Investigators are faced with many problems when trying to find people responsible for child pornography. Internet service providers only retain user data for a short period of time and this is a fundamental part of prosecuting almost every time of crime.
In Europe ISPs hang onto logs for a minimum of a six month period, up to two years. These logs, as you would expect are huge databases that grow quickly over time. The longer they are held, the bigger they get.
Jason Weinstein, of the Department of Justice put a case to the House Judiciary Committee as an example: In a 2006 hearing before another committee in this House, an agent of the Wyoming Division of Criminal Investigation gave a heart-wrenching example of the harm that a lack of data retention can cause. He described how an undercover operation discovered a movie, depicting the rape of a two-year-old child that was being traded on a peer-to-peer file sharing network. Investigators were able to determine that the movie had first been traded four months earlier. So, investigators promptly sent a subpoena to the ISP that had first transmitted the video, asking for the name and address of the customer who had sent the video. The ISP reported that it didn’t have the records. Despite considerable effort, the child was not rescued and the criminals involved were not apprehended.
John Douglas of the International Association of Chiefs of Police had another example of how important data can be to a investigation.
On July 26, 2006, 22 year old Tori Vienneau and her 10 month infant son, Dean were murdered in their 2 bedroom apartment in San Diego. Tori was found strangled in her living room and baby Dean was found strangled and hung from his crib in one of the adjoining bedrooms. This horrifying crime scene triggered an exhaustive 18 month investigation.
The case was ultimately solved exclusively by the circumstantial evidence, including cell text message content and cell tower data from Verizon Wireless. The defendant denied any involvement in the killings and provided an intricate and extensive alibi.
Investigators focused their attention on Dennis Potts almost immediately because he was rumored to have had dinner plans with Tori on the night of her murder. Mr. Potts denied these rumors of dinner plans and the victim’s cell phone was examined for any text messages between the two of them supporting/refuting such rumors. In a most interesting twist, all incoming and outgoing text messages prior to 6:30 pm on the night of the killings had been deleted. The victim’s cell phone provider was contacted, but the text message content was not stored by the cell provider and therefore could not be recovered that way. Over the ensuing months, the victim’s phone was subjected to extensive forensic analysis in the hopes of recovering some of these messages.
The defendant’s cell phone carrier (Verizon Wireless) was also contacted and investigators were told incoming text message content (victim to defendant texts only) was preserved only for 3-5 days. In a stroke of good luck, this incoming data still existed and was preserved. It later proved to be pivotal in proving the defendant’s guilt. The text message content proved not only that the defendant lied to investigators and that the two did, in fact, have plans to meet that evening, but also that the defendant was checking to see if the victim and her son were alone in the apartment.
Verizon also provided the cell tower data for the defendant’s phone. This data, coupled with some additional testing, showed that the defendant’s alibi was false and he was not where he said he was. Furthermore, at the time of the killings, his cell phone “pinged” off of a cell tower only 500 yards from the victim’s apartment. This became the single most important piece of evidence linking the defendant to the killings and to his ultimate conviction in September, 2009.
US ISP's and phone companies don't seem to be opening their arms to possible new retention rules. They say that they already cooperate fully with authorities and that the police can ask at any time for a user's data to be preserved. They would rather have an individual user scheme that to store terrabytes of log files on everyone.
KitGuru says: Should the US start imposing rules on retaining data for longer periods of time?