Laws requiring data retention ill-advised

I'm not a fan of laws that require entities such as ISP's to retain data about its customers so law enforcement can get to it.  To me, that flies in the face of privacy principles that say one should only retain personal information (both quantity and duration) to the extent it is required to fulfil the purpose of the services being offered. I'm not convinced that the benefit to law enforcement outweighs the negative aspects of this - which range from costs to the entity retaining, the risk of abuse, and the risk of exposing it.   It is hard enough to protect the information that entities need, let alone information they don't need.  And the more information you have, the more you are a target for malfeasers trying to get at it.

Mike Masnick of Techdirt has a post worth reading on the subject.  He refers to a researcher and author who says that a current US bill, the "Protecting Children from Internet Pornographers Act"  should be called the  "Forcing Your Internet Provider to Spy On You Just In Case You're a Criminal Act of 2011".

Unfortunately, we are heading down the same path here in Canada with the proposed lawful access statute.