Balkinization: Data Retention in the National Surveillance State

Data Retention in the National Surveillance State

The Justice Department has asked Internet companies to keep records of what sites individuals visit on the web and what search terms individuals enter in order to aid law enforcement, the New York Times reports.

The department proposed that the records be retained for as long as two years. Most Internet companies discard such records after a few weeks or months.In its current proposal, the department appears to be trying to determine whether Internet companies will voluntarily agree to keep certain information or if it will need to seek legislation to require them to do so.

Data retention is a crucial element of surveillance. One of the most significant protectors of privacy is amnesia. Ordinarily, much of what we do is forgotten, even if it is done in public or is otherwise easily captured. But if the government or private parities keep records of what we do, they can not only recall it, but trace our behavior over time. Hence if government is really serious about surveillance, it is not surprising that they want as much data retention as possible. One key question is who will bear the cost-- although data retention is increasingly cheap, it is not costless, and the Justice Department's request will put some burden on Internet companies.

Although Attorney General Gonzales initially offered enforcement of child pornography laws as the reason for requiring data retention, it soon became clear that the Justice Department wants to use the records for terrorism and general law enforcement. This is inevitable, and it is one of the risks of systematic data retention. Once Internet companies save data and make it routinely available to government, it is very hard for government to restrain itself from using it for many different purposes, not just simply the worst offenses. It would be like putting a very large and delicious cake in front of a very hungry person and expecting them not to want to take a bite.

It is sometimes said that data collection by computers does not invade privacy as long as no human being is watching. But when data is collected and retained, the fact that no human being is watching is irrelevant. Human beings always have the ability to view the data later on, and, moreover, to collate it, discovering features of our lives that were not obvious from isolated elements. This makes data retention a powerful tool of law enforcement, but also a powerful danger to individual privacy.

Posted 9:00 AM by JB [link]

Comments:

As a divorce attorney, can you think of anything better than subpoena power over web traffic records? Online porn, internet gambling, chat room transcripts -- it's a gold mine. "Would you care to settle this case and pay your ex-wife what she deserves, Mr. Balkin, or should we move forward with the ugly process of a public divorce?"

On a more serious note, is there really any doubt that NSA already tracks this information? After all, web traffic receives far less protection under current law than voice conversations -- and we know NSA crossed the phone tapping bridge long ago. And intercepting web traffic is probably quite a bit easier than tracking phone calls from a technological perspective.

Of course, the problem faced by NSA is that none of the juicy web traffic they intercept through their surveillance programs is admissible in court. (Heck, according to the web providers, the information doesn't even exist after a few days.) The new system would remedy the situation to some degree. Law enforcement would still need to establish probable cause to use the records in a prosecution, but that's a hell of a lot easier than trying to use data that isn't supposed to exist.

# posted by