Feds Deny Asking ISPs to Watch E-mails

It may sound like a plot device for a futuristic movie, but the federal government may not be far from forcing Internet service providers to keep copies of all e-mail exchanges in the interest of homeland security.

The White House denied a Washington Post report Thursday alleging that the Al Qaeda terrorist network is working on using online and stored data to disrupt the workings of power grids, air traffic towers, dams, and other infrastructure. But a White House official did acknowledge that Al Qaeda has an interest in developing such abilities.

And it's that interest that has technology circles wondering if the federal government is going to follow the European Union's lead in passing legislation that would allow the government to mine data on customers saved by ISPs.

Last month, the European Union passed a resolution that would require all ISPs to store for up to seven years e-mail message headers, Web-surfing histories, chat logs, pager records, phone and fax connections, passwords, and more.

Already, Germany, France, Belgium, and Spain have drafted laws that comply with the directive. Technology experts say the U.S. federal government may try to do the same thing using the vast law enforcement allowances provided under the USA Patriot Act.

"They drafted the Patriot Act to lower all of the thresholds for the invasion of privacy," said Gene Riccoboni, a New York-based Internet lawyer who said he has found loopholes in the anti-terror legislation that could open up the possibility for an EU-style data retention provision.

Under the Patriot Act signed into law in October, law enforcement needs as little as an administrative subpoena to trace names, e-mail addresses, types of Internet access individuals use, and credit card numbers used online.

The White House is set to unveil its National Strategy to Secure Cyberspace, a cooperative effort between Cybersecurity Czar Richard Clarke and the technology industry, on Sept. 19. Technology experts have said that it would be an opportune time for the feds to include a data retention law.

But the White House says it has no plans on the table for any such provisions.

"It was not in any way, shape or form going to be part of the national strategy by any stretch," said White House spokeswoman Tiffany Olsen, who acknowledged that the topic was discussed with industry officials and discarded.

In a letter to the European Union in October, however, the United States Mission, the U.S. envoy to the EU, suggested data retention for European ISPs in a list of ways the EU might help the United States fight the war on terror.

"The U.S. government deeply appreciates the offer of the European Union to work closely with us against the scourge of terrorism, and hopes that this list will provide a good basis for future discussion and cooperation," wrote James J. Foster, deputy chief of the Mission.

Industry folks working with the White House on the cybersecurity plan say they have not heard of any data retention proposals, and wouldn't support them if they had.

"You'd be tying industry's hands behind their backs," said Shannon Kellogg, director of information security programs and policy for the Internet Technology Association of America.

Shannon said the technology to store all of that information would be not only costly, but a technological disaster. "It's ludicrous," he said.

"Aside from some of the Fourth Amendment problems that the compelled data retention issue raises, it will have negative financial repercussions for already cash-strapped ISPs because of the hefty storage issues," said Riccoboni.

Kellogg and other industry leaders say they are perfectly willing to share information to help the government and the private sector prevent cyber attacks against critical infrastructure like banks, hospitals, power grids, and defense secrets, which is said to be the crux of the national strategy due out in September.

Supporters of such cooperative efforts say the technology industry must do whatever it can to help the government fight terror.

"It is critical that this information is shared," said former Rep. Dave McCurdy, who served as chairman of the House Intelligence Committee until 1995, and is now the executive director of the Internet Security Alliance.

"The threats are real," he added, pointing to reports Thursday that the Al Qaeda terrorist network might be targeting U.S. infrastructures for a Y2K-like attack.