The Privacy BlogPrivacy, Security, Cryptography, and Anonymity



Specter of Mandatory Data Retention

In this CNET article by Declan McCulagh, he reports that the DoJ is planning to request mandatory data retention by Internet providers. Their argument is that the lack of data retention is interfering with law enforcement’s ability to investigate cases. This implies some kind of shift in the balance of privacy vs. access. No such shift has taken place.

I think that they are more frustrated by the fact that a huge potential gold mine of information is out there to which they don’t have access. Prior to the various modern technological revolutions people used pay phones, sent letters, and paid cash for toll roads.

Now they use Twitter, SMS, Facebook, Email, cell phones, electronic toll payment etc. There is way more information available to law enforcement now than before. The fact that this data retention is only on the Internet may make people feel better, but one would certainly learn more about me from my Internet activities than from following me around physically.

Lets look at what is being asked for with a real world analogy. This is like saying that the US Postal Service should photograph and database the address, and return address, on every letter which goes through the system. Physically is it like saying the cell phone company should record and retain my GPS location at all times. Either of those would actually be much less intrusive than monitoring how I use the Internet at all times.

Lets not get in to the cost of maintaining these records or the issues with leaks or hackers. Consider the Chinese attacks on dissident Google accounts. This plan would ensure that such information was much more widely maintained.

At this point it appears to be a only a request. I am curious to see how this evolves over the congressional term.

· · ·


  • Dave T. · January 26, 2011 at 6:37 am


    If this or something close to this became law, would Anonymizer have to start keeping user logs?



    • Author comment by lance · January 26, 2011 at 8:15 am

      That is not at all clear. It is a very early and general concept proposal. There is no indication of who would be covered or exactly what the requirements might be.
      Obviously we would fight it.


  • Mike · January 29, 2011 at 12:20 pm

    Beware of big government’s invasion of privacy. Our individual liberty is under attack. We have lost much as our liberties have been slowly eroded for decades. The pace of erosion, though, has picked up tremendously since 9/11 under the excuse of national security and public safety. Let us be mindful of this bait and switch technique and never trade an inch of liberty for the false sense of security promised by our government. If we do give in to this trap we will end up with neither liberty nor security.


  • N · February 27, 2011 at 5:37 am

    Why worry about hackers when a subpoena is all that is needed these days?

    “… prosecutors got hold of a reporter’s phone, credit and bank records, his credit report from three different agencies and records of his airline travel.”


    • Author comment by lance · February 27, 2011 at 7:24 am

      Excellent example.


  • Dan · March 19, 2011 at 2:37 pm

    I guess this legislation will be defended under the Commerce Clause like every other law that cannot not be defended. But using the logic then we all need to carry a radio transmitter at all times so that every business, home, etc can register our presence. Just in case there is a crime. Of course, these boneheads never think the watchers may become the criminal with incredible powers.


  • Adam Blackie · May 7, 2011 at 7:47 am

    In 2008 there were debates about the end of privacy. I believe that in 2011 we are already at that point.

    Some high level indicators might help to explain.

    Since 2008, leaks from government and organisations have not ceased, they have multiplied; wikileaks is now making an industry from this phenomenon.

    Personal data about each of us is being published by others on a daily basis on social media sites. This is done without our express permission.

    The law prioritises data ownership over personal privacy. Businesses own the data that they host in their databases. The fact that it may contain our personal information gives us few proactive rights in its management. We can only react to what they do with it.

    In a world where the Google search gives others their first impressions of us we all need to learn to manage our personal data and access to it. Most of us are only just beginning to realise this.

    Adam Blackie


Leave a Reply