Spy on Yourself … for the Children
By Mark Nestmann • March 16, 2009
Nothing is "too much" when it comes to protecting our children. Especially your privacy.
Republicans in the U.S. Senate and House have introduced companion bills that would force Internet Service providers (ISPs) to retain user data from every subscriber for up to two years. Key congressional Democrats and the Obama administration appear to endorse their proposal. And it's all intended, supposedly, to protect children from sexual exploitation by adults.
What's to be recorded? Everything, according to the proposed "Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act," or Internet Safety Act. For starters, your e-mail messages, your Web browsing records, and most likely, the contents of any telephone calls you make or receive over the Internet.
And it's not just commercial ISPs that will be affected. For instance, if you have a wi-fi router at home, you're supposed to surveil yourself. Hotels, libraries, universities, local coffee shops—indeed anyone offering Internet access anywhere in the United States—will need to keep and maintain these records.
Consider for a moment what these records might contain. Every day, billions of spam messages promoting pornographic websites are sent to millions of email addresses—perhaps yours. Naturally, the Internet Safety Act requires that your ISP save these messages (or you, if you have a wireless Internet connection at home or at work). In addition, many Internet pages display pop-up messages that contain pornographic images. You're supposed to save those images, too, even if you have absolutely zero interest in child pornography, or any kind of pornography.
Under existing law, if any of these images are of people in nude or sexually suggestive poses who appear to be under the age of 18, you can be arrested for possession of child pornography.
In other words, the Internet Safety Act would, by its very purpose, open the door for virtually anyone who uses the Internet to be arrested on child porn charges. However, I suspect that the data won't be used to fight child pornography as much as it's used in other types of investigations.
But, incredibly, that's not the worst part of this bill. The worst part is that the stored data will be an identify thief's pipe dream. Consider what you'll have to do once this law comes into effect if you have a home or office network. First, you'll need to install some very expensive storage devices that can store two years of data for everything you do online. Presumably, you won't have access to the stored data—after all, you might delete it, and that would be illegal.
So now you have millions of Americans possessing at home (or perhaps in an online repository) data reflecting everything they've done online for the last two years. Your user IDs, passwords, and other confidential data will be there for the taking by any hacker smart enough to get past whatever security measures are put in place. And don't think those measures will be impenetrable. If hackers can clone supposedly "ultra-secure" RFID passports (which they have done already), how safe do you think your data will be?
But the most laughable aspect of this proposal is how easy it will be to evade it. If you take the simple precaution of subscribing to a "virtual private network" (VPN) your ISP will see only an encrypted data stream flowing through your connection. So, I anticipate that a companion bill to the Internet Safety Act will force that VPNs turn over their encryption keys over to the Department of Justice for "safekeeping." That will naturally cause anyone seeking privacy to subscribe to non-U.S. VPNs, although the Obama administration apparently wants to extend these requirements globally.
If they achieve this goal, the only way left to communicate privately may be to do what I did as a child—string two tin cans together with a wire.
"Hello, can you hear me?"
Copyright © 2009 by Mark Nestmann
(An earlier version of this post was published by The Sovereign Society.)