Over a million developers have joined DZone.

Why the U.S. Doesn't Have Data Retention Legislation

DZone's Guide to

Why the U.S. Doesn't Have Data Retention Legislation

Big brother, where art thou? Apparently in our internet connection. The United States' lack of Data Retention laws could have some troubling effects on your privacy.

· Security Zone ·
Free Resource

Address your unique security needs at every stage of the software development life cycle. Brought to you in partnership with Synopsys.

Lately, I've been following the adoption of ever more draconian laws with respect to browsing and internet history retention. I've wondered why we don't have these too (obviously I live in the U.S.). I mean, it seems like a very law-and-order thing to do, right? And very American by extension?

I couldn't for the life of me figure it out. Then it dawned on me - we don't have this legislation because we don't need it.

So what do I mean by this? I certainly don't mean that we like to collect information on our citizens any less than anybody else in the free world (I'm looking at you Snooper's Charter). I mean that we don't need laws to get ISPs to do it.

Now that the FCC has made it clear that ISPs can sell these browsing records, you can guarantee that ISPs are keeping your browsing history. Now, they're not able to sell it in an obviously traceable way, and they'll anonymize it somewhat (pardon me if I don't expect them to work very hard at this). But they'll collect it. And if they're collecting it, that means that it's available via subpoena or other means.

This means that the U.S. government is able to trace everything you do online, end-to-end. They can trace your requests from your home, through your ISP, to whatever services you use, and they can do it over time. So if you log into the internet from home, and spend an hour browsing Reddit (yes, I know, only an hour - very funny) and then goof around on Facebook, all of that activity is completely traceable. Forward and backward - they can, for example, trace activity on Facebook to a particular time and physical location. On your phone? They can see that. Home? That too. Coffee shop? You bet.

We don't have data retention laws in the U.S. because we don't need them. We have a free market, and that's apparently enough. Let's hope we have a strong judicial system to protect ourselves from this in the future.

Find out how Synopsys can help you build security and quality into your SDLC and supply chain. We offer application testing and remediation expertise, guidance for structuring a software security initiative, training, and professional services for a proactive approach to application security.

privacy ,security ,isp

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}