Rep. F. James Sensenbrenner, the chairman of a key House of Representatives subcommittee, said this morning that it was time to resuscitate the idea of the government mandating data retention. Sensenbrenner, a Wisconsin Republican, had drafted a mandatory logging proposal seven years ago that included prison terms for company executives who failed to comply. A law enforcement representative said today some form of data retention should be attached to the privacy bill.
"I'd like to ask you … what time do you think we ought to have in terms of requiring a service provider or somebody who stores e-mails in the clouds to retain that material?" Sensenbrenner asked law enforcement representatives during an exchange that lasted about five minutes. The response from a representative of the Tennessee Bureau of Investigation: It depends, but "six months or a year" would be reasonable. (Here's the hearing video.)
Sensenbrenner indicated that he intended to glue a data retention requirement, which had been endorsed by the U.S. Department of Justice and other law enforcement organizations, onto a landmark privacy bill to rewrite the 1986 Electronic Communications Privacy Act (ECPA). At the moment, Americans enjoy more privacy rights if they store data on their hard drives or under their mattresses, a legal hiccup that tech companies fear could slow the shift to cloud-based services unless the law is updated.
"We're going to need to have a balancing act, which means that neither law enforcement nor the service community are going to get everything they want," Sensenbrenner said.
But a few hours later, in response to queries from CNET asking about the details of the proposal, aides to Sensenbrenner said that their boss had misspoke and was talking about data preservation in response to law enforcement requests—not about a new data retention proposal.