[HCoop-Discuss] Federal legislation affecting HCoop operations

Nathan Kennedy ntk at hcoop.net
Fri Feb 20 11:46:51 EST 2009 

Folks,

Previously I had written to hcoop-misc about the FISA bill, encouraging
American members to individually contact their legislators to vote no on
FISA, which provided immunity to staffers, officers, and corporations like
HCoop who illegally breached data privacy and other laws in the context of
illegal government investigations.  The bill passed (with the support of
then-Senator, now-President Obama) and is now law.

Now there is a bill introduced into Congress last week that is potentially
more frightening than FISA, would directly affect our operations, and which
stands an excellent prospect of becoming law.

Called the "Internet Stopping Adults Facilitating the Exploitation of
Today's Youth (SAFETY) Act of 2009," it is S.436 in the Senate and
H.R.1076.

This bill contains a number of penalties related to child pornography,
money laundering, and racketeering.  Amidst these popular measures is this
provision:

     "SEC. 5. RETENTION OF RECORDS BY ELECTRONIC COMMUNICATION SERVICE
PROVIDERS.

     "Section 2703 of title 18, United States Code, is amended by adding at
the end the following:
         "`(h) Retention of Certain Records and Information- A provider of
an electronic communication service or remote computing service shall
retain for a period of at least two years all records or other information
pertaining to the identity of a user of a temporarily assigned network
address the service assigns to that user.'."

For the purposes of this chapter, "the term “remote computing service”
means the provision to the public of computer storage or processing
services by means of an electronic communications system;"

That would certainly apply to any HCoop server.  At a minimum, this bill
will require retention of DHCP logs for two years along with all identity
information associated with such logs (which HCoop does not presently
have).  It may well be interpreted or amended to require user identity and
access logs for all servers for two years--after all, most HCoop users log
in from "temporarily assigned network addresses", and we have information
pertaining to their identities.

In addition to the enormous added burdens, liability, and administration
associated with this bill, I personally believe that the legitimate law
enforcement goals of this provision are outweighed by the harm to privacy,
civil liberties, and the autonomy of small independent service providers
like HCoop.  In short I think this is an unprecedented, intrusive, and
extremely harmful Big Brother bill.

Previously, Title 121 of Chapter 18 of the US Code, which this section
amends, only required disclosure of existing information pursuant to a
legitimate warrant or subpoena, or preservation of specific backups
pursuant to a legitimate government request.  If this bill became law, we
would be required by federal law to maintain backups of access log and user
identity date for two years even from decommissioned servers in case the
feds decided they needed it.  Imagine not just the burden of this
federally-imposed data retention, but having to consult a lawyer to
determine which records may or may not have to be retained, and decide
whether to "play it safe" and keep all records in escrow or to aggressively
wipe records and risk prosecution if our judgment is wrong.

I would be interested in hearing the opinions of the membership at large
and other board members on this bill.  If there is agreement, then in
addition to individual letter-writing I would be interested in a board
resolution opposing this bill and officially contacting legislators and
government to oppose it, and coordinating with other groups that are doing
the same.

I previously looked into the consequences of HCoop acting on pending
legislation.  Unlike 501(c)(3) organizations with their strict lobbying
limitations, it seems that 501(c)(12) organizations (tax exempt
organizations whose contributions are not tax-deductible) are permitted to
lobby for or against legislation, especially where it has a direct impact
on operations.  This does not extend, of course, to supporting or opposing
candidates for political office.

I look forward to hearing others' opinions.

Regards,
Nathan Kennedy
Secretary, HCoop

More information about the HCoop-Discuss mailing list