On July 12, the House Judiciary Subcommittee on Crime, Terrorism, and Homeland Security held a hearing on the “Protecting Children from Internet Pornographers Act” (H.R. 1981).
This measure, sponsored by Chair Lamar Smith (R-TX), would enable law enforcement officials to successfully locate and prosecute Internet pornographers that have an interest in children. Specifically, the bill would require Internet Services Providers (ISPs) to retain for at least 18 months content assigned to Internet Protocol (IP) addresses. Under current law, the period of retention varies widely among ISPs, often making it difficult for investigators to identify and apprehend child pornographers on the Internet.
The legislation would grant administrative subpoena power for the purpose of investigating unregistered sex offenders. Under current law, law enforcement officials must obtain a subpoena and then request from the ISP the name and IP address of an individual who is suspected of engaging in unlawful internet pornographic use.
The bill also would enhance penalties for possessing child pornography and protect child witnesses or victims by prohibiting their harassment or intimidation while they testify during a child pornography case.
In establishing a context for the hearing, Rep. Smith said, “Child pornography may be the fastest growing crime in America, increasing an average of 150 percent per year.” He noted that in spite of new technologies to combat child pornography, there remain many loopholes in identifying and prosecuting child internet pornographers. He stated, “Often the only way to identify a pedophile who operates a website or exchanges child pornography images with other pedophiles is by an Internet Protocol (IP) address. Law enforcement officials must obtain a subpoena and then request from the Internet Service Provider (ISP) the name and address of the user of the IP address. Unfortunately, ISPs regularly purge these records, making it difficult if not impossible for investigators to apprehend child pornographers on the Internet. H.R. 1981 directs [ISPs] to retain [IP] addresses to assist federal law enforcement officials with child pornography and other Internet investigations. This is a narrow provision that addresses the retention of only the [IP] addresses the providers assign to their customers. It does not require the retention of any content. So the bill does not threaten any legitimate privacy interests of Internet users…In effect, this bill merely applies to the Internet what has applied to telephones for decades. Without the identity of the perpetrator, law enforcement officials cannot track down pedophiles, so they continue to threaten our children…Both Democratic and Republican administrations have been calling for data retention for a decade.”
In an effort to call attention to the severity of this crime, Ernie Allen, president and CEO of the National Center for Missing & Exploited Children, noted that “Nineteen percent of identified offenders in a survey had images of children younger than three years old; 39 percent had images of children younger than six years old; and 83 percent had images of children younger than twelve years old. Reports to the CyberTipline include images of sexual assaults of toddlers and even infants. There are millions of child pornography images being traded online by individuals who view them for sexual gratification. Offenders can access them for free on all platforms of the Internet, including the World Wide Web, peer-to-peer file-sharing programs, and Internet Relay Chat.”
In addition, Mr. Allen expressed his concern regarding the connection between child pornography and the financial system: “There is also another side to this problem: offenders who treat these children as a commodity, profiting by selling online access to child pornography images. Who is behind this? Law enforcement investigations have found that organized crime networks operate some of these enterprises. One such case was that of the Regpay Company, a major Internet processor of subscriptions for third-party commercial child pornography websites. The site was managed in Belarus, the credit card payments were processed by a company in Florida, the money was deposited in a bank in Latvia, and the majority of the almost 300,000 credit card transactions on the sites were from Americans. This is but one example of the connection between child pornography and the financial system.” He added, “The greatest challenge to law enforcement investigating online crimes against children is that technology allows offenders to use the Internet with perceived anonymity. There is a significant missing link in the chain from detection of child pornography to conviction of the offender…Connectivity logs provide the link between an [IP] address and an actual person. These records are vital to law enforcement investigating and prosecuting these cases.”
Speaking in support of H.R. 1981, Michael Brown, sheriff of Bedford County, VA and a member of the Executive Committee and Board of Directors for the National Sheriffs’ Association (NSA), discussed the problems that occur when “ISPs only retain their clients’ records for a short period of time.” Mr. Brown continued, “It could be months. And it varies from ISP to ISP. As such, the limited data retention time and lack of uniformity among retention from company to company significantly hinders law enforcement’s ability to identify predators when they come across child pornography…Through H.R. 1981, ISPs will be required to retain [for 18 months] the IP addresses and all associated customer information, i.e., billing…[and the] date the IP address was assigned and expired…The 18-month provision is critical as it will ensure that when law enforcement contacts an ISP looking for a child predator, the identifying information will still exist…it can take law enforcement time to comb through the multitude of online information to successfully identify and locate the child pornographer. Therefore, it is imperative that data be retained by ISPs for a significant and standard period of time.”
While expressing his support for several provisions of the bill,Marc Rotenberg, president and executive director of the Electronic Privacy Information Center (EPIC), also explained his concerns with its data retention and immunity provisions, which he indicated would “undermine basic Fourth Amendment safeguards, create new risks to Internet users, and are unlikely to solve the problem that Congress seeks to address.” Mr. Rotenberg explained that “federal law does not allow the government to mandate the collection of information about computer services prior to a determination that there is some reason to believe that a particular user has engaged in, or may be engaged in, criminal conduct. This is a critical distinction. It reflects a central purpose of the Fourth Amendment: to ensure that the investigative powers of the government are directed toward those who have actually committed a crime or may be planning a crime…even apart from an actual investigation, communications service providers already have authority to bring to the attention of law enforcement online activities that may raise significant concerns.”
Addressing his opposition to the data retention provisions of H.R. 1981, Mr. Rotenberg said the provisions “would introduce an entirely new approach to criminal investigations. It would give the government sweeping authority to mandate the collection and retention of personal information obtained by businesses from their customers, or generated by the business in the course of providing services, for subsequent examination without any reason to believe that information is relevant or necessary for a criminal investigation…In order for the proposed IP address retention to be of use to law enforcement, it logically follows that the ISP must maintain a database that links the IP addresses to individual identities. Nothing in the bill, though, indicates exactly what information must be retained. Furthermore, even if a customer closes an account with an ISP, that ISP would be required to maintain his records for a full eighteen months after he ceased service. The government already has broad statutory authority to obtain customer records from ISPs and other service providers. Law enforcement need not rely upon a warrant or judicial subpoena; it is instead authorized to issue an administrative subpoena to seek the records. Under this proposed legislation, though, law enforcement would be empowered to use an administrative subpoena, and therefore avoid judicial scrutiny, for records dating back eighteen months. This would be an unprecedented expansion of the ability for the government to directly link a person’s online activities to his or her actual identity.”
