[House Hearing, 112 Congress]
[From the U.S. Government Publishing Office]






      PROTECTING CHILDREN FROM INTERNET PORNOGRAPHERS ACT OF 2011

=======================================================================

                                HEARING

                               BEFORE THE

                   SUBCOMMITTEE ON CRIME, TERRORISM,
                         AND HOMELAND SECURITY

                                 OF THE

                       COMMITTEE ON THE JUDICIARY
                        HOUSE OF REPRESENTATIVES

                      ONE HUNDRED TWELFTH CONGRESS

                             FIRST SESSION

                                   ON

                               H.R. 1981

                               __________

                             JULY 12, 2011

                               __________

                           Serial No. 112-60

                               __________

         Printed for the use of the Committee on the Judiciary









      Available via the World Wide Web: http://judiciary.house.gov

                                _____

                  U.S. GOVERNMENT PRINTING OFFICE
67-309 PDF                WASHINGTON : 2011
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC 
20402-0001





                       COMMITTEE ON THE JUDICIARY

                      LAMAR SMITH, Texas, Chairman
F. JAMES SENSENBRENNER, Jr.,         JOHN CONYERS, Jr., Michigan
    Wisconsin                        HOWARD L. BERMAN, California
HOWARD COBLE, North Carolina         JERROLD NADLER, New York
ELTON GALLEGLY, California           ROBERT C. ``BOBBY'' SCOTT, 
BOB GOODLATTE, Virginia                  Virginia
DANIEL E. LUNGREN, California        MELVIN L. WATT, North Carolina
STEVE CHABOT, Ohio                   ZOE LOFGREN, California
DARRELL E. ISSA, California          SHEILA JACKSON LEE, Texas
MIKE PENCE, Indiana                  MAXINE WATERS, California
J. RANDY FORBES, Virginia            STEVE COHEN, Tennessee
STEVE KING, Iowa                     HENRY C. ``HANK'' JOHNSON, Jr.,
TRENT FRANKS, Arizona                  Georgia
LOUIE GOHMERT, Texas                 PEDRO R. PIERLUISI, Puerto Rico
JIM JORDAN, Ohio                     MIKE QUIGLEY, Illinois
TED POE, Texas                       JUDY CHU, California
JASON CHAFFETZ, Utah                 TED DEUTCH, Florida
TIM GRIFFIN, Arkansas                LINDA T. SANCHEZ, California
TOM MARINO, Pennsylvania             DEBBIE WASSERMAN SCHULTZ, Florida
TREY GOWDY, South Carolina
DENNIS ROSS, Florida
SANDY ADAMS, Florida
BEN QUAYLE, Arizona
[Vacant]

      Sean McLaughlin, Majority Chief of Staff and General Counsel
       Perry Apelbaum, Minority Staff Director and Chief Counsel
                                 ------                                

        Subcommittee on Crime, Terrorism, and Homeland Security

            F. JAMES SENSENBRENNER, Jr., Wisconsin, Chairman

                  LOUIE GOHMERT, Texas, Vice-Chairman

BOB GOODLATTE, Virginia              ROBERT C. ``BOBBY'' SCOTT, 
DANIEL E. LUNGREN, California        Virginia
J. RANDY FORBES, Virginia            STEVE COHEN, Tennessee
TED POE, Texas                       HENRY C. ``HANK'' JOHNSON, Jr.,
JASON CHAFFETZ, Utah                   Georgia
TIM GRIFFIN, Arkansas                PEDRO R. PIERLUISI, Puerto Rico
TOM MARINO, Pennsylvania             JUDY CHU, California
TREY GOWDY, South Carolina           TED DEUTCH, Florida
SANDY ADAMS, Florida                 SHEILA JACKSON LEE, Texas
BEN QUAYLE, Arizona                  MIKE QUIGLEY, Illinois
                                     DEBBIE WASSERMAN SCHULTZ, Florida

                     Caroline Lynch, Chief Counsel

                     Bobby Vassar, Minority Counsel










                            C O N T E N T S

                              ----------                              

                             JULY 12, 2011

                                                                   Page

                                THE BILL

H.R. 1981: The ``Protecting Children from Internet Pornographers 
  Act of 2011''..................................................     3

                           OPENING STATEMENTS

The Honorable F. James Sensenbrenner, Jr., a Representative in 
  Congress from the State of Wisconsin, and Chairman, 
  Subcommittee on Crime, Terrorism, and Homeland Security........     1
The Honorable Robert C. ``Bobby'' Scott, a Representative in 
  Congress from the State of Virginia, and Ranking Member, 
  Subcommittee on Crime, Terrorism, and Homeland Security........    14
The Honorable Lamar Smith, a Representative in Congress from the 
  State of Texas, and Chairman, Committee on the Judiciary.......    15
The Honorable John Conyers, Jr., a Representative in Congress 
  from the State of Michigan, and Ranking Member, Committee on 
  the Judiciary..................................................    17

                               WITNESSES

Ernie Allen, President and CEO, National Center for Missing and 
  Exploited Children
  Oral Testimony.................................................    24
  Prepared Statement.............................................    27
Michael J. Brown, Sheriff, Bedford County Sheriff's Office
  Oral Testimony.................................................    34
  Prepared Statement.............................................    37
Marc Rotenburg, President, Electronic Privacy Information Center
  Oral Testimony.................................................    42
  Prepared Statement.............................................    44

          LETTERS, STATEMENTS, ETC., SUBMITTED FOR THE HEARING

Prepared Statement of the Honorable John Conyers, Jr., a 
  Representative in Congress from the State of Michigan, and 
  Ranking Member, Committee on the Judiciary.....................    19
Material submitted by the Honorable Robert C. ``Bobby'' Scott, a 
  Representative in Congress from the State of Virginia, and 
  Ranking Member, Subcommittee on Crime, Terrorism, and Homeland 
  Security.......................................................    75
Material submitted by the Honorable Lamar Smith, a Representative 
  in Congress from the State of Texas, and Chairman, Committee on 
  the Judiciary..................................................    79

                                APPENDIX
               Material Submitted for the Hearing Record

Prepared Statement of the Honorable Sheila Jackson Lee, a 
  Representative in Congress from the State of Texas, and Member, 
  Subcommittee on Crime, Terrorism, and Homeland Security........    81
Letter from Douglas C. Gillespie, President, Major County 
  Sheriffs' Association here.....................................    84
Letter from Chuck Canterbury, National President, National 
  Fraternal Order of Police......................................    85
Letter from Mai Fernandez, Executive Director, The National 
  Center for Victims of Crime....................................    86
Letter from Paulette Sullivan Moore, Vice President of Public 
  Policy, the National Network to End Domestic Violence (NNEDV)..    87
Letter from Penny Nance, Chief Executive Officer and President, 
  Concerned Women for American Legislative Action Committee......    88

 
      PROTECTING CHILDREN FROM INTERNET PORNOGRAPHERS ACT OF 2011

                              ----------                              


                         TUESDAY, JULY 12, 2011

              House of Representatives,    
              Subcommittee on Crime, Terrorism,    
                             and Homeland Security,
                                Committee on the Judiciary,
                                                    Washington, DC.

    The Subcommittee met, pursuant to call, at 9:59 a.m., in 
room 2141, Rayburn House Office Building, the Honorable F. 
James Sensenbrenner, Jr. (Chairman of the Subcommittee) 
presiding.
    Present: Representatives Sensenbrenner, Smith, Goodlatte, 
Lungren, Poe, Marino, Gowdy, Conyers, Scott, Cohen, Chu, and 
Quigley.
    Staff Present: (Majority) Caroline Lynch, Subcommittee 
Chief Counsel; Sam Ramer, Counsel; Sarah Allen, Counsel; 
Allison Halatei, Deputy Chief of Staff; Sean McLaughlin, Chief 
of Staff and General Counsel; Tony Angeli, Counsel; Lindsay 
Hamilton, Clerk; (Minority) Bobby Vassar, Subcommittee Chief 
Counsel; Lilliana Coronado, Counsel; Joe Graupensberger, 
Counsel; and Veronica Eligan, Professional Staff Member.
    Mr. Sensenbrenner. The Subcommittee will be in order.
    Without objection, the Chair will be authorized to recess 
the Committee during votes today.
    Hearing none, so ordered.
    I am not using the prepared statement that was given to me 
today by the staff. I move myself 5 minutes.
    This is the second hearing that this Subcommittee has had 
on this subject. The bill that is before us today, I think it 
is very bad policy. And I will say right now that I will do my 
best to kill it, should it proceed any further.
    I do not believe that there should be a statutory 
declaration on how long Internet service providers should 
maintain records. That should be a business decision that they 
should make.
    Furthermore, I am very disturbed at the administrative 
subpoena power that is given to the Marshals Service by this 
bill.
    People may recall that I introduced a similar bill when I 
was the Chair of the Committee and withdrew it, because I was 
concerned for both of these points, and that concern remains.
    People should also be aware that I fought vigorously to 
avoid granting more administrative subpoena power to any 
Federal law enforcement agency during both the PATRIOT Act 
consideration and the PATRIOT Act reauthorization in 2005 and 
2006.
    This bill strikes out in both respects. It is my feeling 
that the administrative subpoena power that is given to the 
Marshals Service will allow not only the Marshals Service but 
any other law enforcement agency with existing administrative 
subpoena power to rummage through Internet service providers' 
records, whether it is on the subject of child pornography or 
any other subject relating to law enforcement, and that we 
should restrict severely administrative subpoena powers that 
are given to law enforcement for, particularly, the gathering 
of evidence.
    This is not to say I am not concerned about the child 
pornography issue. I think my record has been very clear from 
the beginning of my service in Congress that I have fought to 
strengthen legislation to allow law enforcement to crack down 
on child pornography. And as the author of both the Child 
Protect Act of 2003 and the Adam Walsh Act of 2007, I think my 
record is quite clear on this issue.
    However, it seems to me that this goes far beyond the issue 
of trying to prevent people from using the Internet to purvey 
child pornography, which I think is the most disgusting smut of 
all the smut that ends up being purveyed, whether it is by 
electronic means or other means.
    We ought to forget about having a statutory retention 
passed by Federal law. We ought to forget about granting the 
Marshals Service administrative subpoenas.
    This does not strike at the problem in an effective manner, 
and it runs roughshod over the privacy rights of people who use 
the Internet for thousands of lawful purposes. And that is why 
this bill ought to be defeated and be put in the dustbin of 
history.
    And I now yield to the gentleman from Virginia, Mr. Scott, 
the Ranking Member.
    [The bill, H.R. 1981, follows:]
    
    
    
                               __________
    Mr. Scott. Thank you, Mr. Chairman.
    I will read the prepared statement, but I must say I am 
pleased to join you for the hearing.
    The Crime Subcommittee convenes this morning to examine the 
bill H.R. 1981 that, among other things, imposes an 18-month 
data retention requirement on non-wireless Internet service 
providers known as ISPs, gives the United States Marshals 
Services administrative subpoena power, and substantially 
increases penalties for certain Federal sex offenses.
    The legislation, known as Protecting Children From Internet 
Pornographers Act of 2011, does many things that I suspect 
that, if passed, it may not actually be the most effective way 
of protecting children from Internet pornographers.
    Section 4 imposes an 18-month mandate on certain ISPs to 
retain IP addresses. The question that remains unanswered is 
whether this data retention mandate, which imposes unknown 
costs on ISPs, will add anything significant to the process.
    When Congress imposes a costly mandate on private industry, 
there ought to be a corresponding and significant benefit to 
law enforcement. The information before me fails to demonstrate 
that the expansive policy proposed in H.R. 1981 will provide 
that benefit.
    Indeed, the GAO reports that currently in 80 percent of 
investigations, law enforcement officials are already able to 
obtain the data that they need from ISPs. In the remaining 20 
percent, they are virtually always able to obtain information 
through other means. This is most likely because the majority 
of ISPs already maintain data from 6 to 12 months.
    In light of this, we must balance the additional marginal 
benefit that law enforcement may receive by extending the 
mandate to 18 months against the countervailing costs, privacy, 
and security concerns that such policy implicates.
    Rather than address the myriad of factors that pose 
challenges to child pornography prosecutions, the bill 
mistakenly focuses entirely on data retention. The GAO's report 
on the Protect Act makes it clear the backlog in forensic 
examination of computers is the real issue in these cases, and 
the bill does nothing to address that problem.
    According to the GAO, it can take up to a year for the FBI 
to conduct a forensic evaluation of a suspect's computer. This 
bill actually creates more cases in forensic examinations that 
will be necessary without providing any additional resources. 
The legislation seems to ignore that the real issue is in fact 
resources.
    So we must ask ourselves about the utility of adding more 
data, and older data at that, to this queue and exacerbate what 
is already a significant backlog.
    It is undisputed that the overwhelming majority of the 230 
million Americans that use the Internet are law-abiding. The 
ISPs assign millions of IP addresses every day to these users. 
And when one is looking for a needle in a haystack, the last 
thing you need is more hay. This is exactly what section 4 
would do, accumulate more hay without providing any more tools 
to sort through it.
    The low number of prosecutions also underscores the bill's 
misplaced focus on data retention. The ISPs provide law 
enforcement with well over 100,000 cyber-tips every year. These 
tips require the preservation of not just the IP address of the 
suspect, but also as much content from the suspect's account as 
is available at the time the tip is made. Yet there are only a 
little over 2,000 prosecutions every year, according to the 
DOJ's own figures.
    Given the data preservation requirements, the lack of data 
cannot be blamed for the small percentage of prosecutions. It 
does not take a statistician to see that DOJ already has more 
data than it has adequate personnel to investigate.
    Prosecution surely cannot increase under the House-passed 
budget, which proposes to cut 4,000 FBI agents. What we need is 
more resources, not less; more FBI agents assigned to 
investigate these cases, not less; more personnel to tackle the 
backlog in forensic investigation of suspect computers, not 
less; and not more data without resources to process it.
    In addition to the failure to provide additional resources 
to law enforcement, the blanket exemption for all wireless 
Internet service providers and the potential uses of the data 
in addition to child pornography cases also concerns me.
    The wireless Internet is the largest and fastest-growing 
mechanism for accessing the Internet. In fact, by the end of 
the year, there were over 300 million wireless connections in 
the United States. The exemption for wireless providers would 
thus appear to exempt almost as much as it covers and undermine 
the goal of the legislation.
    The other uses of data, in addition to child pornography 
prosecutions, is also a concern. Can that data be vulnerable to 
hackers for ID theft or available for marketing, copyright 
infringement cases, divorce cases, or other crimes? These are 
some concerns that we need to look into it.
    And, finally, I join the Chairman in his concern about the 
administrative subpoena. Under the bill, the Marshals would 
have more power and more expensive subpoena power than the 
Secret Service has even faced with an imminent threat on the 
life of the President of the United States.
    I look forward to hearing the witnesses' opinion about the 
most curious carveout, the wireless carveout, as well as the 
other issues that I have raised this morning.
    And, Mr. Chairman, thank you, and I yield back.
    Mr. Sensenbrenner. The Chair recognizes the Chair of the 
full Committee, the gentleman from Texas, Mr. Smith, for an 
opening statement.
    Mr. Smith. Thank you, Mr. Chairman.
    Child pornography may be the fastest growing crime in 
America, increasing an average of 150 percent per year. The 
Justice Department estimates that there are now more than 1 
million pornographic images of children on the Internet. The 
department also estimates that one third of the world's 
pedophiles involved in organized pornography rings worldwide 
live in the United States.
    Since the National Center for Missing and Exploited 
Children, called NCMEC, created the cyber-tip line 12 years 
ago, electronic service providers have reported 8 million 
images and videos of sexually exploited children. The number of 
reports to NCMEC's cyber-tip line of child pornography, child 
prostitution, child sex tourism, and child sexual molestation, 
and online sexual enticement of children, increased from about 
4,000 in 1998 to 102,000 in 2008, an average increase of 200 
percent a year.
    H.R. 1981, the `Protecting Children From Internet 
Pornographers Act of 2011,'' enables law enforcement officials 
to successfully locate and prosecute those who want to hurt our 
children. Often the only way to identify a pedophile who 
operates a website or exchanges child pornography images with 
other pedophiles is by an Internet protocol address.
    Law enforcement officials must obtain a subpoena and then 
request from the Internet service provider the name and address 
of the user of the IP address. Unfortunately, ISPs regular 
purge these records, making it difficult if not impossible for 
investigators to apprehend child pornographers on the Internet.
    H.R. 1981 directs Internet service providers to retain 
Internet protocol addresses to assist Federal law enforcement 
officials with child pornography and other Internet 
investigations. This is a narrow provision that addresses the 
retention of only the Internet protocol addresses that 
providers assign to their customers. It does not require the 
retention of any content. So the bill does not read any 
legitimate privacy interests of the Internet users.
    Some Internet service providers currently retain these 
addresses for business purposes, but the period of retention 
varies widely among providers from a few days to a few months, 
and providers will even change their own retention periods from 
time to time. The lack of uniform data retention impedes the 
investigation of Internet crimes.
    H.R. 1981 requires providers to retain these records for 18 
months. This mirrors an existing FCC regulation that requires 
telephone companies to retain for 18 months all toll records, 
including the name, address, and telephone number of the 
caller, plus each telephone number called and the date, time, 
and length of the call. In effect, this bill merely applies to 
the Internet what has applied to telephones for decades.
    Without the identity of the perpetrator, law enforcement 
officials cannot track down pedophiles, so they continue to 
threaten our children. The Justice Department describes a 
disturbing trend in child pornography, that pedophiles who 
document their sexual abuse of children will only exchange 
images with other pedophiles who do the same. The result is 
that people who may have previously only viewed these images 
now have the incentive to sexually abuse children and produce 
their own images.
    Data retention enables law enforcement officials to catch 
the abusers and save the children from being abused.
    Critics contend that data retention is unnecessary because 
current law already requires ISPs to preserve records at the 
request of law enforcement agents for 90 days. But ISPs can 
only preserve information they still have. By the time 
investigators discover the Internet child pornography and make 
the request under this provision, the provider has often 
already purged the Internet protocol address records.
    Both Democratic and Republican administrations have been 
calling for data retention for a decade. In January, the 
Justice Department testified that shorter even nonexistent 
retention by providers frustrate criminal investigations. Every 
time a provider purges IP address records, it erases forever 
the evidence needed to save a child.
    In hearings before the Committee this spring, both Attorney 
General Holder and FBI Director Mueller testified that data 
retention is invaluable to investigating child pornography and 
other Internet-based crimes. H.R. 1981 also creates a new 
Federal offense allowing for Federal prosecution of any person 
who conducts a financial transaction knowing that it will 
facilitate access to child pornography.
    This bill strengthens protection for child witnesses and 
victims, who are often subjected to harassment and intimidation 
throughout the trial period. The bill allows a Federal court to 
issue a protective order if it determines that a child victim 
or witness is being harassed or intimidated, and imposes 
criminal penalties for violation of a protective order. And the 
bill increases the penalties for child pornography offenders in 
cases that involve children less than 12 years old.
    Parents who once relied on the four walls of their homes to 
keep the children safe are now faced with a new challenge. The 
Internet has unlocked the doors and opened the windows. The 
Internet has proved to be of great value in many aspects of our 
lives, but it has also become a virtual playground for sex 
predators and pedophiles to distribute child pornography images 
and encourage others to engage in child pornography.
    Mr. Chairman, I would like to thank my colleague Debbie 
Wasserman Schultz for cosponsoring this much-needed 
legislation. I look forward to hearing from the witnesses today 
and yield back my nonexistent time.
    Mr. Sensenbrenner. The Chair appreciates that.
    The Chair recognizes the Ranking Member of the full 
Committee, Chairman Emeritus John Conyers.
    Mr. Conyers. Thank you, Chairman Sensenbrenner.
    I come here to help bring our conservative Members together 
here. On one level, I am working with the Speaker and the 
majority leader. There are great differences there that need 
reconciliation.
    And here on the Judiciary Committee, I am working with the 
Chairman of the full Committee and the distinguished 
Subcommittee Chairman, who is also an emeritus Chairman. I 
suppose if I am junior grade that makes him senior grade, since 
he was there first.
    Now we are here today examining 1981, which is to protect 
children from Internet pornographers, a laudable goal worthy of 
praise, a noble objective. But the problem here is, first of 
all, that 1981, if enacted in its present form, would not 
achieve that goal. And number two, it does other damage that 
doesn't even exist.
    It would create a whole new host of problems, and it is not 
accidental that there are negative views about this bill or 
this proposal that are shared by a wide group of leaders and 
other organizations. I name three or four. The American Civil 
Liberties Union is opposed to this measure. The Center for 
Democracy and Technology and the Electronic Privacy Information 
Center, there are also Internet providers and other 
organizations that advocate for children, all opposed.
    And the fundamental problem is that it fails to achieve its 
intended purpose to protect children from Internet 
pornographers, and here is why. First, we need to--and this 
bill can be made, I think put in a form that people on both 
sides of the aisle might be able to support it.
    Here's the first thing we have to do: Eliminate the 
exemption of data retention mandate for wireless providers. We 
need to eliminate the exemption from the data retention mandate 
for wireless providers. They have got to be included. And why 
not? If it is that important, why wouldn't we include them?
    The bill completely, in its present form, exempts every 
wireless Internet service that exists from the data retention 
requirement. If it is good enough for the others, it might be 
very important for the wireless Internet providers, the same 
thing.
    And as a result, by doing what it does now, the bill would 
exempt 55 million residential mobile wireless service 
subscribers. That should be unacceptable to everybody that is 
supporting the bill. And it doesn't take a scientist to know 
that criminals will exploit this loophole in 1981 and simply 
migrate to a wireless service. So that makes the bill useless.
    And I wish that was the only thing we needed to correct. 
But if we corrected that, it would begin to put it on the path 
to general acceptability.
    Mr. Smith. Will the gentleman yield?
    Mr. Conyers. Of course.
    Mr. Smith. To reassure the gentleman, we are working to do 
just as you suggested and figure out a way so that we do not 
exempt the wireless providers, in which case, I look forward to 
your support.
    Mr. Conyers. Thank you very much, Chairman Smith.
    Now there is another consideration that I would put forward 
to the authors of the bill, both my friends, and whom I respect 
here on the Committee. And that is limit law enforcement's 
access to Internet pornography crimes against children, limit 
law enforcement's access to Internet pornography crimes against 
children.
    The Department of Justice says that this bill would 
institute a data retention policy for all types of crimes, 
including routine street crimes. And I have expressed this in 
an earlier meeting in January, and I think that we may want to 
revisit this second very important consideration I think that 
would be needed to get this bill together.
    The bill's title, the Protecting Children From Internet 
Pornographers Act, is a misnomer, because the legislation 
really is not about those types of crime at all, because if it 
were, it would certainly not contain a broad exemption for the 
largest Internet service providers, such as AT&T, and it would 
target child exploitation.
    I will submit the rest of my statement. Thank you.
    [The prepared statement of Mr. Conyers follows:]
    
    
    
                               __________

    Mr. Sensenbrenner. I thank very much the gentleman from 
Michigan.
    It is now my pleasure to introduce two of today's three 
witnesses.
    Ernie Allen is cofounder of the National Center for Missing 
and Exploited Children and has served as president and CEO for 
22 years. He is also the founder of the International Center 
for Missing and Exploited Children and serves as the CEO. Under 
his tenure at NCMEC, more than 150,000 missing children have 
been recovered. He received both his bachelor and jurist 
doctorate degrees from Louisville University.
    Mark Rotenberg is executive director of the Electronic 
Privacy Information Center, or EPIC, in Washington. He teaches 
information privacy law at Georgetown University Law Center. He 
served as counsel to Senator Patrick J. Leahy on the Senate 
Judiciary Committee after graduation from law school. He is a 
graduate of Harvard College and Stamford Law School.
    Each of the witnesses' written statements will be entered 
into the record in its entirety, and I ask that each witness 
summarize his or her testimony in 5 minutes or less.
    To help you stay within that time limit, there is a timing 
light on your table. When the light switches from green to 
yellow, you will have 1 minute to include your testimony. And 
when it turns red, your time is up.
    And now I will yield to the gentleman from Virginia, Mr. 
Goodlatte, to introduce his constituent, Sheriff Michael Brown.
    Mr. Goodlatte. Thank you, Mr. Chairman, I appreciate this 
honor.
    Sheriff Brown has been a dear friend of mine for 20 years 
and for the past 15 years as sheriff of Bedford County. I know 
of no sheriff or other local law enforcement official anywhere 
in America who has done more to combat online child 
pornography. And he has led that through groups such as the 
Safe Surfing Foundation that educates parents and children 
about how to keep their children safe on the Internet and 
through Operation Blue Ridge Thunder, which has led to the 
prosecution of online child pornographers, not only in 
southwest and central Virginia but all across the country, in 
fact, even overseas. His team has uncovered activities that 
have led to prosecutions in many, many jurisdictions around the 
country.
    He is a retired special agent of the U.S. Treasury 
Departments Criminal Enforcement Division. And prior to his 
election as sheriff in 1996, he served as criminal justice 
consultant and instructor with the Justice Department's 
International Criminal Investigative Training Assistance 
Program in Central and South America and the Caribbean.
    Sheriff Brown is a member of the executive committee, board 
of directors of the National Sheriffs' Association, where he 
currently serves as the Chair of the Technology Committee and 
is a member of the Congressional Affairs Committee.
    This is not the first time Sheriff Brown has made 
presentations before the Congress, and I welcome him back.
    Mr. Sensenbrenner. I thank you.
    Mr. Allen, you are first up and you will be recognized for 
5 minutes.

 TESTIMONY OF ERNIE ALLEN, PRESIDENT AND CEO, NATIONAL CENTER 
               FOR MISSING AND EXPLOITED CHILDREN

    Mr. Allen. Thank you, Mr. Chairman.
    As you mentioned, I have submitted written testimony. I 
would like to briefly summarize.
    Mr. Sensenbrenner. Without objection, all the witnesses' 
written testimony will be inserted into the record at the point 
of their testimony.
    And the clock will be reset for your 5 minutes.
    Mr. Allen. Thank you, Mr. Chairman.
    I would like to focus on three provisions of the bill, 
first section 2 on financial facilitation. Our primary concern 
is that there be nothing in the legislation that impedes the 
ability of financial companies to work with law enforcement and 
our center in attacking commercial child pornography.
    The basis for that is, in 2006 we created a financial 
coalition made up of 35 companies, representing 90 percent of 
the U.S. payments industry. The first priority is always 
criminal prosecution. However, we know it is impossible to 
arrest and prosecute everybody. So what has been happening is 
our center identifies illegal child pornography sites with 
method of payment information on it. These companies donate to 
us live accounts, which we provide to law enforcement around 
the country, which attempts to make purchases on those 
accounts. When the transaction goes through, we are able to 
capture that information, we report it to law enforcement and 
to the payment company. This is an illegal use of the payment 
system, so they are able to stop payments and shut down 
accounts.
    In 2006, McKinsey Worldwide estimated that the commercial 
child pornography industry was a multibillion-dollar industry. 
Just last year the Treasury Department's Office of Terrorist 
Financing and Financial Crimes indicated that the problem is 
now effectively zero, that it is less than a $1 million a year. 
And they attribute that to enforcement and to the ability of 
private sector companies to stop the use of the payment system 
to support their enterprises.
    So we want to make sure that nothing in the bill keeps 
these companies from their voluntary action that they are now 
engaged in that has had such dramatic impact on the commercial 
child pornography problem.
    Second point I want to raise is section 4, the Retention of 
Certain Records. What we like about this proposal, much as 
Chairman Smith has indicated, is that there has been long 
discussion and debate over data retention. We think this is a 
reasonable, balanced approach that does not mandate retaining 
content. What it mandates is retaining conductivity 
information.
    There can't be prosecution until law enforcement connects 
the date and time of the online activity to an actual person, 
the type of information that is found in electronic service 
providers' connectivity log. We have to be able to establish 
the linkage between that IP address and an actual person.
    As Chairman Smith indicated, we think this is analogous to 
the records that telephone companies are required by Federal 
law to keep, the date and time that a phone number was dialed. 
There is currently no requirement to do that. And while many 
companies have policies on data retention, the policies vary 
widely, are not implemented consistently, and may be for too 
short a time to have meaningful prosecutorial value.
    The third area I want to comment on is section 11, 
Administrative Subpoenas. And with great respect to the 
Chairman and the Ranking Member, we believe that it is 
essential that the Marshals Service receive administrative 
subpoena power.
    Now the basis for that is identifying and tracking 
noncompliant fugitive sex offenders is a huge challenge 
assigned to the Marshals Service by the Adam Walsh Act. In 95 
percent of the Marshals' cases, the fugitives' use of a 
communication device, such as the Internet or the telephone, is 
the key piece of evidence in locating the fugitive.
    Currently what the Marshals must do is contact the United 
States Attorney and obtain an All Writs order, which typically 
takes about 2 months. In addition, there has already been 
judicial review, because the is a warrant issued for the 
fugitives' arrest. Time is vital in searching for a fugitive 
who, by their very nature, are highly mobile.
    Let me mention that since 1948, and with the new law in 
1970, administrative subpoena power has been provided to 
Justice Department law enforcement. However, that has only 
applied historically to the FBI and not the Marshals Service.
    And also, a final point is under the statute, the 
administrative subpoena power provided to the Marshals Service 
specifies electronic service provider records and only in child 
sexual exploitation cases. So I think the intent of Chairman 
Smith and Congresswoman Wasserman Schultz is to create a 
surgical, narrow exception that we believe the intent has 
always been to include Justice Department law enforcement in 
the administrative subpoena power.
    In conclusion, I think that the statute is a great 
beginning, is an attempt to provide a balanced, reasonable 
approach to addressing a serious problem.
    [The prepared statement of Mr. Allen follows:]
    
    
    
                               __________

    Mr. Sensenbrenner. Thank you.
    Sheriff Brown?

            TESTIMONY OF MICHAEL J. BROWN, SHERIFF, 
                BEDFORD COUNTY SHERIFF'S OFFICE

    Mr. Brown. Good morning.
    Mr. Sensenbrenner. Could you turn your mike on?
    Thank you.
    Mr. Brown. As my Congressman, Congressman Goodlatte, so 
graciously noted, my name is Michael Brown. I am a retired 
Federal agent, and I have had the honor of serving as the 
sheriff of Bedford County, which is the home of the National D-
Day Memorial, for the past 16 years.
    I also serve on the executive committee and the board of 
directors for the National Sheriffs' Association. The National 
Sheriffs' Association represents the 3,083 elected sheriffs 
across the country and more than 20,000 law enforcement 
professionals.
    I am pleased to have this opportunity to appear before you 
today to discuss H.R. 1981, the ``Protecting Children From 
Internet Pornographers Act of 2011.''
    Additionally, the Bedford County Sheriff's Office has been 
Internet Crimes Against Children Task Force since 1998. We are 
known as the Southern Virginia Internet Crimes Against Children 
Task Force.
    The expansion and the development of technology has enabled 
child pornography to become a worldwide epidemic. Child 
predators have become adept at exploiting their perversion and 
hiding behind the anonymity of the Internet, making it 
extremely difficult at times for law enforcement to identify 
these predators.
    As such, unmasking child pornographers on the Internet is a 
painstaking and complex process for law enforcement officers 
and typically requires assistance from Internet service 
providers to accurately identify the perpetrator. I am speaking 
specifically to section 4 on the Internet service providers.
    Having some ISPs only retain their client records for a 
short period of time--it could be hours, it could be days, it 
could be weeks, it could possibly be months, so it could be 
months. And it varies from ISP to ISP.
    As such, the limited data retention time and lack of 
uniformity among these companies can significantly hinder law 
enforcement's ability to identify predators when they come 
across child pornography.
    To help law enforcement combat Internet child pornography, 
Congressman Lamar Smith of Texas and Congresswomen Debbie 
Wasserman Schultz of Florida introduced H.R. 1981. Through 
1981, ISPs will be required to retain the IP addresses assigned 
to customers for 18 months. The 18-month provision is critical, 
as it will ensure that when law enforcement contacts an ISP 
looking for a child predator, the identifying information will 
still exist.
    If I could give you just a brief example of why we need 
this time limit: A cyber-tip from the National Center for 
Missing and Exploited Children came into the Southern Virginia 
Internet Crimes Against Children Task Force in February of this 
year. The case involved someone posting that they were exposing 
themselves to their 2-and-a-half-year-old child. The only piece 
event evidence was the IP address that was posted to a Yahoo 
chat room through an Internet service provider.
    While going through the legal process to retrieve the 
information, we discovered that the ISP only kept the IP 
history for a period of 30 days. Sadly, the 30-day limit had 
passed since the evidence was posted. The case had to be closed 
due to the lack of further investigative material.
    This case, and hundreds like it from the files of the 
Internet Crimes Against Children Task Forces across the country 
clearly demonstrate the need to ensure that ISPs retain 
customer information for law enforcement.
    Therefore, it is imperative that this data be retained by 
ISPs for a significant and standard period of time, so that 
when law enforcement goes to lawfully request the online 
information and records, the information still exists.
    Additionally, H.R. 1981 provides legal protection for ISPs 
to further facilitate cooperation with law enforcement and help 
ease concerns that the ISPs could be held civilly liable for 
sharing customer information with law enforcement doing a valid 
investigation.
    H.R. 1981 also creates a new Federal offense for 
individuals who profit from child pornography, greatly enhances 
penalties for possession of child pornography, provides 
administrative subpoena authority to the U.S. Marshals to 
access critical travel information records on fugitive sexual 
offenders, and strengthens the protections for child witnesses 
and victims.
    Those who prey upon children are among the most violent and 
vilest offenders in society, and this act, 1981, will ensure 
that the predators are appropriately and strongly punished as 
shares.
    As sheriffs, it is our responsibility to protect society's 
most vulnerable, our Nation's children, from the evils of the 
world. Child pornography is one such evil.
    I have been in this business or 44 years. I have worked in 
Central America, South America, the Caribbean, and in Europe. I 
thought I had seen every man's inhumanity to man that I could 
imagine. But I really had not seen anything until I became 
involved in this arena of child pornography.
    The provisions within H.R. 1981 provide law enforcement 
officers the capabilities necessary to combat child predators 
and child pornography. The National Sheriffs' Association 
strongly supports----
    [The prepared statement of Mr. Brown follows:]
    
    
    
                               __________

    Mr. Sensenbrenner. The time of the gentleman has expired.
    Mr. Rotenberg?

            TESTIMONY OF MARC ROTENBERG, PRESIDENT, 
             ELECTRONIC PRIVACY INFORMATION CENTER

    Mr. Rotenberg. Chairman Sensenbrenner, Mr. Scott, Members 
of the Committee, thank you for the opportunity to testify 
today.
    My name is Marc Rotenberg, and you have asked me to look at 
H.R. 1981, Mr. Smith's bill.
    I want to begin at the outset by saying that the purpose of 
privacy laws is of course to protect the privacy of the 
customer information that a company acquires through provision 
of a service. And ECPA, although a complicated statute, at its 
heart has this purpose.
    The circumstances under which personal information may be 
disclosed are set out in a variety of provisions, and there are 
many safeguards that are built in, including, for example, 
typically a judicial determination, some type of public 
reporting, and even notice to the target of an investigation.
    Now there are situations that ECPA currently allows for law 
enforcement to preserve information for up to 90 days and even 
to seek renewal in those circumstances perhaps where a warrant 
cannot be obtained right away. That's an exigency. Or for the 
service provider on a voluntary basis to turn over to the 
government information when they have a good faith reason to 
believe that there is actually some threat posing a risk of 
life or serious physical harm to an identifiable individual.
    So there is already in the statute a number of provisions 
that can be used to address the concerns that have been 
addressed.
    Now I am going to speak to the data retention provision, 
but I also want to draw your attention to two related 
provisions that have not yet received much attention in the 
discussion of the bill.
    As several of the Members have indicated at the outset of 
the hearing, there are serious concerns about data retention. 
We, of course, live in a time where there is a great deal 
breach and security breach taking place. Companies are not 
able, oftentimes, to protect the information that they require 
themselves for providing services.
    This statute would have the effect of mandating the 
retention of information that businesses might not otherwise 
keep. And the problem is not only that section 4 establishes 
that requirement for the assigned IP address, but sections 5 
and section 6 create a new type of immunity that has never 
existed before in the Wiretap Act.
    In other words, at the same time that the ISPs would be 
told: Keep this information. It may be useful for law 
enforcement. It may also pose some risk to your customers, but 
be assured that whatever happens to this information, if it is 
improperly accessed or improperly used, you are off the hook, 
because what section 5 does is provide a complete immunity for 
the record retention that is mandated by section 4.
    And as we read section 5, by the way, it doesn't even seem 
to have the qualifying language that otherwise exists for the 
type of immunity when ISPs properly cooperate with the law 
enforcement investigations. So section 5 needs to be looked at 
much more closely.
    In similar fashion, we believe that section 6, which 
creates a good-faith defense for those who are able to overcome 
the hurdle in section 5, is also quite broad and would apply, 
in the plain language of the statute, not only to violations 
that could be charged under ECPA, but also under any other law 
as well.
    And there are of course today many state laws that require 
companies to notify their customers when a security breach has 
occurred, because now the customers are at risk. And, 
therefore, with this second type of good faith defense that is 
introduced in section 6, it appears that ISPs will not be 
responsible, will not be obligated to notify their customers of 
these harms.
    So in our statement, and we describe this in more detail, 
the problem here is not just the data retention obligation. It 
is being coupled with an immunity provision that means that 
information that is kept will not be subject to the same type 
of responsibility and obligation.
    There are two other key points that I would like to make.
    The first is that there is clearly a movement toward data 
minimization in the security field. Now, this is not a new 
development. In fact, you can go back 25 years to the Video 
Privacy Protection Act and find a statutory obligation for 
businesses to destroy information on a customer once it is no 
longer needed. It is a sensible approach that prevents misuse.
    Data retention pulls in the opposite direction from data 
minimization, which is already in statute, and we think the 
better approach for privacy.
    Finally, I spent quite a bit of time in the prepared 
statement discussing the experience of the European countries, 
which have over the last 5 years tried to implement a sweeping 
data retention obligation. Now I say ``tried to implement'' 
because there has been an enormous controversy. The users have 
objected. The ISPs have objected. The telephone companies have 
objected.
    And when this European directive has been brought into 
court in the constitutional courts of the European countries, 
invariably those courts have found these obligations to be 
unconstitutional.
    And I hope you will also take that into account as you 
consider the proposal.
    Thank you again for the opportunity to testify.
    [The prepared statement of Mr. Rotenberg follows:]
    
    
    


                               __________
    Mr. Sensenbrenner. Thank you very much.
    The Chair will defer his questioning and will begin by 
recognizing the gentleman from Texas, Mr. Smith.
    Mr. Smith. Okay. Thank you, Mr. Chairman.
    Sheriff Brown, let me direct my first question to you, and 
it is this: Can you give us examples of cases that have not 
been able to be solved because ISPs have not retained the data 
necessary and that would have been used by law enforcement 
officials?
    Mr. Brown. Yes, sir, Congressman.
    Mr. Sensenbrenner. Sheriff, could you----
    Mr. Brown. Pardon me?
    Mr. Sensenbrenner. Please turn your mike on.
    Mr. Brown. You would be surprised that I am a head of an 
ICAC task force.
    The example I used in my statement just a minute ago, this 
was in February of this year, and we had an incident of a 
posting on a Yahoo account of an individual exposing himself or 
herself--we don't know--to their 2-and-a-half-year-old child. 
And because of the inability--the ISP only kept the data for 30 
days. And by the time we got the information, were able to 
start tracking, the 30 days had expired, and we no longer had 
an ability to bring this additional information, investigative 
evidence, into play.
    We have had this happen on a number of occasions. I can't 
tell you exactly how many. I believe, and I think I speak for 
all of the ICAC task forces, if you bring a task force in, they 
are going to tell you and they are going to give you specific 
examples of the data not being retained, and as a result, the 
case had to be just closed.
    Mr. Smith. Okay. Thank you, Sheriff Brown.
    Mr. Allen, let me ask a couple questions to you. The first 
is, is child exploitation some remote type of crime that does 
not occur very often? Or does it occur more often than a lot of 
us might expect?
    Mr. Allen. Mr. Chairman, it is exploding with the advent of 
the Internet.
    Just to give you one illustration, 2003 we began what was 
called a Child Victim Identification Program in which law 
enforcement and prosecutors would send us images. And what we 
would attempt to do is to identify the child victims, so the 
child could be rescued, located, identified, and identify the 
perpetrator.
    Our staff reviewed 13 million child pornography images and 
videos last year. We are currently reviewing roughly 300,000 a 
week, so this is an exploding problem.
    The second aspect of this I think is widely misunderstood, 
is we hear all the time, well, child pornography, isn't this 
really just adult pornography? Aren't these 20-year-olds in 
pigtails made to look like they are 15? Of these now 53 million 
images that we have reviewed, of the children identified, 77 
percent had been prepubescent; 10 percent of the 77 percent 
have been infants and toddlers.
    So just 23 percent, and that is not incidence study. I 
don't suggest that it is empirical. It is based on what is sent 
to us. But overwhelmingly, this is a problem involving very 
young kids who don't tell. When the image of their sexual abuse 
is captured on film or video, reporting drops to virtually 
zero.
    Mr. Smith. Mr. Allen, a related question, is there a link 
between the possession of child pornography and the actual 
victimization of children? And if so, how substantial is that 
link?
    Mr. Allen. We believe there is. Now there is debate about, 
in many cases people are talking about mere possession, but 
what we see is that there is an escalating effect, that today's 
images are not going to be satisfactory to this person 
tomorrow.
    Mr. Smith. What percentage of people who possess child 
pornography actually victimize the child? Isn't it close to 40 
percent?
    Mr. Allen. Well, we think it is higher than that. There is 
some research at the Federal Bureau of Prisons that suggested 
it was higher than that.
    We think that, ultimately, the images alone are not going 
to be enough for a percentage of these guys. Whether it is 20 
or 40 or 80, we don't know, but it is substantial.
    Mr. Smith. Thank you, Mr. Allen.
    Mr. Rotenberg, I take your comments about section 4 and 5 
as legitimate and sincere constructive criticism, and we will 
take a look in more depth at your comments.
    But also let me say to you that if a provision is unclear, 
or if it is a 50-50 kind of proposition, we are going to give 
the benefit of the doubt to saving children, and that is the 
point of this bill. But still, we will take a look at your 
suggestions.
    Thank you, Mr. Chairman. I yield back.
    Mr. Sensenbrenner. The gentleman from Virginia, Mr. Scott?
    Mr. Scott. Thank you.
    And I would like to follow up on along the questions.
    Mr. Allen, the Supreme Court has made a big deal out of 
whether or not these are real children or cartoons. It is no 
question that these are in fact real children; is that right?
    Mr. Allen. Yes, sir. And in fact, that is why we created 
our Child Victim Identification Unit. It is because of the 
Supreme Court decision in 2002.
    Mr. Scott. And when you provide law enforcement with all 
these leads, is it not true that they don't have anywhere close 
to the resources needed to follow through on all of the leads 
you give them?
    Mr. Allen. Absolutely. I mean, the scale of the problem 
vastly exceeds the capacity of law enforcement to deal with it.
    Mr. Scott. Mr. Rotenberg, what would be the cost to the 
ISPs to retain this data?
    Mr. Rotenberg. I don't know, Mr. Scott, exactly what their 
costs would be, but I suspect it would be significant, because 
it is not current practice. In fact, the ISPs I think have 
avoided trying to do this because of some of the concerns that 
have been raised but with respect to costs.
    Mr. Scott. Well, the comparison has been made to telephone 
tolls, but it is a fact that the telephone companies already 
keep the toll data; is that right? That most of the calls are 
not toll calls. They just keep the toll records, not the local 
call records; is that right?
    Mr. Rotenberg. That is correct.
    Mr. Scott. Now, one of the problems that you have 
articulated is if you keep all this data, it is sitting there 
for hackers to get access to. And you pointed to the immunity 
provision.
    What is the liability now if you have data sitting around 
that somebody accesses and causes harm?
    Mr. Rotenberg. Well, there are a variety of the fines. 
Certainly under ECPA, they are both civil fines, there can be 
criminal penalties. And they are also important security breach 
notifications.
    And I wanted to draw your attention to this point, because 
if you are looking at the papers nowadays it is clear that 
breach notices are very important. If the immunity provision is 
left in place, people won't even know if their personal data is 
improperly accessed or disclosed.
    Mr. Scott. A suggestion that this information will be used 
for child pornography cases and the sneak and peek, when we 
were told that we needed sneak and peek warrant authority to 
protect us from terrorism, we look up and out of over 700 sneak 
and peek warrants, three were for terrorism. All the rest were 
something else.
    If you have this data, would it be available for divorce 
cases?
    Mr. Rotenberg. I think it could be available for a wide 
range of cases. In fact, I looked at the January hearing 
record, and Mr. Weinstein from the Department of Justice said 
at that point he thought it would be obvious that the data 
would be used in other investigations.
    Mr. Scott. Marketing?
    Mr. Rotenberg. Certainly.
    Mr. Scott. Contract disputes?
    Mr. Rotenberg. Yes.
    Mr. Scott. Copyright infringement, that kind of stuff?
    Mr. Rotenberg. Civil subpoena. Yes.
    Mr. Scott. Sheriff, you indicated that you were following 
through on a case, and if you had the information, it would 
have been helpful.
    If the information had been available, what probable cause 
information would you have already at your disposal to even 
seek to go through the retained data?
    Mr. Brown. Well, the IP address, all of the associated 
information with that, who it was registered to, when it was 
registered. If, in fact----
    Mr. Scott. You have that already.
    Mr. Brown. Pardon?
    Mr. Scott. You would have that already. What would you have 
already?
    Mr. Brown. We didn't have anything, and we would not have--
--
    Mr. Scott. Well, if you don't have anything, how do you 
access--do you need any kind of probable cause to start 
searching through the data?
    Mr. Brown. The tip that we got is called a cyber-tip, and 
we receive them from the National Center for Missing and 
Exploited Children.
    Mr. Scott. And what information does that provide you?
    Mr. Brown. That a posting of some type involving child 
pornography has been entered into and is on the Internet in 
some location. And then we at that point go to the Internet 
service provider to track that information.
    Mr. Scott. What information--Mr. Rotenberg, what 
information is retained?
    Mr. Rotenberg. Well, a typical log would include the IP 
address, the date and time of access to the website, most 
likely a filename, maybe a security flag. And it is of course 
the linkage between the IP address which would be in the log 
with the actual account owner that I think people are 
interested in.
    Mr. Scott. Does it give you any content?
    Mr. Rotenberg. It would give you access to content, because 
the log would typically include the name of the file that has 
been transferred.
    Mr. Scott. If you had that information, would you know what 
information had actually been transferred? Or would it just 
note what site you were looking at?
    Mr. Rotenberg. Well, typically in a web log, I think you 
would know what information was transferred, because you would 
be able to see the record locator on the file and, therefore, 
have access to the content.
    Mr. Sensenbrenner. The gentleman's time has expired.
    The gentleman from South Carolina, Mr. Gowdy?
    Mr. Gowdy. Thank you, Chairman.
    Mr. Rotenberg, ISPs currently maintain all sorts of data--
name, address, Social Security number, credit card information. 
Do you really think getting an IP address is going to open up 
all sorts of mayhem that doesn't already exist?
    Mr. Rotenberg. Well, Mr. Gowdy, I won't dispute there is 
currently a lot of risk, but when you have a situation with a 
lot of risk, I don't think you want to add to the risk. And it 
is the reason that the ISPs are moving away from this extensive 
data collection.
    The attacks have become much more severe in last few 
months.
    Mr. Gowdy. I am not disputing that. What I am asking you 
is, are you willing after this hearing to sit down with the 
sheriff or any other sheriff and help them investigate crimes 
that are incredibly hard to investigate and incredibly hard to 
prosecute? Are you willing to strike some balance between 
privacy and his desire to protect children?
    Mr. Rotenberg. There is no dispute that these crimes are 
very serious, and they should be----
    Mr. Gowdy. I didn't say serious. I said hard to investigate 
and hard to prosecute.
    Mr. Rotenberg. Yes. But it is not clear that this proposal 
would actually make it easier to investigate those crimes. You 
see, this is my concern. You are going to create a new data 
retention obligation that will create a risk to your 99.99 
percent of innocent users of the Internet. And for the bad 
people who you are really tried to go after, it is not clear 
that this bill solves the problem.
    You have an enormous carveout----
    Mr. Gowdy. Do you have another way to investigate Internet 
crime other than capturing the IP address?
    Mr. Rotenberg. Well, I think when you prosecute and when 
you convict, I think you maybe need to send a more powerful 
message than is currently being----
    Mr. Gowdy. How are we going to get a conviction? How are we 
going to get an indictment? How are we going to get an arrest 
warrant from a magistrate judge if we don't have the IP address 
and we can't link it to a perpetrator?
    Mr. Rotenberg. Well, I am not an expert in this field, but 
I do know that the forensic techniques have become considerably 
better over the last few years.
    Mr. Gowdy. Forensic techniques assume that you have the 
computer. How are you going to get the computer if you can't 
link it to an IP address?
    Mr. Rotenberg. There is a lot of information associated 
with Internet communications, header information and detailed 
information contained in the content of the message that makes 
it easier today for people to get access to the type of 
information you are describing than just a few years ago.
    And I actually think with the introduction of some of the 
new Internet protocols, some of the concerns you have will be 
addressed as well.
    But it will not be perfect. I mean, I concede this. There 
will be cases that you may not be able to solve.
    Mr. Gowdy. Mr. Allen, there are already cases we are not 
able to solve. There are millions of images?
    Mr. Allen. Yes, sir.
    Mr. Gowdy. You have identified about 3,500 children.
    Mr. Allen. Yes.
    Mr. Gowdy. I have been out of the prosecutorial business 
for a long time now. Is it still a defense that it is not a 
real child, that it is a computer--I am not talking about a 
cartoon that Mr. Scott made a reference to. I am talking about 
a commuter-generated image of a prepubescent youth that the 
defense says, it is not a real child.
    Mr. Allen. Mr. Gowdy, absolutely. As a result of the 2002 
Supreme Court decision, there are a lot of defense counsel in 
this country who, you know, you seize 10,000 images, who will 
argue these aren't real kids. And there are a number of judges 
who are saying to the prosecutors, prove that they are.
    That was the genesis of the creation of our Child Victim 
Identification Program, so that if they send us 5,000 images 
and we are able to identify five of the kids who have been 
previously identified--because these images recirculate; they 
stay out there--that is enough to sustain a conviction.
    But there is no question that that is an argument that 
continues to be made, and it is important to sustain the 
convictions. It is more important to identify who the kids are, 
because in many of these, this is ongoing abuse.
    Mr. Gowdy. But it is one more layer that law enforcement 
and prosecutors have to overcome to get a conviction in this 
area of crime that everyone concedes is as evil and inhumane as 
any, the fact that we have to prove that it is a real child and 
not computer-generated.
    Are other countries cooperative? I know a lot of these 
children come from other countries. I know you are doing the 
best job you can identifying kids. Are other countries helping?
    Mr. Allen. Absolutely. We are making great progress. There 
is a virtual global task force now that links law enforcement 
efforts in Canada, United Kingdom, Australia, Italy, seven or 
eight other countries. Interpol is playing a key role in terms 
of collecting these images of identified kids.
    So there is enormous progress being made. More Federal 
prosecutions for child pornography last year in this country 
than at any time in history.
    But as Mr. Scott points out, we are still barely scratching 
the surface.
    Mr. Gowdy. All right, good.
    Sheriff Brown, thank you for your long and distinguished 
service in law enforcement.
    Mr. Brown. Thank you. Did you get all five pages?
    Mr. Sensenbrenner. The gentleman's time has expired.
    The gentleman from Michigan, Mr. Conyers?
    Mr. Conyers. Thank you, Chairman Sensenbrenner.
    I think I sense that there is a feeling that we may be able 
to, through some kind of consideration after this hearing, 
began to move toward a more acceptable piece of legislation.
    You know, I suppose there is an explosion, but the similar 
identification of horrible instances doesn't make me really 
feel that that proves there is an explosion. I take your word 
for it.
    Now Chairman Lamar Smith has agreed with me that this 
exemption of all wireless Internet service providers from the 
data retention requirement needs to be re-examined. Would that 
be a good first step, attorney Rotenberg, for us to begin?
    Mr. Rotenberg. I think to address Mr. Gowdy's concerns, to 
have an effective response from a law enforcement side, you 
would have to apply to wireless providers. Otherwise, it 
becomes obvious how to escape detection.
    Mr. Conyers. Yes.
    Sheriff Brown, do you concur that this is a part of the 
bill that we might want to look at again?
    Mr. Brown. Yes, sir. Absolutely.
    Mr. Conyers. How do you feel about this, Mr. Allen?
    Mr. Allen. I agree, Chairman Conyers, that it is complex. 
There are a series of complexities to the issues----
    Mr. Conyers. Of course.
    Mr. Allen. But I think it is a very important step to take.
    Mr. Conyers. Thank you.
    Thank you, all.
    Here is a little more sticky consideration, is that this 
bill might institute accidentally a data retention policy for 
all crime.
    Is that over the top, Mr. Rotenberg? Is that just an 
exaggeration that we needn't concern ourselves with?
    Mr. Rotenberg. I think, Mr. Conyers, that is clear from the 
plain text of the bill. The bill simply says, let's establish 
the ability to identify in the ISP record every single user of 
that service. And there is no effort at the outset to 
distinguish those who may be engaged in criminal conduct from 
those who are not. So that is the starting point.
    Mr. Conyers. Sheriff Brown, I sense that you might be 
troubled by the whole idea that we might inadvertently or 
deliberately set about setting up a system that would have 
retention of all crime. That isn't what you came here today to 
testify for, is it?
    Mr. Brown. My primary concern today was with the retention. 
That is why I am here for the National Sheriffs' Association.
    It is pretty simple to an old country sheriff that we need 
more time to investigate these instances that we are coming up 
against.
    Mr. Conyers. Sure. But Mr. Allen has already pointed out 
that we are so underresourced. That is your main problem. If we 
weren't in this room today on this subject, the big problem is 
we are not giving you the resources that you need. Isn't that 
it?
    Mr. Brown. Law enforcement always wants more. We need more 
people on the street. We need more funding. In this particular 
arena, we are completely snowed under.
    And again, just more clear, defined information from these 
ISPs would be greatly appreciated.
    Mr. Conyers. But you are not about all crime. You are 
trying to get at child pornography. You are not trying to get 
at every crime that might be committed in the books. You are 
not for that, are you?
    Mr. Brown. I am sorry?
    Mr. Conyers. You are not for getting retention policy for 
every crime on the books, are you? No, you're not.
    Mr. Brown. No, I am here for the Internet Crimes Against 
Children Task Force.
    Mr. Conyers. Are you, Mr. Allen? Mr. Allen, you can answer.
    Mr. Allen. No. Let me say, Mr. Conyers, I know that 
Director Mueller and Attorney General Holder feel that this is 
important not just for child pornography crimes.
    I am here today to talk about access to this kind of----
    Mr. Conyers. Oh, you mean that they are for it? Are you 
implying that?
    Mr. Allen. I think what they have said in the past is that 
data retention----
    Mr. Conyers. On all crimes?
    Mr. Allen. I think that is right.
    Mr. Conyers. Oh, boy.
    Mr. Sensenbrenner. With that, the gentleman's time has 
expired.
    The gentleman from----
    Mr. Conyers. Thank you very much.
    Mr. Sensenbrenner. Mr. Poe?
    Mr. Poe. Thank you, Mr. Chairman.
    Thank you for being here, Mr. Allen. It is always good to 
see you. Thanks again for the hard work you do. You are the 
angel for America's children. And I mean that, you and your 
organization.
    Sheriff, I appreciate you being here. Being a former judge, 
I always liked working with sheriffs. However, I don't really 
forgive the Sheriffs' Association for hiring Stephanie Garlock 
away from me. So anyway----
    Mr. Brown. And I can understand that, sir.
    Mr. Poe. Mr. Rotenberg, I would like to start with you. 
Being a former judge and a prosecutor, I still think judicial 
review, when appropriate, is much better than prosecutorial 
review, whether it is a Marshals Service or the U.S. Attorneys' 
Office.
    Do you see any problems in the proposed legislation about 
warrants?
    Mr. Rotenberg. Well, there is a provision, sir, to give the 
Marshals Service new administrative subpoena authority. I 
didn't look closely at that provision, but I think it may be 
something that should get a little bit more scrutiny.
    I agree with you that judicial review is always preferable, 
and when you are in the subpoena realm, you just don't quite 
know what the basis might be for the investigation.
    Mr. Poe. All right.
    Mr. Allen, based on all the information that you have 
received and what you know about this issue, the sites that we 
are talking about here, how many of them are American sites? 
How many of them are from overseas? Can you give us a 
percentagewise?
    Mr. Allen. It is hard to say, because so many of the 
overseas sites flow through U.S.-based servers.
    Mr. Poe. Okay.
    Mr. Allen. But what we see in terms of the victims is that 
this is a global problem, but that a stunning number of the 
victims, as much as half of the victims, are American kids, and 
that overwhelmingly, the people who are creating this content 
are people who are close to them and have easy and legitimate 
access to them.
    Mr. Poe. Fifty percent.
    How does all of this issue relate to human trafficking? Can 
you describe how human trafficking fits into this issue? Are we 
dealing with the same type of people? Or are we dealing with 
two different organizations? Explain that to me.
    Mr. Allen. There are differences and there are 
similarities. The differences are that, as you know, we are now 
in the eighth year of a partnership with FBI and the Justice 
Department called Innocence Lost, attacking the trafficking of 
children for sexual purposes within the United States.
    I have rescued 1,600 kids, 700 successful prosecutions. 
What we have found is that while pornography is an element of 
the operators transaction, the vast majority of those kids 
initially leave home as runaways, as runaways or homeless kids. 
So these are not kids who were snatched off the streets, by and 
large.
    With child pornography, what we are seeing is that the vast 
majority of the victims are kids who are--to whom the offender 
already has legitimate access and control. Many of the 
perpetrators are their parents or other family members or 
neighbors or coaches or friends.
    So overwhelmingly, these victims already have a hurdle in 
that they are very reluctant to tell, because the perpetrator 
is somebody trusted, who is in their lives already.
    So they are different, but it there is also an overlap.
    Mr. Poe. Sheriff, how many cases do you have ongoing right 
now, child pornography cases?
    Mr. Brown. Child pornography, well, the ICAC task force 
working with, we have 67 other affiliated agencies throughout 
southern Virginia, western Virginia and eastern Virginia, and 
probably the caseload now is several hundred.
    Mr. Poe. How about the Sheriffs' Association? Do you know, 
based upon your leadership of the Sheriffs' Association?
    Mr. Brown. No, sir, I do not.
    Mr. Poe. Mr. Rotenberg, Mr. Conyers talked about other 
access, other criminal penalties, or other criminal situations. 
By preserving the 18-month rule, do you see any issue involved 
in also civil litigation, where some lawyer on one side or the 
other of a divorce is going to want to subpoena that 
information as well, because it is now available would be 
available for 18 months?
    Mr. Rotenberg. Well, I certainly think it is something that 
a good attorney would think about, because there is now 
information available that might be useful in the case or the 
complaint. So yes, there would be the opportunity for someone 
to request it.
    Mr. Poe. Sheriff, you talked about needing more resources. 
Other than the 18-month retention, what else do you need? Just 
give me a few. Don't give me a whole list.
    Mr. Brown. I've got a list.
    Mr. Poe. On this issue, how can we do a better job? Last 
question, just answer it briefly.
    Mr. Brown. Probably the overriding is the funding for 
additional personnel in the task forces.
    Mr. Poe. Thank you.
    Mr. Sensenbrenner. The gentleman's time has expired.
    The gentleman from Tennessee, Mr. Cohen?
    Mr. Cohen. Thank you, Mr. Chairman.
    I have a desire to work with Chairman Smith and Ms. 
Wasserman Schultz on the bill, because it is a serious issue 
and it is one that I've worked on in the past.
    But I am concerned about the sentencing structure, and I 
maybe should direct this question to the Chairman. But I have a 
concern.
    First of all the question to Mr. Allen that I think 
Chairman Smith asked about the mere possession, and the 
Chairman was answered--the response to his question was that 
you believe, based on prison data, that 40 percent of the 
people who view child pornography will engage in at some point. 
Is that correct?
    Mr. Allen. Well, I don't want to say 40 percent, because it 
is very hard to prove.
    Mr. Cohen. It is hard to prove. That seemed very high to 
me, but you said 40.
    But the thing is, to make this a higher penalty, and even 
from your data, which I think is real high, 60 percent of the 
people would not have engaged and they are being punished more 
severely because of the 40 percent. It seems like in our 
system, where you let one guilty person go or 10 guilty people 
or that one innocent person be convicted or whatever. It seems 
like that--those figures are damning to the idea of mere 
possession folks getting these sentences.
    Mr. Allen. First, Mr. Cohen, we are not arguing for 
sentence disparity. We recognize in the existing sentence 
structure, distribution is more serious than possession, 
production is more serious than just distribution.
    Our argument is that there is a tendency in this country 
today to trivialize and minimize the possession of child 
pornography. ``Oh, well, he just looked at the pictures.'' Our 
argument is that possession, in and of itself, is a serious 
crime. It is not victimless crime.
    These are crime scene photos. These are images of the 
sexual abuse.
    Mr. Cohen. I understand that. And I agree with you, but I 
think that there is still a level--do anyone of the three of 
you believe that the sentences should be doubled, as are 
proposed in this law, even though 71 percent of the judges said 
they should be lessened? Anyone of you think they should be 
doubled? And I want you to tell me how you think that is going 
to be an effective deterrent.
    Mr. Rotenberg. We have no position on that issue.
    Mr. Cohen. Sheriff?
    Mr. Brown. The Sheriffs' Association--I, personally, I 
don't believe it needs to be doubled. We need to get judges--
all due respect; well, he just left--we need to get them to 
impose the sentences as are directed to them. We have so many 
judges that they really don't understand is what is happening 
to children around this country in this arena.
    So, no, I would not say that they need to be doubled, but I 
would just like to see the judges give them what is due.
    Mr. Cohen. Well, I would hope that the Chairman would look 
at that in this bill.
    You know, generally, the Sentencing Commission does this 
and not the Congress. And the sentencing has gone on 1,500 
percent since 1990 or something. Judges have indicated they 
feel the guidelines are already too high and an increased 
maximum sentence, such as in section 10, is not being 
requested. Seventy-one percent of judges to 70 percent in all 
these areas felt that they shouldn't be increased. And I think 
that is just a mistake.
    I have a friend, not that good of a friend, but I knew him 
in elementary school and I have known him since. He was an 
attorney in Memphis, and he was convicted of having child 
pornography on his computer. He got the 5-year sentence.
    And while what he did was wrong, no question about it, I 
think there could have been alternative ways to handle his 
crime. And there was no proof or no suggestion that he ever 
tried to do anything with any children. He just had something 
on his--and he probably had some type of familial--that is a 
whole other story, because he had a brother who had some 
problems and something else.
    But regardless, the penalty just seemed too high. And I can 
see where he should have gone to prison, but not necessarily 
for 5 years. And our justice system can't afford to put 
everybody away unless there is some nexus between the time and 
the deterrent effect, and I don't know that it was here.
    So, Mr. Chairman, if you would look at it, we can talk 
about that. I would like to help you with the bill, but I don't 
think that we just doubling the sentences--I mean, it looks 
great. It sounds good. Does no good.
    And it really hurts the budget, and it would be better to 
take the money that would otherwise cost to incarcerate these 
people and give the personnel to Sheriff Brown to convict the 
perpetrators.
    Thank you, and I yield back the remainder of my time.
    Mr. Sensenbrenner. The gentleman from California, Mr. 
Lungren?
    Mr. Lungren. Thank you very much.
    And I want to publicly thank the Chairman for coming out to 
my district when we had a hearing, or a briefing on the 
question of human trafficking, in particular with respect to 
child trafficking. It surprises people to know that a lot of it 
is homegrown. I am sorry to say my own area of Sacramento, at 
least under FBI's statistics, is one of the top five areas in 
the country for this, and that there does appear to be a nexus 
between trafficking in children, trafficking in young women, 
and computer images of child pornography.
    Just this week we had a man in Sacramento pleading guilty 
to sex trafficking in minors, and his two defendants are 
charged with possession and production of child pornography.
    About 3 weeks ago, child porn was found on a Folsom man's 
lost cell phone, which depicted obscene material with children 
under 14. That same week, two brothers in Roseville, which is 
just outside my district, pleaded guilty to child pornography 
charges with respect to those found on their computers.
    I can go on and on and just show you page after page after 
page. An 86-year-old man in Oroville previously convicted of 
sexually molesting minors pled guilty to conspiracy to possess 
child pornography, which was found on his computer.
    There is a problem. I think we all recognize.
    And, Mr. Rotenberg, you recognized it as well. Some of your 
concerns, it seems to me, are generic in that, at least as I 
understand your testimony, some problem with retention of these 
IP files for any period of time. I mean, the fact of the matter 
is they are retained for some period of time depending on the 
company.
    What this bill says, which is a bipartisan bill, which is 
similar to the bill that I introduced last Congress with Chet 
Edwards, simply says it requires you to retain this data for at 
least 18 months. So what we are doing is retaining data that if 
it is in existence, is available to law enforcement under the 
circumstances articulated here.
    So I guess my question, Mr. Rotenberg, is, is there a 
problem that you have with the access to this information by 
law enforcement in any event, or that the extension of time for 
which they are required to hold this information allows the 
potential for abuses in other circumstances?
    Mr. Rotenberg. My concern, Mr. Lungren, is with a 
government mandate that requires communication providers to 
keep information they wouldn't otherwise keep.
    And I want to say also, you know, I have been involved with 
this law since before its enactment, and I have seen all the 
various issues that have been raised over the years. And as you 
say on a bipartisan basis, I think the Members of the Congress 
have been able to make adjustments to the law over time to deal 
with exigency, for example. If you can't get a warrant or you 
need backups or you become aware through the good work of Mr. 
Allen's organization that there may be particular problems, I 
think those techniques have developed over time in response to 
the concerns you have.
    But this would be crossing a line. Because up to this 
moment, in the 25-year history of the Electronic Communications 
Privacy Act, there has never been a government mandate that 
says to ISPs, you must keep this data on all of your customers. 
And that is the basis of my----
    Mr. Lungren. So that is the crossing of the line? The fact 
that we require them to keep information that they otherwise 
had with respect to regular business proceedings, but no longer 
need them because of the nature of those business proceedings?
    Mr. Rotenberg. They may or may not keep it. I mean, you 
have, for example, an 18-month requirement----
    Mr. Lungren. Right.
    Mr. Rotenberg. I understand the current practice in the 
industry, you know, is somewhere between 6 and 12 months, maybe 
some are a bit below, maybe some are a bit----
    Mr. Lungren. But that is what our bill provides, that it be 
18 months. So why is that essentially different in nature, in 
terms of the action, the activity of the business and the 
activity of law enforcement when they have a reason to believe 
they would like to get this data?
    Mr. Rotenberg. It is truly a very different view of wiretap 
law, because up to this point in time, the general approach has 
been to say, we will come to you when we have some reason to 
believe that one of your customers is doing something wrong.
    Mr. Lungren. Well, that is exactly what they are doing 
here. All they are saying is they want to make sure that the 
data has been retained.
    Mr. Rotenberg. No, because the way data retention works, 
and the distinction between data retention and the current data 
preservation, is data retention says at the outset you are 
going to keep this information on everybody because we don't 
know at this point in time----
    Mr. Lungren. You are keeping information on everybody, but 
they are not making a request for everybody. They are coming to 
you with a request based on some information they have about a 
crime having been committed, allegedly.
    Mr. Rotenberg. Yes, so there are at least two concerns 
there, and this goes to the second part of your question.
    The two concerns are, one, everybody, and I do mean 
everybody, now is looking more closely data minimization 
techniques, because they are realizing just how difficult it is 
to safeguard the information they are storing.
    Mr. Lungren. So when you are talking about data 
minimization, you are talking about cutting down on the amount 
of information they store as opposed to criminal minimization, 
which we use in the----
    Mr. Rotenberg. That's correct, and that is----
    Mr. Sensenbrenner. The gentleman's time has expired.
    The gentleman from Pennsylvania, Mr. Marino?
    Mr. Marino. Thank you, Chairman.
    Gentlemen, thank you for being here. Mr. Allen and Sheriff, 
I want to thank you for your work.
    I want to preface my comments and my question a little bit. 
I was a prosecutor for 18 years. I was a district attorney for 
12 years. And I was a U.S. Attorney for 6 years. And I 
personally prosecuted these types of cases.
    And the overwhelming factor is there is a plethora, an 
overabundance of this type of abuse taking place here in the 
United States, and it is growing. In my office, the Middle 
District of Pennsylvania, it was very successful in prosecuting 
a sex trafficking case involving individuals over the age of 18 
but below the age of 18 as well. And many, many people went to 
prison for a very long time.
    And one of the impetuses, one of the driving factors was 
going back through and checking phone records, going back 
through and checking computer records, and capturing these 
images.
    And unfortunately, I have had the opportunity in several 
cases to sit down and talk with 7- and 8- and 10-year-olds who 
have been exposed to this and have been photographed.
    And, Mr. Rotenberg, with all due respect, and I certainly 
respect your opinion and your privacy issues, but I don't know 
if you have had the opportunity to sit down and talk to these 
children that have been abused, because in many situations, 
they are threatened. Many times it is from a person they now 
who is sexually abusing them and taking these photos.
    And it is by accident in many cases that this information 
comes to fruition to another adult, or actually, to another 
child who goes home and tells their parents what their friends 
just explained to them.
    And I am failing to see the concern that you have over an 
18-month period, because in many of the cases that I have been 
exposed to and actually prosecuted, we hit stumbling blocks 
because some providers eliminated in 6 weeks, some providers 
emanated in 3 months. And many times, the child does not bring 
this information to somebody until a year or more later.
    And if it is limited to the sexual pornography on children, 
and if it is limited to access in law enforcement, forgetting 
the argument for a moment that it is a mandate that never 
existed--we in law enforcement always are finding new 
techniques in finding perpetrators. Simply because there has 
never been a mandate out there, I don't understand your 
justification as to opposing this 18-month period.
    Would you care to help enlighten me again on this?
    Mr. Rotenberg. Mr. Marino, there is absolutely no dispute 
about the severity of the crime or the need to prosecute 
effectively. But it would seem to me, and certainly listening 
to the statements of the other witnesses and the Members of the 
Committee, if that is the goal, you would began by giving 
resources to law enforcement so they can sift through the 
enormous amount of data they have. In this bill, you would 
extend coverage to providers of wireless services, which will 
become the obvious place that people will go that that you are 
concerned about getting after. And you would try to focus the 
investigations at the outset at exactly the kinds of 
perpetrators you are concerned about.
    Data retention doesn't focus resources on the problem. It 
says, in effect, we just don't know what we are going to 
confront. We confront everything.
    Mr. Marino. But you have to realize that data retention in 
situations like this is critical, so as much as I would like to 
see the sheriff have 100 more individuals working on this, 
without the data retention, it is going to be futile, because 
data retention is critical.
    I mean, I have seen too many children, I have been in 
hospitals with too many children and talked to them and then 
have them testify, to not take the step into retaining this 
information.
    With all due respect, I really suggest that if you have the 
opportunity, you do more research in the area of what this is 
doing to these children, what they are put through, and the 
pathetic, the sick people that are out there exposing this. And 
we have to start by making it--I believe that we should double 
the punishment, from what I have seen and the kids that I have 
worked with, because nothing is going to get their lives back 
to what it should be as a 6-, 7-, 8-, 10-year-old.
    I have seen situations where 3-month-olds have been exposed 
and sexually abused.
    I commend you gentlemen for what you are doing.
    And, Mr. Rotenberg, I respect your position, but this is a 
situation where I can't find any defense in not increasing this 
18-month period.
    Mr. Sensenbrenner. The gentleman's time has expired.
    The Chair will yield himself the final 5 minutes for 
questioning.
    First of all, let me say that I am concerned that this bill 
and the data retention will allow law enforcement to use it far 
beyond investigating child pornography.
    Let me ask you, Sheriff Brown, do you think that you need 
data detention for crimes other than child pornography crimes?
    Mr. Brown. Personally, no, on a local level. Again, as I 
have indicated, I am here for ICACs and National Sheriffs on 
the data retention.
    I am more interested, again, the 18 months--and I think I 
speak for every ICAC and every department that has a cyber-unit 
that is doing this work, we just need a standard, a uniformed 
amount of time. I mean, 30 days is not enough. I don't think 6 
months is. Eighteen months? I don't know. That is up to you 
distinguished gentlemen and women of Congress to decide.
    But we would like to see a standard. Right now, there is no 
standard. We will go to one and it is a couple of weeks, the 
mom-and-pop ISP. Others it is a month. Some, I think the person 
to my left here is saying some are 6 months, 6 months to maybe 
12 months. I don't know of any that are 12 months. It may be; I 
am not aware.
    But I would like to see, and we would like to see, a 
standard.
    Mr. Sensenbrenner. Okay. I am looking at the subpoena 
authority in section 7, and it says the administrative 
subpoenas issued in accordance with the existing laws solely 
for the purpose of investigating unregistered sex offenders, as 
defined by another section of the statute, and that is amended 
and section 11.
    From the ISP address, how do you know whether someone is a 
registered or unregistered sex offender, Mr. Allen?
    Mr. Allen. Well, the premises of this is that the vast 
majority of these cases, 95 percent of the cases in which the 
Marshals are able to locate fugitive sex offenders is through 
communication data. Most of that as reported to us by the 
Marshals Service is Internet-based data.
    Currently, they are required to get--what is it called?--an 
All Writs Act order. They go to the U.S. Attorney. The U.S. 
Attorney initiates a process. Typically, it takes 2 months. Two 
months is a lifetime when you are trying to track down a 
fugitive.
    And again, the very nature of the fact that the offender is 
a fugitive means that there has been judicial review. There is 
a warrant for his apprehension.
    So you know, the argument here is that giving them the 
subpoena authority enables them with the same kind of access 
that the FBI has, but enables them to circumvent the All Writs 
Act process, and be able to identify that information, obtain 
that information constantly.
    Mr. Sensenbrenner. Well, if most of these people are 
fugitives and the FBI is on the lookout for them, why does the 
Marshals Service need an additional administrative subpoena 
authority?
    Mr. Allen. Well, because the reality, Mr. Chairman, is that 
it is the Marshals who are in the fugitive business. It is the 
Marshals who are the primary trackers and locators of criminal 
fugitives in this country, and particularly as it relates to 
sex offenders. It is the Marshals who are tasked by Congress 
with playing that role, in the Adam Walsh Act.
    So again, our view on this----
    Mr. Sensenbrenner. Well, we will look at that in a few 
weeks, so it is----
    Mr. Allen. I understand.
    No, our view is that this is an essential tool needed to 
carry out the role that you have given them.
    Mr. Sensenbrenner. Well, you know, let me say that I have 
always felt negatively about administrative subpoenas. You 
know, I think that if you want a subpoena, it should be a 
judicial subpoena, because at least that way you have somebody 
outside of law enforcement reviewing whether this--or having 
the possibility of reviewing whether the subpoena should be 
issued.
    I fought to keep administrative subpoena authority out of 
the Patriot Act, and I was successful on that. And what does 
law enforcement do? They use an existing administrative 
subpoena law called National Security Letters basically to get 
around the fact that they didn't have administrative subpoena 
authority as they asked for.
    This is my concern, is that the administrative subpoenas 
given to the Marshals Service on this is going end up being 
used for fishing expeditions like the FBI did with National 
Security Letters on the Patriot Act.
    And that is a concern that I think you should share, Mr. 
Allen, because if you don't share it, you are going to see this 
law being trashed just like the Patriot Act was, because law 
enforcement used nonjudicial review authority to be able to 
grab some evidence that may or may not involve an unregistered 
sex offender.
    I think my time is up. I have spoken my piece on this.
    I would like to thank the witnesses for coming today. This 
bill needs a lot of fixing up. It is not ready for prime time.
    The gentleman from Virginia?
    Mr. Scott. I ask unanimous consent that a letter from Full 
Channel showing the impact on small providers be entered into 
the record.
    Mr. Sensenbrenner. Without objection.
    [The information referred to follows:]
    
    
    


                               __________
    Mr. Smith. Mr. Chairman?
    Mr. Sensenbrenner. The gentleman from Texas?
    Mr. Smith. I ask unanimous consent that a statement 
prepared by Congresswoman Debbie Wasserman Schultz,* the lead 
Democratic cosponsor of H.R. 1981, as well as letters in 
support of H.R. 1981 from the National Sheriffs' Association 
and the International Union of Police Associations be made a 
part of the record.
---------------------------------------------------------------------------
    *Prior to the printing of this hearing, a decision was made not to 
include the referenced material.
---------------------------------------------------------------------------
    Mr. Sensenbrenner. Well, I am glad that the gentleman from 
Texas is putting things in the record from the Chair of the 
Democratic National Committee, and without objection we will 
put that in the record. [Laughter.]
    [The information referred to follows:]



    



    Mr. Sensenbrenner. Without objection, the Committee stands 
adjourned.
    [Whereupon, at 11:32 a.m., the Subcommittee was adjourned.]
                            A P P E N D I X

                              ----------                              


               Material Submitted for the Hearing Record

       Prepared Statement of the Honorable Sheila Jackson Lee, a 
    Representative in Congress from the State of Texas, and Member, 
        Subcommittee on Crime, Terrorism, and Homeland Security
    First, I would like to thank Chairman Sensenbrenner and Ranking 
Member Scott for holding today's hearing on H.R. 1981, the ``Protecting 
Children from Internet Pornographers Act of 2011.''
    I would also like the thank today's witnesses for taking time out 
of their schedule to share their expertise with us:

          Mr. Ernie Allen, President and CEO, National Center 
        for Missing and Exploited Children

          Sheriff Michael J. Brown, Bedford County Sheriff's 
        Office

          Mr. Marc Rotenberg, President, Electronic Privacy 
        Information Center

    H.R. 1981, the ``Protecting Children from Internet Pornographers 
Act,'' focuses on sex offenses against children and includes, amongst 
other things, a mandate that internet service providers (ISPs) retain 
data for a period of 18 months, and directives to the United States 
Sentencing Commission to severely increase penalties for certain sex 
offenses.
    Resolving this issue of data retention has been identified as 
critical for assisting federal law enforcement in online child 
pornography and child exploitation investigations. However, at crux of 
this issue is determining a balance between the necessary amount of 
data retention which would best serve law enforcement, the impact of 
added retention costs on providers, and the looming privacy concerns of 
the majority of law abiding Internet users.
    To be sure, the issues regarding child pornography, child 
trafficking, and other internet crimes that may involve young people 
are of great concern to me. As Chairwoman of the Congressional 
Children's Caucus, I have focused a lot of energy on ways to combat 
these types of crimes. Furthermore, during the 111th Congress, this 
subcommittee, under the direction of then Chairman Bobby Scott, 
examined multiple law enforcement methods for effectively addressing 
these types of crimes. In January of this year, an additional hearing 
was held to examine data retention and its utility for prosecuting 
Internet crimes.
    From those hearings and from many experts in this field, we are 
constantly hearing that one of the keys to combating these types of 
Internet crimes against children is access to information in a 
coordinated and organized manner. There are numerous organizations and 
tasks forces, such as the Internet Crime Complaint Center (IC3), the 
Innocent Images National Initiative (IINI), and the Internet Crimes 
Against Children Task Force (ICAC), that are in place to handle 
Internet crime cases, but it is necessary for there to be a coordinated 
response with law enforcement in order for these groups to be most 
effective.
    A recent GAO report also points out that the biggest contributing 
factor to the slowed pace of child pornography and exploitation cases 
is the backlog of forensic evidence that awaits processing, an issue 
that can truly only be addressed with additional resources.
    Protecting children from Internet pornographers and child 
exploitation rings is not a partisan issue. Both Democrats and 
Republicans alike would agree, as demonstrated by the bipartisan 
efforts to draft H.R. 1981, that something must be done to ensure that 
our system of protecting our children against Internet predators is a 
strong and effective tool. No one wants to see another child fall 
victim to an Internet savvy predator or trafficker. Attorney General 
Eric Holder has been quoted as saying that, ``certain data must be 
retained by ISPs for reasonable periods of time so that it can be 
accessible to law enforcement.'' I, and many of my colleagues I 
presume, agree wholeheartedly with the Attorney General's words.
Law Enforcement Needs:
    Yes, there needs to be a consistent data retention standard in 
place for Internet Service Providers in order to better aide law 
enforcement. However, we can not ignore the issues and questions raised 
by the idea of data retention, especially when the standard being 
proposed is so broad.
    H.R. 1981 proposes a retention period of 18 months, a number based 
on an antiquated FCC regulation that governs tolled telephone records. 
This amount of retention time may be unduly burdensome on some ISP's, 
especially those smaller regional entities. It may also lead to other 
issues which this bill does not address, such as privacy concerns, 
storage requirements, and the possibility of outsourcing of data 
storage to foreign entities.
    Although current law requires ISP's to retain records at the 
request of law enforcement for at least 90 days, the current industry-
wide norms go farther. According to the National Cable and 
Telecommunication Association, the industry norm for data retention is 
6-months. In a spirit of cooperation and an effort to aide law 
enforcement, they would be willing to increase their data retention 
standard to one-year. Though there are industry norms, there is still a 
lot of inconsistency amongst ISPs regarding their data retention 
practices. For instance, AOL stores data for 7 days, which Comcast 
stores data for 2 years. It is imperative that a consistent industry 
standard be implemented, either by the industry itself or by Congress, 
that takes into account the aforementioned concerns.
Storage is Costly:
    In the past, there have been legislative proposals that would 
require ISPs to retain data for all of their customers for at least 2 
years--an amount of time thought to be excessive. H.R. 1981 proposes an 
108-month retention period. While the idea of an 18-month data 
retention requirement may help to solve the problem for law enforcement 
if organized properly, it may also trigger some other problems to arise 
as well, especially for the ISPs.
    Storage of such voluminous amounts of information can be extremely 
costly. Moreover, organization of so many terabytes of data so that it 
can be effectively utilized can also be very costly. For a large 
national ISP, absorbing these costs may not be too difficult, although 
I'd assume such costs would be trickled down to consumers, resulting in 
higher rates experienced by end users. However, for smaller ISPs, those 
who are regional, local or minority owned, such costs could impose 
hardships on their ability to compete. Furthermore, these smaller ISP's 
may be forced to outsource the data retention practices to a third 
party, which raises another concern about the protection and privacy of 
such information.
Privacy Concerns:
    To be sure, the data retained by ISPs would contain some rather 
personal information of their customers. The Internet is a huge part of 
most people's lives, and majority of Internet users are law abiding 
citizens who are using the Internet in lawful ways. Storing a history 
of people's day-to-day online activity could certainly impose upon a 
person's right to privacy. Therefore, if we are to impose a data 
retention requirement on ISPs, we must consider the privacy concerns of 
users, and furthermore, how the information will be secured and 
protected.
    Unfortunately, H.R. 1981 does not address this issue, and relies on 
standards already in place at the industry level. While the industry 
may have standards in place to govern privacy concerns, I am hesitant 
to support legislation which requires the retention of such private and 
personal information without putting necessary privacy safeguards in 
place.
    We should be concerned about who would be handling this information 
and who would have access to it--both internally at ISPs and within law 
enforcement agencies and child Internet crime task forces and 
organizations. Also, we should be considering who would be liable for 
the privacy invasion and violation if there is ever a breach of 
security, or if data bases of retained information are hacked.
    Lastly, we should be concerned about where the information is 
retained--will it be retained physically on a server? Virtually in a 
cloud? What happens if an ISP decides to outsource the retention 
services to a third party, or even more concerning, a foreign entity. 
These are all concerns that I believe legislation requiring the 
retention of personal information should address.
    Despite the fact that many of these issues were raised in the 
January hearing held on this subject, there was still a failure to 
address them in this legislative proposal. It is imperative that we 
come to a solution that balances the needs of the law enforcement 
community and the privacy rights of consumers. As Chairwoman of the 
Congressional Children's caucus, and a member representing the border 
state of Texas where child sex trafficking and exploitation is rampant, 
I firmly believe that something must be done to aide law enforcement 
efforts in combating these crimes. However, it must be done 
responsibly.
    I look forward to working with my colleagues on both sides of the 
aisle to find an effective and efficient solution that will ensure the 
safety of children as the use the Internet, and that will effectively 
help law enforcement prevent the trafficking of child pornography. We 
can not afford to allow more children to become victims.
    Again, I would like to thank the Chairman and Ranking Member for 
holding this hearing, and thank the witnesses for their testimony.






                                 
