1

I was reading an article on TorrentFreak where Private Internet Access claims the United States "is one of the only countries without a mandatory data retention law." According to the linked article ISPs currently do not keep track of who had what IP address but governments are considering to pass a law forcing them to do so. I'm confused, do ISPs in North America have to save logs and what information would these logs contain exactly?

What are arguments against it? It would seem the only time ones privacy would be compromised is when police already know a crime has been committed.

Celeritas
  • 10,039
  • 22
  • 77
  • 144
  • 1
    Just for the record, there are other countries in North America aside from the US that have different laws. – DKNUCKLES Jul 31 '12 at 20:50
  • 1
    Related, not identical: http://security.stackexchange.com/questions/17279/what-are-the-laws-regarding-isp-recording-ip-addresses-how-would-they-know-who – 700 Software Jul 31 '12 at 20:55

1 Answers1

2

One significant argument against data retention laws is that data retention laws increase risk for everyone. If ISPs save data, then they themselves become a juicy target for hackers, because anyone who manages to hack the ISP gets access to lots of sensitive data about their customers.

A good reference would be this paper:

Make sure to read about the penetration of the Greek wiretap system, which allowed unknown parties to spy on important Greek political leaders. In that case, deploying the surveillance system actually made Greece less safe, not more.

Another argument data retention laws is that they violate people's civil liberties and their privacy. Arguably, people have a right to privacy in their online activities, at least when they are legal. A mandate to store all of this information against their wishes arguably violates that right, and exposes them to risks they might not consent to.

A third argument against data retention laws is that, in the US, most ISPs already retain a good deal of data, so we may be talking about something that is not a serious problem in practice. (Of course, I make no claim that the current situation is perfect or that law enforcement might not wish additional information -- merely that the current status quo may be good enough that controversial legislation is not warranted.)

If you want to read concerns raised by privacy groups in their own words, you can read CDT's resources on data retention policy and EPIC's resources on data retention policy.

Keep in mind that I'm just trying to help you identify some of the arguments against data retention here, since you asked what those arguments might be. I'm deliberately avoiding taking a position on the ultimate policy question of what the law ought to be, as this is not the right place for a policy debate on that topic. Please don't use this thread to start a debate on the topic.

P.S. See also What are the laws regarding ISP recording IP addresses? How would they know who had which?.

D.W.
  • 98,420
  • 30
  • 267
  • 572