There is a CNet article: Congress targets social-networking sites, that lays out a current discussion on Congress wanting to push the requirement of websites retaining user data for 1-2 years. This is similar to what is required now for ISPs.

The article mentions that this could be as little as retaining the IP address for each user - which seems absurd, since users will likely be coming from many IP addresses (dynamic IPs, laptops, cafes, etc.), and go so far as storing identity, messages, websites visited, and any info available.

What constitutes a “social networking site”? Would a blog be required to track comments, visits to the blog and link that to the IP address? What happens to blogs that are up and gone in 6 months?

And these suggestions come under the guise of national security, but also protecting minors, and copyrighted material.

These are some very frightening prospects.