Under the Electronic Communications Privacy Act of 1986, ISPs based in the United States are already required to retain data affixed to an IP address for at least 90 days — upon the request of law enforcement.

However, the so-called  SAFETY Act of 2009 would, inter alia, require any, “provider of an electronic communication service or remote computing service” to “retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user.”

If enacted, Internet cafes, ISPs, hotels, universities, and employers would be required to keep logs of all data associated with IP addresses assigned individual users – from e-mail logins to search queries to visited Web sites.

Further reading: