According to this breathless story on CNET, sinister congressional forces are afoot attempting to impose a record-keeping requirement on home networks. But as I warn my Internet Law students every year, you just can’t rely on CNET posts on legislative developments, particularly the more sensational the headline. And that turns out to be true here as well. I doubt anyone in Congress actually intends to require home network users to maintain visitor logs. If that unexpected result does come about, it’s because Congress and the courts are miscommunicating. There’s a deeper problem with the relevant statutory language here, but it’s one that’s been around for a while.

Here’s the situation: wrongdoing on the Internet is often difficult to track down, because often the only reliable traces a malfeaser leaves behind is their computer’s IP address. It’s a bit like having someone’s phone number show up on caller ID. But unlike phone numbers, IP addresses often change. If the phone company didn’t keep any track of who had what phone numbers, the police or victims of harassment wouldn’t have any way of using the number to track the perpetrator down. It’s the same with IP addresses. Usually internet access providers keep track of who they assign IP addresses to, but there’s no requirement that they do so. There’s also no requirement that they keep such information for any particular length of time—it’s purely up to them, and storing data costs money, so ISPs purge their logs on a regular basis. So suppose a kidnapper logs into Gmail and sends an email with a ransom demand to the victim’s family. If Google chooses not to keep any access logs, there may be no way for the police to track the kidnapper down, even if the kidnapper took no steps to cover his or her tracks.

Enter the Internet SAFETY Act, yet another in the long line of recent Congressional bills with cutesy acronyms.

This recent post over at Consumerist caught my eye: A person loses his cell phone. Before he lost it, he set it up to blind-copy him on all emails sent from the cell phone. Let’s assume for the sake of argument that he did this (as the post recommends) as a “pretty brilliant low-tech security solution for tracking down a lost/stolen phone or laptop.” Pretty soon, someone finds the cellphone and begins using it, evidently with no attempt to locate the owner. The readers of Consumerist are collectively able to track the finder down within 55 minutes and get him to promise to return the phone, which he actually did.

Naturally, I had the same reaction to this story that anyone else would: Is that a violation of the Wiretap Act?