But cloud is great, right? They told me cloud is great!
Yes, cloud is great as a convenience for you.
It is also great as a convenience for NSA and other agencies. The text of the bill allows that anything that was encrypted can be kept indefinitely. If your web site says HTTPS then it is fair game for permanent governmental storage.
Also, they can retain it forever for a number of reasons:
From the bill now on its way to the President's desk: "(3)(B) A covered communication shall not be retained in excess of 5 years unless ... (ii) the communication is reasonably believed to constitute evidence of a crime ... (iii) the communication is enciphered or reasonably believed to have a secret meaning; (iv) all parties to the communication are reasonably believed to be non-United States persons;"
#2 should be troubling. Does your communication (which is not limited to just email, but also includes web pages and any other data) have any evidence of a crime? Evidence that you downloaded a movie or software from a warez site, or looked at porn as a minor, or violated any of the policy-made-crimes that even the federal government has declared they are not countable? With an estimate of over 300,000 'regulations-turned-crime', plus laws that incorporate foreign laws (the Lacey Act's criminalization of anything done "in violation of State or foreign law"), pretty much anything you do probably violates some law somewhere in the world. Better preserve it just in case somebody eventually wants to prosecute you for that crime someday.
#3 refers back to a vague definition of "enciphered" that does not just mean encryption. The "secret meaning" could be as simple as data inside a protocol, Who is to say that the seemingly random bytes "d6 0d 9a 5f 26 71 dd a7 04 31..." used as part of a data stream are really not an encrypted message? Better record it just in case.
And of course #4, the law has a careful wording about communications between "non-United States persons". Considering the "internet of things", all those devices talking to other devices are not communications between United States persons. It was your camera (a non-United States person) communicating with a data warehouse (a non-United States person), so better exempt that from the 5-year retention policy as well.