Online Privacy Again at Issue
Big Internet and telephone companies are girding to fight an unprecedented call by the Bush administration for them to keep detailed records of customers’ online activities for two years.
The request by Atty. Gen. Alberto R. Gonzales and FBI Director Robert S. Mueller III would dramatically expand the government’s ability to track what people do online and with whom they communicate.
It follows disclosure this year that the Justice Department had solicited potentially billions of online search queries from some of the same companies and that the National Security Agency had requested calling records of virtually all U.S. customers.
Gonzales and Mueller asked Google Inc., Time Warner Inc.'s AOL and other companies to preserve the data at a May 26 meeting, citing their value to investigations into child-pornography distribution and terrorism. Internet companies typically keep customer histories for only a few days or weeks.
The Justice Department said Thursday that it was not seeking to have e-mail content archived, just information about the websites people visit and those with whom they correspond.
Beyond law enforcement, though, the trove also could be available to lawyers arguing civil lawsuits -- including divorce cases and suits against people suspected of swapping copyrighted movie and music files online. Privacy advocates fear the user histories could be exploited by criminal investigators conducting inappropriate exploration or pursuing minor cases.
“This is not simply limited to kiddie porn or terrorism. It’s a real break with precedent,” said Marc Rotenberg, executive director of the nonprofit Electronic Privacy Information Center. “Data retention is open-ended. The government is saying, ‘Keep everything about everyone and we’ll sort it out later.’ ”
Individual legal battles increasingly include court-approved requests for records from Internet access providers who might have online evidence of criminal activity or an affair. Often those requests yield little because the target can no longer be linked to a specific computer’s Internet address or because the e-mails and records of website visits have been deleted.
None of the Internet companies has publicly opposed the request. But they noted concerns over privacy in statements Thursday. People familiar with the company executives’ reaction to the Justice Department’s request described alarm -- tempered mainly by assurances from Gonzales and Mueller that the discussions were preliminary.
Many of the companies appeared to be emboldened by recent precedents set by Google and Qwest Communications International Inc., both of which resisted broad requests for data from the Justice Department and the NSA, respectively.
Without addressing the substance of the meeting with Gonzales and Mueller, Verizon Communications Inc. spokesman David Fish said the company “has a strong history of protecting customer communications and related records.” He noted that the Internet access provider battled requests for customer data from the Recording Industry Assn. of America.
Google said a solution “must balance the legitimate interests of individual users, law enforcement agencies and Internet companies.”
If companies refuse to cooperate, the Justice Department said it might propose legislation to force the companies to keep records longer. Specifically, the Justice Department wants information linking those online to the Internet addresses assigned to personal computers. In addition, it wants data tying those Internet addresses to destinations on the Web and to e-mail sent and received.
Currently, court orders can force e-mail providers, Internet access providers and others to turn over records -- when they have them. The speed with which online footprints fade has frustrated law enforcement. Police, for instance, have testified before Congress they often run into dead ends in child-sex cases.
In an April speech at the National Center for Missing and Exploited Children in Alexandria, Va., Gonzales said the reluctance of service providers to keep records longer “has hampered our ability to conduct investigations in this area.”
The Justice Department said Thursday that it was not interested in reading the e-mails of ordinary Americans.
“The attorney general made perfectly clear that if the Department of Justice decides to ask Congress for a data-retention requirement, the department would not propose that content be included in such a requirement,” spokesman Brian Roehrkasse said.
Law enforcement officials would still need some legal instrument, such as a subpoena or search warrant, to look at the data. But FBI agents have the additional power to request information secretly, without a court order, through so-called national security letters.
Five companies and one trade group attended last week’s meeting with Gonzales and Mueller, first reported by the online technology news website CNet. Besides Google, AOL and Verizon, executives were sent from Microsoft Corp. and Comcast Corp., according to several people briefed on the session.
Acknowledging the sensitivity of the project, the Justice Department on Thursday took the unusual step of discussing the plan with such likely critics as the Cato Institute, a public-policy research organization, and the Electronic Privacy Information Center. Further meetings with telephone and Internet companies are set for today.
“What’s special here is the scale,” said Ohio State University law professor Peter Swire, a privacy expert who attended Thursday’s meeting at the Justice Department. “The Justice Department is discussing requiring records for chat, e-mail, and Web surfing -- that’s billions of encounters per day.”
As things stand, a few industries are required to keep information on customers. A growing number of financial firms must know enough about their clients to be able to report activity that could involve hiding illicit profits. Phone companies must keep records on who called whom for 18 months, and Justice Department and Homeland Security officials in April told the Federal Communications Commission that period should be extended.
With Internet records, “you’re in a different ballgame,” said Jim Harper, an information policy specialist at the Cato Institute. “You’re talking about a massive transfer of power.”