surface it is easy to understand how this proposed law would protect children by allowing for a more rapid identification of Internet predators and child pornographers. Law enforcement would also be empowered by this information to track and prosecute Internet hackers and scammers, and even purveyors of spam email will find it increasingly difficult to hide behind a dynamically assigned IP address.

There are, however, justified concerns for the misuse of this information. Because these bills are associated with "protecting our children," the legislation is likely to see little opposition. With little discussion or oversight the potential exists for the data collected to be used in other types of investigations far more often than the stated purpose of fighting the exploitation of children. In addition, the language of the proposed law is already being viewed by critics as overly broad with far-reaching implications, and it is yet to be determined what restrictions will be put in place on the collection, access and use of the information collected under this law.

Benjamin Franklin understood well the dangers in providing the government with too much power at the expense of the freedoms of its people, warning future generations "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."

By Mike Dailey, IT Architect and Sr. Network Engineer

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Comments

stateless ipv6 config By Carl Byington  –  Feb 24, 2009 3:31 pm PST

Of course these politicians have never heard of stateless ipv6 configuration. A simple google picks up rfc2462 and rfc3736. Or perhaps they intend to outlaw those protocols.

re: stateless ipv6 config By Mike Dailey  –  Feb 24, 2009 4:19 pm PST

Carl:

I doubt the politicians put much thought behind this legislation.  You would hope that they have a team of technical professionals advising them on this solution, and if so that team should be made public so that proper technical discussions can take place.

It will be interesting to see the reaction if this bill gains traction.

-Mike

Add Your Comments

 To post your comments, please login or create an account.

Related

Topics

Brand Protection

Sponsored byAppdetex

IP Addressing

Sponsored byIPv4.Global

Whois

Sponsored byWhoisXML API

New TLDs

Sponsored byAfilias

DNS Security

Sponsored byAfilias

Domain Names

Sponsored byVerisign

Cybercrime

Sponsored byThreat Intelligence Platform

Cybersecurity

Sponsored byVerisign