If they nag long enough, Congress just might enact a data retention mandate...
I guess the FBI figures that if they keep pressuring Congress like a horny teenage boy pressuring his date on prom night that it'll finally give in and enact a data retention mandate. The reason why one has not been enacted so far is that it would be expensive and open up a can of worms for Congress on issues ranging from creating more incentive for hackers to hit large ISPs, to funding the upgrades to ISP infrastructure, to creating a data retention mandate that gives the FBI only just enough data, not too little or too much.WASHINGTON--The FBI is pressing Internet service providers to record which Web sites customers visit and retain those logs for two years, a requirement that law enforcement believes could help it in investigations of child pornography and other serious crimes.
FBI Director Robert Mueller supports storing Internet users' "origin and destination information," a bureau attorney said at a federal task force meeting on Thursday.
At Thursday's meeting (PDF) of the Online Safety and Technology Working Group, which was created by Congress and organized by the U.S. Department of Commerce, Motta stressed that the bureau was not asking that content data, such as the text of e-mail messages, be retained.
What remains unclear are the details of what the FBI is proposing. The possibilities include requiring an Internet provider to log the Internet protocol (IP) address of a Web site visited, or the domain name such as cnet.com, a host name such as news.cnet.com, or the actual URL such as http://reviews.cnet.com/Music/2001-6450_7-0.html.
The FBI would need the third of the three options that CNet identified. The IP address alone is ludicrously insufficient to prove intent. If illegal data is stored on a shared host, it's likely that there are as many as several hundred legitimate domains hosted on the server with that IP address. The domain name is also insufficient in many cases. Only storing the exact URL would be sufficient, but then the FBI would have to comb through the logs for the actual URL the user requested since web browsers make automated HTTP requests for all of the content in a HTML page and those requests would not be immediately distinguishable from what the user actually intended to request.
