HONOLULU (CN) – As U.S. congressmen backed away last week from a controversial censorship plan to stop online piracy, Hawaii’s House of Representatives put the brakes on a bill that would require Internet service providers to preserve two years of online browsing history.
Submitted on Jan. 20 by Rep. Tom Mizuno and six other Hawaii lawmakers, HB2288 would require companies like AOL, AT&T, Verizon and Yahoo to maintain two years of Internet search history records of all Hawaii residents for “no less than two years.”
The bill is barely two pages in length and states: “The required data for the consumer records shall include each subscriber’s information and internet destination history information. Destination information shall include any of the following: Internet protocol address, domain name or host name.”
Facing enormous opposition from other state representatives, local citizens, attorneys and the ISP Association, the House Committee on Economic Revitalization & Business deferred action on Thursday.
Supporters and opponents of the bill submitted 60 pages of testimony for a hearing on the matter earlier that morning.
“[The United States Internet Service Provider Association] has carefully examined past, more narrowly drafted, data retention proposals and each time has concluded that a uniform retention mandate is certain to present enormous challenges to the Internet service provider (ISP) industry,” the group’s executive director, Kate Dean, wrote. “These challenges include regulatory burdens, technical complications, significant capital and expense costs, and diversion of capital from innovation. RB 2288 raises all of these concerns […] Data retention as mandated by RB 2288 would require an entire industry to retain billions of discrete electronic records: records tracking every Internet user’s online activities, every online movement. The requirements of HB 2288 go far beyond the data retention legislation currently pending in the U.S. Congress, and well beyond the information which law enforcement would need to conduct investigations into the majority of online criminal activity. The scope of the data retention requirements under RB 2288 are dramatically disproportionate to the utility of the data that would be collected. The impact on consumer privacy of such a mandate is clear.”
Jeannine Souki on behalf of the State Privacy and Security Coalition explained how difficult it would be to enforce such legislation.
“The bill appears to assume that IP addresses correlate to individual subscribers,” Souki testified. “This is no longer the case. Indeed, on wireless networks, IP address assignments often change with each cell tower a user approaches. Furthermore, with an increasing number of landline ISPs, multiple customers will share the same IP address, through NAT router systems described in detail in the Center for Democracy & Technology’s written testimony. Thus, the assumption that with the IP address assignment data retained, law enforcement will be able to find a particular Internet user is increasingly false.”
Souki pointed out that such monitoring would be impractical, given the number of hotels, cafes and Wi-Fi hotspots offered to tourists in Hawaii. “Innocent” users of the Internet far outnumber criminals, who would try to work around the law by finding a means of accessing the Internet that would be “far harder to trace.”
Though supporters of the bill claimed that Hawaii law is ineffective against cybercrimes such as hacking and bullying, more Hawaiian residents and businesspeople urged the government to back away from the legislation, amid more pressing issues like the economy and homelessness.
T-Mobile opposed the bill as well. “It is critical that we all start with an understanding that – based on current technologies in use – in most cases the wireless carriers simply cannot return an identified name and address for a person associated with an IP address on a given date and time,” spokesman Rick Tsujimura said. “In other words, it would be a lot like Southwest being able to give you the entire passenger list of a flight, but unable to tell you which passengers specifically were assigned to or sitting in row 3.”
One citizen asked, “Seriously do you legislators even consult anyone in the tech community about this stuff?”
A Hawaii software executive defended privacy rights in his comment.
“In these times, the record of a person’s browsing history is as close as you can get to a record of their thoughts,” Ikayzo CEO Daniel Leuck said. “Even forcing telephone companies to record everyone’s conversations, which is unthinkable, would be less of an intrusion. This bill represents a radical violation of privacy and opens the door to rampant fourth amendment violations. As with a phone tap, the state should be required to seek a subpoena to record a person’s browsing activities. Internet traffic can be far more personal than a phone call. Why should the protection of access be held to a lower bar?”
Honolulu resident Daniel Wilson also rallied behind privacy rights. “Many Americans have fought and died in wars to maintain our freedoms so why are the sponsors of this bill so keen to give them up?” Wilson said. “What pressing need here overwhelms our Fourth Amendment rights, our privacy? This broadly written, loosely defined bill would harm our personal freedom. I strongly urge the house to not support the passing of HB2288. I’d be at the hearing to testify against it if I did I not have to work.”