Hawaii may keep track of all Web sites visited
by Declan McCullagh January 26, 2012 CNET
Hawaii's legislature is weighing an unprecedented proposal to curb the privacy of Aloha State residents: requiring Internet providers to keep track of every Web site their customers visit.
John Mizuno, a Democratic state legislator in Hawaii, wants to require virtual dossiers to be compiled on state residents: two years' worth of their Internet browsing.
Its House of Representatives has scheduled a hearing this morning on a new bill (PDF) requiring the creation of virtual dossiers on state residents. The measure, H.B. 2288, says "Internet destination history information" and "subscriber's information" such as name and address must be saved for two years.
H.B. 2288, which was introduced Friday, says the dossiers must include a list of Internet Protocol addresses and domain names visited. Democratic Rep. John Mizuno of Oahu is the lead sponsor; Mizuno also introduced H.B. 2287, a computer crime bill, at the same time last week.
Last summer, U.S. Rep. Lamar Smith (R-Texas) managed to persuade a divided committee in the U.S. House of Representatives to approve his data retention proposal, which doesn't go nearly as far as Hawaii's. (Smith, currently Hollywood's favorite Republican, has become better known as the author of the controversial Stop Online Piracy Act, or SOPA.)
It's not exactly clear what prompted Mizonu to introduce this measure, and he and the other sponsors did not immediately respond to a request for comment from CNET.
"I assume it's to make the data available to be subpoenaed when the state is pursuing people suspected of serious crimes, but I haven't heard anything from the representatives themselves," says Daniel Leuck, chief executive of Honolulu-based software design boutique Ikayzo.
Mizuno's proposal currently specifies no privacy protections, such as placing restrictions on what Internet providers can do with this information (like selling user profiles to advertisers) or requiring that police obtain a court order before perusing the virtual dossiers of Hawaiian citizens. Also absent are security requirements such as the use of encryption.
Because the wording is so broad and applies to any company that "provides access to the Internet," Mizuno's legislation could sweep in far more than AT&T, Verizon, and Hawaii's local Internet providers. It could also impose sweeping new requirements on coffee shops, bookstores, and hotels frequented by the over 6 million tourists who visit the islands each year.
"H.B. 2288 raises all of the traditional concerns associated with data retention, and then some," Kate Dean, head of the U.S. Internet Service Provider Association, which counts Verizon and AT&T as members, told CNET. "And this may be the broadest mandate we've seen."
Even the Justice Department has only lobbied the U.S. Congress to record Internet Protocol addresses assigned to individuals--users' origin IP address, in other words. It hasn't publicly demanded that companies record the destination IP addresses as well.
In Washington, D.C., the fight over data retention requirements has been simmering since the Justice Department pushed the topic in 2005, a development that was first reported by CNET. Proposals publicly surfaced in the U.S. Congress the following year, and President Bush's attorney general, Alberto Gonzales said it's an issue that "must be addressed." So, eventually, did FBI director Robert Mueller.
Democrat Jill Tokuda, the Hawaii Senate's majority whip, has introduced a companion bill, S.B. 2530, in the Senate. No hearing has been scheduled on Tokuda's bill.
---30---
HB2288: Cybercrime Bill to be Heard Jan 26
HB2288: Bill Text
SB2530: Bill Text
UPDATE: Lawmakers defer action on Internet monitoring bill
PBN: Hawaii lawmakers have deferred a bill that would have made Internet service providers keep track of every website their customers visit for at least two years.
Naturally, there was a lot of chatter on the Internet and social media sites, including Facebook, about the privacy issues House Bill 2288 would create.
H.B. 2288, which was deferred by the House Committee on Economic Revitalization & Business on Thursday, would require Internet service providers to retain a customer’s name, address and Internet “destination history,” or every Internet protocol address, domain name or host name that a customer visited — for two years.
Background: HB2288: State to Track the Websites You Visit?, HB2288: Cybercrime Bill to be Heard Jan 26
CB: Opponents Slam Hawaii Effort to Track Web Usage
read … Internet Monitoring