Mandatory Data Retention Law in United states is not implemented yet. But according to the law Stored Communications Act (SCA) enforced as a part of Communications Privacy Act in 1986, the government could access the retained data if a telecom provider or remote computing services collect a user’s communication data.
The SCA law provides support to the Mandatory Data Retention by directing the internet providers to retain a user’s data for about 180 days if the government asks to do so.
The type of internet service a company is providing to its customers, the type of data and for the retained communication information the time duration for which the data has been kept, are the variables that determine the possibility of gaining data access by government officials from internet providers.
SCA also says that the data could be revealed by the providers to the government at the time of necessity i.e. if a crisis situation occurs and delay in data revelation can cause danger to the live of a person. However, a court order is required for the forced access to communication data. Yet, an administrative writ is required for the compelled access to the data such as user/subscriber name, address, telephone number, and records of phone calls and communications, that is not issued by the Court.
Ordering all the Internet Providers to retain records of their users for at least 2 years, two bills were passed in 2009 by the congress to assist the police investigation. But none of those bills could become a law. Therefore, the oppositions and arguments continue from some legislators and law enforcement officials but the mandatory data retention is still applicable for the internet crimes including online child pornography that is important to investigate.
A hearing under the supervision of U.S. House of Representatives Judiciary Subcommittee on Crime, Terrorism, and Homeland Security in January 2011 discussed the issue that whether a legislation allowing ISPs to store users data, should have been proposed by congress or not. However, in May 2011, the “Protecting Children from Internet Pornographers Act of 2011” (H.R. 1981) was presented in the House of parliament that requires storage of such data.
H.R. 1981 law was implemented on the pretended grounds to stop child pornography. Through this, the ISPs were compelled to spy and to retain the data of all the citizens including the innocent ones so that it could be used by the law enforcement at a certain time.
ISPs are also ordered by H.R. 1981 law to keep ‘temporary assigned network address’ to identify a user. Therefore, it refers to the IP addresses and the mobile phone internet services of the subscribers. Yet, this could also include mobile phone identifications such as mobile numbers, three mobile phone identifiers: IMEI, IMSI, TMSI, and others. These IDs are used by the mobile phone companies to identify a certain handset and the customer using it.
US states that could face extreme consequences of mandatory Data Retention are also unsafe from it. Also, the Hawaiian lawmakers held a hearing regarding the directives of state bill HB2288 which compels internet provider organizations in Hawaii to store unidentified user data for minimum two years, including the IP address and browsing history records of a user. that data would include user’s IP address, domain name or host name. Yet, the ISPs are required to surveil the activity of a user on every website and should keep that record with the link to that particular user’s IP address.
However, including the US many other nations in the world are passing laws that support Mandatory Data Retention. To avoid such problems and to make your data secure from prying eyes you could follow our guide that ‘How To Protect Yourself From Metadata Retention’.