Identifying Those Responsible for a “Living Horror” and Its Signficance for Proposed Federal Law

You may also like...

7 Responses

  1. Ken Rhodes says:

    Many years ago I worked on software for the U.S. military to use for computing manpower requirements. The manpower requirements document for an activity was not highly classified, being labeled simply “for official use only.” The aggregation of those manpower requirements documents into a manpower requirements data base, however, was classified SECRET. The reason was, and is, that there is a much greater downside when a large accumulation of data is exposed to potential compromise.

    By analogy, I would be strongly resistent to a practice of accumulating my life into a single data base, and I see that as a risk our younger generation does not appreciate. (Facebook comes quickly to mind.)

    My impression is that our Federal Government has resources to overcome even some pretty sophisticated attempts at secrecy. I’m sure, for example, that both the FBI and NSA have to deal with cyber-hiding and cyber-deceipt from foreign agencies and agents far more highly developed than any public BBS could possibly mobilize. I believe, therefore, that in the war againse domestic cyber-crime, technology should be our weapon of first choice, rather than data accumulation.

  2. Orin Kerr says:


    Thanks for posting on these interesting questions.

    I’m curious, though, how can one set of arrests suggest that the Act’s data retention requirements may be unnecessary? In a country of 300 million people, does the fact that 50 people have been arrested (and not yet convicted, as I understand it) really provide evidence that a law is being sufficiently enforced? To be clear, I’m not taking a position one way or another on the data retention law: I’m just not sure why you think this one case sheds light on the question.

    Also, why is Section 230 relevant, given that Section 230 doesn’t apply to criminal investigations? See 230(d)(1)(“Nothing in this section shall be construed to impair the enforcement of section 223 of this Act, chapter 71 (relating to obscenity) or 110 (relating to sexual exploitation of children) of title 18, United States Code, or any other Federal criminal statute.”)

    Finally, on the law itself, does the law really say that ISPs would also be required to track subscribers’ Internet activity, address, and credit card numbers? Based on a quick read, the version I looked at only appears to say that temporary IP addresses have to be retained. See section 4. Or is that an outdated version of the bill? I haven’t actually looked at the language until now, so maybe I’m just misreading this.

  3. Ken Arromdee says:

    If you could catch child pornographers by searching random people on the street without warrants, would that justify it?

  4. Danielle Citron says:

    Thanks to you both for responding. Ken puts his finger on what I am using the case for–the likelihood (or seeming likelihood, empirically contestable of course) that government will find criminal defendants, even those most determined to evade detection, under current data retention practices. The Act seems premised on the notion that law will be under-enforced because government can’t pierce encryption/proxy servers and that changing data retention will change that. So is that right, maybe Ken can speak specifically to that. I raised Section 230 because part of law’s under-enforcement relates to the inability to find defendants. Civil plaintiffs don’t have the resources of the government and they likely can’t afford computer forensic experts, if they can afford to sue. Recall the AutoAdmit case. The plaintiffs could only find nine of the 39 posters–the site does not log IP addresses and that mattered as did data retention practices of ISPs. Orin, you are absolutely right to point out the different considerations with section 230 but I thought I would raise other areas in which the question is whether data retention’s costs are worth its benefits. And thanks for the catch on the law–I took that from the Atlantic piece so I will delete it. Thanks so much, both of you!

  5. Orin Kerr says:


    Thanks for replying, Danielle.

    I think the difficulty is that enforcement of the law is always relative: We need to know how much crime is out there, how often the law is successfully enforced, and how that might change if the retention rules were changed.
    My thinking was that a group of arrests doesn’t shed ny light on that: It rules out the possibility that the law is NEVER enforced, but it doesn’t say how much retention rules might improve enforcement, or how many more bad guys would be caught if enforcement were improved.

  6. PrometheeFeu says:

    I think the primary problem here is that suspicion is the standard for release of the information. I think that a much more reasonable law would require probable cause and prior judicial review. Yes it does mean that some bad people (or monstrous people in this case) will get away, but that’s the price to pay for living in a free society. I am honestly very much concerned that law enforcement agencies could use this law to track down and harass citizens engaging in perfectly legal though unpopular activities.

  7. There is no question anonymity can be used for evil. But we must remember that for every sociopath hiding their steps, there is a human right worker somewhere in the world using the same technology to protect themselves and loved ones from retaliation by totalitarian governments or criminal organizations. This is related I think to the American legal ideals of due process that would rather not risk violating a single innocent simply to punish every person of guilt. In the end, anonymity is not just a sometime-requirement for free speech, but a hallmark of political freedom, right down to the ballot box.