He argues that the data requiring opt-in measures defined by the bill in its current form could include not just names and addresses but also IP addresses and "cookie" files that sites download to a user's browser to note his or her path on the Web.
The trick is typically used for stealing a user's cookies--identifying files stored by his or her browser--or creating fraudulent, data-stealing entry fields on a Web site.