WASHINGTON–The FBI is pressing Internet service providers to record which Web sites customers visit and retain those logs for two years, a requirement that law enforcement believes could help it in investigations of child pornography and other serious crimes.
FBI Director Robert Mueller supports storing Internet users’ “origin and destination information,” a bureau attorney said at a federal task force meeting on Thursday.
As far back as a 2006 speech, Mueller had called for data retention on the part of Internet providers, and emphasized the point two years later when explicitly asking Congress to enact a law making it mandatory. But it had not been clear before that the FBI was asking companies to begin to keep logs of what Web sites are visited, which few if any currently do.
The FBI is not alone in renewing its push for data retention. As CNET reported earlier this week, a survey of state computer crime investigators found them to be nearly unanimous in supporting the idea. Matt Dunn, an Immigration and Customs Enforcement agent in the Department of Homeland Security, also expressed support for the idea during the task force meeting.
Greg Motta, the chief of the FBI’s digital evidence section, said that the bureau was trying to preserve its existing ability to conduct criminal investigations. Federal regulations in place since at least 1986 require phone companies that offer toll service to “retain for a period of 18 months” records including “the name, address, and telephone number of the caller, telephone number called, date, time and length of the call.”
At Thursday’s meeting (PDF) of the Online Safety and Technology Working Group, which was created by Congress and organized by the U.S. Department of Commerce, Motta stressed that the bureau was not asking that content data, such as the text of e-mail messages, be retained.
“The question at least for the bureau has been about non-content transactional data to be preserved: transmission records, non-content records…addressing, routing, signaling of the communication,” Motta said. Director Mueller recognizes, he added “there’s going to be a balance of what industry can bear…He recommends origin and destination information for non-content data.”
Motta pointed to a 2006 resolution from the International Association of Chiefs of Police, which called for the “retention of customer subscriber information, and source and destination information for a minimum specified reasonable period of time so that it will be available to the law enforcement community.”
Recording what Web sites are visited, though, is likely to draw both practical and privacy objections.
“We’re not set up to keep URL information anywhere in the network,” said Drew Arena, Verizon’s vice president and associate general counsel for law enforcement compliance.
And, Arena added, “if you were do to deep packet inspection to see all the URLs, you would arguably violate the Wiretap Act.”
Another industry representative with knowledge of how Internet service providers work was unaware of any company keeping logs of what Web sites its customers visit.
If logs of Web sites visited began to be kept, they would be available only to local, state, and federal police with legal authorization such as a subpoena or search warrant.