Whatever else you might say about conservative Republicans in the United States Congress, they certainly have a knack for naming bills. Nobody wanted to vote against “The USA Patriot Act” or “The Protect America Act,” even though they subverted patriotism and failed to protect Americans from threatening spies. Following in this line of ironically named bills is The Internet Safety Act of 2009, a bill that places the long-term safety of the Internet in great peril.
Introduced in the House as H.R. 1076 by Rep. Lamar Smith and in the Senate as S. 436 by Sen. John Cornyn, the Internet Safety Act of 2009 would end anonymity on the Internet in the United States while imposing huge reporting burdens not only on internet service providers, libraries and universities but also on millions of individual people who write and build community on the Internet.
As Declan McCullagh has ably described the bill, it would if passed require every corporation, small business, non-profit institution and person in America who provides internet access to others to keep records of every single user using the Internet every single time they do it. Their identifying information must be kept for two years so that the government can access it and look for criminal and other suspicious activity. Section 5 of the Act reads:
A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user.
Consider the practicalities of this mandate. When you buy flowers for your mom online with a credit card, that’s identifying information, and Time Warner will be required to keep your credit card number in a database for two years. When you log in to the WiFi at the airport or in a hotel, every activity of yours will have to be kept in the airport’s or hotel’s logs so that you can be identified if the feds get curious about you.
But wait, there’s more. The definition of “remote computing service” in United States Code is “provision to the public of computer storage or processing services by means of an electronic communications system.” The Department of Justice explains what this means:
The term “remote computing service” (“RCS”) is defined by 18 U.S.C. § 2711(2) as “provision to the public of computer storage or processing services by means of an electronic communications system.” An “electronic communications system” is “any wire, radio, electromagnetic, photooptical or photoelectronic facilities for the transmission of wire or electronic communications, and any computer facilities or related electronic equipment for the electronic storage of such communications.” 18 U.S.C. § 2510(14).
Roughly speaking, a remote computing service is provided by an off-site computer that stores or processes data for a customer. See S. Rep. No. 99-541 (1986), reprinted in 1986 U.S.C.C.A.N. 3555, 3564-65. For example, a service provider that processes data in a time-sharing arrangement provides an RCS. See H.R. Rep. No. 99-647, at 23 (1986). A mainframe computer that stores data for future retrieval also provides an RCS. See Steve Jackson Games, Inc. v. United States Secret Service, 816 F. Supp. 432, 443 (W.D. Tex. 1993) (holding that provider of bulletin board services was a remote computing service).
“Remote computing service” has been decided by the courts to include internet message board systems and YouTube among other websites with interactive posting features. If you maintain an online bulletin board, and if this bill passes, you’ll be required to log identifying information of all the users of your board for two year periods, and to make those logs available to the government upon request. If you have a guestbook on your website, or if you write a blog that has a comments section, you’ll have to do the same.
The effects of this bill are notable in two aspects. First, they would convert large swaths of the corporate world, non-profit sector and plain old population into auxiliaries of the police state. It would become our job even here at Irregular Times to spy on your activities and keep records on your identity just in case you ever were suspected of doing anything wrong. That’s an East German model.
Second, it would be a logistical nightmare. From a data retention perspective, it would be like asking you to keep every copy of every newspaper and piece of mail you received for two years. Maybe if you only kept your love letters or postcards from Aunt Betty in Majorca, that wouldn’t be so bad. But if you had to keep every newspaper, every magazine, every copy of the Pennysaver, every stupid credit card solicitation for two years, available upon request to the government, then you’d have to set aside the airy foyer of that McMansion you can’t sell and fill it from floor to cathedral ceiling. Going back to the Internet, if this bill were passed into law we’d have to keep and log not just every legitimate comment we received, but every illegitimate comment, too. I don’t suppose that Rep. Smith and Sen. Cornyn have ever heard of comment spam; in the past six months alone, we here at Irregular Times have filtered out and deleted 477,000 pieces of comment spam. If we had to keep and log all identifying information for nearly 2 million pieces of comment spam for two years, well, we’d max out our storage capacity very quickly… and really, we’re small fry. Imagine what the really big community websites would have to do. Is there a piece of the stimulus package set aside to buy big new servers so everybody can comply?
But wait, there’s even more. Consider Section 3 of the Internet Safety Act:
Whoever, being an Internet content hosting provider or email service provider, knowingly engages in any conduct the provider knows or has reason to believe facilitates access to, or the possession of, child pornography (as defined in section 2256) shall be fined under this title or imprisoned not more than 10 years, or both.
(b) Definitions- As used in this section–
`(1) the term `Internet content hosting provider’ means a service that–
`(A) stores, through electromagnetic or other means, electronic data, including the content of web pages, electronic mail, documents, images, audio and video files, online discussion boards, and weblogs;
An internet service provider, a web page writer, a blogger, or a discussion board host who engages in any conduct that they have reason to believe could facilitate any access to child pornography would be guilty of a federal offense and shipped off to prison. This sort of “reason to believe” “facilitation” for “child pornography” includes behavior that millions of web pages engage in right now: allowing people to use discussion boards or guestbooks or comment sections without registering and identifying themselves first, and letting those people post images as part of their messages. If you let people do this on your website, congratulations! In the eyes of this bill, you’re a federal offender.
The Internet Safety Act makes it a very dangerous place, not just to be an internet access company but also to be a writer, a web page owner or a web page administrator of almost any sort. We’d all be in peril of federal prison unless we clamped down on open communication and squelched anonymity.
All of the above is proposed in the name of stopping child pornography. Just as with the Protect America Act and the USA Patriot Act, the Internet Safety Act is couched in language that members of Congress may find hard to oppose. Just as your member of Congress found it hard to go on the record against “patriotism” and against “protecting America,” l suspect they may find it hard to go on the record in opposition to “Internet safety.” And what politicians want to see advertisements on the air calling them child porn coddlers? I hope there are at least 270 of them.