By Jane Wakefield
Technlogy reporter, BBC News website
Balancing the needs of the police to investigate crimes online with the privacy of individual web users has become controversial as governments seek to extend their snooping rights in cyberspace.
Web data could offer vital clues in criminal causes
Already European ISPs and phone companies are in the process of implementing an EU directive which forces them to retain a variety of communication data for up to two years.
Now, a republican congressman, Lamar Smith, has put forward a bill for discussion in the US Congress that could see a similar regime operating Stateside.
Experts think it is unlikely that the US will introduce draconian data retention laws any time soon, not because they do not want to but because similar European legislation is currently in varying degrees of disarray.
"It would be a case of a European disease moving to the US. There are so many silly aspects to the EU legislation, not least that implementation is practically impossible," said Gus Hosein from advocacy group Privacy International
Clear as mud?
The controversial measures that European government are currently trying to interpret require internet service providers and phone companies to keep a record of internet usage, e-mail logs and phone call records.
There is no requirement to keep the content of messages.
Most experts agree that the legislation has been poorly drafted and is therefore open to a wide range of interpretations.
"Nobody knows what they mean. The legislation has been written by people who didn't understand the internet," said Richard Clayton, a researcher at Cambridge University who specialises in web traceability.
Even if the legislation was clearer, there would still be big issues with it. Firstly, the cost of storing the data, which will, said Mr Clayton, be filtered back to customers in the form of rising access costs.
Secondly there is a question of how to make sense of and sift through the huge amount of data being stored.
There are also concerns that the data retention requirements will stifle creativity.
"Bringing out new services, such as web-based mail, could be affected as it would also require a data retention system," said TJ McIntyre, chairman of civil rights organisation Digital Rights Ireland.
It has launched a legal challenge to the directive.
TIMETABLE FOR DATA RETENTION
The EU directive came into force in April 2006
Member states have until September 2007 to implement the directive
UK ISPs have won an extension until March 2008
Data must be kept for a minimum of six months and maximum of two years
While some countries wait to see the result of this challenge before kick-starting their data retention regimes, the UK government has instigated a voluntary system and has offered to pay for some of the data storage costs, as well as looking at the best way to extrapolate information from the data once it is collected.
It all adds up to a way of dealing with data retention that others would do well to mimic, thinks Mr Clayton.
"The UK system has a lot going for it. There is a strong tradition of listening to ISPs," he said.
Currently in the United States there is no requirement for internet service providers to keep data. In practice though most do keep it for a short period of time (up to 10 days) as it is useful for their own purposes, such as dealing with spam.
The authorities also operate a system of data preservation, in which ISPs are asking to keep data for longer on a case by case basis
It was revealed last year that the National Security Agency was already utilising data retention.
It was reported by USA Today that the NSA has routinely been collecting the phone call records of millions of Americans, using data provided by AT&T, Verizon and BellSouth in an effort to form a picture of terrorist activity.
The latest attempt to push through the legislation in the US is being billed as a way of protecting both children from online paedophiles and as part of the ongoing war against terrorists but privacy advocates are concerned that there is no evidence such retention helps with any sort of crime investigation.
"When we mounted our legal challenge we have never once been given an example of where data retention has been necessary to solve a crime," said Mr McIntyre.
The vagueness of existing legislation could also open up so-called data snooping to a variety of purposes that it was not really intended for, such as data being used in divorce cases or employees' data trails being followed by suspicious bosses.
Even as a tool for law enforcers alone, it could have limited usefulness, argue some.
"It might help capture the naïve and unthinking but is unlikely to deter serious criminals. They could just as easily have their conversations in a pub but no-one is considering putting microphones in all pubs," said Mr Clayton.
It is clear that the debate about data retention is far from over and the balance between privacy and access for law enforcers is a tricky one to maintain.
For Mr Clayton and many other critics of the current plans there is more at stake than just how to open up the web to surveillance.
"It is a matter for society to decide what kind of world they want to live in," he said.