U.S., U.K. ISPs FACING POTENTIALLY CONFLICTING REQUIREMENTS
Depending on how court rules in feud between RIAA and Verizon over disclosure of personal information on alleged peer-to-peer (P2P) file swappers, U.S. ISPs could be in same rock-vs.-hard-place situation now confronting U.K. service providers, U.S. ISP association official said Fri. Last week, Internet Services Providers’ Assn. (ISPA) recommended its members not comply voluntarily with British Home Office request that ISPs give law enforcement agencies access to personal information on their customers without prior judicial approval.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
Anti-Terrorism Crime and Security (ATCS) Bill allows Home Secy. to craft voluntary code of practice to allow communication service providers (CSPs) to hold data for use in law enforcement investigations. But no code of practice has been drafted yet, leaving U.K. ISPs subject to existing laws that permit data retention only as long as is necessary for billing purposes, ISPA spokesman said. Moreover, he said, U.K. ISPs aren’t sure how -- or if -- code of practice will square with current law.
RIAA v. Verizon involves music industry’s attempt to obtain personal data about Verizon customer by issuing subpoena under Sec. 512(h) of Digital Millennium Copyright Act. Case, in which oral argument was held Oct. 4, has alarmed ISPs, which worry that adverse decision could force them to have to violate subscribers’ privacy rights by turning over identifying information even though allegedly infringing materials were on customers’ own PCs, not ISPs’ servers. But more than that, said David McClure, pres. of U.S. Internet Industry Assn. (USIIA), some states -- Minn., for example -- bar ISPs from releasing the name of subscriber unless it’s pursuant to current law enforcement investigation. Win for RIAA would mean U.S. ISPs could be facing much same situation as U.K. providers, he said.
ISPs are among several groups nervous about growing movement toward data retention rules in European Union (EU). In response to questionnaire sent to EU member states by Denmark, which now holds Presidency, several countries said they would welcome European-level rule on withholding personal data. Asked what happens next, EU source said that where member states had adopted or were considering adoption of data retention laws, European Commission was actively engaged in making sure those rules were compatible with law enforcement needs.
July 2002 Directive on Privacy & Electronic Communications clarified conditions under which EU nations could adopt law for data retention for law enforcement purposes that contradicted obligation to erase data traffic when it no longer was needed for billing purposes, EU source said. That didn’t mean member states must adopt data retention laws or that they had blank check, source said.