Calls for a new data retention policy are not new. In the past, numerous others, including FBI director Robert Mueller and former attorney general Alberto Gonzalez, have also urged Congress to consider similar legislation.

It's unclear yet if Tuesday's House hearing is a sign that a data retention bill is imminent, said John Morris, the general counsel for the Center for Democracy and Technology, a Washington D.C.-based think-tank.

Also unclear is whether it is only ISPs that will be required to retain data, or whether services such as e-mail providers might be included, said Morris, who also testified at the hearing. A similar question mark hangs over what data exactly it is that ISPs and potentially others will be required to retain, Morris said.

In the best-case scenario, a data retention bill will only require ISPs to track and store Internet Protocol (IP) address allocation data to help law enforcement better link Internet use to specific users, he said. In the worst-case scenario, it could require ISPs and all sorts of online service providers to store and track everything from IP addresses to source data involving e-mail, instant messaging (IM), social media interactions and Web sites visited, he said.

Regardless of the scope, mandatory data retention laws raise important privacy and free speech concerns, he said. "In the privacy realm, the bottom line is that law enforcement is talking about having a massive amount of information on 230 million presumably innocent Americans using the Internet, being tracked and retained," he said.