A bill requiring Hawaii Internet providers to retain the records of their customers for at least two years was shelved Thursday by a state House committee after a cross section of the information technology community slammed the bill for being too broad, Draconian and expensive, and for raising the potential to create more cybervictims.
House Bill 2288 is being pushed by Hawaii law enforcement officials who say they need help tracking down a new generation of criminals who use the Internet to steal personal information from unsuspecting computer users.
"Often these crimes are discovered months after the theft has occurred and the Internet service providers’ records are no longer available for examination," said Honolulu police Capt. Lester Hite of the Criminal Investigation Division. "Cases are often closed because we are unable to obtain this type of valuable evidence to further the investigation."
Honolulu Deputy Prosecutor Chris Van Marter, who heads the White Collar Crime Unit, said his office is forced to drop about 25 percent of cyber-related cases because Internet service providers say they cannot produce key information.
The law enforcement officials said they mostly want to be able to track where a suspected criminal might be operating. But the bill also called for service providers to retain where people go on the Internet.
A slew of Internet and cellphone providers, as well as computer privacy advocates, raised strong objections Thursday before the House Economic Revitalization and Business Committee.
Jeannine Souki, who spoke on behalf the State Privacy and Security Coalition, made up of technology companies and trade associations, said the House measure is far broader than the federal data retention bill now being debated in Congress.
"This bill would require retention of an unspecified range of subscriber information, IP (Internet provider) assignment data and domain and host name Web destination data," Souki said. Requiring service providers to store so much information is not only financially impractical, but increases the potential for subscriber information to be stolen, she said.
"The bill appears to assume that IP addresses correlate with individual subscriber data," Souki said. "This is not the case, especially in wireless networks where IP address assignments are often recycled with each cell tower as a user approaches."
Requiring the retention of the data also raises the privacy risk to Internet users, Souki said.
"Mandating that these data be retained would serve as a magnet for a host of intrusive requests from such people as litigants in civil cases involving divorce, unemployment, politically motivated lawsuits and administrative investigations."
Gordon Bruce, the city’s chief information officer, warned that the city would need to shut down free municipal wireless service at various hot spots around Oahu if the bill is passed. Companies that now provide the service would have no incentive to continue doing so if they are forced to capture and store the data as required by the bill.
Committee Chairman Rep. Angus McElvey urged HPD and prosecutors to get together with Internet service providers to discuss how they could obtain the information without legislation.
McElvey said he also wants to see what the federal government does this year on Internet legislation. Strong and vocal opposition has been raised against recent Internet-related legislation, including the Stop Online Piracy Act in the U.S. House and the Protect IP Act in the Senate. Both, designed to fight Internet piracy outside the U.S., are decried by critics as forms of censorship.