SOPA replacement uses child porn as excuse to spy on 99.7 percent of Americans

SOPA author Lamar Smith pushing bill to make web sites track every user's every move

The SOPA and PIPA bills that went down in flames earlier this year for their unbearable intrusiveness, used content piracy as an excuse to give the government powerful tools with which to censor Internet content.

For 2012 the primary author of those bills has switched to a fallback tactic: using child porn as an excuse to create a vast surveillance network from which the government can demand data on every email sent, site visited or link clicked on by all but a fraction of one percent of the U.S. population.

Internet anti-censorship advocates including Anonymous are calling for the ouster of Texas Congressman Lamar Smith, who is following his co-sponsorship of the failed Stop Online Piracy Act (SOPA) with a bill critics call "Big Brother" disguised as an effort to curb child porn and sexual abuse.

Last May Smith, a Texas Republican credited as primary author of both SOPA and PIPA, the Senate version, also introduced H.R. 1981, a bill called the "Protecting Children From Internet Pornographers Act of 2011″ (PCFIPA).

The anti-child-porn provisions in the bill are a "fig leaf for its true purpose: A sweeping data retention requirement meant to turn Internet Service Providers and online companies into surrogate snoops for the government’s convenience," according to Julian Sanchez, Internet privacy and censorship researcherat the center-right Cato Institute.

Smoke and mirrors concealing observers watching you from behind the smoky mirrors

The bill amends existing laws empowering the U.S. Marshals Service to issue subpoenas and chase fugitives.

The amendments expand the Marshals' ability to issue subpoenas and adds online pornographers to their list of top targets.

The important, though administrivia-looking part of the bill is this: "A provider of an electronic communication service... shall retain for a period of at least 18 months the temporarily assigned network addresses the service assigns to each account... records retained pursuant to section 2703(h) of title 18, United States Code..." – FCPIFA, H.R. 1981

ISPs are already required to keep some customers' activity records for 180 days, so this doesn't look like a big change.

Except, PCFIPA, HR 1981, requires ISPs keep track of every single IP address they assign (except to wireless users) and all the activity flowing across that link.

It doesn't limit itself to just ISPs, either. By addressing the bill to cover any company providing "electronic communications" or "remote computing" services, the bill effectively covers any site offering services online.

PCFIPA, HR 1981, reverses that point of view (as did PIPA and SOPA), to create a vast database of every action of ever American online – a deep pool of data on the activity of millions of Internet users, through whose private activity they can sift at will until they find something that looks like evidence of a crime.

That's exactly the opposite of the intent of the Fourth Amendment to the Constitution. The Fourth Amendment prevents police from searching, questioning, holding or otherwise harassing suspects unless a judge agrees there's a good reason to investigate a specific person for a specific crime.

Going beyond child pornographers to treat everyone like a criminal

Accusations that PCFIPA is a universal surveillance bill in disguise cite two specific problems with the bill:

    The first is language in the existing federal law, which requires ISPs to provide, under warrant: all of a customer's Internet activity, including email, web browsing, downloads, IM, social networking and anything else done across the public Internet;
  • the customer's name address, phone number and IP address;
  • a list of all local and long distance phone calls;
  • a list of all electronic communications;
  • means of payment – all credit-card, bank account or other method the customer used to pay;
  • silence – ISPs under warrant or subpoena to give up private records aren't allowed to alert the customer.
  • The second is the phrase "unregistered sex offenders" and the power it gives the U.S. Marshals Service to issue its own subpoenas to investigate 99.762 percent of the U.S. population.

By addressing "unregistered sex offenders," Lamar Smith's PCFIPA expands its powers of comprehensive surveillance over everyone in the U.S. who has not already been convicted of a sex crime.

According to the National Center for Missing and Exploited Children's Map of Registered Sex Offenders (PDF) there are about 748,000 registered sex offenders in the United States and territories.

That's an average of 238 offenders per 100,000 who are not sex offenders – approximately .238 percent of the total U.S. population.

Since it is empowering U.S. Marshals to investigate people who have not yet been convicted, under PCFIPA, the only thing required to get a valid subpoena to examine all the online activity 99.762 percent of the U.S. population, is an investigating officer willing to say the subpoena has something to do with investigation of online child porn.

They don't even have to accuse a specific person or limit themselves to a specific geographic area. Geographically surveillance targets have to be within 500 miles of a specific target of investigation.

Online the bill allows for usage connections – anyone you called, who called you, any sites you may have visited or spammers who might have sent you email.

Not only are you a criminal; every web site you ever visit has to collect 'evidence' on you

The requirement that ISPs and essentially every site on the Internet keep 18 months worth of records on every visitor would create a complete record of every site visited, every email sent, every link clicked on by every resident of the U.S. and its territories – a vast and comprehensive database of everything any American does online, into which curious cops can dip almost at will, whether they have a good reason to do so or not.

"The data retention mandate in this bill would treat every Internet user like a criminal and threaten the online privacy and free speech rights of every American," according to Kevin Bankston, an attorney for the Electronic Frontier Foundation. "Requiring Internet companies to redesign and reconfigure their systems to facilitate government surveillance of Americans' expressive activities is simply un-American."

“The bill is mislabeled,” Rep. John Conyers (D-MI) told CNET in July, when PCFIPA went through brief review in the House judicial committee. “This is not protecting children from Internet pornography. It’s creating a database for everybody in this country for a lot of other purposes.”

Smith argued in committee that the bill involved investigation only of those suspected of the sexual abuse of children.

No so, countered the ACLU, which argued it would actually impact "hundreds of millions of individuals who have no connection to the sexual exploitation of children whatsoever. ..There is nothing in the bill that would limit the use of these records to child exploitation cases," countered the American Civil Liberties Union, which sent a letter carrying protests from it and 29 other civil rights groups to Smith last summer, without result.

"In fact, the records would involve all internet users everywhere and they would be available to law enforcement for any purpose. This new mandate is a direct assault on the privacy of internet users," the letter said.

So what's the upshot?

There is no conclusion to this story yet.

PCFIPA, H.R. 1981, is on the House legislative calendar to be debated, changed, approved or denied sometime during the coming year.

Oddsmakers rate its chances as good, considering it sailed through committee by a vote of 19 to 10.

SOPA and PIPA had similarly good odds before being brought down in flames.

PCFIPA, HR 1981, should have much worse chances, considering that powers it grants are much more sweeping than those of either Internet censorship bill and that it adds a huge burden to both ISPs and anyone providing content or software services across the web.

Together the constituency opposing PCFIPA should be at least as large as that opposing SOPA and PIPA.

Opposing those two bills took a lot of effort and unity among independent-minded Internet users.

Both unity and the ability to project opposition appear to have dissipated in the weeks since.

Especially given the effort of Lamar Smith and his backers to conceal unconstitutional powers of surveillance and censorship behind child pornographer straw men, it's entirely possible HR 1981 will come up for a vote without nearly as much outcry for the 'net.

If that happens, all the complaining about privacy done by anyone online until now will be moot. PCFIPA requires your ISP to keep track of what you do when it can see you and requires other sites to keep records of what you do when it can't.

By comparison, losing your email password to a keylogger or having your iPhone give away your location data are small potatoes.

Lamar Smith wants to know more than a password or location. He wants to know what sites you click on, what spam you get, what sites you visit that you delete from your history cache so no one else can see them.

Lamar Smith wants to know who you email, who you text and what links you click on in blogs complaining about his irrational, insatiable need to spy on Americans who have done nothing wrong and nothing to arouse suspicion that they have.

Lamar Smith doesn't believe in innocent until proven guilty. Lamar Smith doesn't believe in innocent at all.

He only believes in "unregistered offenders" – meaning "those who haven't been caught yet.

Give Lamar Smith his way and every site on the Internet will have to keep records to turn over to Lamar and his cronies, so people who don't like you can sift through everything you do, looking for something you've done wrong.

Putting unconstitutional limits on the freedom of 99.7 percent of Americans is a fair exchange for a law that might give cops a slightly greater advantage in chasing the .238 percent of Americans who may actually be involved in child pornography.

Isn't it?

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies