Privacy advocate knocks child-porn bill

A leading privacy advocate criticized a bipartisan bill aimed at combating child pornography at a hearing Tuesday, arguing the legislation would increase the incentive for hackers to attack Internet service providers.

Electronic Privacy Information Center executive director Marc Rotenberg told the House Judiciary Committee he opposes the data retention and liability provisions included in H.R. 1981, which was introduced in May by Chairman Lamar Smith (R-Texas) and Rep. Debbie Wasserman Schultz (D-Fla.).

The bill would force ISPs to retain data on which IP addresses were used by consumers for up to 18 months. Smith argued the bill would only extend to Internet providers the same legal requirements placed on phone companies, and said the lack of IP address data often stalls investigations.

"This is a narrow provision that addresses the retention of only the Internet Protocol addresses the providers assign to their customers," Smith said. "It does not require the retention of any content. So the bill does not threaten any legitimate privacy interests of Internet users."

But Rotenberg argued that forcing companies to retain more data for longer is contrary to the current trends in data security, which encourage deleting data frequently to minimize risk in the event of a breach. He also suggested the data would be used to prosecute crimes other than child pornography.

Rotenberg also expressed concern about sections five and six of the bill, which he said created a new type of immunity for ISPs that hasn't previously existed under the Wiretap Act. He said the section gives ISPs complete immunity for the data retained and lacks even the standard legal language included in similar legislation.

Smith told Rotenberg he took his concern about section five as a legitimate criticism, and plans to examine his objection. But Smith said if the provision is unclear he would "give the benefit of the doubt to saving the children."

Smith's bill has already attracted support from the National Center for Missing and Exploited Children (NCMEC) and has a Senate counterpart from Sens. Orrin Hatch (R-Utah) and Amy Klobuchar (D-Minn.). 

NCMEC President Ernie Allen said instances of child porn have exploded thanks to the Web; his organization estimates more than 40 percent of those that possess child porn eventually go on to victimize a child.

"[Digital child porn] is not going to be enough" for them," Allan said.

To date, NCMEC has identified 3,500 children featured in child pornography in order to help prosecutors, who must prove the children are real and not digital animations, required by a 2008 Supreme Court decision.

Sheriff Michael Brown of Bedford County, Va., said that some ISPs only keep records of users' IP addresses for 30 days, which makes it difficult to investigate potential violations.

"It’s pretty simple to an old country sheriff that we need more time to investigate these instances that we are coming up against," Brown told the lawmakers. "In this particular arena we are clearly snowed under."

Under direct questioning from Rep. Trey Gowdy (R-S.C.), Rotenberg argued that it is easier than ever for law enforcement to use forensic tools to identify the source of child pornography without having the IP address available.

---