Is Congress About to Require Home Users to Keep Wi-Fi Logs?
According to this breathless story on CNET, sinister congressional forces are afoot attempting to impose a record-keeping requirement on home networks. But as I warn my Internet Law students every year, you just can’t rely on CNET posts on legislative developments, particularly the more sensational the headline. And that turns out to be true here as well. I doubt anyone in Congress actually intends to require home network users to maintain visitor logs. If that unexpected result does come about, it’s because Congress and the courts are miscommunicating. There’s a deeper problem with the relevant statutory language here, but it’s one that’s been around for a while.
Here’s the situation: wrongdoing on the Internet is often difficult to track down, because often the only reliable traces a malfeaser leaves behind is their computer’s IP address. It’s a bit like having someone’s phone number show up on caller ID. But unlike phone numbers, IP addresses often change. If the phone company didn’t keep any track of who had what phone numbers, the police or victims of harassment wouldn’t have any way of using the number to track the perpetrator down. It’s the same with IP addresses. Usually internet access providers keep track of who they assign IP addresses to, but there’s no requirement that they do so. There’s also no requirement that they keep such information for any particular length of time—it’s purely up to them, and storing data costs money, so ISPs purge their logs on a regular basis. So suppose a kidnapper logs into Gmail and sends an email with a ransom demand to the victim’s family. If Google chooses not to keep any access logs, there may be no way for the police to track the kidnapper down, even if the kidnapper took no steps to cover his or her tracks.
Enter the Internet SAFETY Act, yet another in the long line of recent Congressional bills with cutesy acronyms.