Data retention legislation in the US and Europe

In this morning's New York Times Victoria Shannon reports that "European governments are preparing legislation to require companies to keep detailed data about people’s Internet and phone use that goes beyond what the countries will be required to do under a European Union directive." The EU Data Retention Directive is here (PDF).

Along similar lines in the United States, Rep. Lamar Smith (R-Tex.) recently introduced H.R. 836837, the Internet Stopping Adults Facilitating the Exploitation of Today's Youth (SAFETY) Act. The bill would require ISPs to retain data pursuant to regulations issued by the Attorney General. (Currently there is no general federal data retention requirement for ISPs.)

UPDATE: The original post linked to H.R. 836, which was the wrong bill. The SAFETY Act is H.R. 837. But H.R. 836, the Cyber-Security Enhancement and Consumer Data Protection Act of 2007, also introduced by Rep. Lamar Smith, is interesting in its own right. This bill would amend the Computer Fraud & Abuse Act (CFAA), 18 U.S.C. 1030. A potentially significant amendment would be the effective elimination of the damage requirement in the CFAA. Currently, for computers other than government computers, a person must cause at least $5000 in damage in a one-year period to violate the CFAA. H.R. 836 would create an offense for any amount of damage to 10 or more computers in a one-year period.