Monday, August 01, 2011

Congress wants to spy on your Internet habits (for teh kidz!) [updated]

| »

NOTE: (08/02/11 3:35 PM) – As Guest helpfully points out in the comments, the actual text of the bill merely directs ISPs to keep logs of IP addresses themselves, and not what sort of browsing history users with those addresses may have. In other words, it’s like asking the DMV to keep track of which license plates it issues to which customers, rather than actually spying on their vehicular travels. I can’t be certain there isn’t more to this that I’m not seeing, but for now, it seems like I really, really need to learn to read the actual material, rather than the opinions of less-than-reliable tabloids.

Big Brother Is Watching You

It’s already a rather prickly (and increasingly moreso) affair to shield one’s Internet browsing habits from unwanted observers and intruders. But, whereas these spies are generally viruses or spambots and only (more) rarely actual humans, Congress has it in mind so that Americans would soon have to add another threat to their online privacy: the cops. And, of course, it’s all ostensibly for the children:

If Congress had to name laws honestly, it would be called the "Forcing Your Internet Provider to Spy On You Just In Case You're a Criminal Act of 2011" -- a costly, invasive mandate that even the co-author of the Patriot Act, Rep. James Sensenbrenner (R-Wisc.), says "runs roughshod over the rights of people who use the Internet."

But because it's disguised as the "Protecting Children from Internet Pornographers Act," the House Judiciary Committee approved it last week by a wide margin -- even though it's got little to do with child porn and won't do much to protect kids.

The centerpiece of this ill-conceived law is a sweeping requirement that commercial Internet providers retain a one-year log of all the temporary Internet Protocol addresses they assign to their users, along with customer-identification information. The Justice Department says this will help track down child-porn peddlers by linking online activity and real-world identities. But the government would be able to access that sensitive data for all kinds of investigations, most of which would have nothing to do with child porn.

This is wrong on any number of levels. In addition to the obvious – that it’s a violation of the Fourth Amendment (though the idea that legislators care at all about that anymore is laughable), a betrayal of customers’ expectation of privacy, and that the idea that all Internet users are to be treated as potential child pornographers by default is sick and ridiculous – there’s also the whole rationale behind the bill, this silly idea of “linking online activity and real-world identities”, which is foolish on its face. People who create, propagate or consume child porn (and don’t even try to sell me the crock that this would only be used to target creators) don’t have flashing “CHILD PORN” signs on their foreheads, and nor do they leave any sort of equivalent signals in their activity, whether online or off. Child porn users are anyone; hell, I’ll even hazard a guess that most of you are friends with at least one person who indulges in child porn without you knowing it. Any amount of research into the matter will tell you that it really is that pervasive.

Secondly, this proposed bill is rendered all the more futile on the basis that those Internet users who do create or consume child porn aren’t exactly the type to just leave it out in the open for anyone who glances at their usage logs to find it. The thing about being internationally demonized and prosecuted is that it tends to make them a bit more cautious about exposure. There probably isn’t a child porn user alive (who isn’t a complete reckless idiot) who doesn’t use Tor or some other anonymizing method to shield their activities from prying eyes. Hell, even something as quick and simple as manually changing one’s IP address would theoretically work to stunt a number of anti-child-porn investigations.

Anyone with basic computer literacy can cloak their online presence and activities from all but the most determined pursuers. As it is, law enforcement is absolutely flooded beyond any reasonable measure with active leads and ongoing investigations regarding the matter of online predators and child pornography. I forget the actual numbers, but I remember statistics stating that only up to 5% (very generously stated) of reported child porn cases were actually ever investigated at all due to limits in funding and personnel. And that’s just the comparatively tiny number of cases the cops actually hear about.

So, yeah. Still think that the (sans doubt Orwellianly named) “Protecting Children from Internet Pornographers Act” has any real merits? Of course you don’t, because you never did, because the whole idea that enforcers can just see at a glance who is actually trafficking illegal content or not is a farce. What’s more, not only is the initiative entirely pointless, but ISPs who do begin to stockpile users’ sensitive data will only work to make available a huge stash of actionable content for actual hackers and identity thieves. This legislation wouldn’t stop the crooks; it would help them.

In the end, the source article summarizes the issue perfectly:

In short, the PCIPA is an intrusive, costly, confused "solution" that won't work to a "problem" it's not even clear exists. But there's no idea so misguided or ineffective that it can't become a law if it's "for the children."

(via The Agitator)