TechHui

Hawaiʻi's Technology Community

Hawaii Lawmakers' Assault on Web Privacy

As I write this HB 2288, which requires anyone providing internet connectivity to keep detailed records of users' browsing history, is being heard in front of the Committee on Economic Revitalization. This is arguably the most aggressive privacy invading internet data retention measure introduced by any state.The ill conceived HB 2288 was introduced by Rep. John Mizuno and championed by Rep. Kymberly Pine. Companion bill SB 2530 was introduced in the senate by Sen. Jill Tokuda. These bills, which are vaguely worded, could easily impose onerous requirements on not only ISPs but also every coffee shop and internet cafe in the state. They provide no privacy protections or rules with regard to how the data is handled. HB 2288 and SB 2530 open up every resident of the state to the possibility of their browsing history being subpoenaed not only in criminal cases, but also in civil matters. This is no different than the state requiring telephone companies to retain all your conversations.

I submitted the following testimony to the committee:

"I write in strong opposition. I wish to provide testimony with regard to HB 2288, which requires ISPs to capture and store all customers' internet traffic for a period of two years. In these times, the record of a person's browsing history is as close as you can get to a record of their thoughts. Even forcing telephone companies to record everyone's conversations, which is unthinkable, would be less of an intrusion. This bill represents a radical violation of privacy and opens the door to rampant Fourth Amendment violations. As with a phone tap, the state should be required to seek a warrant to record a person's browsing activities. Internet traffic can be far more personal than a phone call. Why should the protection of access be held to a lower standard?"

Although techies can obviously get around this by, for example, using a proxy server to hide destinations and SSL to make data opaque, this is a clear assault on the privacy of the average users' browsing history. The assault is also happening at the federal level thanks to SOPA author Rep. Lamar Smith, who introduced a similar (although less aggresive) bill which he calls the "Protect Children from Pornographers Act". The name is, of course, ludicrous given that it has absolutely nothing to do with protecting children from pornography.

The bill currently has support from both sides of the isle (Pine is a Republican, Mizuno a Democrat), so it will take a concerted effort to defeat it. Lets fight the good fight to protect our privacy. We are already getting national attention.

Many thanks to Aryn Nakaoka for bringing this bill to our attention, Yuka Nagashima for providing in-person testimony on behalf of our industry, Neenz Faleafine for helping spread the word and Declan McCullagh for giving it national attention.

Update: HB 2288 has been tabled and we've heard from multiple sources that it is effectively dead. SB 2530 is likely DOA, but it could be revived with modifications based on testimony. See the comments below for discussion regarding the numerous other bills that have been introduced relating to internet regulation and interference with business activities including the odious HB 2762.

Two new bills, HB1778 & HB2147, promote unauthorized computer access to a class A felony. Class A is normally reserved for crimes such as rape, kidnapping and murder.

Views: 550

Comment

You need to be a member of TechHui to add comments!

Join TechHui

Comment by Karen Chun on February 5, 2012 at 8:16pm

HB2287 exposes all of us to FELONY charges for using "unauthorized" material.  "Unauthorized is not defined.   I talked to Sen. Shan Tsutusi and hopefully this bill will never go anywhere.

Comment by Jon Brown on January 31, 2012 at 1:40pm

Thank you Daniel for the mention.  HB2762 should be of concern to anyone working in web development of any sort, or anyone hiring web development consulting services.

HB2762 is extremely poorly written and shows no understanding of the diversity and breadth of the industry (which is why laws trying to targeting such specific cases are generally a very bad idea).  With HB2288 dead (for now) I hope people will take the time to also contact their reps and express their thoughts on HB2762 as well.

Comment by Daniel Leuck on January 28, 2012 at 10:48am

@Paul - Exactly. Its an absurd bill. Here is what I wrote on Civil Beat with regard to this pile of bills and HB 2762 in particular (with some additions):

While some of these bills create meaningful protections, many of them collectively represent a cluster bomb offensive on free speech and privacy on the internet. Those of us submitting testimony and writing about them can hardly keep up. This is very likely the largest and most aggressive body of bills relating to internet regulation, monitoring and censorship ever to sit in front of a state legislature.

HB 2762 is one of my favorites. This ill-conceived bill would invalidate the majority of design and development legal agreements which commonly stipulate that ownership isn't transferred to a customer until payment is rendered. HB 2762 creates many vaguely defined liabilities for web developers while doing nothing to protect them from non-paying or malicious customers. It appears to be trying to create protection against offenses for which legal remedies already exist - copyright infringement and libel.

The introducer, Rep. Pine, has clearly penned it in response to her problems with Eric Ryan, her former web designer. It contains bizarrely specific language that obviously is meant to deal with that particular scenario. Our legislature is not the appropriate place to wage personal battles.

Comment by Paul Graydon on January 28, 2012 at 9:49am

Think how complicated the average modern website is..  How broad might you imagine "included material" could be interpreted to be.  A number of the sites we produce for the state at work have hundreds of JSPs, java classes, css files, images, the works.  This may be an absurdist take on it, but if taken sufficiently broadly I wonder if we would end up having to explain to the people we worked with what every single file is for so that they could approve it!

Point 1 is covered by already highly effective copyright laws, why do we need to re-iterate those? 2-4 are all contractual issues, surely?  Terms related to those are in most contracts I've seen between individuals and web designers.

Time tonight to sit down and trawl through the state archives and see what is what, we'd better get these nipped on the head before too much damage is done :-/

Comment by Daniel Leuck on January 27, 2012 at 2:15pm

Karen Chun and Jon Brown from the Maui Techies group have brought another crazy bill to our attention: HB2762: Web Designers and Developers; Unfair and Deceptive Practices

Anyone who has read Declan's article on CNET or Civil Beat's article knows how this bill originated. Its another ill conceived, vaguely worded and dangerous bill attempting to address an issue for which there is already a legal remedy. I can't imagine how a court would deal with the bizarre language in this bill.

30 cybercrime related bills have been introduced. Its never-ending and almost impossible to monitor. We shoudn't have to babysit or legislature like this. Clearly many districts need to rethink their choices in the next election.

Comment by Daniel Leuck on January 26, 2012 at 2:22pm

Great testimony Aaron. Civil Beat just reported that the house version of the bill has been tabled. Karen Chun posted to the Maui Group saying that Rep Angus McKelvey (West Maui), assisted by ample testimony, worked hard to kill the bill.

Comment by Aaron Collins on January 26, 2012 at 12:49pm

I encourage everyone to go here http://www.capitol.hawaii.gov/submittestimony.aspx?billtype=HB&...  and submit a testimony opposing this bill.  This is a horrible idea.  Here is the testimony I submitted.

As a leading IT engineer in Hawaii I have to say I heavily oppose this bill in it’s current form.  This bill will be a significant violation of privacy and provide no benefit to law enforcement.  The reality is that anyone who is going to commit a crime online is going to take precautions and use publicly available well known tools to hide their actions.  (See: https://www.torproject.org)

I've worked in internet security for over a decade.  In every security incident I’ve ever done forensic analysis on one common tactic I’ve seen is that the attackers always hide their IP.  Keeping every citizens internet usage logs on the off chance that you might find one criminal that might of made a mistake is counter productive.

You also really need to take into account the significant amount of extra work and expenses you are going to put on Hawaii’s local business.  Adding this type of auditing on public wifi will cost each business at least $1500 in hardware and licensing alone to accomplish this task.  This doesn’t even take into account the manpower and labor cost.  When you take into account how many business in Hawaii offer public wifi the cost is astounding.

As a security Engineer with over a decade of experience in these matters as well as the engineer who setup the State of Hawaii’s online portal security, I strongly urge you to not pass this law.  If cyber crime is this much of an issue here in Hawaii I recommend holding public forms to discuss this matter with Hawaii’s leading technology professionals so we can work together to develop a true solution to cyber threats.  I would be even willing to help organize this and offer recommendations.  

 

Signed,

Aaron Collins

Sponsors

web design, web development, localization

© 2020   Created by Daniel Leuck.   Powered by

Badges  |  Report an Issue  |  Terms of Service