Declan McCullagh did a great write up for CNET describing the myriad problems with Eric Holder as our next Attorney General, but one of those issues deserves a lot more exposure. That issue is that Eric Holder is a supporter of the creation of a data retention policy at ISPs to make it easier for the government to track what people do online.

In a speech in Vienna in 1999, he was quoted as saying:

First, we must take steps to ensure that we can obtain the evidence necessary to identify child pornographers. That means certain data must be retained by ISPs for reasonable periods of time so that it can be accessible to law enforcement,

Some privacy activists have tried to give him the benefit of the doubt that he was only referring to retaining records that have been requested by the government, but there was no context for that in his speech. Lacking that sort of nuance, we must simply take him at his word that he wants ISPs to get into the game of retaining records of their customers' activities for long periods of time. Whether that is through the government leaning on ISPs until they "voluntarily" adopt such policies or through naked force is immaterial.

A lot of people assume that the Internet is a "public place" and that you have no reasonable guarantee of privacy. To some extent that is true, but the real policy issue here is why should the government take actions which are absolutely guaranteed to diminish what privacy we do have. That's precisely what a data retention policy/mandate would do, as it would leave copious amounts of information about everything from instant messages, to emails, to web site visits exposed on an ISPs network. Such information is ripe for abuse, be it from law enforcement, criminals looking to score a big heist on personal information or curious employees.

Long-term data retention has been the norm in Europe for a while now, and according to one survey, it's already changing the behavior of some non-criminal segments of the German population. That is one of the natural side effects of living in a society where everyone knows that a significant amount of information about all of their electronic communications are stored and possibly monitored by third parties. It goes without saying that raising future generations of America under such a regime is going to have the result of making them generally accept such systematic surveillance as the norm of modern life. Such a thing does not bode well for the long term defense of liberty.

Between technologies like deep packet inspection and the steadily decreasing cost of storing large amounts of information, the technology barriers against large scale, systematic surveillance of Internet activity are almost gone. Compression algorithms like Bzip and 7zip would allow several terabytes of logged activity to be compressed to fit onto a single hard drive that costs less than $100.

Efforts to make ISPs retain data on their users' activities for several years are not only feasible now, but not even very expensive to mandate. They will also be the first, and probably most important, battles that civil libertarians will fight against the future of government surveillance of the public. As more and more communications are consolidated into Internet-based communications, the possibilities that will be opened up for spying on the public will be unprecedented.

Ever since former Attorney General Alberto Gonzalez first seriously raised the issue with ISPs and Congress, there has been bipartisan support for data retention mandates. The Democrats were more modest in their proposals, but that can be more readily attributed to them distrusting the Bush Administration's potential use of a data retention mandate than principled opposition. Pushed under the guise of yet another "will somebody please think of the children" piece of legislation to help fight child pornographers, it didn't get much outrage despite being a far more devastating proposal than anything the NSA was caught doing these past several years.

Holder's views are not very far away from those held by Gonzalez on this issue and others regarding police powers and surveillance. For one, he has a very spotty record on encryption technology in the hands of the average person. We take powerful encryption for granted today, but during the mid to late 1990s, it was considered to be a very dangerous tool, often called a military technology, that shouldn't be left unchecked in any civilian's hands. Holder was typical of the Clinton Administration, which was no friend of encryption technology and tried to get backdoors put into encryption products. Taken together, his positions on a myriad number of privacy and Internet-related issues give civil libertarians good reason to believe that he will jump at the first chance to get a long-term data retention scheme either voluntarily implemented or mandated.

Perhaps Holder and Obama have bigger fish to fry, and will not actually do anything on this issue, but events of the last year or two combined with Holder's early calls for a long-term data retention scheme should give us reason to be vigilant. There wasn't much principled opposition when it was being debated by both parties under the Bush Administration, and it's even less likely that a Democratic Congress will challenge Holder if he wants to raise the issue. Despite superficial outrage over the privacy and constitution violations of the Bush Administration, the Democrats have largely shown themselves to have little inherent opposition to the sort of surveillance that this issue presents to the public.