I’m not sure if anyone actually believes in internet privacy anymore, but what little we may have had may now be completely eroded thanks to a new bill in the US House of Representatives, Protecting Children From Internet Pornographers Act of 2011 (H.R.1981). If the bill in its current state becomes law, internet service providers must maintain the following subscriber data for a period of 18 months:
- Names
- Address(es)
- Temporarily-assigned IP addresses
While this measure does not aim to maintain detailed activity logs of subscribers, it is designed to be a point of reference for companies to trace actions to individuals. For example, if a temporary IP address of a home internet subscriber is found to be used in an attack of a major company, an ISP would be expected to turn over the information about the user of that IP address during the time of the attack. At a minimum, law enforcement would be able to access this data. In extreme cases, civil matters could potentially see this data included as well.
What this will drive criminals to do is to either move to public access points to commit crime like at a Starbucks, or continue to abuse open wireless access points of every day subscribers who don’t know any better. I argue we will also see an uptick in the usage of web anonymizers like Tor, and that this will probably have more value in civil and family matters than it will in criminal investigations.
Possibly Related Posts:
- Ten Things Companies Get Wrong About CIAM
- Protect Yourself and Freeze Your Credit
- Preventing Account Takeover, Enable MFA!
- Proofpoint Patches URL Sandbox Bypass Bug
- Pushing Vendors to Abandon SMS