Eric Holder on Privacy and Data RetentionThursday, December 18th, 2008 by Harry Lewis
- First, ‚Ä¶ certain data must be retained by ISPs for reasonable periods of time so that it can be accessible to law enforcement,
Second, we must respect the right to privacy and laws protecting it and we should use proper legal process to obtain data – but we must also make sure that those laws are not so strict that effective enforcement is not possible. In some cases, changes to privacy laws may be required to recognize the new technological reality we now confront.
This is a classic can’t-have-it-both-ways dilemma. We don’t want Google and Yahoo! hanging onto our search queries forever, and we don’t want ISP’s hanging onto records of our Internet behavior, as much as all these good folks would love to use the data to extract information about our behavior that would be valuable for engineering and commercial reasons. No, we don’t want the data to be leaked, subpoenaed, or just snooped. Just get rid of it, please, once you’ve given us what we asked for.
For law enforcement, the more data is retained, the better. It may turn out that an important needle is buried in that haystack. Just think about this report on Carey Anthony, the mother of the missing Florida toddler:
Someone using the Anthonys’ home computer used Google to search for “neck breaking,” “how to make chloraform [sic]” and “household weapons.” Someone also Googled peroxide, acetone, alcohol and “lost numbers.”
Someone also used Wikipedia to search for “inhalation,” “chloroform,” “acetone,” “shovel” and “death.”
A computer forensics report from a Sheriff’s Office detective states that on March 21, someone used other Web sources like sci-spot.com, druglibrary.org and instructables.com for the words “making weapons out of household products,” “chloroformhabit,” “how to make chloroform,” and “chloro2.”
All that seems to have been gathered from inspecting the computer itself, but the same information might have been obtained from an ISP if it had retained the information, as the British are now proposing to do.
You might think we, the consumers, would have a say in these data retention policies, but Blomquist ends with a realistic prediction: “this question won’t be settled through competition in the free market, but instead though competition between regulators.” And in a battle between privacy regulators vs. law enforcement regulators, I think we know who’s going to win.