http://www.techdirt.com/articles/20110707/04402514995/congress-tries-to-hide-massive-data-retention-law-pretending-its-anti-child-porn-law.shtmlThe bill actually has very little to do with stopping child pornographers, but a lot to do with requiring online service providers to retain certain information (mainly IP addresses) on users for 18 months. Of course, as Chris Soghoian points out, the bill exempts WiFi providers, so it's woefully ineffective at stopping child porn, since anyone who wanted to do that just needs to go to Starbucks.
But, for legitimate service providers, there are serious costs. On top of that, there are significant privacy issues -- and this is at the same time that we keep hearing about data leaks. You want to encourage more data leaks? Require companies hold onto data much longer than they need to do so. The really pernicious part in all of this is that it's really just a way for law enforcement to do an end run around the 4th Amendment. Julian Sanchez explains how this works:
Thanks to an unwise Supreme Court decision dating from the 70s, information about your private activites loses its Fourth Amendment protection when its held by a “third party” corporation, like a phone company or Internet provider. As many legal scholars have noted, however, this allows constitutional privacy safeguards to be circumvented via a clever two-step process. Step one: The government forces private businesses (ideally the kind a citizen in the modern world can’t easily avoid dealing with) to collect and store certain kinds of information about everyone—anyone might turn out to be a criminal, after all. No Fourth Amendment issue there, because it’s not the government gathering it! Step two: The government gets a subpoena or court order to obtain that information, quite possibly without your knowledge. No Fourth Amendment problem here either, according to the Supreme Court, because now they’re just getting a corporation’s business records, not your private records. It makes no difference that they’re only keeping those records because the government said they had to.
Current law already allows law enforcement to require retention of data about specific suspects—including e-mails and other information as well as IP addresses—to ensure that evidence isn’t erased while they build up enough evidence for a court order. But why spearfish when you can lower a dragnet? Blanket data requirements ensure easy access to a year-and-a-half snapshot of the online activities of millions of Americans—every one a potential criminal.