ISP's now required to keep all your browsing history for 1 year (US)

[SXRguyinMA]

http://lifehacker.com/5825746/what-y...an-do-about-it

thoughts?

[Airbozo]

Scary.

Too many ways this could go wrong.

[Kayin]

Find out who voted for it and don't vote for them again. Though I swear our votes do nothing these days.

[diluzio91]

How long before the riaa and their ilk begin to subpoena this info...

[crenn]

3.5ms after it's enforced.

The saddest thing I think is it seems it was passed with no hassles with no one asking if it even increase the effectiveness of the police's investigation. Sadder thing, same thing is being tried to be introduced in Australia, just it's not being successful.

Just be glad they're not trying to introduce a firewall to block refused classification sites, even though it's been proven by labs to be ineffective.... the Australian government is still trying to get that through without success. Only takes 1 corrupt politician with a pay check from a sponsor to use it for a purpose that throws privacy out of the window.

Still like the idea of forcing politicians to wear vests with the name of sponsors and how much they're getting from them. As the comedian who said it says, "Then you'd really know why that politician voted the way they did".

[mDust]

While I have nothing to hide, I don't like my name, address, phone number, e-mail, SS#, and CC#s being saved more than necessary on 'secure' servers that I have no control over. I don't even want e-tailers saving that data anywhere...especially with how frequently personal data is hacked and stolen these days.

[CorsePerVita]

While I have nothing to hide, I don't like my name, address, phone number, e-mail, SS#, and CC#s being saved more than necessary on 'secure' servers that I have no control over. I don't even want e-tailers saving that data anywhere...especially with how frequently personal data is hacked and stolen these days.

That is also a concern. I don't pirate stuff. I can't afford to in my line of work. So I don't have anything to hide. However, my greatest fear is someone stealing personal info. Anytime something is stored somewhere, even if it's "safe" it's at risk if it isn't in your own possession, people are careless with your own things (even when it's your info).

And technically, I don't think anyone can subpoena something regarding your information unless it's regarding investigation into you in the first place. In other words, there has to be a reason for a subpoena, someone can't just go "hm i wonder what bob has been up to? hey can i have that info cuz .. uh.. well.. i just want it." but if they had a complaint against an ip for downloading something, well, then if they needed to subpoena then they could. If stuff is getting to that point already then more than likely it's no bueno for that person.

It says the bill can be amended. It's likely that if enough squabble is made of it that it may end up happening if that's the case, because in all reality, it does pose security risks (like you said, such as personal info). The other issue is that even if a person was entirely innocent of something but their info was subpoena'd, lots of things can be made in use to make a person look bad which are no business of everyone else but you can bet people can/will use in court against that person.

Keep in mind though even when a bill is passed, that it will take time for it to go into effect and be enforced.

It would be like recording every show, what time you watched it, exactly what channel, what you ate while you watched it and then putting it in a database.

Realistically some ISPs hold some of that stuff already for a short time, but not a long time. A year is fairly substantial.

[x88x]

Ugh. Yet another example of politicians pushing their sponsors' interests under the paper-thin guise of fighting child porn.

Simple solution though. Set up several scripts to automatically load webpages at random intervals. Throw up enough of a smoke screen and even if someone does subpoena your records there's no way they can prove you did it not one of your bots.

EDIT: Oh, or just set up a TOR exit node. Same results.

[CorsePerVita]

I think we need to all move to an island and just make our own country there.

[x88x]

Actually, I took a closer look at it...read through the text of the bill...and I'm not seeing anything about retaining browsing history, just about retaining the dynamic IP assignment records.
http://thomas.loc.gov/cgi-bin/bdquery/z?d112:h.r.01981:
In particular:

SEC. 4. RETENTION OF CERTAIN RECORDS BY ELECTRONIC COMMUNICATION SERVICE PROVIDERS.

(a) In General- Section 2703 of title 18, United States Code, is amended by adding at the end the following:

`(h) Retention of Certain Records- A provider of an electronic communication service or remote computing service shall retain for a period of at least 18 months the temporarily assigned network addresses the service assigns to each account, unless that address is transmitted by radio communication (as defined in section 3 of the Communications Act of 1934).'.

(b) Sense of Congress- It is the sense of Congress that records retained pursuant to section 2703(h) of title 18, United States Code, should be stored securely to protect customer privacy and prevent against breaches of the records.

Maybe someone a bit more familiar with legal stuff can look over it and see if I'm missing something, but from what I can see there's nothing there about browsing history. In fact, in the LifeHacker article they say as much...right before they start going off about how pointless recording everyone's browsing history would be.

The lovingly titled Protecting Children From Internet Pornographers Act of 2011 (PCFIPA of 2011) requires ISPs to retain customer names, addresses, phone numbers, credit card numbers, bank account numbers, and dynamic IP addresses. It's a record of your personal information plus the web sites you visit. It's like handing over a year's worth of browser history plus the contents of your wallet to the police.

I'm not seeing how they make the jump from:

requires ISPs to retain customer names, addresses, phone numbers, credit card numbers, bank account numbers, and dynamic IP addresses

to:

It's a record of your personal information plus the web sites you visit.

Unless I'm missing something major in the text of the bill, I'm disappointed with LifeHacker. They're usually better about doing their research on stuff like this.

EDIT:
For full text of the relevant US Code (wording prior to this bill):
http://www.law.cornell.edu/uscode/18...3----000-.html
From reading that, the name, address, phone number, and payment information (ie, credit card number, bank info, etc) is already something that the ISP is required to turn over under court order.

So, to confirm what I was reading in the text of the bill, the only new thing that this bill introduces in the area of ISPs keeping records on customers is that they have to keep records of their dynamic IP assignments.

I'm disappointed in you, LifeHacker. I thought you were better than that.