Original URL: http://www.theregister.co.uk/2009/02/20/us_data_retention/

Congress mulls stringent data retention rules

Two-year logs for ISPs, hotspots, even homes

By John Leyden

Posted in Policy, 20th February 2009 22:14 GMT

US politicians have proposed legislation that would oblige both ISPs and people running Wi-Fi hotspots to keep access logs for two years.

The stringent data retention rules are among provisions to two companion bills submitted to the House of Representatives (H.R.1076) and the Senate (S.436). Both bills are known as Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act or Internet Safety Act. Each would impose similar regulations, as described below.

A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user [DHCP address].

The rules are supposedly needed as a aid to law enforcement prosecuting child abuse and internet fraud cases.

Although the measures are sure to draw fire from those concerned about the privacy and cost implications they are not new. The bills' backers this time around are Republicans but in 2006 similar measures were supported by Democrats. Similar legislation was suggested even longer ago back in the 1990s. Previous efforts have run out of political steam but the EU decision to agree a regime on data retention has reinvigorated efforts to put similar laws onto US statute books.

European laws apply to ISPs, but US definitions are more broadly drafted so that libraries, offices, universities and even homes would fall under the proposed regime, news.com reports. ®