"In one heart-wrenching example of the harm that a lack of data retention can cause, an undercover investigation that discovered a movie depicting the rape of a two-year-old child that was being traded on the internet was stymied because the ISP that had first transmitted the video had not retained information concerning the transmitter," Justice Department lawyer Jason Weinstein wrote in his written remarks submitted at a Senate Judicary subcommittee hearing on Tuesday. "Despite considerable effort, the child was not rescued and the criminals involved were not apprehended."
Weinstein had used the child rape example in previous testimony before a House subcommittee back in January. In that retelling of the story, Weinstein cited testimony of a Wyoming Division of Criminal Investigation agent back in 2006 who said he was investigating an online video showing the rape of a two-year old girl. The investigator was able to trace the video back to an ISP account in Colorado, but the ISP had purged the information after 30 days under their standard data retention policy.
The testimony in question came from Flint Waters, the lead special agent of the Wyoming Division of Criminal Investigation, Internet Crimes Against Children Task Force Technology Center.
Waters testified that an investigator got a hold of the movie in question in August 2005, and they were able to trace this movie to a computer in Colorado. They discovered it had been made available for distribution in April of 2005, months before it was believed to have existed anywhere on the Internet.
Weinstein testified Tuesday that ensuring that law enforcement "can successfully track criminals who use their smart phones to aid the commission of crimes" is a "particular area of concern" for the Justice Department.
"When a criminal uses a computer to commit crimes, law enforcement may be able, through lawful legal process, to identify the computer or subscriber account based on its IP address," he said. "This information is essential to identifying offenders, locating fugitives, thwarting cyber intrusions, protecting children from sexual exploitation and neutralizing terrorist threats - but only if the data is still in existence by the time law enforcement gets there."
ISPs, Weinstein said, "may choose not to store IP records, may adopt a network architecture that frustrates their ability to track IP assignments and network transactions back to a specific account or device, or may store records for only a very short period of time."
"In many cases, these records are the only evidence that allows us to investigate and assign culpability for crimes committed on the Internet," he said.
Weinstein said there are significant legal restrictions on private companies sharing data with law enforcement but there are no restrictions on providers' ability to share that information with a third party.
"We think Congress may wish to consider whether we strike that balance between privacy between consumers and those they are engaged in commerce with," he told the subcommittee.