Online Privacy is a Function of ISP log files. If anyone pays attention to how the Internet is actually constructed, they know several providers maintain clouds that many websites use for global connectivity. A cloud can layer IPs so as to translate many ISP DHCP assigned addresses to one address, and tunnel them to their common destination.
At the destination router, the packets are translated back to ipv4 IPs unique to the region.
Clouds by nature hold 'some' data for a very long time, so 'mining the cloud' might turn up clues or evidence. But it's random chance dictated by the age of the information sought.
But there are some sticky points. Electronic network communication is not easily admissible as evidence, for reasons similar to parking tickets being legally attached to a certain vehicle, not the driver!
The driver is revealed only if the citation is contested, or the fine is paid by check, credit card, etc. But most computer users place themselves by admission, behind the keyboard long before law-enforcement bluntly poses the question. Unless a certain individual can be placed behind a certain keyboard at a certain time, there's no case.
But even if evidence is found, it can be linked to a location, and possibly an identity, only before the ISP log file containing the identity of the user of that IP, on a certain date, at a certain time of day, rotates off into oblivion.
ISPs don't want to use resources to identify users, because they don't get anything out of it. It's a cost of doing business that all ISPs want to minimize. So, unless there's a court order, the ISP won't reveal customers' identities.
Time Warner challenges such court orders, just to discourage their use. Federal law-enforcement can monitor traffic at the ISP level, but generally they don't retrospect.
However, most law-enforcement do not capture full-content packets. It's difficult to obtain a warrant to monitor outgoing content, but incoming traffic is fair game, because it lies completely outside the domain of privacy--that is, it both originates and is captured outside the sovereignty of the walls of a man's domicile.
Law-enforcement is generally not concerned with packet content, but only traffic analysis. Every laptop is unique. Every network adapter is unique, and the identity of the NIC is included in most network packets!.
A laptop can be tracked around the world, and all of its communication can be mapped. If law-enforcement secures probable cause, they just seize the laptop, and sometimes the person in possession of it, and copy the hard drive on the spot.
If they're not going to keep the owner, he gets his computer back. If anything suspicious or incriminating is found, then the guy is busted.
Finally, governments are not much concerned by phishing, malware, online fraud, spam, port-scanning or cracking, because private enterprise enforces measures to prevent those.
Except in the most egregious and chronic violators, online fraud is controlled by private security. The FBI once advertised for high-paying computer job, using a pseudo-shady corporate front.
They were after 2 very wary Russian crackers. They fell for it, accepted air-fare and hotel, and when they arrived they were met by federal agents. The agents posed as racketeers in organized online crime, and proceeded to interview the Russian crackers.
The more they gave reverence to the crackers, the more the crackers bragged about exact details. Several hours into the video-recorded "interview," arrests were made.
It is not possible to anonymously surf the web without leaving a single trace. Your mom might not be able to catch you with porn, but if you try anything illegal you're probably toast.