House Committee passes bill requiring your ISP to spy on every click and keystroke you make online and retain for 12 months

Yesterday, the House Judiciary Committee voted 19-10 for H.R. 1981, a data-retention bill that will require your ISP to spy on everything you do online and save records of it for 12 months. California Rep Zoe Lofgren, one of the Democrats who opposed the bill, called it a "data bank of every digital act by every American" that would "let us find out where every single American visited Web sites." Here's commentary from the Electronic Frontier Foundation, who've got a form for contacting your rep to ask her or him to kill this:

The data retention mandate in this bill would treat every Internet user like a criminal and threaten the online privacy and free speech rights of every American, as lawmakers on both sides of the aisle have recognized. Requiring Internet companies to redesign and reconfigure their systems to facilitate government surveillance of Americans' expressive activities is simply un-American. Such a scheme would be as objectionable to our Founders as the requiring of licenses for printing presses or the banning of anonymous pamphlets. Today's vote is therefore very disappointing, but we are especially thankful to GOP Representatives Sensenbrenner, Issa and Chaffetz, who chose principle over party-line in opposing this dangerous tech mandate. We hope that bipartisan opposition will grow as the bill makes its way to the House floor and more lawmakers are educated about this anti-privacy, anti-free speech, anti-innovation proposal.

House Committee Approves Bill Mandating That Internet Companies Spy on Their Users

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE: law • politics • privacy • surveillance • web theory

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

Anne Trotter

They named the bill wrong. It’s supposed to be named HR-1984.
- RHK
  
  You gotta love the name of this bill:
  Protecting Children From Internet Pornographers Act of 2011
  Ranks right up there with The Patriot Act.
  - howaboutthisdangit
    
    The politicos have really tarnished the words “protecting children”. People who really do protect children are going to need a new, taint-free job description.
  - Cowicide
    
    The government should just start call all bills “Protecting Children From Evil Act” with sequential numbers after it no matter what it’s about. Who could possibly be against children?
    
    I’m actually surprised they’re not calling it “Protecting American’s Privacy and Rights Act” to go full-on newspeak.
http://profiles.yahoo.com/u/TGZ75URQ6DKTCNXV3RV36ZKALQ Matthew

UNBELIEVABLE! They can’t pass a bill that will keep the country from falling into a great depression. However, they can pass a bill requiring ISP’s to spy on all of us? I don’t think they were listening when they read the constitution the first day of the new congress.
- DrDean
  
  Agreed and I think it is coming high time that our elected politicians and appointed bureaucrats are reminded in no uncertain terms of our rights as a free people. I sense a growing and powerful sense of unrest among the normally silent majority.
  
  Thomas Jefferson had some choice words that are as powerfully appropriate today as in his time:
  
  “I would rather be exposed to the inconveniences attending too much liberty than to those attending too small a degree of it.
  
  The policy of the American government is to leave their citizens free, neither restraining nor aiding them in their pursuits.
  
  When the people fear their government, there is tyranny; when the government fears the people, there is liberty.
  
  I am not a friend to a very energetic government. It is always oppressive.”
- http://www.briandeyo.blogspot.com Brian Deyo
  
  Read the stinking bill
Roy Benevidez

It was only referred out of Committee.

Bill: Yeah, I’m one of the lucky ones. Most bills never even
get this far. I hope they decide to report on me favorably, otherwise
I may die.

http://www.youtube.com/watch?v=0dVo3nbLYC0
barrie

The Internet is not something that you just dump something on. It’s not a big truck. It’s a series of tubes.
And if you don’t understand, those tubes can be filled and if they are
filled, when you put your message in, it gets in line and it’s going to
be delayed by anyone that puts into that tube enormous amounts of
material. Ted Steven R-Alaska 2006

Won’t the tubes get really gooey and inefficient if we do this?
satn

Time in add a maximum age to political office, and a minimum IQ requirement.
- bill sargeant
  
  I bet you don’t think islands can tip over, either. : )
- http://twitter.com/cshotton Chuck Shotton
  
  Sadly, IQ != Common Sense
- http://www.facebook.com/manic.vice Manic Vice
  
  That wouldn’t work. Each and every politician taking the IQ test would fail.
http://johnmurphy.wordpress.com/ JMurphy

Hmm. The write-up doesn’t entirely square with my reading of the bill. As far as I can tell, the relevant section of HR 1981 is,

”(a) In General- Section 2703 of title 18, United States Code, is amended by adding at the end the following:`

(h) Retention of Certain Records- A provider of an electronic communication service or remote computing service shall retain for a period of at least 18 months the temporarily assigned network addresses the service assigns to each account, unless that address is transmitted by radio communication (as defined in section 3 of the Communications Act of 1934).’.

(b) Sense of Congress- It is the sense of Congress that records retained pursuant to section 2703(h) of title 18, United States Code, should be stored securely to protect customer privacy and prevent against breaches of the records.”

which to me sounds like they’re just requiring ISPs to keep DHCP records, not a list of web sites accessed, and not remotely like keystrokes. I’m not used to reading this sort of thing, though, so maybe I missed something??

That’s not to say that I’m happy about this (as the EFF says, it’s basically treating everyone like a potential criminal), but it’s not quite as draconian as the writeup suggests.

(Edited to try to fix my terrible formatting

Updated also to note that the bill as it appears at LOC.gov is apparently out of date, as per later discussion)
- DewiMorgan
  
  Yeah – I’d assumed they already did this, to be honest.
  
  However, this *is* one more step towards UK-style logging, and we do need to roll out universal “HTTPS by default” in webservers.
  
  A webserver which does not provide a version of each site over HTTPS by default is a broken webserver. Unfortunately, all webservers are currently broken, even Apache.
  - nemomen
    
    Apache is not broken (in that respect). Returning https content when an http request was made would not only be broken, but would cause major breakage and would cause massive headaches on the client and server sides. Besides breaking tons of legacy software, not all sites can afford to run on https with the higher CPU load, higher administration costs, and higher cert. costs. If you’d like to see more https adoption (which we’d all like), then advocate for that, but don’t claim software correctly adhering to standards is broken.
- Alexander Rasmus
  
  I think this bill text is actually out of date. The section you quoted matches the text here: http://thomas.loc.gov/cgi-bin/bdquery/z?d112:H.R.1981:
  
  BUT the “Last Major Action” field reads…
  
  “Latest Major Action: 7/12/2011 House committee/subcommittee actions. Status: Subcommittee Hearings Held. ”
  
  Thus the text you quoted has likely been edited since, as corroborated by CNET: http://news.cnet.com/8301-31921_3-20084939-281/house-panel-approves-broadened-isp-snooping-bill/
  
  “A last-minute rewrite of the bill expands the information that commercial Internet providers are required to store to include customers’ names, addresses, phone numbers, credit card numbers, bank account numbers, and temporarily-assigned IP addresses, some committee members suggested. By a 7-16 vote, the panel rejected an amendment that would have clarified that only IP addresses must be stored.”
  
  So the EFF is still exaggerating but things are definitely worse than the currently available (i.e. old) bill text seems to indicate.
  (edited to fix formatting issues)
  - http://johnmurphy.wordpress.com/ JMurphy
    
    Ah, I see. Yes, the bill lists no amendments on loc.gov, but from the sound of things it’s just out of date. I’ll keep an eye on that page. Thanks!
- RHK
  
  I agree. I’m no lawyer, but my reading of United States Code:Title 18,2703,(c)(2)(E) seems to suggest that the damage is already done and this is specifying a retention period for something that is already required.
  http://www.law.cornell.edu/uscode/18/usc_sec_18_00002703—-000-.html
  
  Update: Missed the thread about the last minute rewrite. Nevermind.
- http://twitter.com/TheDXY David X. Young
  
  Another one of those pesky people who actually READ and examine the matter at hand. Rather than just consume and regurgitate the opinions of others. JMurphy! Stop making sense!
  - Cowicide
    
    David, I’ve actually READ the bill. But I’m not sure you, nor pesky JMurphy quite understand the ramifications of the Bill, nor what the power of a timestamped IP address can do in the wrong hands of the government in conjunction with other data.
    
    You also might note that JMurphy admits, ”it’s basically treating everyone like a potential criminal”
    
    It is draconian. It’s intruding on our rights as citizens. And, it’s enabling spying on Americans who are already being surveilled at such a despicable level that it would inspire the American revolutionaries take up arms if they were alive today.
    
    Enough is enough, my friend. Don’t tread on me.
    - http://johnmurphy.wordpress.com/ JMurphy
      
      I beg to differ — I work in network security, and have a fairly good idea of what one can do with a timestamped IP address. Namely, if you have traffic logs, seized or sniffed, you can identify who exactly was at each end of the traffic. For static IP addresses, they can already do this, but dynamically assigned addresses expire and while the authorities will generally have a very good idea of who was at that end, they won’t be able to prove it unless the captured traffic itself contains identifying information. Requiring ISPs to take on the cost of keeping logs on who an IP address belongs to (plus, apparently the added effort of linking them to extensive customer records) seems to be saying that the government thinks that enough users are potential criminals that this is reasonable.
      
      However, what I objected to was the write-up at the top of the article and in the URL. Even the descriptions I’ve seen on EFF say nothing about “every click and keystroke you make online” and I do not see where the author of this post could have gotten that from any of the sources linked. You’re painting me as somehow being an apologist for the government, but all I want is some truthful reporting. How does an unwillingness to uncritically swallow untruths equate to supporting policy that’s bad enough without embellishment?
      - Cowicide
        
        I work in network security, and have a fairly good idea of what one can do with a timestamped IP address. Namely, if you have traffic logs, seized or sniffed, you can identify who exactly was at each end of the traffic. For static IP addresses, they can already do this, but dynamically assigned addresses expire and while the authorities will generally have a very good idea of who was at that end, they won’t be able to prove it unless the captured traffic itself contains identifying information.
        
        This is well known information to even novices in IT, but none of this bolsters your point one bit that this bill isn’t draconian, does it?
        
        However, what I objected to was the write-up at the top of the article and in the URL. Even the descriptions I’ve seen on EFF say nothing about “every click and keystroke you make online” and I do not see where the author of this post could have gotten that from any of the sources linked.
        
        Cory got that from the fact that this is exactly the intent. You may understand network security, but you’ve got a bit to learn about policy in government and the far reaching ramifications of bills such as these.
        
        If you think the intent of this bill is to collect IP addresses for a number-collage art project, then I’ve got some dirty packets to sell you.
        
        You’re painting me as somehow being an apologist for the government, but all I want is some truthful reporting. How does an unwillingness to uncritically swallow untruths equate to supporting policy that’s bad enough without embellishment?
        
        I never said, nor implied you’re an apologist for the government. What I said and what I still say is that you don’t understand the true ramifications of this bill. The intent of this bill.
        
        You would agree that Cory is truthful if you understood IT policy like he and the EFF does. It’s not just simply an IT network security issue here.
        
        And all that said, I believe we are basically on the same side here, we just disagree on the severity, intent and direct implications of this bill against our rights as citizens. This bill is an enabler of everything Cory describes in the headline.
- DrDean
  
  Two things: Of what use is a record of DHCP assigned addresses (and fixed IP addresses as well will be recorded) if not to match them against a list of IP addresses obtained from some other record keeping process on destination websites?
  
  There are already processes in place that law enforcement can use to tap electronic data communications by obtaining a warrant – and that is how it should be. Why weaken that protection of our rights?
  
  Further, most DHCP assigned addresses from ISPs are physically mapped to a router and in some cases some other termination device like a cable modem – not to an end-user’s PC. All one has to do to create reasonable doubt is to use a wireless router and turn off security so theoretically anyone who may be in signal range could have used the router to surf the Internet.
  
  And further, as a former GM of a mid-size ISP, this bill will make ISPs a high-value target for the real savage hackers interested in personal information and data. And just because Congress says the data “should be stored securely to protect customer privacy and prevent against breaches of the records”, does not make the data hacker-proof or disgruntled/bribed-employee-proof. Only an idiot would believe otherwise.
  
  The law would put significant liabilities on ISPs for both torts and civil actions, so their costs and exposure will increase and will – of course – be passed on to their paying customers. So we get doubly screwed.
  - Cowicide
    
    Wow, can’t believe I missed your great post. Glad I reread through the thread!
http://www.facebook.com/people/Steve-Ortiz/100000447181337 Steve Ortiz

i have never been more disappointed in my government or country
- mfrazier24
  
  Only the previous decade had me more disappointed.
http://pulse.yahoo.com/_YDTN7MUIUZNGTVOYR7ZJSXZAN4 kid_a_ok_com…

Sent mine. My guy is Louie Gohmert (Nacogdoches, Texas). That means we’re probably f*cked.
- WhyBother
  
  Mine’s Lamar Smith, the sponsor. Great. I wish I could say I am surprised. I’ll call, as I think that has a little more impact than just an email. Still, every time I reach out to my representative or senators, I end up on newsletter email list, usually explaining how every opinion I have is part of an evil, liberal conspiracy. Thankfully, they continue to work hard to fight against all of my interests. For me!
signsofrain

Boing Boing, you guys have a bit of a problem with fear-mongering post titles. Monitoring “your every click and keystroke” is grossly inaccurate. Even if your ISP saved every bit of your internet communication, they would certainly not have access to everything you clicked on or typed on your computer. Slightly misleading. Not saying I support ISPs being turned into spies for the government, but still, come on.
- GawainLavers
  
  …every click and keystroke you make online…
  
  Unless this is a very new edit.
- http://www.qaqn.com/ Daniel M. Clark
  
  Here’s the title, read it again, carefully:”House Committee passes bill requiring your ISP to spy on every click and keystroke you make online and retain for 12 months
  
  see the part where it says “click and keystroke you make online”? That’s the relevant part. ISPs can certainly store every click and every bit of text you enter into a site. As soon as you hit Enter, they’ve got it. This is potentially every bit as bad as the headline suggests.
  - Norwood
    
    You think someone is going to “read and examine every single keystroke and mouseclick” made on the internet over a 12 month period?
    
    Or – more realistically, do you think they want the tools in place to take down idiots like LulSec, Anonymous?
    
    If you need to think they’re going to watch you type in your twitter password, read your blog entries about your cat, or listen in on your Skype call with your Aunt on her birthday and then write her number down (all of this in real time now, according to the tinfoil hat crowd) you’re mistaken and, again, don’t understand the basics of DHCP, Ethernet traffic and how information moves across the internet.
    
    But if you need to be scared into some kind of obedience or outrage so you vote one way or the other because of the politics of fear used in this article…go right ahead. You’ll deserve what you get and we’re already getting what we deserve because of the American Idol society we live in.
    - http://www.qaqn.com/ Daniel M. Clark
      
      Oh, fck y and your “anything in the name of security” stance. There are ways to combat the hacker groups without resorting to spying on the rest of us. That’s the bottom line. I’ll bet you support taking off shoes and putting us through the nude scanners at the airports, too. It’s all security theater, this included. The difference here is that while I don’t *have* to fly, I do have to use the internet. The government doesn’t need to be tracking us.
      
      One goddamn terrorist attack in 50 years and the whole nation goes fucking haywire. It’s retarded.
      
      You’re so pro-security, how about if the government decides to put cameras in your house? You know, just in case a terrorist comes over, they want to be able to track his movements.
      - Antinous / Moderator
        
        Language.
    - Cowicide
      
      You think someone is going to “read and examine every single keystroke and mouseclick” made on the internet over a 12 month period?
      
      You don’t know how filtering works, do you? Nor, do you seem to understand things like government subpoenas.
      
      politics of fear used in this article
      
      Frankly, you seem to be the person most afraid of facts around here.
Norwood

Seriously…politics of fear at it again…and not surprised which side of the aisle it’s coming from.

Every website logs your traffic, even your browsers do.

I seriously hope those of you that are “horrified” and “disgusted” with their government “like never before” do a bit of research on how Ethernet traffic works.

Also, you always talk about wanting to be more like Europe and Canada, here ya go – giving up your freedoms for government protection and government programs and government intervention.

Instead of falling for fear tactic headlines, look beyond yourself and see how things actually work, see what effect these types of things will have & on what, then put your tinfoil hats back on.

Also, I was wondering how many posts it would take for someone to “Blame Bush” my guess was 3 and I was spot on.
- bill sargeant
  
  “Instead of falling for fear tactic headlines, look beyond yourself and see how things actually work, see what effect these types of things will have & on what.”
  
  I wish you had expanded on this part. The rest is just kinda mean.
- Cowicide
  
  Every website logs your traffic, even your browsers do. I seriously hope those of you that are “horrified” and “disgusted” with their government “like never before” do a bit of research on how Ethernet traffic works.
  
  Every website certainly does not log your traffic and the ones that do use it to track general statistics, not typically track individuals. I keep logs for hundreds of websites, and I’ve never been forced to keep those logs by anyone, much less the government.
  
  Your red herrings are showing.
  
  Also, you always talk about wanting to be more like Europe and Canada, here ya go – giving up your freedoms for government protection and government programs and government intervention.
  
  Who are you talking to? You’re acting like a babe in the woods swatting at imaginary librul demons. Step away from the rightwing radio, dude. Not everyone you disagree with is the caricature your media feeds to you.
  
  Your false dilemmas are showing.
  
  Instead of falling for fear tactic headlines, look beyond yourself and see how things actually work, see what effect these types of things will have & on what, then put your tinfoil hats back on.
  
  Do you know where you are? Cory Doctorow published this post. He’s been studying these issues along with other experts for many years. The EFF has been in the trenches for 20 years.
  
  So tell them all, how does this all actually work? Or, you can continue to blow steamy hot air all over the place, it’s up to you.
  
  How are we all so very, very wrong and what makes you correct? Specifics.
  
  Also, I was wondering how many posts it would take for someone to “Blame Bush” my guess was 3 and I was spot on.
  
  Post 3 is a video from Schoolhouse rock via the 1970′s. I guess that was around 20-30 years before Bush was president. Maybe you meant post 4? That’s mocking Ted Stevens, has nothing to do with Bush. As a matter of fact, the word Bush only comes up in this thread in your post.
  
  Step away from the rightwing radio. Think for yourself. Gather information from varied sources beyond the ones they tell you to pick up. Free yourself from the matrix.
  - t3kna2007
    
    >>Also, you always talk about wanting to be more like Europe
    >>and Canada,
    here ya go – giving up your freedoms for
    >>government protection and
    government programs and government intervention.
    
    > Your false dilemmas are showing.
    
    What Cowicide said – a false dilemma. Sane government policy in one area (say, social programs) does not automatically mandate insane overreach in another.
- willyboy
  
  Not with ghostery…..Oh, wait, I just commented. ;(
- http://www.qaqn.com/ Daniel M. Clark
  
  Websites know how I interact with them, they know what page I came from and which page I exited to, and *that’s it*. ISPs have the complete picture. I think *you* are the one who doesn’t quite understand what’s going on here – the government would like to make it so that the ISPs record your every move for a rolling period of time so that *the government* can have a look at the logs. It’s none of the government’s goddamn business what I do online.
  - Norwood
    
    Wrong. Just opening a Blogger account and turning on “Stats” will tell me everything about a UV. Country, State, words used to enter, how long I stayed on the site, what I clicked on…and much more.
    
    It ain’t just entry and exit points. Maybe to myspace admin type that can’t read an Apache log to save their life, but to a entry level college graduate working at a helpdesk up to a 4 decade tenured sysadmin….this story is nothing but more of the same, “We’re watching you on the internet…SO WATCH IT!!”.
    
    Scary, I know. But just educate yourself and you won’t be scared.
    - http://www.qaqn.com/ Daniel M. Clark
      
      A site knows about you in the time you are on the site. They don’t know where you were last Tuesday. Your ISP does.
      
      Drop the sanctimonious attitude. You come off like a prick.
      
      You know what, forget it. I just remembered, this is the internet and people like you never think outside the little box that your media put you in.
ComradeQuestions

I have no real problem with someone recording anything and everything you send, because it’s safer to assume that someone’s doing it already. (And also partly because it’s my job.) Mandating that it be done, though, seems pretty pointless.

This problem will persist in some form until IPSec is implemented universally, for all client-to-server communications of any kind. No longer will we have to worry about governments spying or ISP’s using DPI… they won’t even be able to tell if it’s a TCP or UDP packet!
anharmyenone

With all the security delays they have in processing paper/snail mail due to their fear of powders etc, the most effective way to register opposition to H.R. 1981 is the official email site for all members of US House of Representatives at https://writerep.house.gov/writerep/welcome.shtml
http://www.facebook.com/people/Rosca-Santigria/100000585974447 Rosca Santigria

Guess what everyone?

The government has logged everything ya’ll just said.
- http://johnmurphy.wordpress.com/ JMurphy
  
  So has Google, Microsoft, Yahoo, and Mr. Doctorow.
http://twitter.com/tkaraszewski Tyler Karaszewski

1) Why does coverage of bills like these never, ever define who counts as an “ISP”? Who’d actually need to retain whatever information is specified?2) The following is not even technically possible:”A last-minute rewrite of the bill expands the information that commercial Internet providers are required to store to include customers’ names, addresses, phone numbers, credit card numbers, bank account numbers, and temporarily-assigned IP addresses, some committee members suggested.”

My cable company has either a bank account number or a credit card number of mine, but not both, and definitely not more than one of either. They might have my phone number and might not.
Mike Newell

this shit gets more and more orwellian every day…
MDwebguy

Wow, those House Repugnicans are in a bad mood this week!
Jupiter12

How about a trial run of this initiative first? Any politician who votes for this bill should have their own internet activity tracked and made public for two years. If they’re pleased with how that turns out, then we can discuss this bill again.
- Cowicide
  
  Fantastic idea Jupiter12! :D
  
  The funny thing is, they’d just figure out loopholes, those weasels. There’s a gov jerk in Colorado that was supposed to have his phone records public, so he bought his own private phone and did all his underhanded dealings that way. It went to court and he won from the slimey court. Ugh… I feel like I need another shower today after just talking about those scummy weasels.
  
  Details:
  http://www.denverpost.com/news/ci_18319482
  
  Former Gov. Bill Ritter
Bruce Rheinstein

Wouldn’t a VPN connection or even a SOCKS 5 connection to a foreign proxy pretty much thwart all but the most determined investigation?
- http://www.4chan.org Jon
  
  Of course it would. We have the same draconian laws in most of Europe, and it’s not working for serious crime. I bet the content industry is happy though. And guess who’s paying for the madness? The ISPs’ customers – of course.
http://www.facebook.com/people/Roger-Nattkemper/1157035880 Roger Nattkemper

Incredible. Obviously you can wedge in anything you want under the guise of protecting the children.

I hereby would like to sponsor a bill, that y’all should give me money, because you might spend it on child porn. I swear, once this bill passes, not one cent of it will go to buy anything to do with children.
- t3kna2007
  
  > Incredible. Obviously you can wedge in anything you want under
  > the guise of protecting the children.
  
  Yep. This would be a good time for someone to resurrect the quote from the MAFIAA bigwig about how they love child porn because they can use it to enact whatever monitoring legislation they want, then use the same technology to enforce their intellectual property agenda once the equipment’s in place.
George B

Speaking as a network engineer retaining the DHCP logs for 18 months is NOT a big deal. This is being blown out of proportion. In fact, I am glad to see this. The problem with nefarious “hackers” on the net is that they can obtain a temporary IP address, perform some act of vandalism, and then disappear. There is no way to trace the external IP to the internal IP and then back to the account. This will provide a means to do that. It does NOT track individual traffic patterns, only which account had which IP addresses at which time. Actually, most ISPs retain that information anyway. This simply makes it a requirement.
awjt

It needs to be the other way round… all clicks that the LAWMAKERS, POLICE and JUDGES make need to be recorded and publicly visible.
backsidepride

I , too , feel this is politic scares again. I do feel however that the parents are totally responsible for their childrens time on the internet. I constantly check my childs sites they have been on, and monitor very closely. Internet under 16 requires me to know all passwords for all sites.. or NO computer.This is not for control, or being nosey, but monitoring young immature persons. It is not up to the government to record data for every adult . But , if they do, they better NOT make the politicians or government exempt from this bill !!
Tarliman

This bill would compromise the security of every online financial transaction performed. As a system administrator, I oppose this bill on professional grounds. As a citizen of the United States of America, I oppose this bill on the rounds that it inflicts an unConstitutional level of unwarranted search and seizure, in clear violation of the Fourth Amendment.
teapartydoc

Looks like 1984 is just a little late on arrival.
http://www.facebook.com/profile.php?id=701824657 John Scarbrough

Well we can alway create an app the provides say 10 to the 6th GB of keystrokes per second from every machine and device in your house so the thought police have plenty to see. Of course there’s not that much storage in the world and there will be no room in the pipe for anything else anyway. It would be better to log congressional keystrokes since that number is propably on the order of a hundred per year on the google
Andrew Singleton

What the Turnip is goin on here?!

I see the plan here is to force ISP’s to jack prices up to enact these nonsensical and frankly illegal changes enough that people stop using the internet, but the infrastructure stays in place for businesses, banking, and hey what while you’re at it might’s well bring back net cafes. Not only could you then sniff the net tracks of customers but you could have spooky white vans across the street taking pictures.

What to do when your government gets too full of itself?
http://www.facebook.com/profile.php?id=607675355 Brent Kirkham

Hi to everyone in Oceania, from us folks at Airstrip One. Now you have what we have. Remember, “it’s to protect the children”, so stop that sneering.
Andrew Singleton

There are constitutional provisions for when the sitting government goes against public trust, but how do you get enough people here to sit up and log out of farmville long enough to do anything?
http://www.jimdraws.com Thorzdad

This is coming out of the House? The same House controlled by Government-Is-The-Enemy Tea Baggers?
http://pulse.yahoo.com/_76KVXMP5JZPIFXSNPT3BGVMT3I JohnW

I’ll guarantee anybody here that it’s not the Tea Party caucus who voted for this thing. It’s the antithesis of the Tea Party movement.
- Antinous / Moderator
  
  Does your guarantee come with a payout if you’re proven wrong?
http://pulse.yahoo.com/_76KVXMP5JZPIFXSNPT3BGVMT3I JohnW

It’s not HR-1984, either. Or anything within 10 bills of 1984 (unless they’re talking about the “Protecting Children From Internet Pornographers Act of 2011″).
Anthony_A

Wow – the headline on this post is so far removed from the reality of the story that even Declan McCullagh wouldn’t have gone that far.
Dean Wallace

ssh tunnels ftw, again.
- Norwood
  
  huh??
  
  How do you SSH onto a website?
  
  See what I mean people?
  - Cowicide
    
    Hahaha… ok… now you’re just trolling. No more troll food for you.
nosehat

I usually look forward to Cory’s posts, and especially his posts of EFF issues. Unfortunately, I’m very disappointed with this one.

This is from the EFF’s own discussion of the issue:

How It Works

Most ISPs and telcos give subscribers an IP address that changes
periodically. Mandatory data retention proposals force ISPs and telecom
providers to keep records of their IP address allocations for certain
period of time. This allows law enforcement to ask ISPs and telecom
providers to identify individual on the basis of who had a given IP
address at a particular date and time.

This is from https://www.eff.org/issues/mandatory-data-retention

This is not requiring the ISPs to record any of the traffic at all, let alone “every click and keystroke you make”. This is only asking them to remember who had which IP address for a 12 month period.

Yes, this an erosion of online privacy and anonymity. It’s worthwhile to voice concern over this.

However, grossly misstating the issue only makes Boing Boing seems less credible. When people feel like they’ve been “had” by this kind of hyperbole, it can reflect badly on the EFF, and the excellent and necessary work that they do.

In the long run, accuracy and levelheadedness will be a better tool to accomplish your goals.
- Cowicide
  
  I think you’re forgetting about the intent of this bill:
  
  http://boingboing.net/2011/07/29/house-of-reps-passes-bill-requiring-your-isp-to-spy-on-every-click-and-keystroke-you-make-online-and-retain-for-12-months.html#comment-268987120
http://www.facebook.com/DemiDeciDan Daniel Sobol

Now this is a job to fall asleep to.

Or

“Just how much porn do you want us to watch???”
digi_owl

Sounds like the US version of the EU data retention directive, tho super-sized in typical US style…
http://www.facebook.com/skipdesmond David Desmond

First they came for the ISP’s and I did nothing….
http://www.facebook.com/jon.finstad Jon Finstad

I am so going to wait for this to come into effect and then I’m gonna watch when some hacker gets the database and all those poiticians scramble to make new laws to force Microsoft or Apple to put in backdoors to all of our computers so law enforcement can monitor all of us real time with software like carnivore or whatnot. Of course, possessing a computer with Linux will be a jailable offense punishable by life in prison with no parole.

What’s funny is that this is what 90% of the population of the USA wants. They want more security to protect them from terrorist threats. What they do not realize that the more that poiticians are allowed to strip away our rights, the more those people who wish to strike fear in the hearts of their enemies win that fight.

We are sure afraid, aren’t we? TSA, Patriot Act, the war on terror, the war on drugs.. We let the government do this to us. We asked them to do it to us.

I’m going to paraphrase Benjamin Franklin, one of the founders of our country. He said something like “Those who give up their essential liberties for security are deserving of neither.” And no other appropriate statement has been uttered in history.

So, essentially.. We took away our own liberties and we deserve what we get.

Now, some of you might say “Oh, well. I don’t do anything wrong, so I have nothing to worry about!” Well, in these days someone could steal your wifi connection and then do lots of bad stuff on your IP address. With advanced enough tools, someone can break into that computer you always leave on and take it over. Then they can do these bad things on your wifi connection you left unsecured and that computer you always leave on. Then when the cops come calling, you’re essentially screwed.

Try explaining that to some prosecutor or judge. “Oh, your honor! It wasn’t me! It was someone who hacked my wifi and my computer!”

Where’s your sense of righteousness now?

Just remember you did this to yourselves.
- NorthernPaladin
  
  Did what to ourselves, exactly? What they’re doing is no different than what they can and long have been able to do with phone records. You make calls, the call details are noted, the police can look at them with a warrant, the end. There’s no recording of the call. No indication of what was said. Just the source and destination and time.
  
  This bill simply makes ISPs keep the same sort of records phone companies always have.
  
  Cory obviously didn’t read the bill and is simply editorializing and exaggerating someone else’s editorialized and exaggerated misreading of the bill.
  
  Stay classy, BB.
  - Cowicide
    
    What they’re doing is no different than what they can and long have been able to do with phone records. You make calls, the call details are noted, the police can look at them with a warrant, the end. There’s no recording of the call. No indication of what was said. Just the source and destination and time. This bill simply makes ISPs keep the same sort of records phone companies always have.
    
    Um, you don’t know what you’re talking about. Most phone calls are radically different. Unless phone calls are tapped, they leave little or no trace of the content of the call. Of course, there’s illegal wiretapping going on in that regard and the government was busted for that during the Bush regime; but I digress.
    
    When most citizens make phone calls it leaves very little residual data compared to surfing the web. Actually, the difference is so vast that a comparison is laughable.
    
    Behavioral targeting. Look into it.
    
    Cory obviously didn’t read the bill and is simply editorializing and exaggerating someone else’s editorialized and exaggerated misreading of the bill.
    
    It’s obvious you don’t understand the implications of the bill and you’re doing nothing but spouting hot air and exposing your ignorance on the issue.
    
    Stay classy, BB.
    
    Speak for yourself. Attacking Boing Boing when it’s actually you that sorely needs proper education on the subject isn’t exactly the highest standards of personal behavior.
    - NorthernPaladin
      
      This is the actual line of interest from the bill:
      “Retention of Certain Records- A provider of an electronic communication service or remote computing service shall retain for a period of at least 18 months the temporarily assigned network addresses the service assigns to each account”
      
      They are going to retain data about who got assigned which IP address at any given time. That’s it. No record of where you went. No record of what you clicked on.
      
      The real point of the bill is to create some accountability. Someone logs on, uploads some graphic photos of child abuse, then log off. By the time the FBI gets a warrant to look up who was using that IP, it has already changed and there is no record of who was using it at that time. This bill changes that, forcing ISPs to retain that one bit of information.
      
      You and Cory seem to think the bill does much more than this. Cite your claims. Lets see your sources. Back up your arguments.
      
      Irresponsible bloggers and the suckers who believe them without researching anything. Look into it.
      - Cowicide
        
        Someone logs on, uploads some graphic photos of child abuse, then log off … The real point of the bill is to create some accountability
        
        So your solution is to treat everyone as a child abuser? How about we wire up a sensor to your genitals? I know genitals have been used in child abuse cases and I have absolutely no reason to assume you aren’t a child abuser until you prove yourself innocent. Let’s make your genitals accountable. You ready to pull down your pants?
        
        You and Cory seem to think the bill does much more than this. Cite your claims. Lets see your sources. Back up your arguments. Irresponsible bloggers and the suckers who believe them without researching anything. Look into it.
        
        You make ignorant assumptions and try to make us believe child pornographers are “unaccountable” because we currently don’t force ISPs to track everyone’s IP address for 18 months? Where’s YOUR backup, buddy?
        
        Here, I’ll just casually destroy your argument with ONE LINK:
        
        http://www.google.com/search?num=100&q=fbi+child+pornograher+arrested&oq=fbi+child+pornograher+arrested
        
        Now I’ll let the ACLU destroy what’s left of you:
        
        http://www.aclu.org/files/assets/aclu_opposition_to_hr1981_markup_letter.pdf
        
        Educate yourself.
- Cowicide
  
  What’s funny is that this is what 90% of the population of the USA wants.
  
  You should probably step away from your computer and talk to real people. Many actual humans I talk to think security theatre is out of control. Alienating people that agree with you isn’t going to accomplish much. The media does a great job of dividing all of us and tries to make us think we’re all a bunch of stupid, scared baboons… divide and conquer.
  
  Don’t believe the hype. In the real world, a large amount of Americans from all walks of life think our government is full of shit and want LESS government intrusions in our lives.
  
  The fear thing is still working on many of the dumbest of the dumbest citizens, but a large amount are waking up and smelling the corruption. We’ve got a long way to go and many people still need to be pulled out of the matrix, but alienating those that are already onboard doesn’t help the situation.
  
  The citizens that say they want this are probably thinking this will protect children. It’s our jobs to expose this for what it really is. An enabler for draconian monitoring of the citizenry by the very same people who’ve proven themselves to be untrustworthy in putting our best interests at heart in the first place.
http://pulse.yahoo.com/_QHS2JUGZGALAPD2FDGC6K27LZU Mister

this just means there is going to be a longer line of weirdos at the public library
Gulliver

*looks around at fellow frogs* “Is it just me, or is this plate getting kind of hot?”

“It’s just you. The plates the same temperature it’s always been. Quit aiding the terrorists, commie.”
NorthernPaladin

How do you get from maintaining a record of IP addresses to “wire up a sensor to your genitals”? Your arguments are based entirely on emotional outbursts and have no factual basis. They aren’t even within the realm of normal, sane, rational thought. Please seek medical treatment before it’s too late.

Yes in some cases they can track IP addresses. I’ve had mine for well over a month. If I disconnect my cable modem overnight, though, I will get a new one. Congress rightfully would like some accountability in being able to say who did some illegal action online. You are already protected from unwarranted search and seizure. You were never guaranteed anonymity. I doubt, for example, that you would be a crazy jerk in real life, face to face. Or if you were, I could at least recognize you by your tinfoil hat.
- Cowicide
  
  You still here? Oh, despite the facts I guess you’re still on that trip that pedophiles have no accountability until we are all surveilled equally. Equal rights!
  
  How do you get from maintaining a record of IP addresses to “wire up a sensor to your genitals”?
  
  You missed the point and/or you’re being purposefully obtuse. Either way, you’re becoming a bore.
  
  Yes in some cases they can track IP addresses. I’ve had mine for well over a month. If I disconnect my cable modem overnight, though, I will get a new one. Congress rightfully would like some accountability in being able to say who did some illegal action online.
  
  You should read my thing about your genitals again. And, really think it through this time and take it even more literally than you did before… dat’ll halp (give me another chuckle).
  
  You are already protected from unwarranted search and seizure.
  
  You should really read that ACLU pdf link I gave you. Closely this time and take it literally.
  
  You were never guaranteed anonymity.
  
  Pick one:
  http://www.don-lindsay-archive.org/skeptic/arguments.html
  
  I doubt, for example, that you would be a crazy jerk in real life, face to face.
  
  Look everybody, an internet tough guy. I hate to break it to you, but this is real life.
  - NorthernPaladin
    
    “Becoming a bore”. This is familiar code-speak for “I am unable to debate you”. You could just admit you were wrong, and you finally read the bill and realized it did exactly what I said it did: records a listing of customer-to-IP connections, which is about as threatening as a cop on the street corner. (Significantly less, really.)
    
    You seem like someone who lets other people do your thinking for you. You’re good at links but bad at simply picking relevant information from the links to present a logical argument of your own. Yes, I am still here because you have said nothing that is remotely sensible, nor have you been capable of presenting an argument in your own words.
    
    Can you?
    
    I’ll wait.
Antinous / Moderator

Compose yourselves, please.
mfrazier24

What happens when all the people they catch doing stupid stuff are in Congress?
ornith

http://www.qfxsoftware.com/download.htm

KeyScrambler is your friend.
allen

If this doesn’t count as “big government”, what does?
b b

Ok, this goes too far. Had enough of this crap yet? We can do something about this. Do not just accept your liberty, your freedom and privacy taken away , more, and more and.. So, are you ready to do something about it? http://www.whatis-theplan.org <<<<<<<<<<<<<<<<<<<<<<<<<<

EXPECT US.
John Ford

Tor is your friend people.

http://www.torproject.org