Justice Department Calls For Required Data Retention

Internet service providers may soon be required to hold on to your data. The Department of Justice is moving for new data retention policies due to investigative needs.

No law yet exists forcing ISPs to hold onto user data, but the DOJ testified this week before Congress on the need to make data retention mandatory, as first reported by CNET. The DOJ claims their criminal investigations are being held back without a law tracking and storing users' online activity.

The DOJ will reportedly strive to maintain a good balance between privacy concerns and investigative concerns. Some larger providers already have policies in place regarding data retention, with time limits set in place over how long they hold onto the information. But the standard of retention across ISPs is far from consistent--some might hold info for days, while others may do so for months. The DOJ will attempt to pursue a standard and uniform policy for regulating data retention.

Cases ranging from child pornography to online fraud to standard hacking and computer piracy rely upon the information that can be mined by ISPs to move forward. In one current investigation looking into child pornography sharing across social networks, only 19 percent of the requests for IP identity release were able to be processed by the ISPs.

"They may be the only way to learn, for example, that a certain Internet address was used by a particular human being to engage in or facilitate a criminal offense," Jason Weinstein, deputy assistant attorney general for the Justice Department's criminal division told Bloomberg.

Concerns surrounding user privacy hang over the proceedings. Earlier attempts during the Bush administration to introduce similar proposals dissipated among worries that such policies could potentially intrude on user privacy. Others believe that such requirements will pose difficulties to the providers, because of the vast amount of data that would have to be stored over time.

"A data retention mandate would raise a number of serious privacy and free speech concerns...Congress should be very hesitant to require service providers to create databases to track the internet activities of 230 million innocent Americans," John Morris told ABC News, General Counsel for the Center for Democracy and Technology.

Some guidelines are already on the books regarding data retention--with the passage of the Electronic Communication Transactional Records Act in 1996, ISPs are required to hold records for 90 days if a governmental body asks them to do so.