[House Hearing, 112 Congress]
[From the U.S. Government Publishing Office]



 
               DATA RETENTION AS A TOOL FOR INVESTIGATING INTERNET 
                CHILD PORNOGRAPHY AND OTHER INTERNET CRIMES
=======================================================================
                                HEARING

                               BEFORE THE

                   SUBCOMMITTEE ON CRIME, TERRORISM,
                         AND HOMELAND SECURITY

                                 OF THE

                       COMMITTEE ON THE JUDICIARY
                        HOUSE OF REPRESENTATIVES

                      ONE HUNDRED TWELFTH CONGRESS

                             FIRST SESSION

                               __________

                            JANUARY 25, 2011

                               __________

                            Serial No. 112-3

                               __________

         Printed for the use of the Committee on the Judiciary



[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]


      Available via the World Wide Web: http://judiciary.house.gov


                              __________



                    U.S. GOVERNMENT PRINTING OFFICE
63-873 PDF                    WASHINGTON: 2011
___________________________________________________________________________
For sale by the Superintendent of Documents, U.S. Government Printing Office, 
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, U.S. Government Printing Office. Phone 202-512-1800, or 866-512-1800 (toll-free). E-mail, [email protected].  






                           COMMITTEE ON THE JUDICIARY

                      LAMAR SMITH, Texas, Chairman
F. JAMES SENSENBRENNER, Jr.,         JOHN CONYERS, Jr., Michigan
    Wisconsin                        HOWARD L. BERMAN, California
HOWARD COBLE, North Carolina         JERROLD NADLER, New York
ELTON GALLEGLY, California           ROBERT C. ``BOBBY'' SCOTT, 
BOB GOODLATTE, Virginia                  Virginia
DANIEL E. LUNGREN, California        MELVIN L. WATT, North Carolina
STEVE CHABOT, Ohio                   ZOE LOFGREN, California
DARRELL E. ISSA, California          SHEILA JACKSON LEE, Texas
MIKE PENCE, Indiana                  MAXINE WATERS, California
J. RANDY FORBES, Virginia            STEVE COHEN, Tennessee
STEVE KING, Iowa                     HENRY C. ``HANK'' JOHNSON, Jr.,
TRENT FRANKS, Arizona                  Georgia
LOUIE GOHMERT, Texas                 PEDRO PIERLUISI, Puerto Rico
JIM JORDAN, Ohio                     MIKE QUIGLEY, Illinois
TED POE, Texas                       JUDY CHU, California
JASON CHAFFETZ, Utah                 TED DEUTCH, Florida
TOM REED, New York                   LINDA T. SANCHEZ, California
TIM GRIFFIN, Arkansas                DEBBIE WASSERMAN SCHULTZ, Florida
TOM MARINO, Pennsylvania
TREY GOWDY, South Carolina
DENNIS ROSS, Florida
SANDY ADAMS, Florida
BEN QUAYLE, Arizona

      Sean McLaughlin, Majority Chief of Staff and General Counsel
       Perry Apelbaum, Minority Staff Director and Chief Counsel
                                 ------                                

        Subcommittee on Crime, Terrorism, and Homeland Security

            F. JAMES SENSENBRENNER, Jr., Wisconsin, Chairman

                  LOUIE GOHMERT, Texas, Vice-Chairman

BOB GOODLATTE, Virginia              ROBERT C. ``BOBBY'' SCOTT, 
DANIEL E. LUNGREN, California        Virginia
J. RANDY FORBES, Virginia            STEVE COHEN, Tennessee
TED POE, Texas                       HENRY C. ``HANK'' JOHNSON, Jr.,
JASON CHAFFETZ, Utah                   Georgia
TIM GRIFFIN, Arkansas                PEDRO PIERLUISI, Puerto Rico
TOM MARINO, Pennsylvania             JUDY CHU, California
TREY GOWDY, South Carolina           TED DEUTCH, Florida
SANDY ADAMS, Florida                 DEBBIE WASSERMAN SCHULTZ, Florida
BEN QUAYLE, Arizona                  SHEILA JACKSON LEE, Texas
                                     MIKE QUIGLEY, Illinois

                     Caroline Lynch, Chief Counsel

                     Bobby Vassar, Minority Counsel
                            C O N T E N T S

                              ----------                              

                            JANUARY 25, 2011

                                                                   Page

                           OPENING STATEMENTS

The Honorable F. James Sensenbrenner, Jr., a Representative in 
  Congress from the State of Wisconsin, and Chairman, 
  Subcommittee on Crime, Terrorism, and Homeland Security........     1
The Honorable Robert C. ``Bobby'' Scott, a Representative in 
  Congress from the State of Virginia, and Ranking Member, 
  Subcommittee on Crime, Terrorism, and Homeland Security........     2
The Honorable Lamar Smith, a Representative in Congress from the 
  State of Texas, and Chairman, Committee on the Judiciary.......     4
The Honorable John Conyers, Jr., a Representative in Congress 
  from the State of Michigan, and Ranking Member, Committee on 
  the Judiciary..................................................     5

                               WITNESSES

Mr. Jason Weinstein, Deputy Assistant Attorney General, United 
  States Department of Justice, Washington, DC
  Oral Testimony.................................................     6
  Prepared Statement.............................................     9
Mr. John M. Douglass, Chief of Police, Overland Park, KS; 
  International Association of Chiefs of Police, Alexandria, VA
  Oral Testimony.................................................    16
  Prepared Statement.............................................    18
Ms. Kate Dean, Executive Director, United States Internet Service 
  Provider Association, Washington, DC
  Oral Testimony.................................................    23
  Prepared Statement.............................................    25
Mr. John B. Morris, Jr., General Counsel, Center for Democracy 
  and Technology, Washington, DC
  Oral Testimony.................................................    34
  Prepared Statement.............................................    36

          LETTERS, STATEMENTS, ETC., SUBMITTED FOR THE HEARING

Prepared Statement of Ernie Allen, President and CEO, The 
  National Center for Missing & Exploited Children, submitted by 
  the Honorable F. James Sensenbrenner, Jr., a Representative in 
  Congress from the State of Wisconsin, and Chairman, 
  Subcommittee on Crime, Terrorism, and Homeland Security........    56

                                APPENDIX
               Material Submitted for the Hearing Record

Prepared Statement of the Honorable Henry C. ``Hank'' Johnson, 
  Jr., a Representative in Congress from the State of Georgia, 
  and Member, Subcommittee on Crime, Terrorism, and Homeland 
  Security.......................................................    77
Prepared Statement of the Honorable Ted Deutch, a Representative 
  in Congress from the State of Florida, and Member, Subcommittee 
  on Crime, Terrorism, and Homeland Security.....................    81


 DATA RETENTION AS A TOOL FOR INVESTIGATING INTERNET CHILD PORNOGRAPHY 
                       AND OTHER INTERNET CRIMES

                              ----------                              


                       TUESDAY, JANUARY 25, 2011

              House of Representatives,    
              Subcommittee on Crime, Terrorism,    
                             and Homeland Security,
                                Committee on the Judiciary,
                                                    Washington, DC.

    The Subcommittee met, pursuant to notice, at 10 a.m., in 
room 2141, Rayburn House Office Building, the Honorable F. 
James Sensenbrenner, Jr. (Chairman of the Subcommittee) 
presiding.
    Present: Representatives Sensenbrenner, Smith, Gohmert, 
Goodlatte, Lungren, Poe, Griffin, Marino, Adams, Quayle, Scott, 
Conyers, Johnson, Chu, Deutch, Wasserman Schultz, and Quigley.
    Staff Present: (Majority) Caroline Lynch, Subcommittee 
Chief Counsel; Arthur Radford Baker, Counsel; Sam Ramer, 
Counsel; Lindsay Hamilton, Clerk; (Minority) Bobby Vassar, 
Subcommittee Chief Counsel; Liliana Coronado, Counsel; Ron 
LeGrand, Counsel; and Veronica Eligan, Professional Staff 
Member.
    Mr. Sensenbrenner. The Subcommittee will come to order. 
Welcome to the first hearing in the 112th Congress of the 
Subcommittee on Crime, Terrorism and Homeland Security.
    I would especially like to welcome our witnesses and thank 
you for joining us today.
    I am joined today by my colleague from Virginia, the 
distinguished Ranking Member of the Subcommittee, Bobby Scott; 
by the Chairman of the full Committee, Lamar Smith from Texas; 
and the Chairman emeritus, John Conyers of Michigan.
    Today's hearing examines the role of data retention as a 
law enforcement tool to investigate the distribution of child 
pornography on the Internet and other online crimes. Many 
Internet Service Providers, ISPs currently retain data that can 
be used to identify the operator or user of an illegal Web 
site. But not all ISPs retain this important data, and the 
length of time such data is retained often varies from one 
provider to the next.
    The issue of data retention is not new. In 1999, then 
Deputy Attorney General Eric Holder said that certain data must 
be retained by ISPs for reasonable periods of time so that it 
can be accessible to law enforcement. In the 12 years since Mr. 
Holder's endorsement of data retention by ISPs, the size, scope 
and accessibility of the Internet has increased exponentially. 
The criminals can now use the Internet to facilitate almost any 
crime, including illegal gambling, cigarette and prescription 
drug distribution, and child exploitation. These criminals have 
the luxury of cloaking themselves in the anonymity that the 
Internet provides, making their apprehension significantly more 
difficult.
    When law enforcement officers begin an investigation and 
develop information that will assist in identifying an 
offender, they are often frustrated to find that information 
relating describer information or information that would 
otherwise identify the perpetrator is not retained in a uniform 
manner. Current law already requires providers to preserve such 
data upon the request of law enforcement, but the preservation 
of data only works if the data has been retained.
    Internet crimes are often complex, multi-jurisdictional and 
international. This can result in protracted investigations 
before law enforcement officers are in a position to request 
data from the providers. When the information is developed 
sufficiently to point investigators to the records they need, 
it may be too late. Without uniform retention, the records that 
are desperately needed to attribute communications to a certain 
person or computer may be lost forever.
    This issue not only impacts Federal investigations of 
online crimes and national security matters but State and local 
law enforcement investigations as well.
    The International Association of Chiefs of Police adopted a 
resolution in 2006 expressing its support for data retention to 
aid in the investigation of crimes facilitated or committed 
through the use of the Internet and telephony-based 
communication services. Providing law enforcement officers with 
an expectation that certain data will be available ensures that 
our very limited police resources are properly assigned and are 
not sent on wild goose chases for information that no longer 
exists.
    Simply put, no matter what type of investigation it is, 
investigators ultimately have to identify the person at the 
keyboard. The service providers hold the key to identifying the 
person behind the screen name, an e-mail address or an Internet 
protocol address. Retention of their records is paramount to 
fighting crime in an Internet age.
    It is now my pleasure to recognize for his opening 
statement, the Ranking Member of the Subcommittee, the 
gentleman from Virginia, Mr. Scott.
    Mr. Scott. Thank you, Mr. Chairman, and I look forward to 
working with you, as the new Chairman of the Subcommittee. 
Today's hearing is meant to be an informational and fact-
finding proceeding to help us begin the conversation about the 
desirability, feasibility and consequences of retaining data 
regarding a consumer's Internet use.
    No one disputes that mandated data retention can help the 
identification and prosecution of those who engage in 
trafficking of child pornography on the Internet. The question 
is whether we--the question we should seek to answer however is 
how we can best investigate such crimes, consistent with the 
rights and liberties of all in society and consistent with the 
cost-benefits of such a policy.
    While we want to ensure the legitimate needs of law 
enforcement are met to allow to investigate and prosecute 
offenders who use the Internet to commit crimes, particularly 
those who use it to commit sex crimes against children, it is 
critical to understand the nature and scope of any problem 
under current law before we purport to fix it.
    Currently many companies already retained significant 
amounts of subscriber data, some up to 12 months. Nonetheless 
there is lack of empirical research about law enforcement's 
requests under current law and the instances in which data is 
not available.
    We should also review what law enforcement is doing with 
information that they presently have. I have been informed that 
the private industry already forwards over 100,000 leads a year 
to law enforcement, and less than 10,000 prosecutions have been 
brought in the last 3 years. If we are looking for the 
proverbial needle in a haystack, the last thing we need is more 
hay.
    As we review the current situation, we should also 
recognize that there is a lack of clarity about the types 
requests that law enforcement is presently making and whether 
much of the desired information is already available.
    For these reasons, we should consider whether we need a 
comprehensive study of data retention, including current 
practices and the costs associated with the various proposals 
of data retention policy, among other questions. Some of the 
questions are, what kind of data we are talking about 
retaining, whether it is all the content or just the site 
information? This way we will ensure that the public policy 
ultimately adopted will be an evidence-based, cost-effective 
policy.
    But apart from technological and practical issues that must 
be addressed, if we are to consider such policy, there are 
other costs, societal costs, associated with data retention. 
There are approximately 230 million Americans who use the 
Internet, and there are serious privacy and First Amendment 
concerns that are implicated in this discussion. We must ask 
ourselves whether it is prudent to require telecommunications 
companies to retain large amounts of personal and sensitive 
information, which would be attractive targets for computer 
hackers, about millions of Internet users in order to get a 
miniscule number of users who engage in crimes against children 
online. We need to consider alternative policies that 
specifically target those suspected of wrongdoing without 
requiring that innocent consumers compromise their rights to 
privacy and free speech when they choose to use the Internet.
    The notion of preserving large amounts of what amounts to 
be virtual potential crime scenes is a backward and possibly 
ineffective way to go about going about the important business 
of protecting our children. This is particularly true when the 
unintended collateral consequences of such a policy on 
industry, private interests, and on free speech may be 
substantial, as some of the witnesses will explain today.
    And when we consider the rights of privacy about retained 
data, we should also consider--we should also take the 
opportunity to consider retaining information on gun purchases 
by those enjoying their Second Amendment rights.
    Final point to keep in mind in our discussion is that 
several aspects of the mandated data retention policy run 
counter to the idea that we should always consider the cost-
benefit implications of any new regulations. Data retention 
policy can be expensive. This is a huge government expense. And 
just to get a sense of the possible costs, Congress 
appropriated $500 million to implement the Communications 
Assistance Law Enforcement Act a few years ago. This did not 
involve ongoing costs such that data retention will. Should the 
industry be expected to absorb some of the costs, we should be 
clear about what the costs are and what the benefits will be.
    So I look forward to hearing testimony from our witnesses 
and hope we can have a productive conversation about the 
complexities of data retention policies.
    Thank you, Mr. Chairman, for holding the hearing today.
    Mr. Sensenbrenner. Thank you, Mr. Scott.
    The Chair now recognizes the distinguished Chairman of the 
Committee, the gentleman from Texas, Mr. Smith.
    Mr. Smith. Thank you, Mr. Chairman.
    Mr. Chairman, like you, I thank our witnesses for being 
here today, and it is nice to be on the same side as the 
Administration, or maybe I should say, I am glad they are on 
our side, but it works well regardless.
    Also I want to mention, Mr. Chairman, that I heard Mr. 
Scott's remarks right now, and I am absolutely confident that 
we will be able to find that balance between protecting privacy 
and also protecting children. Mr. Scott mentioned having a 
productive conversation on that subject, and I look forward to 
that as well.
    Mr. Chairman, it may be difficult to believe, but according 
to the U.S. Justice Department, trafficking of child 
pornography images was almost completely eradicated in America 
by the mid-1980's. Purchasing or trading child pornography 
images was risky and almost impossible to undertake.
    The advent of the Internet reversed this accomplishment. 
Today child pornography images litter the Internet, and 
pedophiles can purchase, view or exchange this disgusting 
material with virtual anonymity.
    Parents who once relied on the four walls of their homes to 
keep their children safe are now faced with a new challenge. 
The Internet has unlocked the doors and opened windows into our 
homes. FBI Director Robert Mueller told this Committee in April 
2008 that, ``Just about every crime has gravitated to the 
Internet, and in certain cases the Internet has provided the 
vehicle for expansion that otherwise would not be there, and 
this is certainly true with child pornography.''
    The statistics reflect just how serious the problem of 
child exploitation has become. Since the National Center for 
Missing & Exploited Children, NCMEC, created the cyber tip line 
12 years ago, electronic service providers have reported almost 
8 million images and videos of sexually exploited children. 
According to that organization, child porn images increased 
1,500 percent between 1995 and 2005, an average increase of 
over 100 percent a year. The number of reports to a cyber tip 
line of child pornography, child prostitution, child sex 
tourism, child sexual molestation, and online sex enticement of 
children increased from 4,500 in 1998 to 102,000 in 2008. An 
average increase of over 200 percent per year.
    As many as one in three kids have received unsolicited 
sexual content online, and one in seven children has been 
solicited for sex online. More robust data retention will 
certainly assist law enforcement investigators on a wide array 
of criminal activity, but such a requirement would be 
especially helpful in the investigation of child pornography 
and other child exploitation matters. The investigation of 
these types of cases has become increasingly more complicated, 
and perpetrators have become increasingly more sophisticated in 
their methods of concealing their activities.
    When law enforcement officers do develop leads that might 
ultimately result in saving a child or apprehending a 
pornographer, their efforts should not be frustrated because 
vital records were destroyed simply because there was no 
requirement to retain them. Every piece of discarded 
information could be the footprint of a child predator.
    Last Congress I introduced the Internet Stopping Adults 
Facilitating the Exploitation of Today's Youth, SAFETY, Act of 
2009. Among other things, the bill required providers to retain 
records pertaining to the identity of an IP address user for at 
least 2 years. It ensures that the online footprints of 
predators are not erased.
    Data retention preserves critical evidence from the online 
crime scene so that investigators can apprehend the predator 
and potentially save a child from further exploitation.
    The Internet has proved to be of great value in many 
aspects of our lives, but it has also evolved into a virtual 
playground for sex predators and pedophiles, and facilitated 
nearly effortless trafficking of child pornography. The loss of 
a child's innocence or, even worse, their life is simply too 
high a price to pay for not retaining certain data for a 
reasonable amount of time.
    I look forward to hearing from our witnesses and working 
with them to combat one of fastest growing crimes in America.
    Thank you, Mr. Chairman, I yield back.
    Mr. Sensenbrenner. The Chair now recognizes the 
distinguished new Chairman emeritus of the full Committee, the 
speaker being the old Chairman emeritus, the gentleman from 
Michigan, Mr. Conyers.
    Mr. Conyers. Thanks, Chairman Sensenbrenner.
    It is with some reluctance that I join the rank of ex-
Chairmen like you, but here we are all together, working.
    This bipartisan thing is really getting frightening because 
we are all waiting with anticipation tonight at 8 o'clock to 
find out just how far the 44th is carrying this thing.
    Already Chairman Smith and the Department of Justice have 
hooked up people like the Constitution Project, ACLU, and David 
Cole; I won't mention myself, because I will be sitting next to 
a Republican tonight, and I don't want to get any flack. But I 
suppose this hearing is very necessary, but I am impressed with 
what the Center for Democracy and Technology is doing, along 
with the other dissidents that I have listed.
    I am worried about privacy rights. And data retention 
creates, as Bobby Scott has said, it creates some big problems, 
including identity theft. I think the Internet industry ought 
to be concerned about this, and let's see where we can go on 
it.
    Now if this cooperation continues in the Committee, this 
Subcommittee, we have got to look at the Federal prison system. 
There are a number of other projects that perhaps the 
Department of Justice and the Subcommittee on Crime can be 
working on. I look forward to working with all of you on this 
subject.
    Thanks, Chairman Sensenbrenner.
    Mr. Sensenbrenner. Thank you very much.
    Without objection, other Members' statements will be made a 
part of the record.
    And without objection, the Chair will be authorized to 
declare recesses during votes in the House.
    It is now my pleasure to introduce today's witnesses.
    Jason Weinstein serves as deputy assistant attorney general 
with the Department of Justice. He has also served as a special 
investigative counsel in the Justice Department's Office of the 
Inspector General and as assistant U.S. attorney in the 
southern district of New York. Mr. Weinstein previously served 
as chief of the Violent Crime Section in the U.S. Attorney's 
Office in Baltimore where he developed Project Exile, a multi-
agency effort to curb violent crime in that state. He received 
has Bachelors of degree in politics from Princeton and his J.D. 
From George Washington University Law School in 1994.
    Without objection, Mr. Weinstein's statement and the other 
witness's statements will appear in the record.
    Each witness will be recognized for 5 minutes to summarize 
their written statement, and the Chair recognizes Mr. 
Weinstein. 

    TESTIMONY OF JASON WEINSTEIN, DEPUTY ASSISTANT ATTORNEY 
  GENERAL, UNITED STATES DEPARTMENT OF JUSTICE, WASHINGTON, DC

    Mr. Weinstein. Good morning, Chairman Sensenbrenner, 
Chairman Smith, Chairman Emeritus Conyers, and Ranking Member 
Scott, and Members of the Subcommittee.
    And Mr. Chairman, although I was rooting for the Bears, let 
me congratulate you on the Packers making the Super Bowl.
    Mr. Sensenbrenner. You are forgiven.
    Mr. Weinstein. As we all know, the explosive growth of the 
Internet and other modern forms of communication has 
revolutionized nearly every aspect of our lives, but at the 
same time, it has also revolutionized crime.
    Increasingly the Internet and other forms of electronic 
communication are exploited by criminals to commit a staggering 
array of crimes, from hackers who steal tens of millions of 
bank card numbers to gang members who issue orders to murder 
their rivals to predators who sexually abuse children and post 
images of that abuse online and, of course, to terrorists.
    These criminals take advantage of the Internet because of 
its global nature and because of the speed with which it allows 
them to operate. Unfortunately, as an added benefit to them, 
the Internet also affords them a kind of anonymity.
    Federal, State and local law enforcement officers who 
investigate and prosecute these crimes need to have certain 
information about the identities and the activities of these 
criminals who commit them in order to identify and arrest the 
perpetrators. That information is noncontent data; that is, it 
is data about the criminals and their communications with 
others as opposed to the content of those communications.
    The government, under current law, is allowed to use lawful 
process, which is typically a subpoena, a court order or search 
warrant, to require providers to furnish that data. But those 
authorities are only useful if the data is still in existence 
at the time the government seeks to obtain it. And for that 
reason, data retention by companies that provide the public 
with Internet and other communication services is fundamental 
to our ability to protect public safety.
    Currently, despite the diligent and efficient work by law 
enforcement officers at all levels, critical data has too often 
been deleted by providers before law enforcement can obtain 
that lawful process. This gap between providers' retention 
practices and the needs of law enforcement can be extremely 
harmful to investigations that are critical to protecting the 
public from predators and other criminals.
    And the problem is exacerbated by the complexity of 
investigating crimes committed using online means. These crimes 
are difficult to detect, and they may not be discovered or 
reported to law enforcement until months and months have gone 
by.
    And they are even more difficult to investigate. They often 
involve the time-consuming process of obtaining evidence from 
overseas. They often require months and months of work 
obtaining records from a series of providers as agents attempt 
to follow the trail of steps used by criminals to try to cover 
their tracks and render themselves anonymous.
    Unfortunately, when providers have not retained the data 
that is needed for a sufficient period of time, important 
investigations of serious crimes may come to a dead end. To be 
sure, most providers are cooperative with law enforcement, and 
for that, we are appreciative. Many providers, in fact, already 
collect the types of data that we need to solve crimes, because 
they use that data to operate their networks or for other 
commercial purposes. The problem is often simply that that data 
is not retained long enough to meet the needs of public safety.
    However, some providers simply don't retain the needed data 
at all. Provider retention policies that are in place vary 
widely across the industry, and they are subject to change at 
will. In short, the lack of adequate, uniform and consistent 
data retention policies threatens our ability to use the legal 
tools Congress has provided to law enforcement to protect 
public safety.
    Now, in setting the retention policies and practices, 
companies are often motivated by a completely understandable 
desire to control costs and to protect the privacy of their 
users. But those factors must be balanced against the cost to 
public safety of allowing criminals to go free. And truly 
protecting privacy requires not only that we keep personal 
information from the criminals who seek to steel it but also 
that we ensure that law enforcement has the data that it needs 
to catch and prosecute those same criminals.
    Developing an appropriate and effective data retention 
requirement will mean balancing all of the interests involved: 
balancing the impact on privacy, the provider costs associated 
with retaining data for longer periods, and the cost to public 
safety when critical data noncontent data has been deleted. 
Congress has a critical role to play in fostering that 
discussion and in balancing those interests, and today's 
hearing is an important step in that process.
    As we embark on this discussion, it is important to be 
clear that this debate is not about giving the government, not 
about giving law enforcement new authorities. It is simply 
about making sure that data is available when law enforcement 
seeks to use the authorities that Congress has already 
provided.
    My primary goal here today is to explain the nature of the 
public safety interest in data retention. Today I am not in a 
position to propose a particular solution, but the Justice 
Department looks forward to working with Congress, with 
industry, and with other interested groups as we seek to 
develop just such a solution.
    I thank you for the opportunity to discuss this important 
issue with you this morning, and I would be pleased to answer 
your questions at the appropriate time.
    [The prepared statement of Mr. Weinstein follows:]
                 Prepared Statement of Jason Weinstein
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
                               __________

    Mr. Sensenbrenner. Thank you, Mr. Weinstein.
    John M. Douglass serves as the chief of police for the 
Overland Park Police Department in Kansas. He began his law 
enforcement career with the Overland Park Police Department in 
1973. He currently serves as cochair of the National Advisory 
Committee for the Regional Computer Forensic Lab System. He has 
served in numerous positions during his tenure with the 
Overland Park Police Department as well as other various 
professional positions, including the past president of the 
Kansas Association of Chiefs of Police. Chief Douglass has 
received numerous awards, including the Clarence M. Kelly Award 
For Excellence in Criminal Justice Administration in 2000, the 
Evelyn Wasserstrom Award and Clarence Barrow Peacekeeper Award. 
Chief Douglass received his Bachelor's degree from the 
University of Kansas and his Masters degree in public 
administration also from the University of Kansas.
    Mr. Douglass.

TESTIMONY OF JOHN M. DOUGLASS, CHIEF OF POLICE, OVERLAND PARK, 
KS; INTERNATIONAL ASSOCIATION OF CHIEFS OF POLICE, ALEXANDRIA, 
                               VA

    Chief Douglass. Thank you, Mr. Chairman, Members of the 
Subcommittee.
    As stated, my name is John Douglass, and I serve as the 
chief of police in Overland Park, Kansas, a suburb of Kansas 
City. I am here today on behalf of the International 
Association of Chiefs of Police, representing over 20,000 law 
enforcement executives in over 100 countries throughout the 
world.
    I am pleased to be here this morning to discuss the 
challenges currently confronting the U.S. law enforcement 
community and our need for further clarity on data retention 
issues.
    In the United States, there are more than 18,000 law 
enforcement agencies and well over 800,000 officers who patrol 
our State highways and streets of our communities each and 
every day.----
    Mr. Scott. Could you pull your microphone?
    Chief Douglass. Yes, sir, I am sorry.
    A great number of these officers also survey the Internet, 
phone and data logs, and other electronic communication as they 
investigate crimes. Each day Federal, State, and local tribal 
law enforcement agencies are investigating cybercrime cases, 
ranging from bank intrusions, to fraud, intellectual property, 
terrorism, economic espionage and, unfortunately, innocent 
images or child pornography crimes.
    Data preservation is a key component in any investigation. 
When criminals access the Internet through an ISP or Internet 
Service Provider or they send text messages, e-mails and other 
data, it creates important records and other information. In 
every case where criminal or civil action is envisioned, there 
is a clear need to preserve third-party logs and business 
records related to these connections which specifically 
demonstrate that a suspect's service provider is connecting 
with a victim's service provider or through another 
infrastructure en route.
    When law enforcement suspects that a crime has been 
committed, we request a subpoena, court order or search warrant 
to obtain critical evidence from the service provider, such as 
customer records, connection information or stored data.
    Take, for example, a case from southern California which 
would not have been solved without the cell phone data from 
Verizon Wireless. On July 26th, 2006, 22-year old Tori Vienneau 
and her 10-month infant son, Dean, were murdered in their two-
bedroom apartment in San Diego. Tori was found strangled in her 
living room, and Baby Dean was found strangled and hung from 
his crib in one of the adjoining bedrooms.
    This horrifying crime scene triggered an exhaustive 18-
month investigation. The case was ultimately solved exclusively 
by the circumstantial evidence, including cell text message 
content and cell tower data from Verizon Wireless. The 
defendant denied any involvement in the killings and provided 
an intricate and extensive alibi.
    Investigators focused their attention on Dennis Potts 
almost immediately because he was rumored to have had dinner 
plans with Tori on the night of her murder. Mr. Potts denied 
these rumors of dinner plans, and the victim's cell phone was 
examined for any text messages between the two of them 
supporting or refuting such rumors.
    In a most interesting twist, all incoming and outgoing text 
messages prior to 6:30 p.m. on the night of the killings had 
been deleted. The victim's cell phone provider was contacted, 
but the text message content was not stored by the cell 
provider and, therefore, could not be recovered that way.
    Over the ensuing months, the victim's phone was subjected 
to be extensive forensic analysis in the hopes of recovering 
some of these message. The defendant's cell phone carrier, 
Verizon Wireless, was also contacted, and investigators were 
told incoming text message content, victim-to-defendant text 
only, was preserved for only 3 to 5 days. But in a stroke of 
good luck, this incoming data still existed and was preserved.
    And it later proved to be pivotal in proving the 
defendant's guilt. The text message content proved not only 
that the defendant lied to investigators and that the two did 
in fact have plans to meet that evening, but also that the 
defendant was checking to see if the victim and her son were 
alone in the apartment.
    Verizon also provided the cell tower data from the 
defendant's phone. This data, coupled with some additional 
testing, showed the defendant's alibi was false, and he was not 
where he said he was. Furthermore, at the time of the killings, 
his cell phone pinged off a cell tower only 500 yards from the 
victim's apartment. This became the single most important piece 
of evidence in linking the defendant to the killings.
    Clearly, preserving digital evidence is crucial in any 
modern day criminal investigation. While law enforcement does 
have success obtaining evidence through the appropriate legal 
process, because we are extremely aware of spoliation concerns, 
we are not always successful. Many times we face obstacles in 
our investigations, from the differing locations of victims to 
their locations of the perpetrators.
    In closing, Federal, State, tribal and local law 
enforcement are doing all that we can to protect our 
communities from increasing crime rates and the specter of 
terrorism both online and in our streets, but we cannot do it 
alone. We need the full support and the assistance of the 
Federal Government and clear guidance and regulations on data 
retention to aid us in successfully investigating and 
prosecuting the most dangerous of criminals.
    [The prepared statement of Chief Douglass follows:]
                 Prepared Statement of John M. Douglass
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]

                               __________

    Mr. Sensenbrenner. Thank you very much, Chief.
    Kate Dean serves as the executive director of the United 
States Internet Service Provider Association. Ms. Dean has been 
active in telecommunications and Internet policy in Washington, 
D.C., for more than 10 years and is a member of the 
International Academy of Digital Arts and Sciences. She started 
her own firm in 2006, where, in addition to continuing to work 
with US ISPA, she volunteers with an organization in Singapore 
that brings healthy sanitation solutions to underserved 
villages in the developing world. And he received her bachelor 
degree in 2000 from American University.
    Ms. Dean.

   TESTIMONY OF KATE DEAN, EXECUTIVE DIRECTOR, UNITED STATES 
     INTERNET SERVICE PROVIDER ASSOCIATION, WASHINGTON, DC

    Ms. Dean. Chairman Sensenbrenner. Ranking Member Scott.
    Mr. Sensenbrenner. Could you pull the mike a little closer 
to you? 
    Ms. Dean. I sure can.
    Mr. Sensenbrenner. Thank you.
    Ms. Dean. My name is Kate Dean, and I am the executive 
director of the United States Internet Service Provider 
Association or US ISPA. Since January 2002, our members major 
Internet service, network and portal providers, have focused on 
policy and legal concerns related to law enforcement compliance 
and security matters, including ECPA, CALEA, cyber security and 
notably the fight against online child exploitation. For years 
US ISPA and our members have participated in efforts to examine 
the issue of data retention, particularly in a content of child 
exploitation, including past dialogues with the Department of 
Justice and with State and local law enforcement.
    We welcome the opportunity to continue the discussion 
today. Before addressing data retention, I would like to tell 
you about our efforts in the child protection arena. In 2005, 
we published ``Sound Practices for Reporting Child 
Pornography,'' a joint project between US ISPA and the National 
Center for Missing & Exploited Children.
    We updated those practices to reflect new requirements put 
in place by the 2008 passage of the Protect Our Children Act, a 
bill US ISPA strongly supported.
    Last year we developed sound practices for subpoena 
compliance with the National Association of Attorneys General. 
We also supported the Online Safety and Technology Working 
Group, which reported to Congress in June with their 
examination of industry reporting practices and data retention.
    US ISPA members have been active in various internet safety 
task forces, including the Technology Coalition and the 
Financial Coalition Against Child Pornography. Members maintain 
24-by-7 response capabilities, offer law enforcement guides, 
frequently interact with the ICAC and conduct training for 
investigators and prosecutors.
    As I hope our actions demonstrate, US ISPA is committed to 
the fight against online child exploitation. And we support law 
enforcement efforts to bring online criminals to justice, 
especially those who harm children. We fully appreciate the 
critical role that electronic evidence plays in those efforts.
    Service providers report tens of thousands of incidents of 
apparent child pornography each year to NCMEC. And because of 
the Protect Our Children Act, all providers are now required to 
sent robust reports, including subscriber information, 
historical and geographic data, and the images themselves 
through NCMEC's cyber tip line.
    At the time of receipt, providers automatically preserve 
the account and hold onto data for 90 days, awaiting legal 
process. The novel approach to preservation adopted in the 
reporting statute was derived from preservation authority that 
has long existed in the Electronic Communications Privacy Act. 
ECPA gives law enforcement the authority to require providers 
to preserve evidence needed for investigations for up to 180 
days without issuing legal process. We believe that effective 
use of preservation, a targeted, valuable tool, is key to 
addressing law enforcement's needs.
    US ISPA has carefully examined past data retention 
proposals and each time has concluded that a uniform retention 
mandate is certain to present significant challenges to the 
communications industry, as well as myriad unintended 
consequences. These challenges include the potential conflict 
of new obligations and regulatory burdens; new questions about 
user privacy and the standards for law enforcement access to 
stored data; technical and security risks; and delay when 
retrieving data, all which could negatively effect law 
enforcement investigations.
    Many of these challenges have plagued the European Union's 
attempt at implementation of its data retention directive. As 
we discuss the issue here today, a similar dialogue is taking 
place within the EU as they reassess their approach and 
consider alternatives, like preservation.
    Unlike preservation, data retention raises tough questions 
about breadth, scope, duration, liability and costs, costs that 
go well beyond mere dollars. These are all critical 
considerations that require close examination by industry and 
by Congress.
    In closing, US ISPA remains committed to an open dialogue, 
but we have concerns about the effectiveness and implementation 
of mandatory data retention. We worry about the indirect costs 
to innovation, privacy and the speed and accuracy of 
investigations. Based on our experiences, we continue to 
believe that targeted approaches like preservation are the best 
and most effective use of available resources. We appreciate 
this opportunity to present our views on this topic and look 
forward to working with you and your staff.
    [The prepared statement of Ms. Dean follows:]
                    Prepared Statement of Kate Dean
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]

                               __________

    Mr. Sensenbrenner. Thank you, Ms. Dean.
    John B. Morris, Jr., serves as general counsel at the 
Center for Democracy and Technology in Washington, D.C. He is 
director of the Internet Standards Technology and Policy 
Project. He is also involved in the Center for Democracy and 
Technology's work on cyber security, privacy and neutrality. 
Prior to joining the center, Mr. Morris was a partner in the 
law firm of Jenner & Block. Additionally, Morris has served as 
director of CDT's Broadband Access Project. He received his 
Bachelors degree from Yale and his J.D. From Yale Law School. 
Mr. Morris.

 TESTIMONY OF JOHN B. MORRIS, JR., GENERAL COUNSEL, CENTER FOR 
            DEMOCRACY AND TECHNOLOGY, WASHINGTON, DC

    Mr. Morris. Thank you very much, Chairman Sensenbrenner, 
Ranking Member Scott, Chairman Smith and Chairman Emeritus 
Conyers and the Members of the Committee.
    On behalf of the Center for Democracy and Technology, I 
would like to thank you for the opportunity to testify today. 
Child pornography is a horrific crime, and we applaud the 
efforts by this Congress and this Subcommittee to increase the 
resources available to prosecute this crime.
    A data retention mandate would raise a number of serious 
privacy and free speech concerns. At a time when there is a 
growing concern about privacy and identify theft, a growing 
concern about the commercial misuse of personal data and a 
growing concern about the intrusion of the Federal Government 
into the personal lives of American citizens, Congress should 
be very hesitant to require service providers create databases 
to track the Internet activities of 230 million innocent 
Americans.
    This morning I would like to set aside briefly the privacy 
and free speech concerns that I addressed in my written 
testimony and instead focus on the fact that a data retention 
mandate would harm innovation and competition on the Internet 
and harm the ability of the American Internet industry to 
compete in the global online marketplace, which in turn 
directly effects the ability of users to be able to participate 
and speak on the online market.
    Ms. Dean addressed the data retention concerns that the 
Internet Service Providers have. Let me look at the other end 
of the communication and then address proposals by law 
enforcement that source data be retained by any online services 
that allow users to communicate with each other. And the 
proposal that has been made to have services like Yahoo or 
Google or Facebook retain data is truly breathtaking and would 
be devastating to the Internet services, both to existing 
services and certainly to new innovators and startup services.
    The reach of the proposal cannot be underestimated. The 
proposed mandate that would reach most Web sites and online 
services, including all Web 2.0 sites, all social networking 
sites, all blogs, all sites that allow political or other 
commentary, the great majority of e-commerce sites and almost 
all modern news sites, like the NewYorkTimes.com or 
FoxNews.com.
    And the scale of what law enforcement is proposing is also 
astounding. Looking just at Facebook as an example, Facebook 
users post in the neighborhood of 2 billion chat messages every 
single day. When combined with other postings, Facebook alone 
would have to create and maintain a data retention database 
containing more than 1 trillion new records every single year. 
The size of Facebook's data retention database alone would be 
larger than all of the content that the Library of Congress has 
put online to date.
    Looking beyond Facebook, in 2009, there were 247 billion e-
mail messages sent every single day. And law enforcement is 
asking Congress to order that every single one of these 
messages be recorded and tracked. Over the course of a year, 
this mandate would require a database of more than 90 trillion 
records. And this does not even include chat or instant 
messaging, which is supplanting e-mail as a preferred method of 
person-to-person communications.
    Who would pay for this? Internet users would pay for this. 
And what would the impact of this burden be on online services? 
Some larger companies might survive, but smaller companies 
would likely be run out of business. Imposing an unfunded 
Federal mandate on anyone who allows users to communicate 
online can only have one result: There will be fewer businesses 
able to compete in the online marketplace, this will entrench 
the large providers, harm competition, harm innovation and 
ultimately harm users. Congress should not mandate the creation 
of an Orwellian tracking database with hundreds of trillions of 
records tracking innocent citizens wherever they go online.
    As a final critical point addressing the child pornography 
context, I have worked in this space a fair amount over the 
last 10 years, and every task force I serve on, every working 
group I serve on, I learned that law enforcement is overwhelmed 
with these cases. They don't have enough prosecutorial 
resources to prosecute all of the cases that they have. And so 
I really urge the Congress to look at the question as to 
whether adding more data and more data retention will in fact 
lead to more prosecutions of this horrific type of crime.
    The voluntary retention and data preservation orders allow 
law enforcement to target suspected criminals, and we urge the 
Subcommittee not to go down the path of imposing data retention 
mandates on this entire industry.
    [The prepared statement of Mr. Morris follows:]
               Prepared Statement of John B. Morris, Jr.
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
                               __________

    Mr. Sensenbrenner. Thank you, Mr. Morris.
    The Chair has written down the approximate order of 
appearances of the Members of the Subcommittee and will call on 
Members for 5 minutes in the order in which they appeared, 
alternatively by side.
    And I will start by recognizing myself for 5 minutes.
    And I want to direct my question to Ms. Dean. It seems to 
me that one of the problems that exists in this area is that 
there is not a uniform standard for how long the data has to be 
retained. It varies by Internet Service Provider. Would your 
association be willing to propose such a voluntary compliance 
order, picking a time and cooperation with law enforcement for 
the retention of this data in order to eliminate Congress 
stepping in?
    Ms. Dean. Thank you, Mr. Sensenbrenner, thank you Chairman.
    First of all, I guess I should say that we are here today 
because we are interested in the conversation, and we are 
interested in all opportunities to sit down with law 
enforcement and figure out if there is a solution to this 
problem that they describe today.
    US ISPA is always willing to be part of the dialogue with 
law enforcement at all levels. And I think that the questions 
that have been raised already today in opening statements are 
really what we should have the discussion about. We really need 
to learn more from law enforcement about the breadth of this 
kind of a requirement. Who do they want to keep data and 
specifically what kind of data do they want kept and for how 
long?
    Mr. Sensenbrenner. Well, let me say that I am a firm 
believer in carrots and sticks, and I am tossing you a carrot 
now. I think that there is a desire on the part of both the 
Administration and Congress to legislate in this area. I am 
giving you or tossing an oar for you to put in the water to try 
to bring your industry together to deal with this problem on a 
voluntary basis.
    And Mr. Morris has had a whole long list of questions that 
need to be answered. The fact is, is if you aren't a good 
rabbit and don't start eating the carrot, I am afraid that we 
are all going to be throwing the stick at you. So this is an 
opportunity for you to come up with some kind of a solution to 
all of the problems that both law enforcement and Mr. Morris 
have discussed. Are you on board, or should I take the oar 
back?
    Ms. Dean. I can tell you that I have heard you, and I am 
sure that my members have heard you as well, and they are 
dedicated to this issue, and we will absolutely sit down with 
law enforcement.
    Mr. Sensenbrenner. Okay, we are listening.
    I yield back the balance of my time.
    The gentleman from Virginia, Mr. Scott.
    Mr. Scott. Thank you.
    Mr. Morris, you talked about the cost of this data 
retention kind of in general, can you give something with a 
dollar sign in front of it, percentage of sales? What are we 
talking about in terms of cost?
    Mr. Morris. Truthfully, Mr. Scott, I can't give you dollar 
signs.
    Mr. Scott. Well, some of these data retention services 
retain huge amounts of data with negligible costs. Are we 
talking about anything significant?
    Mr. Morris. Yes. I think that simply the challenge of 
creating a database that would allow access to literally 
trillions of records is an enormous financial cost.
    Mr. Scott. Can you give something with a dollar sign in 
front of it, some numbers?
    Mr. Morris. I can't. One dollar sign I can give is that the 
vast majority of content and Web sites on the Internet are 
available for free, for $0 to their users. And those sites are 
very close to the line on a day-to-day basis as to whether they 
will make money or not make money. And the extra cost of any 
sort of Federal mandate would be very debilitating to those 
sites.
    Mr. Scott. Ms. Dean, you have been offered carrots and 
sticks. Right now, is it true that your industry is providing 
approximately 150,000 leads to law enforcement every year?
    Ms. Dean. In terms of the reporting apparent incidences of 
child pornography to the national center according to statutory 
obligations, I believe the number is somewhere around there. 
For the record, we could find out from NCMEC what the precise 
number is.
    But yes, service providers do report tens of thousands of 
reports a year, and they are----
    Mr. Scott. Now the way you reported, you have some kind of 
mechanism where somebody is sending a picture, and you can 
ascertain whether it fits a profile of what is known child 
pornography and that goes right to law enforcement; is that 
right?
    Ms. Dean. Well, the standard that service providers are 
required to transmit the images for referral to NCMEC is 
apparent. We don't know what is and is not child pornography. 
So when we, by either technical means or from user complaints, 
come upon such material, we box it up with all of the 
information that we have and transmit it to NCMEC.
    Mr. Scott. Mr. Weinstein, when you get this information, 
what do you do with it? I mean, you have got about 400,000 the 
last couple of years; you have hundreds of thousands of leads. 
Do you have the staff to follow through on those leads today?
    Mr. Weinstein. Ranking Member Scott, let me actually 
address both of those in order.
    When law enforcement gets referrals from NCMEC, from the 
national center, those referrals are distributed to law 
enforcement at the Federal level, depending on the part of the 
country that the referral comes from.
    Under the PROTECT Act of 2008, there is a mandatory 90-day 
retention period by ISPs that kicks in when those ISPs actually 
discover or become aware of possible child pornography, and 
they make a referral to the cyber tip line, as Ms. Dean 
indicated.
    The problem with that requirement, although it is a useful 
tool, is that it is limited in its effectiveness. Number one, 
it doesn't apply to other types of crimes beyond child 
exploitation, but even just within the realm of child 
exploitation, that obligation to retain and to report only 
kicks in when the ISP has actually discovered or become aware 
of the child pornography. And the statute doesn't impose any 
obligation on the ISP to do any monitoring of the network or to 
make any affirmative efforts to filed the child porn.
    Mr. Scott. Wait a minute. Can you keep up with the tips 
that you have coming in today? And you know that with across-
the-board budget cuts, you are looking at a loss of potentially 
thousands of FBI agents. Can you keep up with the tips that you 
are getting today?
    Mr. Weinstein. Well, it is fair to say that the scope of 
the problem far outpaces the resources we have available to 
fight it.
    Mr. Scott. Now you mumbled something about all crimes, if 
we pass something of data retention, is it true that this might 
be used for all crimes, not just child pornography?
    Mr. Weinstein. Well, it is my view that if Congress were to 
go down this road and actually create a data retention 
requirement, that it makes the most sense for it to apply to 
all crimes not just to child exploitation.
    Mr. Scott. And all of this information, now is the 
information we are talking about just site specific or content 
to include the content, because Mr. Douglass pointed out that, 
without the content, that information would not have been 
particularly helpful.
    Mr. Weinstein. Well, it is actually the opposite that is 
true, sir. It would not be content information that we would be 
taking about. It would be----
    Mr. Scott. Are we talking about retained--the policy, we 
are kind of vague here because we don't have a bill in front of 
us, but are you suggesting that we have content being preserved 
or retained as well as just the site information?
    Mr. Weinstein. No, I am talking about noncontent 
information about Internet communications, so IP addresses that 
are assigned to a user at the time of communication.
    Mr. Scott. So if we had that, then what Mr. Douglass used 
about reading the text messages wouldn't have been available.
    Mr. Weinstein. Well, as I understand it, text messages are 
generally not retained by providers.
    Mr. Scott. Well, that is what we are talking about 
retaining.
    Mr. Weinstein. Well, the case Mr. Douglass talked about was 
one in which text messages were crucial in solving the crime.
    Mr. Scott. The content of the message was important.
    Mr. Weinstein. Sure. The cases I am talking about, Mr. 
Scott, are cases in which an Internet user----
    Mr. Scott. Is it your proposal that content not be 
retained?
    Mr. Weinstein. Well, the Administration doesn't have a 
proposal today, but I think that one of the issues that 
Congress should engage in a discussion on is whether it should 
include content. My own view is that the most useful 
information to us in solving crimes is noncontent.
    Mr. Scott. Okay. Now, if this information is available, 
would it be--sitting up there, would it be available for 
private subpoena, like in a divorce case?
    Mr. Weinstein. Well, that is another issue that I think is 
worth discussing, whether it is only available to law 
enforcement or available to private litigants as well. My 
primary interest, obviously, is making sure it is available to 
law enforcement.
    Mr. Scott. Would we need to, if we passed something like 
this, turn around and have some regulations to protect privacy?
    Mr. Weinstein. Again, I think that sort of--the questions--
there are five or six questions that I think Congress should 
ask as we engage in this discussion. Number one--and some of 
these have already been alluded to. Number one is, what data 
needs to be retained, the issue we have been discussing? Number 
two is how long the data should be retained for. Number three 
is, who would need to retain it? Number four is, who would have 
access to it, the issue you just raised, whether it would be 
law enforcement only or private litigants as well? And number 
five is whether some additional protections for consumers are 
necessary, whether those need to be legislated or something 
industry can do on its own to enhance privacy and security of 
their networks.
    Mr. Scott. And Mrs. Dean is going to be very helpful in 
making sure that we follow through and particularly helpful in 
continuing to send you more information and more tips that you 
can follow through on.
    Mr. Sensenbrenner. Time of the gentleman has expired. The 
Chair recognizes the gentleman from Texas, Mr. Poe, for 5 
minutes.
    Mr. Poe. Thank you, Mr. Chairman.
    Ms. Dean, did you say that every year your business 
supplies law enforcement 190,000 tips?
    Ms. Dean. No. There is a statutory obligation under 18 
U.S.C. 2258(a), that required ECS and RCS providers--we will 
call them service providers today. So it is much broader----
    Mr. Poe. How many? Cut to the chase. How many do you 
provide?
    Ms. Dean. I think last year it was over 140,000.
    Mr. Poe. One hundred and forty thousand. Those go to whom, 
local, Federal?
    Ms. Dean. They go to the National Center for Missing & 
Exploited Children, according to statute, and NCMEC are the 
experts, and they deal with it from there. They refer it out to 
the proper jurisdiction.
    Mr. Poe. Mr. Weinstein, how many Federal cases were made on 
child pornography in 2010 or 2009? Give me a figure that I can 
understand.
    Mr. Weinstein. I would be happy to, Congressman, I just 
don't have it available. I find as I enter my 40's, my own 
personal data retention is not what it should be. But I would 
be happy to provide a number to you.
    Mr. Poe. I mean, can you give me a ball park figure? It 
wasn't 145,000, was it? 
    Mr. Weinstein. No, I don't believe it was 145,000.
    Mr. Poe. How many cases? Do you have any idea?
    Mr. Weinstein. I don't and I would also want to be able to 
get you that information at the local level, too. As you know, 
a great many of these cases are prosecuted by State and local 
law enforcement and are pursued by the ICAC task force, which 
the Department helps fund and which exists in every State in 
the United States.
    Mr. Scott. Would the gentleman yield?
    Mr. Poe. I will yield.
    Mr. Scott. Thank you. There is a report from the Department 
of Justice, the list is 8,352 in the last 4 years.
    Mr. Poe. Reclaiming my time. So it is about 2,000 a year.
    Chief Douglass, how many cases, since you are the chief, do 
you know how many cases local law enforcement has made in any 
given period of time?
    Chief Douglass. Mr. Poe, I can't give you a specific 
number. I can tell you, however, that we have--in Overland 
Park, it is a city of 170,000 people, and we have a three-man 
or three-person unit person working on it full time. And as far 
as I know, none of those cases came through the channels we are 
talking about. So they are working on their own leads in 
significant numbers.
    Outside of the arena, we are talking in a Federal sphere. 
The exact number I can't give you. But I can tell you we are 
working several peer-to-peer cases, two to three to four, every 
single month just in Overland Park.
    Mr. Poe. Can you supply the Committee with that data?
    Chief Douglass. Yes, sir, I will.
    Mr. Poe. And Mr. Weinstein, can you as well supply that?
    Mr. Weinstein. I will, yes, sir.
    Mr. Poe. Appreciate that.
    I am concerned about the overbroad idea of Federal 
legislation in any area.
    Certainly I think people that engage in this type of 
criminal activity ought to get their day in court before a jury 
as often as possible.
    But do you see any Federal concerns, constitutional 
concerns, Mr. Weinstein, since you are encouraging us to come 
up with some kind of legislation about the overbroad concept of 
more storage of personal information?
    Mr. Weinstein. Congressman, the way I approach the issue is 
this, to the extent that the collection of data creates privacy 
risks or creates risks to people's anonymity, those risks exist 
today right now. Much of the noncontent data that we are 
talking about here today, that law enforcement needs to solve 
these crimes is already being retained right now by a large 
number of communication providers for their own commercial and 
marketing purposes, and that includes ISPs. That includes the 
New York Times. That includes a lot of Web sites that you visit 
every day.
    A mandatory data retention requirement would only extend 
that retention time to make sure that it was applied 
universally across industry.
    To the extent that there are risks to privacy from those 
databases existing, those risks exist on day 1 when you open 
your account; they exist on day 30, day 60, day 90 day 180, day 
365. Whether a provider keeps the data for a day or a year, the 
provider has an obligation to protect that data. There is no 
system that is foolproof, but responsible providers take steps 
to safeguard the networks, and we can always do more.
    In terms of the impact on privacy of law enforcement having 
access to that data, as I said in my opening remarks, what we 
are not talking about, expressly not talking about, is in any 
way increasing the authority of law enforcement to get that 
data. The authorities Congress has already provided and that we 
exercise consistent with statute and constitutional obligations 
every day are the same authorities that will govern our access 
to these expanded databases or these databases that are kept 
for longer periods of time. We cannot--law enforcement cannot 
obtain that data unless lawful process is used, and that would 
continue to be the case.
    The ultimate safeguard against law enforcement abuse is 
that we are subject to be supervision of Congress, of the 
courts, of the Department of Justice, and prosecutors' ethical 
obligations to make sure that they use the lawful authorities 
properly and in accordance with the Constitution.
    Mr. Poe. Thank you, Mr. Chairman.
    Mr. Sensenbrenner. The gentleman from Michigan, Mr. 
Conyers.
    Mr. Conyers. Thank you, Mr. Chairman.
    This has been a very useful hearing and what I want to 
propose to you, Chairman Sensenbrenner, why don't we--the 
question is always, where do we go from here? Why don't we get 
the Smith proposal and my proposal and meet with Eric Holder 
and the deputy assistant attorney general and come up with a 
bill and let's just move it along.
    We can study this, you know. We are pretty good at studying 
things, but----
    Mr. Sensenbrenner. Would the gentleman yield?
    Mr. Conyers. Of course.
    Mr. Sensenbrenner. I would be happy to participate in that 
meeting, but it seems to me you are yanking the carrot away 
from Ms. Dean.
    Mr. Conyers. Well, the Humane Society may be looking for 
you pretty soon anyway with this carrot and stick approach. It 
has raised some very interesting questions, Mr. Chairman.
    But I think we all see where we are going here. It is not 
like this hasn't been worked on before. So I offer that 
proposal for your examination and, hopefully, action.
    Now John Morris, were you shocked as I was when the deputy 
assistant attorney general began to theorize about how far we 
could carry this business? I mean, I thought he would be a 
little bit more restrained in trying to get us on board, but he 
has left the door open for this to go all the way.
    Mr. Morris. Well, certainly there have over the years been 
a number of proposals for data retention that have always been 
targeted at child exploitation cases, which are certainly, I 
agree, among the worst of the worst cases out there. But I 
think that is one concern we have always had about those 
proposals, is that that simply would open the door to broad 
data retention applying to even, you know, to the broad range 
of cases. So, yes, it is a very serious concern that I have 
that we are talking about.
    Mr. Conyers. So he didn't surprise you?
    Mr. Morris. I am afraid it didn't surprise me that that is 
the direction that law enforcement is going, yes.
    Mr. Conyers. Do you have any defense at all to offer, 
Weinstein?
    Mr. Weinstein. Well, I must say, I don't think I have ever 
been referred to as ``unrestrained'' before. So I apologize if 
I gave that impression, Mr. Chairman Emeritus.
    To be clear, the government doesn't have a specific 
proposal. My purpose here today is to emphasize to you law 
enforcement's concern about the lack of the data and to flag 
the issues----
    Mr. Conyers. So when are you going to get a proposal? How 
many years is this going to take?
    Mr. Weinstein. I don't know where we are exactly in the 
process of developing a proposal, but we are here today and we 
are committed to engaging in this conversation with you and 
with the entities represented by the other people on the panel.
    Mr. Conyers. Well, I am going to call Eric Holder right 
after this hearing and see if we can get this moving. I mean 
there are a lot of things to study in the Crime Subcommittee, 
but I don't think we need a whole lot of time on this. And 
besides, why don't you take advantage of the bipartisanship 
that is raging all over the 112th Congress?
    Mr. Weinstein. I certainly think that in a lot of areas, we 
should take advantage of that bipartisanship.
    If I could, just to be clear, there are a number of 
permutations of this that could be done in terms of the type of 
providers that are covered, the type of information that is 
covered, the length of time, whether it is 30 days, 60 days, 6 
months, a year or more. As you know, the European Union has a 
data retention directive that its member states have been 
ordered to implement where data is retained for a minimum of 6 
months and maximum of 2 years. Within that range there are a 
number of possibilities, and also in terms of the scope of the 
crimes covered, there are a number of possibilities. We don't 
endorse any particular one of them, although, as I said, we are 
eager to participate in this process going forward and to come 
up with a proposal that we think balances all those costs.
    I should also be clear, we completely understand that there 
are costs imposed. While data storage costs are dropping 
dramatically, there will be costs imposed if data has to be 
retained longer than it currently is being retained. There is 
no doubt about that. And one of the greatest costs will be data 
retrieval in response to requests from law enforcement, 
although if we follow the practice that we do currently those 
costs will to a large extent be reimbursed.
    At the same time, I didn't mean in my remarks earlier to 
suggest that we don't think privacy is an issue. My only point 
is only that the privacy risk exists currently. The point here 
is to try to find a balance among all three interests, and I am 
confident we can do that.
    Mr. Sensenbrenner. The gentleman from Virginia, Mr. 
Goodlatte.
    Mr. Goodlatte. Thank you, Mr. Chairman, and thank you for 
holding this hearing. This is an issue that is of keen interest 
to me. I have long worked with Chairman Smith and Chairman 
Sensenbrenner and others on the issue of child pornography and 
other related issues on the Internet. Sometimes we have had 
successes. Sometimes the Court has set us back, but it is a 
concern and an ongoing effort.
    I have also spent a lot of time meeting with leaders over 
the years from the European Union and urged them not to impose 
a hard 2-year data retention requirement. The European Union 
sort of found not quite a 2-year requirement. It requires that 
the ISPs retain data for a period of between 6 months and 2 
years, and the EU has faced a great deal of difficulty in 
implementing this requirement.
    So it seems to me that if there is a lot of interest in 
this issue--and I share some of the concerns expressed by Ms. 
Dean and Mr. Morris and the problems that will ensue--it seems 
to me that the first place we ought to look is what the 
experience of the European Union is. And Ms. Dean, would you 
care to comment on that? And I will ask Mr. Weinstein, too.
    Ms. Dean. Well, I think that the experience in the European 
Union and the fact that they have had to come back to the table 
recently and they are reassessing their original approach begs 
that maybe we should look to a different approach for the 
United States. Certainly in different member states, the 
implementing legislation in the EU has been ruled 
unconstitutional, and I think that asks us to really come back 
to the table and look at innovative approaches, things like 
preservation.
    Mr. Goodlatte. Thank you. Mr. Weinstein?
    Mr. Weinstein. Yes, Congressman. My understanding--although 
I must say I can't speak with expertise about the state of 
affairs in the EU--but my understanding is that the European 
Court of Justice in 2009 ruled that the directive I referred to 
earlier was legal. There have been some issues with the 
implementing legislation, as Ms. Dean just indicated. And my 
understanding is that the process that is underway now is a 
process to harmonize and fix some problems with the 
implementation of the directive but that it is only a minority 
of the member states who have failed to comply; that is, that a 
majority of the states have complied. And so to the extent that 
they have, I think, as you suggested, there are some lessons to 
be gleaned from studying the way that the directive has been 
implemented in those places where it has been.
    Mr. Goodlatte. Mr. Morris?
    Mr. Morris. One lesson I think we can look at in Europe is 
what has the impact been? And studies have begun to show that 
data retention mandates in Germany, just to take one study, 
have reduced the willingness of citizens to go online for 
mental health services. And that, I think, is something--that 
is precisely the kind of very sensitive information that I 
think that Congress should be very concerned about, chilling 
the access that citizens have and the comfort that citizens 
have in going online.
    So I think there are at lot of lessons one can take from 
Europe, and certainly in Europe, there is a move to revisit 
data retention. And certainly I have heard many of the European 
politicians say that, you know, at the maximum one would say, 
you know, 6 months. Clearly that is the direction that they are 
going, to reduce the length of time. But there are serious 
concerns that are raised in Europe.
    Mr. Goodlatte. Thank you. Ms. Dean, what would a blanket 
data retention requirement have on smaller ISPs?
    Ms. Dean. This is a serious concern because we don't quite 
understand at this point what the breadth is. I mean, you could 
take some of the earlier comments made and assume that this is 
meant to apply to Web sites. And just because it is noncontent 
data does not mean that that data is not revealing and very 
interesting about people's behavior online. And it is not clear 
exactly what it is that companies will be called upon to 
retain. Are we looking at, you know, what Web sites they go to? 
And this all brings us back to the scope and the breadth and 
the duration of time. For small companies, I guess it is really 
up to the Subcommittee to consider whether these kinds of 
mandates could really be stomached by smaller companies. I can 
say that within my membership, I have large companies, but I 
also have small companies who provide services to rural areas 
and to lower-income Americans. And their services, because they 
are low-cost or free, would be greatly affected by a data 
retention mandate.
    Mr. Goodlatte. Thank you, Mr. Chairman.
    Mr. Sensenbrenner. The gentlewoman from California, Ms. 
Chu.
    Ms. Chu. Chief Douglass, internetworldstats.com, which is a 
Web site for international Internet usage statistics, said that 
as of 2007, there were 66 million Internet broadband 
subscribers in the U.S., which is about 22 percent of our 
population. Is it law enforcement's belief that we should 
retain all these subscribers' data? Or is it possible to do 
something that is more targeted? How would you determine which 
subscribers' data should be retained? And are you actually 
saying that all of those 66 million's information should be 
retained?
    Chief Douglass. Well, ma'am, essentially there is no way to 
specifically target it because if we knew who the bad guy was, 
we could just target them. But unfortunately we don't. And what 
we have to do is to assume that this information is like a bank 
that has a vault full of safety deposit boxes. Those safety 
deposit boxes remain totally sealed, totally inaccessible to 
the law enforcement until something happens and we are given 
direction to open one particular box. That is how this 
particular system would work.
    I would point out that there is a lot of information there. 
But in my own history in the last 2 weeks I applied for a loan. 
And when I applied for a loan, they pulled up my credit report 
and my credit report knew everything about me. That is on the 
Internet and that is maintained for 7 years. So my point being 
is, we all have to sacrifice to a certain extent for those 
particular component parts that require addressing. In this 
particular case with the credit report, my credit is good, but 
we had to sacrifice that access because some people's credit 
isn't so good. In this case, all of us would have to contribute 
to a certain balance of that sacrifice and privacy so that the 
criminal element can be addressed. And there is no way to 
target it or narrow it or move it down because we are dealing 
with the unknown.
    Ms. Chu. Mr. Morris, how do you respond to that? And also, 
how would the retention of the data of the 66 million people 
harm Americans' privacy rights and aggravate the problem of 
identity theft?
    Mr. Morris. Thank you, Congresswoman. Let me first respond, 
to take the credit reporting example, credit reporting, you 
know, Congress has passed very, very strong legislation to 
protect the privacy of that information. It is very strongly 
controlled. In contrast, data held by service providers has 
extremely little protection. The Electronic Communications 
Privacy Act was enacted in 1986. It is woefully out of date. 
Law enforcement can obtain the data that we are talking about, 
the noncontent data that we are talking about, with very, very 
minimal process or protection. And so, I mean, there are some 
very, very serious privacy concerns.
    I believe the Internet usage in the United States has now 
risen to about 70 percent. I think we are now talking about 230 
million Americans who would be covered by this. And the 
proposals that all of their access everywhere they go, all of 
their e-mails be monitored and tracked is really breathtaking. 
In the context of call records, telephone call records that 
were kept by telephone companies, we have seen very broad use 
of civil subpoenas by divorce attorneys and other civil uses. 
And my understanding--I am not sure if Ms. Dean may be able to 
tell me--but my understanding is that actually civil use, 
noncriminal use of data that is held by service providers 
represents one of the largest types of demands and requests 
that companies receive for this data.
    So it is clear if the data is required to be held, it will 
be used in a broad context.
    Ms. Chu. You are saying that there are far less protections 
that are provided by the Electronic Communications Privacy Act 
than for, say, credit reports.
    Mr. Morris. Right.
    Ms. Chu. Should that be updated first?
    Mr. Morris. Absolutely. The need to update ECPA is really 
critical. I mean, it is critical for privacy grounds. It is 
also critical for business grounds because it really is harming 
the American industry's ability to compete in the global 
marketplace, given the low standards of protection that ECPA 
affords.
    Ms. Chu. Is there a way to have a more effective use of 
existing data preservation requirements rather than having 
mandatory data retention?
    Mr. Morris. Well, Congress in 2008 authorized the 
appropriation of additional resources for both prosecution and 
also for the technical investigation of child obscenity crimes, 
which would allow law enforcement to get access to the 
information they need sooner, which would reduce the need or 
the argued need for a data retention mandate. If law 
enforcement is able to more promptly investigate these cases 
instead of being overwhelmed with other cases, then there is 
really not such an issue that data retention would be needed to 
address.
    Ms. Chu. Thank you.
    Mr. Sensenbrenner. At this point, the Chair asks unanimous 
consent that a statement by Ernie Allen of the National Center 
for Missing & Exploited Children be inserted in the record.
    [The prepared statement of Mr. Allen follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
                               __________

    Mr. Sensenbrenner. And now the Chair recognizes the 
distinguished Vice-Chair of the Committee, the gentleman from 
Texas, Mr. Gohmert.
    Mr. Gohmert. Thank you, Mr. Chairman.
    Mr. Weinstein, you had said in your statement that in some 
ways the problems of investigations being stymied by a lack of 
data retention is growing worse. Could you elaborate on what 
you mean by that?
    Mr. Weinstein. Yes, sir, Congressman. Certain types of 
providers, principally in the cell phone community, are not 
retaining data at all. Increasingly, we are having providers 
who are retaining data for shorter and shorter periods of time, 
if they retain it really at all. We also have encountered the 
problem repeatedly of providers who publish or state that their 
retention period is 6 months or some period of time, only to 
find that when we submit requests to those providers within the 
stated retention period, we are told that the data is no longer 
being retained. So in that sense, the problem is growing worse.
    As I said before, a great many providers are already 
retaining the data that we are talking about here. So the 
points that were made over privacy before, I think it is 
important to recognize that that data will continue to be 
retained by the providers and not by the government; that is, 
the government can only obtain it through lawful process. The 
data will be retained by providers, as it is currently. The 
problem is the inconsistency. The problem is that it is not 
held for a sufficient period of time, that it is not consistent 
across the board, that the decisions about how long to retain 
data for are made unilaterally by the providers and are subject 
to change at will and, as I said, are often not even honored.
    So what we think is essential is that whatever the decision 
is about the scope of the requirement, if Congress goes down 
this road, is that it be one that is clear and consistent 
across industry.
    In 2008, the Electronic Frontier Foundation published a 
user guide or a guide that was entitled, Best Practices for 
Online Service Providers, which I think is unintentionally the 
best argument for Congress to intervene in this space than 
anything that I could say today. It advises providers that they 
can't be forced to provide law enforcement with data that 
doesn't exist. It provides guidance about how to minimize what 
they referred to as ``the challenges of law enforcement 
compliance.'' It calls upon providers to obscure, delete as 
much data as possible. It advises providers to use secure 
deletion utilities to scrub the hard drives so that the logs 
cannot be obtained. The fact that providers are being guided to 
conduct themselves in this way I think speaks to the fact that 
the problem is growing worse and that congressional action--or 
congressional engagement on the issue is probably as timely as 
it has ever been.
    Mr. Gohmert. Well, you touched on this perhaps. But the 
Electronic Communications Privacy Act currently allows 
investigators to request preservation of records. And I would 
ask you, Mr. Douglass, if that is not being honored. And if it 
is, why is that not adequate?
    Chief Douglass. Well, congressman, I have no evidence, but 
it is not being honored. The problem is, it is not a question 
of honoring our request. The problem is that it is not there 
when we ask for it. So if the information has already been 
deleted or if it has already been spoiled in some respect, we 
can ask all day. But if it is not there, it is not there to 
get. And that is why the time requirement of 30 days is onerous 
because many cases are not brought to light in 30 days.
    Mr. Gohmert. Mr. Weinstein, have you made requests for 
preservation that have not been honored?
    Mr. Weinstein. Except in the sense that--the largest 
problem with preservation is what the Chief said. That is that 
the preservation tool, while a useful tool, is only valuable if 
the data still exists at the time that the preservation letter 
is submitted. For reasons that I alluded to in my oral remarks, 
these are extraordinarily complex crimes. In the child 
exploitation arena, increasingly they are international and 
global investigations. They are investigations that often start 
when law enforcement in another country seizes a server or 
seizes a computer that is being used by the administrator of a 
child sexual abuse distribution network. And it takes time to 
go from that seizure in Australia or New Zealand or Germany to 
identifying IP addresses of people in the United States who are 
engaging in that activity, and then having to follow the trail 
of those people here to the U.S. And invariably, really quite 
often, too often, by the time we are able to--and no matter how 
quickly we work, by the time we are able to find the provider--
--
    Mr. Gohmert. My time is running out. Let me ask quickly. We 
have talked in generalities. Is there a large ISP that 
consistently deletes information to prevent you from having 
that information preserved? I am asking specifically.
    Mr. Weinstein. Sure. I appreciate why you are asking 
specifically. But I would rather not talk about specific 
providers. But what I would say is that for the most part the 
ISP community is very cooperative.
    Mr. Gohmert. Well, pardon me for my background being a 
judge, but as a judge, if people weren't willing to get 
specific, then obviously it was not legitimate testimony that 
would come into evidence. Is there no specific----
    Mr. Sensenbrenner. The time of the gentleman has expired. 
You don't have to answer that one.
    The gentlewoman from Florida, Ms. Wasserman Schultz.
    Ms. Wasserman Schultz. Thank you, Mr. Chairman. Mr. 
Chairman, some of the Members and the witnesses may know that I 
was the House sponsor of the PROTECT Our Children Act of 2008 
which was a major effort and continues to be a major effort to 
develop a national strategy which has been developed, appoint 
the National Coordinator for Child Exploitation Prevention and 
Interdiction, which is Francey Hakes, who is actually here with 
us today and is in the audience and who has been doing an 
excellent job in this area, to finally coordinate the work of 
the Internet Crimes Against Children Task Forces and provide 
them with the resources that they need because previously they 
have really been only able to investigate less than 2 percent 
of the cases that occur when it comes to the transmission of 
child pornography online and other kinds of sexual predatory 
activities on the Internet.
    But all the money in the world and the coordination and the 
planning isn't going to help at all if we don't have the 
assistance from the Internet service providers. And with all 
due respect, Ms. Dean, I think we need to be clear that this is 
not about watching or tracking people's behavior online, which 
is how you described it a couple of minutes ago. It is about 
helping law enforcement connect the dots. And one of the things 
that I think is extremely important to underscore here is that 
that is the difficulty, is that right now, because there are 
varying degrees of cooperation, varying degrees of time that 
ISPs actually preserve this data--some as short as 7 days, 
without naming names, Mr. Chairman, as you suggested--that it 
really becomes extremely difficult, if not impossible, for law 
enforcement to be able to actually get to the information they 
need not about the individuals and their activity but about 
specifically the connectivity logs. I mean, that is what really 
we need to be able to get at are these connectivity logs. 
Because as people know who follow this stuff, an individual ISP 
address is not helpful because people have a different one for 
every computer that they log on to. So having the ability to 
track one individual's connectivity is what is necessary. Law 
enforcement already have the pictures. They already have the 
ability to lift the digital fingerprints. They lose that 
ability if ISPs don't hold onto that information for a 
standardized period of time.
    So my question to you, Ms. Dean, really is this: 
Voluntarily would be a lot better than mandating this. I think 
that is what we would all like to see, including law 
enforcement. So what are the ISPs willing to do voluntarily? 
You should come together and decide on a standard and propose 
it. Because that is going to be the best way that we can get 
this problem addressed without us being in a situation where we 
have to figure out legislatively how to make you do it.
    Ms. Dean. Thank you, ma'am. And I have been given some 
carrots and sticks today earlier from the Chairman, and I 
recognize the need to go back and work with my membership and 
to talk about this.
    We have been following data retention for many years. We 
have been engaged in this conversation. And certainly in the 
area of fighting online child exploitation, it is something 
that U.S. ISPA and our members are certainly committed to, so I 
can guarantee that we will be getting back to you and talking 
to your staff about this.
    Ms. Wasserman Schultz. Thank you. Mr. Chairman, at some 
point, if we could hear from Francey Hakes, who is the person 
that is coordinating all of this activity from the Department 
of Justice, it would be incredibly helpful. Mr. Weinstein, I 
know that you are doing your best, but Francey really is the 
person that is responsible in the law for coordinating all of 
this activity, and I know that she would be able to give us 
some very helpful information, one of which is--I am really not 
understanding why you don't have a specific proposal because, 
Mr. Weinstein, that is supposed to be in the National Strategy. 
So is it in the National Strategy? If it is not, then the 
National Strategy is deficient.
    Mr. Weinstein. Well, I don't believe that there is a 
specific data retention proposal, Congresswoman, in the 
National Strategy, although the National Strategy is designed 
to do a lot more than just address the issue of data retention, 
as you know. It is meant to lay out a framework for 
coordinating all of law enforcement's operations to address the 
problem.
    Ms. Wasserman Schultz. Before I run out of time, that is 
just a big concern that I think we need to address. You really 
do need to do a better job of giving us a number or a 
percentage of cases that have been hindered or reached a dead-
end. The anecdotal information is somewhat helpful, but if you 
don't really give us a concrete number.
    But the question that I have for you specifically is: In 
the Republican budget proposal, which proposes to cut 20 
percent across the board, what would that do to your ability to 
continue to investigate and solve these cases, if their budget 
proposal actually went through?
    Mr. Weinstein. Well, if I can address both pieces of that 
quickly. In terms of the concrete number, it is a challenge and 
it is frustrating to me, to Francey, and to all of us who are 
involved in working on this issue that we can't come up with a 
concrete number. And there are a number of reasons for that. 
But the primary one is that the Justice Department, like all 
levels of law enforcement, doesn't typically keep statistics on 
cases that do not result in charges. And very often what 
happens when an investigation hits a dead-end so that the 
investigator or the prosecutor moves on to another case, we 
don't log the fact that we tried but were not successful. The 
other thing is that law enforcement officers are smart, and 
they figure out over time which ISPs will keep data for which 
periods of time. And when they obtain a lead and they need to 
go to a provider, if it is outside what they understand to be 
the data retention period, they won't even bother to submit a 
request because they know it is not going to be fruitful, and 
they will try--sometimes successful, often not--to obtain the 
evidence they need from another source.
    So the anecdotal example that we could talk about, some of 
which I alluded to in my testimony, are not hypotheticals. They 
are illustrations. There are new anecdotal examples we get 
every day, every week, every month of cases that were not able 
to be made.
    Ms. Wasserman Schultz. And can you address my budget 
proposal question?
    Mr. Weinstein. If I may, Mr. Chairman.
    Mr. Sensenbrenner. Go ahead.
    Mr. Weinstein. The only thing I would add, this goes beyond 
child exploitation because every type of crime that we worry 
about is committed through online means now. And so I think 
that losing prosecutors and losing agents would seriously 
impact our ability to prosecute really virtually any type of 
online crime or crime committed through an online means at the 
level that we would like to.
    Mr. Sensenbrenner. The gentlewoman's time has expired. The 
gentleman from Arizona, Mr. Quayle.
    Mr. Quayle. Thank you, Mr. Chairman. And thanks to all of 
you for coming in today.
    My first question is going to be for Ms. Dean. What 
specific actions have your members voluntarily taken to combat 
child pornography so far?
    Ms. Dean. Well, I can speak as an association and as 
someone on behalf of the individual members. We have 
promulgated a number of sound practices to be more helpful to 
law enforcement in the areas of child pornography reporting and 
in general subpoena compliance when it deals with child 
exploitation cases. The members participate in a number of 
important task forces, things like the Technology Coalition and 
Financial Coalition Against Child Pornography, which we can get 
you more information about in the future. And certainly the 
companies interact with the ICACs on a regular basis. And 
moreover, they have highly skilled staff that work on these 
compliance issues, understand that child exploitation cases are 
a priority, and are trained to deal with them in a timely 
manner.
    Mr. Quayle. And also in your testimony, you spoke about 
some of the problems that we are facing with data retention in 
terms of it might slow down the process for immediate emergency 
situations, such as child abductions and the like. Obviously we 
don't want to negatively impact with legislation having these 
unintended consequences of maybe we have this increased data 
storage issues, but then it actually has some problems with the 
speed of recovery. Can you address that and maybe talk about it 
a little more?
    Ms. Dean. Yes. And thank you. I appreciate that 
opportunity. Because as we thought about data retention this 
most recent round, one of the things that occurred to the 
companies was that, you know, we have a number of concerns 
about the cost to innovation and so forth. But the main concern 
that we would have with building these massive data bytes--we 
are talking exabytes of information--how it would be that we 
would be 100 percent accurate in retrieving precisely the 
record that law enforcement requested and doing so in a timely 
and efficient manner and doing so in an emergency situation 
because we do get frequently emergency requests from law 
enforcement and want to be helpful. The reason this is so 
important to the companies is because, one, they take their 
responsibilities under ECPA and other statutes very seriously. 
But secondly, because we are dealing with people's lives and 
liberty here. And out of all this data, we have to make sure 
that, say, 18 months down the road that tiny particular piece 
of information is exactly the right information linking that 
exact target, and there is a concern in that area, yes.
    Mr. Quayle. Mr. Weinstein, can you give your side on that 
issue in terms of how that might affect emergency responses in 
slowing down the recovery time?
    Mr. Weinstein. Congressman, what I can say is that in those 
situations, as I have indicated a number of times, there is 
already a substantial number of providers who are keeping the 
kind of data that we were talking about and do keep it for a 
period of time. So it is not like they are creating systems out 
of whole cloth. They just need to figure out a way to keep it 
for longer, and there would be some potential additional cost 
of storing it for longer. But those same providers who have 
that data have to respond to the kind of requests you are 
talking about every day. And they manage to do so quite well. 
So if they are keeping a larger volume of data, it seems to me 
it would be a software engineering problem that is beyond my 
expertise. But to the extent that they are able to comply with 
those requests today when they have got the data available, I 
would expect them to be able to do so in the future.
    I do acknowledge, as I said before, that I think the 
principal additional cost of a data retention regime would be 
in data retrieval, not so much in data storage but in the data 
retrieval. But I wouldn't anticipate that there would be a 
significant impact on--negative impact, that is, on ISP's 
ability to respond to emergency requests. I think what it would 
mean though is that the nonemergency requests, there may be 
some additional delay in responding to them. But given where we 
are now, we are happy if they are being responded to at all.
    Mr. Quayle. All right. And further, do you have any 
suggestions in terms of retention period? Is it 1 year, 2 
years, 3 years, 4 years, keeping it forever? I mean, that is 
one thing that I was wondering is that, you know, with the 
statute of limitations--I don't know what they are for child 
pornography cases, but wouldn't you want to have that match up 
to when the statute of limitations expires?
    Mr. Weinstein. Well, I think that the statute of 
limitations for child sex abuse cases, I think there actually 
is none. So that would be keeping it indefinitely. For most 
Federal crimes, it is 5 years. I think that if the only 
consideration at play here was law enforcement, then I would 
think the statute of limitations would be the place to start 
the discussion. But that clearly is not the case. And I don't 
want to suggest for a second that that is what we would 
suggest.
    There are clearly other competing interests. The economic 
impact on the providers, to some extent privacy. And I think 
that when you balance those out, it clearly has to be something 
that is much more modest than the statute of limitations 
period. Where that number is, I can't say today. Although, as I 
have said, I think this is a very useful first step. I know 
this is an issue the Subcommittee has worked on for years and 
years. And I am hopeful that, working together, we can come to 
a place, come to a number that maximizes law enforcement's 
chances of solving the crimes it needs to solve without 
overwhelming the providers and without creating unintended 
consequences.
    Mr. Sensenbrenner. The time of the gentleman has expired. 
The gentleman from Georgia, Mr. Johnson.
    Mr. Johnson. Thank you, Mr. Chairman, for holding this very 
important hearing today on using Data Retention As a Tool for 
Investigating Internet Child Pornography and Other Internet 
Crimes. And this bill, H.R. 1076, is actually cited as the 
Internet Stopping Adults Facilitating the Exploitation of 
Today's Youth Safety Act of 2009. But it is a fact, isn't it, 
that the provisions of H.R. 1076 go far beyond stopping 
Internet child pornography; is that a fair assessment, Mr. 
Morris? Is that true?
    Mr. Morris. Well, certainly H.R. 1076 would very broadly 
sweep--the terms of that legislation would very broadly sweep--
--
    Mr. Johnson. Yes. I mean, section 5--yes, section 5, 
Retention of Records By Electronic Communication Service 
Providers is not limited to only investigations or matters 
concerning child pornography.
    Mr. Morris. Certainly I read that draft bill the same as 
you do. Yes, sir.
    Mr. Johnson. Okay. So it is kind of like perhaps you could 
say--and I don't say this disparagingly--but kind of like a 
Trojan horse. And you could have things in that Trojan horse 
that come out and surprise you.
    Mr. Morris. Yes. Certainly I agree that once the data is 
mandated to be retained, it will be used for a broad diversity 
of reasons, including civil litigation, perhaps even commercial 
use by the service provider, and a range of other things that 
concern us.
    Mr. Johnson. Well, let's talk about that in just a second. 
But let me look down at section 9 of the proposal. It grants 
$150 million to the Innocent Images National Initiative, $150 
million. Now does anybody have any idea what the Innocent 
Images National Initiative is?
    Mr. Weinstein. Yes, Congressman. The Innocent Images 
Initiative is a law enforcement initiative that was set up by 
the FBI and the Justice Department. The Innocent Images Task 
Forces are the groups that have primary responsibility on the 
Federal level for investigating child exploitation crimes.
    Mr. Johnson. Where would this money go to? Who would be the 
recipients of the $150 million?
    Mr. Weinstein. I can't speak to the specifics of the 
proposal, Congressman, because I am not as familiar with it. So 
I don't know what the intended use of that $150 million is. My 
guess would be that it would be primarily to support 
investigative resources, investigators and prosecutors.
    Mr. Johnson. But you would not say that there are any 
limits on how the money could be spent as provided by section 
10, is that correct?
    Mr. Weinstein. Well, again, I can't speak to the details of 
that specific proposal.
    Mr. Johnson. So in other words, can anybody on this panel 
tell me where the $150 million and to whom would the $150 
million provided under section 9 go to? Yes, Mr. Douglass, do 
you want to give it a stab?
    Chief Douglass. I will try to do so.
    Mr. Johnson. I have limited time now. Just answer me this: 
Do you know where the $150 million is going to?
    Chief Douglass. I know where a small part of it is going 
to.
    Mr. Johnson. Well, a small part. I want the big part. And I 
find it somewhat disturbing that we are not able to get at that 
in this hearing.
    So we have got Internet child pornography being the Trojan 
horse. And then inside that, we have a data retention 
situation, mandatory, that may fall upon the backs of 
commercial and private Internet service providers. And then we 
have $150 million to boot going to some----
    Mr. Sensenbrenner. The gentleman's time has expired.
    Mr. Johnson. Thank you, Mr. Chairman.
    Mr. Sensenbrenner. Last, but not least, the gentlewoman 
from Florida, Ms. Adams, is recognized for 5 minutes.
    Ms. Adams. Thank you, Mr. Chairman.
    Mr. Weinstein, I was listening. And coming from a law 
enforcement background, I am kind of curious. You made a 
comment about when your agents get to a point where they just 
stop because they have hit a dead-end and they move on, and you 
couldn't give us a caseload count. Is it your testimony today 
that your caseloads are not counted based on open/closed 
caseloads?
    Mr. Weinstein. Well, Congresswoman, certainly at the 
Federal level--I can't speak to the State and local--but at the 
Federal level we do, both the agencies and the Justice 
Department, keep track of cases that are open and closed. What 
I mean to suggest is that we couldn't look at that data and 
figure out how many of those were closed because of a failure 
of data retention. There are any number of reasons why a case 
is opened and then ultimately not able to be successfully 
concluded or result in a charge. It could be that there is a 
lack of evidence, it could be that there were other 
investigative hurdles. But I couldn't pinpoint within that 
gross number of cases how many were a data retention issue 
specifically.
    Ms. Adams. And so then I am not to be concerned at the fact 
that you would base your budget on caseload. You are basing it 
on your open caseloads, correct?
    Mr. Weinstein. You know, those cases take an extraordinary 
amount of time, as you know, especially now. And in the child 
exploitation arena, this is particularly true, but it is true 
in a lot of others as well, that to the extent that those cases 
involve international law enforcement, to the extent that the 
criminal is sophisticated and takes steps to try to anonymize 
himself or herself, there are a number of steps in the chain 
you have to go through that take a long time. You can 
investigate a case for years only to find that you are not able 
to bring a charge. So I think the fact that the case is open 
and how long it is open for reflects the amount of man and 
woman hours that are going into it. It is just that sometimes, 
for any number of reasons--data retention being one of them--
you can't actually successfully complete the investigation and 
indict anyone.
    Ms. Adams. And while sometimes it is a lot of man hours 
when the case is open or it sits there because you have hit a 
dead-end and you haven't closed it quite yet, and I recognize 
that. But that goes again to what Mr. Quayle asked you, and 
that was, how long then, how long would you recommend that 
these providers hold this data?
    Mr. Weinstein. Well, as I said to Mr. Quayle, I think the 
Administration doesn't have a position at this time on what the 
appropriate amount of time is. What I do believe is the case is 
that--at least as a starting point for discussion, I think the 
EU range of 6 months to 2 years is a useful starting point for 
discussion, but I wouldn't suggest, even as I sit here today, 
that it should be 6 months or 2 years or 1 year. I do believe 
that there is a time period that we could come to that would be 
long enough that law enforcement could maximize the chances of 
getting the evidence it needs to successfully complete a larger 
number of investigations and bring a larger number of criminals 
to justice but that wouldn't be so long or that would be 
moderated and would not overwhelm, in terms of cost or privacy 
impact, the other equities involved.
    I mean, ultimately, I think the fact that we haven't come 
to a conclusion on this issue successfully over the last 2 or 3 
years reflects the fact that it is really a complex exercise to 
try to figure out what that time period is; you know, what is 
the magic number that gives law enforcement what it needs but 
doesn't overwhelm the providers and that moderates the risk to 
privacy of having data held for a long period of time? I can't 
come up with that number today, but I am pretty confident that 
if we work at it, we will come to it.
    Ms. Adams. And your earlier testimony is something that I 
have had along my law enforcement career is that a lot of times 
when you start investigating these you end up going to 
different countries, and that adds time to the process, does it 
not?
    Mr. Weinstein. It does. In fact, I was thinking this 
morning about a case that we did that we call Operation 
Achilles, which was a multinational law enforcement operation 
to take down a network that was producing and distributing 
images and videos of child exploitation, and there was a 
little, little girl in the Northern District of Georgia who was 
rescued as a result of that investigation, but she was rescued 
2 years after the video of her being abused was discovered when 
a search was done in Australia of one of the members of the 
organization's computers. And it took 2 years of work every 
single day by the investigators, both in Australia and here in 
the U.S., to try to find out where that girl was so they could 
rescue her and ultimately capture the abuser, who was her 
father. Those cases can inherently take a long period of time. 
We are obviously committed to them, and we will investigate 
them as long as we humanly can.
    Ms. Adams. I hope so.
    Ms. Dean, hearing this testimony, I would agree with my 
colleagues that you go back to your membership and see if there 
is some kind of compromise you can come up with within your 
membership and to the law enforcement that doesn't require the 
Congress to intervene on this. It is really important that if 
there are children being abused, taken advantage of, or worse, 
we would like to have that information given to law enforcement 
so that the bad guys can be prosecuted.
    Mr. Sensenbrenner. The time of the gentlewoman has expired. 
The gentleman from Florida, Mr. Deutch.
    Mr. Deutch. Thank you, Mr. Chairman. I have a question, Mr. 
Weinstein, for you about the way that we investigate. There is 
a constituent of mine in my district of south Florida that runs 
a business. It is a data fusion program, child protection 
systems, which is a program that is used by the vast majority 
of ICAC task forces as well as 38 countries free of charge. I 
would like to know, since this is a system that enables law 
enforcement to track files across the vast expanse of the 
Internet and then identify the specific computers that are 
responsible, first--actually for you and for Mr. Douglass--are 
you aware of this opportunity, this program?
    Chief Douglass. I am aware of several programs that allow 
us to pinpoint peer-to-peer intersections and gives us a 
starting point to start with the subpoenas and search warrants. 
I do know this, that they are relatively successful but 
somewhat limited at this stage in scope.
    Mr. Deutch. Mr. Weinstein.
    Mr. Weinstein. Congressman, I am not familiar with that 
particular software, but I am familiar with a number of 
programs, as the Chief said he is as well. And you should know, 
the Department, under section 105 of the PROTECT Our Children 
Act, was directed to develop a technological solution known as 
the National Internet Crime Data System, and we are in the 
process of doing that. We have issued grants I think to the 
Massachusetts State Police in relation to the development of 
that. And once that system is operational, it will support 
efforts by Federal, State, local, and tribal enforcement, 
including the ICAC task forces, to more effectively investigate 
and deconflict those cases. So we are working very hard on 
developing technology that will enhance our ability to pursue 
those cases.
    Mr. Deutch. I would just suggest that the technology of 
this company has been used--their expertise has been used to 
catch criminals. They also helped identify the 9/11 terrorists. 
I would encourage you to reach out, and I would be happy to 
make that happen.
    Getting back to something you said earlier this morning, 
Mr. Weinstein, moving beyond this issue of data retention. I 
would like to ask you about other ways to streamline the 
prosecution of these cases and make it more likely that we will 
actually catch these people. The Internet, as was just 
discussed, is global, and the criminal activity bounces over 
local, State, and even national boundaries, borders. Does it 
make sense from a national law enforcement perspective to 
create a centralized place--at least for the United States--to 
subpoena ISP records rather than having to subpoena each 
company in a different way?
    Mr. Weinstein. Well, I haven't given a lot of thought to a 
proposal like that, although my first reaction is that to the 
extent people are concerned about privacy from having multiple 
databases of Internet activity, I would think that there would 
be some significant privacy concerns if there was one 
megadatabase of that activity. But I think that ultimately, 
Congressman, the challenge in these cases is not just the 
ability to get data, of course. They are inherently time 
consuming, and they take a long time. I think as our 
relationships improve with foreign law enforcement, we are able 
to proceed then more quickly and more efficiently. But 
ultimately, if providers were able to retain the data we needed 
for a reasonable and uniform period of time, we would have 
fewer dead-ends and we would be able to move the cases more 
quickly. Sometimes the cases take longer than they otherwise 
would because, having hit a roadblock when the data is not 
available, you have to figure out some other way around it, 
some other way around the lack of data, and to try to basically 
investigate the case over again from a different angle. If the 
data were available, whether it was in one common source, as 
you suggested, or maintained by individual providers for a 
reliable period of time, I think we would be able to pursue the 
cases more expeditiously and in larger numbers to a successful 
conclusion.
    Mr. Deutch. Mr. Douglass, from your perspective, would a 
centralized database help in pursuing these criminals?
    Chief Douglass. Well, again, I agree with Mr. Weinstein. A 
centralized database would certainly be the most efficient. 
However, the tenor of these conversations have been all about 
balance, and balance means that we balance out the effects of 
privacy and the effects of efficiency at the same time. So 
consequently, while it would absolutely be more efficient, I 
would also think it would raise a lot more concerns about 
concerns over privacy. I think we can work around that. If we 
have the locations we can go to that maintain those files, that 
is not a big deal.
    Mr. Deutch. Finally, Mr. Chair, Mr. Douglass, I appreciate 
what you are saying. And certainly we need to balance those 
interests, ultimately though being on the front lines of Mr. 
Weinstein in trying to catch these guys. I am just trying to 
figure out if that is something that we ought to be 
entertaining, and it sounds like it is something that could be 
helpful.
    Chief Douglass. I would have concerns about going that 
direction because I don't think that the benefits would 
outweigh the risks.
    Mr. Sensenbrenner. The gentleman's time has expired. The 
gentleman from Arkansas, Mr. Griffin.
    Mr. Griffin. Thank you, Mr. Chairman.
    Ms. Dean, I wanted to ask you, I was looking through your 
testimony, and it may just be a misunderstanding. But it 
appears that you make a distinction between data retention and 
data preservation. And I apologize for being out if you have 
explained that. But could you comment on that?
    Ms. Dean. Certainly. I would be happy to.
    Data presentation and data retention are--my luck today--
are very different. Data preservation is a targeted request 
from law enforcement to a provider to hold on to a specific 
person's data. And to be clear, to clear up some of the 
conversation from earlier, that is not simply an IP log. That 
is a very broad aspect of--it is a snapshot. Think of it as a 
snapshot at the exact moment that the request comes in of that 
person's account, e-mails, buddy lists, anything that we have 
got that is taken, set aside, and it is able to be preserved 
for up to 180 days. Now that doesn't go into the future because 
then you can get wiretap problems and things like that.
    Retention, what we are talking about here today, would be 
to hold on to a category of data, a category of providers on 
all of their users into the future.
    Mr. Griffin. So preservation would include the type of 
information that you would get in a subpoena such as method of 
payment, credit card records, all of that stuff, and the 
retention is just the data that relates to the ISP?
    Ms. Dean. Well, to be clear, preservation is so effective 
and valuable, we see it as very effective and valuable because 
we don't make a distinction as to what kind of process may come 
in the future. We simply freeze the account, set it aside, and 
it is available to law enforcement, pending the issuance of 
process. So they can get whatever it is the order calls for 
into the future.
    Mr. Griffin. What is your ideal? Are you happy with the 
status quo? I know that when I came back in, Mr. Weinstein had 
been asked by Representative Quayle about his ideal in terms of 
the time frame. I want to ask you what your ideal is.
    Ms. Dean. Well, one of the things I want to say is that, 
you know, we really do want to be involved in this 
conversation. We want to talk to our colleagues in law 
enforcement and find out what it is specifically that they 
need. We really do want to understand better which providers. 
And that is very important. Do you want the Facebooks of the 
world? Do you want you know access providers? Do you want the 
nytimes.com? It is very important.
    Mr. Griffin. I am running out of time. So there is not a 
specific time frame. It sounds like you are still sort of 
grappling with it. Chief Douglass, do you have an ideal time 
frame in mind that you think would capture most of the data 
that you would need?
    Chief Douglass. Yes, sir. My personal opinion is 6 months 
up to a year, maybe up to 18 months. But after that period of 
time, there is a point of diminishing returns. Certainly 6 
months does not seem to be unreasonable from an investigative 
standpoint. We will get quite a bit. That will be six times 
more than the best we can get right now. And in that event, I 
think that would be logical. But there are other factors to 
consider. And when we shape out whatever agreements or 
legislation or compromises that take place, those things should 
be fleshed out with all parties, understanding exactly where it 
goes. But from a law enforcement standpoint, I would think a 
minimum of 6 months would be advantageous. More like a year 
would probably be the best.
    Mr. Griffin. Have you been in any talks with the Department 
of Justice on this? Apparently, the Department of Justice has 
not settled on a specific time frame.
    Chief Douglass. No, sir. We haven't. And, you know, we come 
from two different localities with two different things in 
mind. The Department of Justice is looking at overall arching 
philosophy and policy for the entire country in that regard, 
and we are looking at it from how it affects Overland Park, 
Kansas and how it affects cities in your State. So we have 
common interests, but they are not necessarily parallel 
interests.
    Mr. Griffin. Maybe you can grab Mr. Weinstein there, and 
y'all can talk about that. Thank you. That is all I have, Mr. 
Chairman.
    Mr. Sensenbrenner. The gentleman's time has expired. And 
again, last but not least, the gentleman from Pennsylvania, Mr. 
Marino.
    Mr. Marino. Thank you, Mr. Chairman.
    And if I do ask a question that has already been asked 
because I was at another meeting, please tell me that and I 
will go on.
    Deputy Weinstein and Chief Douglass, I couldn't agree with 
you more on your approach, what you have done, and what you 
continue to do, particularly in the area of child abuse and 
cybercrime. As a prosecutor, as a district attorney for 12 
years, the State level, and as an United States attorney for 6 
years, I have personally prosecuted both types of cases in both 
courts. And on many instances, the evidence that we have 
gathered could be as much as 2 years old. So I implore you to 
please keep doing what you are doing, bring back to us any 
insight that this Committee can do to see that you can carry on 
that mission. And I thank you for that.
    Director Dean, again, please, I beg you to talk with your 
organizations, the individuals with whom you work. I am sure 
that you can come to a consensus. But please, please utilize 
the frontline law enforcement men and women when asking what 
can we do to improve the tools that you need to track down 
these child abusers. Many of the cases that I worked on 
personally involved photographs and pornography that came into 
the United States from other countries. But unfortunately, we 
have a fair number of those individuals in this country. So I 
implore you, please regulate this to the extent where it is 
effective and efficient yourselves because, I can agree with 
the Chairman and my colleagues, at one point, we will step in.
    And Attorney Morris, let me refer to something in your 
statement. And could you please correct me if I am wrong on 
this. Maybe it is just written or taken out of context. I am 
reading toward the end--actually, the next to the last page of 
your statement. It says in bold at the top, In the face of the 
serious risk and cost of data retention, Congress should 
carefully investigate what benefits there would be, if any, in 
the prosecution of child pornography cases.
    You are not suggesting that we do not investigate and 
prosecute child pornography cases, are you?
    Mr. Morris. Not in the least, Congressman. What I am 
suggesting is that given the current lack of resources, given 
the fact that, as I believe Congresswoman Wasserman Schultz 
said, that only 2 percent of the cases that are currently known 
do we have resources to prosecute that adding a massive data 
retention obligation is not going to increase the ability for 
us to put the child pornographers in jail. I certainly very, 
very strongly support the goal of putting these people in jail.
    Mr. Marino. Thank you. Now I do disagree with the 
percentage that was stated as to the cases that a re 
prosecuted. As a prosecutor, we could prosecute more crimes in 
any situation if the district attorney or the Chief or the 
deputy attorney general had more bodies and more investigators. 
But with that said, in my experience--and perhaps Deputy 
Weinstein and the Chief can respond to this--any case that came 
into our offices or series of cases would be investigated and 
eventually prosecuted.
    Gentlemen, what do you say about this?
    Ms. Wasserman Schultz. Would the gentleman yield just for 1 
second?
    Mr. Marino. Yes.
    Ms. Wasserman Schultz. I just want to thank you very much. 
I just wanted to clarify in saying that they are investigating 
less than 2 percent of the cases. It is not because they are 
unwilling to. It was because of the lack of resources, the lack 
of individuals, the lack of resources to be able to investigate 
more than that. But specifically in among the cases that they 
are able to investigate, they rescue a child in about 30 
percent of the cases. So it is incredibly important. I just 
wanted to make sure I was clear.
    Mr. Marino. Thank you. I understood that it is just a 
percentage, the 2 percent. I don't mean to brag about it, but 
our conviction rates in our office and our investigations and 
prosecutions were far more than 2 percent of the cases that 
came into the office.
    Mr. Weinstein. Congressman, I think, as you know, as a 
general matter, we follow the same approach that I know you 
followed in your office when you were the U.S. attorney. We 
don't turn cases away at the door. If they are there to pursue, 
we will pursue them.
    I think that it is not just increasing the number of cases. 
It is taking the existing cases as far as they can go. I used 
the case of the father who was abusing his daughter in northern 
Georgia a few moments ago. Because it took 2 years to identify 
that man as the abuser, by the time his computer was searched, 
the data that would have helped identify the other members of 
the group here in the U.S. with whom he was trading videos of 
child sexual abuse, we couldn't pursue those people because the 
data didn't exist. So a lot of times, it is taking the case 
that we have made and making it bigger and making sure that we 
are actually dismantling the entire organization so we can 
protect more children at the same time.
    Mr. Marino. Thank you. I think my time has expired.
    Mr. Sensenbrenner. The time of the gentleman has expired.
    I want to thank our witnesses for their testimony today. 
And, Ms. Dean, I hope you got the message, and I hope you will 
get to work with your organization to help us come up with a 
way that deals with this problem fairly. It is going to mean 
that your members are going to have to do a little bit more, 
and I think we all recognize that. But this is going to be a 
lot easier if this is worked out. There is a need to deal with 
this issue. I always prefer to have it done voluntarily in a 
trade organization. But I think you have got the message that 
if it isn't being dealt with voluntarily, the train will leave 
the station.
    So again, thank you all for your testimony today. Without 
objection, all Members will have 5 legislative days in which to 
submit to the Chair additional written questions for the 
witnesses which we will forward and ask them to respond as 
promptly as they can so that their answers may be made a part 
of the record. Without objection, all Members will have 5 
legislative days to submit any additional materials for 
inclusion in the record.
    And without objection, this hearing is adjourned.
    [Whereupon, at 12 p.m., the Subcommittee was adjourned.]
                            A P P E N D I X

                              ----------                              


               Material Submitted for the Hearing Record

 Prepared Statement of the Honorable Henry C. ``Hank'' Johnson, Jr., a 
   Representative in Congress from the State of Georgia, and Member, 
        Subcommittee on Crime, Terrorism, and Homeland Security
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]

  Prepared Statement of the Honorable Ted Deutch, a Representative in 
Congress from the State of Florida, and Member, Subcommittee on Crime, 
                    Terrorism, and Homeland Security
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


                                 
