Over a million developers have joined DZone.

Why the U.S. Doesn't Have Data Retention Legislation

DZone's Guide to

Why the U.S. Doesn't Have Data Retention Legislation

Big brother, where art thou? Apparently in our internet connection. The United States' lack of Data Retention laws could have some troubling effects on your privacy.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

Lately, I've been following the adoption of ever more draconian laws with respect to browsing and internet history retention. I've wondered why we don't have these too (obviously I live in the U.S.). I mean, it seems like a very law-and-order thing to do, right? And very American by extension?

I couldn't for the life of me figure it out. Then it dawned on me - we don't have this legislation because we don't need it.

So what do I mean by this? I certainly don't mean that we like to collect information on our citizens any less than anybody else in the free world (I'm looking at you Snooper's Charter). I mean that we don't need laws to get ISPs to do it.

Now that the FCC has made it clear that ISPs can sell these browsing records, you can guarantee that ISPs are keeping your browsing history. Now, they're not able to sell it in an obviously traceable way, and they'll anonymize it somewhat (pardon me if I don't expect them to work very hard at this). But they'll collect it. And if they're collecting it, that means that it's available via subpoena or other means.

This means that the U.S. government is able to trace everything you do online, end-to-end. They can trace your requests from your home, through your ISP, to whatever services you use, and they can do it over time. So if you log into the internet from home, and spend an hour browsing Reddit (yes, I know, only an hour - very funny) and then goof around on Facebook, all of that activity is completely traceable. Forward and backward - they can, for example, trace activity on Facebook to a particular time and physical location. On your phone? They can see that. Home? That too. Coffee shop? You bet.

We don't have data retention laws in the U.S. because we don't need them. We have a free market, and that's apparently enough. Let's hope we have a strong judicial system to protect ourselves from this in the future.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

privacy ,security ,isp

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}