FBI chief repeats request for ISPs to retain data for two years

ISP data retention

FBI director Robert Mueller has repeated calls for US internet search providers to keep records of their customers' surfing habits for two years, twice as long as the measures already in place in Europe and the UK.

Twice in the last four years Mueller has publicly called on ISPs to put in place stronger data retention policies, and the request was made once again at a federal task force meeting last week.

Speaking to the Online Safety and Technology Working Group, Greg Motta who heads up the FBI's digital evidence section was quoted by CNET as saying his director wanted at the very least "origin and destination information for non-content data" to help in the investigation of digital crimes such as child pornography.

In other words, ISPs should retain information on the exact web pages its customers visit for a period of two years, though Motta stressed that "content" data, such as the text of personal emails, would not be kept.

"The question at least for the bureau has been about non-content transactional data to be preserved: transmission records, non-content records, addressing, routing, signalling of the communication," Motta said, before adding that Mueller was willing to compromise given the logistics load this would create: "He recommends origin and destination information for non-content data."

Motta pointed out the equivalent legislation that has governed phone companies since 1986, which requires "the name, address, and telephone number of the caller, telephone number called, date, time and length of the call" to be retained for 18 months.

Representatives from US service providers were quick to dismiss the notion, however. Also present at the task force meeting, Verizon vice-president Drew Arena said networks were "not set up to keep URL information anywhere in the network. And if you were do to deep packet inspection to see all the URLs, you would arguably violate the Wiretap Act."

The latter point raises the question of just how detailed the FBI wanted the data to be whether it would be limited to just IP addresses or domain names, or whether it wanted individual web page records to be kept, which would require deep packet inspection, and would be a logistical nightmare given the millions of web pages being accessed every second by internet users around the US and the world.

Despite Mueller's oft-repeated standpoint, the US Justice Department has yet to take an official position on data retention.

The EU's own directive forcing ISPs to retain non-content data went into force in the UK in April last year, though it only requires records to be held for 12 months.