‘Forgetting’ Part 2, or, it’s opposite: Data retention legislation in the US

Related to the themes of ‘forgetting’ I brought up in my first post are the recent policy discussions in the United States, the EU, and Canada about data retention legislation. Data retention refers to policies that mandate lengths of time that companies like Google and your internet service provider must keep your search and surf records before they are deleted. Mandatory data retention creates the opposite of forgetting: a scenario in which someone (powerful companies, the government) will always be able to find out what you have been doing online.

While both Microsoft and Google have recently agreed to the (eventual) deletion of your online search data, parties in the Bush White House and the the US Congress would like these companies to retain records of your online activity indefinitely. Fortunately, it does seem to be a hard political sell, and this problematic policy hasn’t made it to the floor of the US Congress yet. (The case is different in Europe; see Electronic Privacy Information Center, Data Retention http://www.epic.org/privacy/intl/data_retention.html)

Mandatory data retention policy is problematic in many ways. Retention bills frame the need for such surveillance measures around fighting online evils such as terrorism and child pornography. However, permanent surveillance of everyone’s online histories to track small numbers of offenders creates a costly trade-off. We have virtual identities and practices that intersect with our real-world selves (see blogging.) We use the internet to find information (that may be controversial), to express opinions (that may be controversial), or to communicate with others (who might be controversial). This sort of participation in public life has traditionally been encouraged by civic institutions such as libraries.

In fact, the professional ethical principles of librarians and information professionals (codified in statements such as the Code of Ethics of the American Library Association) generally converge upon the importance of intellectual freedom and protecting the privacy of information seekers. Information professionals not only support but protect privacy and confidentiality in information seeking and acquisition, a primary purpose of online activity. I believe that information professionals have an ethical obligation to resist mandated data preservation.

If the ethical arguments against such broad surveillance as data retention policy allows are not convincing, practical problems abound as well. For instance, implementation may not satisfy the intended purposes of tracking and catching those responsible for internet crimes. Tracking online activity via IP address has several technological flaws. Among these is the widespread use of wireless routers, which allow many people to share one IP address. Encryption services, virtual private networks (VPNs), and anonymizing services all exist specifically to mask a user’s IP address. If data retention can be avoided by the very criminal element it hopes to track, it may end up only surveilling the innocent or those without enough technology experience to avoid data retention measures.

Some further resources about the debate:

From the Center for Democracy & Technology:
Child Safety and Free Speech Issues in the 110th Congress. http://www.cdt.org/speech/20070215freespeechincongress.pdf
Libin, N., & Dempsey, J. Mandatory Data Retention – Invasive, Risky, Unnecessary, Ineffective. http://www.cdt.org/privacy/20060602retention.pdf



Leave a comment

Filed under media democracy

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s