Hawaii law to spy on web users

SOURCE: Ken Taylor (taylork021@hawaii.rr.com)
SUBHEAD: Hawaii law may allow tracking of all of a users website visits for up to two years.  

By Declan McCullagh on 26 January 2012 for C-Net - 
(http://news.cnet.com/8301-31921_3-57366443-281/hawaii-may-keep-track-of-all-web-sites-visited/)

 
Image above: John Mizuno (dressed as gangster?) speaks before Hawaiian legislature. From (http://www.capitol.hawaii.gov/hsemaj/mizuno_john.html).

Hawaii's legislature is weighing an unprecedented proposal to curb the privacy of Aloha State residents: requiring Internet providers to keep track of every Web site their customers visit.

Its House of Representatives has scheduled a hearing this morning on a new bill (PDF) requiring the creation of virtual dossiers on state residents. The measure, H.B. 2288, says "Internet destination history information" and "subscriber's information" such as name and address must be saved for two years.

H.B. 2288, which was introduced Friday, says the dossiers must include a list of Internet Protocol addresses and domain names visited. Democratic Rep. John Mizuno of Oahu is the lead sponsor; Mizuno also introduced H.B. 2287, a computer crime bill, at the same time last week.
Mizuno, wants to require virtual dossiers to be compiled on state residents: two years' worth of their Internet browsing.

Last summer, U.S. Rep. Lamar Smith (R-Texas) managed to persuade a divided committee in the U.S. House of Representatives to approve his data retention proposal, which doesn't go nearly as far as Hawaii's. (Smith, currently Hollywood's favorite Republican, has become better known as the author of the controversial Stop Online Piracy Act, or SOPA.)

Democrat Jill Tokuda, the Hawaii Senate's majority whip, who introduced a companion bill, S.B. 2530, in the Senate, told CNET that her legislation was intended to address concerns raised by Rep. Kymberly Pine, the first Republican elected to her Oahu district since statehood and the House minority floor leader.

"I was asked to introduce the Senate companions on these Internet security related bills by Representative Kymberly Marcos Pine after her own personal experience in this area," Tokuda said. "I would defer to her on the origins of these bills as she has done the research and outreach, and been the main champion of this effort."

Pine, who did not immediately respond to queries, has been targeted by a disgruntled Web designer, Eric Ryan, who launched KymPineIsACrook.com and claims she owes him money, according to an article last summer in the Hawaii Reporter. Her e-mail account was also reportedly hacked around the same time. The article said Pine would advocate for "tougher cyber laws at the Hawaii State Capitol" as a result.

"We must do everything we can to protect the people of Hawaii from these attacks and give prosecutors the tools to ensure justice is served for victims," Pine said at the time.

Whatever its sponsors' motivations, the bill isn't exactly being welcomed by Hawaiian Internet companies.

"This bill represents a radical violation of privacy and opens the door to rampant Fourth Amendment violations," says Daniel Leuck, chief executive of Honolulu-based software design boutique Ikayzo, who submitted testimony opposing the bill. He adds: "Even forcing telephone companies to record everyone's conversations, which is unthinkable, would be less of an intrusion."

Mizuno's proposal currently specifies no privacy protections, such as placing restrictions on what Internet providers can do with this information (like selling user profiles to advertisers) or requiring that police obtain a court order before perusing the virtual dossiers of Hawaiian citizens. Also absent are security requirements such as mandating the use of encryption.

Because the wording is so broad and applies to any company that "provides access to the Internet," Mizuno's legislation could sweep in far more than AT&T, Verizon, and Hawaii's local Internet providers. It could also impose sweeping new requirements on coffee shops, bookstores, and hotels frequented by the over 6 million tourists who visit the islands each year.

"H.B. 2288 raises all of the traditional concerns associated with data retention, and then some," Kate Dean, head of the U.S. Internet Service Provider Association in Washington, D.C., which counts Verizon and AT&T as members, told CNET. "And this may be the broadest mandate we've seen."

Even the Justice Department has only lobbied the U.S. Congress to record Internet Protocol addresses assigned to individuals--users' origin IP address, in other words. It hasn't publicly demanded that companies record the destination IP addresses as well.

In Washington, D.C., the fight over data retention requirements has been simmering since the Justice Department pushed the topic in 2005, a development that was first reported by CNET. Proposals publicly surfaced in the U.S. Congress the following year, and President Bush's attorney general, Alberto Gonzales said it's an issue that "must be addressed." So, eventually, did FBI director Robert Mueller.

Backing away from web spy law


By Declan McCullagh on 26 January 2012 for C-Net -  
(http://news.cnet.com/8301-31921_3-57367226-281/hawaiian-politician-backs-away-from-web-dossier-law/)

 
Image above: Graphic depicting Kym Pine as a criminal is what initiated proposed spy law. From (http://www.kympineisacrook.com/)
 
A Hawaii politician who proposed requiring Internet providers to record every Web site their customers visit is now backing away from the controversial legislation.

Rep. Kymberly Pine, an Oahu Republican and the House minority floor leader, told CNET this evening that her intention was to protect "victims of crime," not compile virtual dossiers on every resident of--or visitor to--the Aloha State who uses the Internet.

"We do not want to know where everyone goes on the Internet," Pine said. "That's not our interest. We just want the ability for law enforcement to be able to capture the activities of crime."

Pine acknowledged that civil libertarians and industry representatives have leveled severe criticism of the unprecedented legislation, which even the U.S. Justice Department did not propose when calling for new data retention laws last year. A Hawaii House of Representatives committee met this morning to consider the bill (PDF), which was tabled.

The bill, H.B. 2288, will likely now be revised, Pine said. The idea of compiling dossiers "was a little broad," said Pine, who became interested in the topic after becoming the subject of a political attack Web site last year. "And we deserved what we heard at the committee hearing."

What the House Committee on Economic Revitalization and Business heard from opponents today was that the bill was anti-business and fraught with civil rights issues.

Laurie Temple, a staff attorney at the American Civil Liberties Union of Hawaii, wrote a letter (PDF) calling H.B. 2288 a "direct assault on bedrock privacy principles." Instead of keeping more and more records about users, good privacy practices require deleting data that's no longer needed, the ACLU said.

NetChoice, a trade association in Washington, D.C., that counts eBay, Facebook, and Yahoo as members, sent a letter (PDF) warning that H.B. 2288's data collection requirements "could be misused in lawsuits."

And the U.S. Internet Service Provider Association warned in its own letter (PDF) that H.B. 2288 would be incredibly expensive to comply with. "Narrower" national requirements would cost much more than $500 million in just short-term compliance costs, the letter said, and Hawaii's legislation is broader.

On the other side was the city of Honolulu. Christopher Van Marter, the city's senior deputy prosecuting attorney, wrote a letter (PDF) to the committee saying H.B. 2288 was perfectly reasonable: "We recognize that some smaller service providers may not currently retain records of a customer's internet history. However, many of the larger service providers do keep and maintain such content."

Last summer, U.S. Rep. Lamar Smith (R-Texas) persuaded a divided committee in the U.S. House of Representatives to approve his data retention proposal, which doesn't go nearly as far as Hawaii's. (Smith, currently Hollywood's favorite Republican, has become better known as the author of the controversial Stop Online Piracy Act, or SOPA.)

Even though H.B. 2288 was just introduced last Friday, it's already being savaged by members of the Hawaiian Internet community, some of whom showed up at today's hearing.

"This bill represents a radical violation of privacy and opens the door to rampant Fourth Amendment violations," says Daniel Leuck, chief executive of Honolulu-based software design boutique Ikayzo, who submitted testimony opposing the bill. He adds: "Even forcing telephone companies to record everyone's conversations, which is unthinkable, would be less of an intrusion."

For her part, Pine told CNET:
  • H.B. 2288 wasn't primarily based on her own experience of being subjected to a political attack site. "It's really all the victims that have come forward after this," she said. And crimes "relating to child pedophiles and things like that."
  • Hawaiians should not be alarmed by how broad the bill is, because there's time to fix it. "Sometimes things are drafted by our legislative drafting office, and it was brought to us, and we talk about it in committee and agree on changes." The Hawaiian phrase for it, she said, is ho'oponopono.
  • Internet providers and prosecutors have only a short time to reach a deal. "We asked the two sides to get together, and they have a month to discuss it and present to us what they'll be happy with," she said.
The lead sponsor of H.B. 2288 in the House is Democratic Rep. John Mizuno of Oahu; Mizuno also introduced H.B. 2287, a computer crime bill, at the same time last week. Democrat Jill Tokuda, the Hawaii Senate's majority whip, has introduced a companion bill, S.B. 2530.

Pine was targeted by a disgruntled former contractor, Eric Ryan, who launched KymPineIsACrook.com and claims she owes him money, according to an article last summer in the Hawaii Reporter.

The article said Pine would advocate for "tougher cyber laws at the Hawaii State Capitol" as a result, and Tokuda says Pine's "own personal experience in this area" was instructive. (Ryan told CNET that Pine is "the biggest cyber-criminal in Hawaii," and Pine says "I'll be taking him to court very soon.")

H.B. 2288 currently specifies no privacy protections, such as placing restrictions on what Internet providers can do with this information (like selling user profiles to advertisers) or requiring that police obtain a court order before perusing the virtual dossiers of Hawaiian citizens. Also absent are security requirements such as mandating the use of encryption.

After today's public outcry, in an echo of the SOPA and Protect IP experience last week, even some sponsors are backing away from their own legislation. "Rep. Lee is a co-sponsor but not a primary introducer," a spokesman for Democratic Rep. Marilyn Lee said today. "Primary introducers are strong supporters. Co-sponsors may generally agree with the proposal but may not be fully comfortable with the legislation."

Even the Justice Department has only lobbied the U.S. Congress to record Internet Protocol addresses assigned to individuals--users' origin IP address, in other words. It hasn't publicly demanded that companies record the destination IP addresses as well.

In Washington, D.C., the fight over data retention requirements has been simmering since the Justice Department pushed the topic in 2005, a development that was first reported by CNET. Proposals publicly surfaced in the U.S. Congress the following year, and President Bush's attorney general, Alberto Gonzales said it's an issue that "must be addressed." So, eventually, did FBI director Robert Mueller.

See also:
Ea O Ka Aina: CIA mining social networks 1/22/12
Ea O Ka Aina: DOD creates cyber sock puppets 3/17/11
.

No comments :

Post a Comment