WASHINGTON — At Murky, a bustling coffee shop around the corner from the U.S. Capitol, Flint Waters booted up his laptop and connected to the Internet from the cafe's free wireless system.
Using a data-mining program, he quickly connected to 165 people from at least five countries who were online to trade videos and photos showing the violent sexual abuse of infants and toddlers.
Waters, a Wyoming State Police agent, runs publicly available software to locate child-pornography traders. Subject lines of Internet conversations boast of fathers sodomizing infant sons. Repulsive as it is, that's perhaps the tamest of the headings.
If Waters were trading child pornography — instead of being an Internet sleuth — he'd be virtually impossible to trace. Internet service providers aren't required to retain data that could help police, and the explosion of free wireless hot spots provides unparalleled anonymity for traders of child porn.
"It's definitely a challenge," said Waters, who's investigating pedophiles who are using free wireless connections in national hotel chains and college campuses or are hacking into the home wireless routers of unsuspecting neighbors.
In less than a decade, the growth in Internet use has changed how Americans buy music, get news, shop and make phone calls. And it's changing the landscape for illicit trade in child pornography.
The spread of wireless connections also underscores the complex, fast-changing world of computer technology, where law enforcement struggles to keep pace and today's solution can become outdated tomorrow.
For more than a year, Congress has debated whether to require Internet providers — companies such as AOL, Comcast, Verizon and smaller companies with free wi-fi hot spots such as Murky — to store some user data for a set amount of time in order to aid law enforcement. The Bush administration suggests six months.
Every time you log on to the Internet, the service provider assigns an Internet protocol address to the connection. If you log on through a paid provider at home, such as AOL or Verizon, you generally have an established IP address. Some Internet providers keep IP address records for a few days, others for weeks and some for a few months.
But if you take a laptop to a free wireless hot spot that doesn't have any log-in requirements, the IP address is assigned to that establishment's wireless router. That makes it much harder for law enforcement to find out who was logged on to an illicit Web site or transferring illicit files at a given time from a given place.
"You are talking about a proliferation of access (nationwide) ... when you allow more access you obviously allow more criminals to have access if they're engaging in criminal activity," said Mark Barnett, a consultant for CDW Corp. in Vernon Hills, Ill., which helps companies create wireless networks.
Even if Internet companies were forced to retain IP addresses for fixed periods, the explosion of free wireless hot spots everywhere from airport lounges to municipalities and universities would make sifting through the data a daunting task.
The Florida city of St. Cloud, an Orlando bedroom community, offers wireless connections to about 30,000 residents in area that spans 15 square miles. The city has a onetime user registration, which could help police identify suspects. But it balked on retaining data on IP addresses.
"We're not tracking anything," said Howard DeYoung, the city's information chief. "We didn't want the local residents here to get the idea that Big Brother is watching or anything like that. Our free wireless is unrestricted."
The University of Minnesota requires registration to use its wireless network, but it retains IP addresses for only two months and isn't keen to store information longer.
"We have 45,000 network connections on campus and about 1,200 wireless hot spots ... you can imagine data flows across our border to the Internet," said Steve Cawley, the chief information officer for the university system. "It would be an onerous effort to maintain two years of data."
Law enforcement sees data retention as vital, and thinks that the current process — asking Internet providers for months-old information it rarely has — is flawed.
"In any Internet-based investigation, we need to understand who is at the computer when a crime is committed. We go through all the legal process, many hours, only to get a return back saying, 'I'm sorry, we don't have records for that,' " said Capt. Thomas Kerle, the head of the Internet Crimes Against Children division of the Massachusetts State Police. "Cases that could be made aren't being made."
Internet child pornography is more than an isolated, small-scale problem.
Over the past 34 months, Waters and fellow investigators nationwide have been offered for sale or for sharing more than 13.7 million "unique" downloads — videos or photographs depicting child-sex abuse — while working "undercover" operations on the Internet.
These downloads represent, according to national law-enforcement estimates, about 4 million IP addresses and more than 1 million individuals offering or receiving these images.
"It's just a drop in the bucket in terms of the number of (child pornography) files that are out there," said Michelle Collins, the director of the exploited-child unit of the National Center for Missing and Exploited Children in Alexandria, Va. "The problem will continue to grow as more and more people go into high-speed connections" and as wireless hot spots spread.
Most of the "unique images" aren't of teenage Lolitas. They mostly involve kids younger than 8, and the trend is toward 3 and younger.
"These kids are pre-verbal, meaning they're not going to be able to tell somebody what happened to them," said Ernie Allen, the center's president.
Against that grim backdrop is this dilemma: How much leeway should law enforcement have to search Internet data? Waters and fellow lawmen say they don't want e-mail records or content, simply stored IP-address data.
But privacy advocates see data retention as a slippery slope, pointing to the Bush administration's controversial surveillance of e-mails and phone calls without warrants. Many Democrats oppose any legislation that would give Attorney General Alberto Gonzales and the Justice Department new powers that could intrude on privacy.
"Legislation like this is like swatting a fly with a bazooka. Such sweeping measures do little to stop online crime," Marvin Johnson, the American Civil Liberties Union's legislative counsel in Washington, said in a statement. "There is no limit to the amount of information Attorney General Gonzales can require ISPs" — Internet service providers — "to keep, from instant messages to private e-mails to Web searches, and he can require that they be kept forever."
Internet providers oppose mandatory data retention because of its costs.
"You can't simply slop a billion dollars of additional costs onto our industry to make it convenient for law enforcement in case someday they might want to look at it," said David McClure, the president and chief executive officer of the U.S. Internet Industry Association.
Data retention also raises questions of who's liable when the security of stored data has been breached.
"Everyone wants to protect the children, and yet there are other big questions," said Janine Hiller, a business law professor at Virginia Tech University in Blacksburg, Va., and the author of a book on Internet law.
Perhaps the biggest challenge to data retention is what it means in a world that's going wireless. Today, even fee-based wireless connections, such as those offered by the ubiquitous Starbucks cafes, provide anonymity.
A case in point: A McClatchy Newspapers reporter paid cash for a $10 "day pass" sold by T-mobile, which operates the wireless service at Starbucks stores nationwide.
Using the PIN number on the pass, which required no identification to purchase, the reporter went to a Starbucks around the corner from the White House and established an account as Raul Castro, the name of Fidel Castro's brother.
When prompted for an e-mail address, a nonexistent one was given, and the reporter was able to surf the Internet freely and anonymously.
Starbucks and T-mobile officials declined comment.
ON THE WEB
More information about the problem of child pornography and how to combat it.
More information about electronic privacy issues.