[Congressional Record Volume 159, Number 40 (Tuesday, March 19, 2013)]
[Senate]
[Pages S1951-S1955]
STATEMENTS ON INTRODUCED BILLS AND JOINT RESOLUTIONS
By Mr. LEAHY (for himself and Mr. Lee):
S. 607. A bill to improve the provisions relating to the privacy of
electronic communications; to the Committee on the Judiciary.
Mr. LEAHY. Mr. President, today I am pleased to introduce the
Electronic Communications Privacy Act Amendments Act of 2013--a bill to
strengthen the privacy protections for email and other electronic
communications. Last year, the Judiciary Committee favorably reported
substantially similar legislation with strong bipartisan support. I
thank Republican Senator Mike Lee for cosponsoring this important
privacy bill. Senator Lee and I understand that protecting Americans'
privacy rights is something that is important to all Americans,
regardless of political party or ideology. I hope that all Senators
will support this bill and that
[[Page S1952]]
the Senate will pass this privacy legislation this year.
Like many Americans, I am concerned about growing and unwelcome
intrusions into our private lives in cyberspace. I also understand that
we must update our digital privacy laws to keep pace with these threats
and the rapid advances in technology.
When I led the effort to write ECPA 27 years ago, email was a
novelty. No one could have imagined the way the Internet and mobile
technologies would transform how we communicate and exchange
information today. Three decades later, we must update this law to
reflect the realities of our time, so that our Federal privacy laws
keep pace with American innovation and the changing mission of our law
enforcement agencies.
My bill takes several important steps to improve Americans' digital
privacy rights, while also promoting new technologies, like cloud
computing, and accommodating the legitimate needs of law enforcement.
First, the bill requires that the government obtain a search warrant
based on probable cause to obtain the content of Americans' email and
other electronic communications, when those communications are
requested from a third-party service provider. There are balanced
exceptions to the warrant requirement to address emergency
circumstances and to protect national security under current law.
Second, the bill requires that the government promptly notify any
individual whose email content has been accessed via a third-party
service provider, and provide that individual with a copy of the search
warrant and other details about the information obtained. The bill
permits the government to seek a court order temporarily delaying such
notice in order to protect the integrity of ongoing government
investigations. In addition, the bill permits the government to ask a
court to temporarily preclude a service provider from notifying a
customer about the disclosure.
The bill contains several important provisions to ensure that the
reforms to ECPA do not hinder law enforcement. The bill adds a new
notice requirement to the law that requires service providers to notify
the government of their intent to inform a customer about a disclosure
of electronic communications information at least three business days
before giving such notice. Furthermore, to help law enforcement
investigate and prosecute corporate wrongdoing, the bill adds civil
discovery subpoenas to the existing tools that the government may use
to obtain non-content information under ECPA.
In addition, the bill makes clear that the government may also
continue to use administrative, civil discovery and grand jury subpoena
to obtain corporate email and other electronic communications directly
from a corporate entity, when those communications are contained on an
internal email system. Lastly, the bill also provides that the search
warrant requirement in the bill does not apply to other Federal
criminal or national security laws, including Title III of the Omnibus
Crime Control and Safe Streets Act of 1986, commonly known as the
Wiretap Act, and the Foreign Intelligence Surveillance Act of 1978, 50
U.S.C. Sec. 1801, et seq., commonly known as FISA.
Since I first put forward proposals to update ECPA in early 2011, I
have worked to make sure that these updates carefully balance privacy
interests, the needs of law enforcement and the interests of our
thriving American tech sector. During the past 2 years, I have
consulted with many stakeholders from the Federal, state and local law
enforcement communities, including--the Department of Justice, the
Federal Trade Commission, the Securities and Exchange Commission, the
International Association of Chiefs of Police, the Federal Law
Enforcement Officers Association, the Association of State Criminal
Investigative Agencies, and the National Sheriffs Association. I have
also consulted closely with many leaders in the privacy, civil
liberties, civil rights and technology communities who support these
reforms.
The 113th Congress has an important opportunity to address the
digital privacy challenges that Americans face today. We should do so
by enacting the commonsense privacy reforms contained in this bill.
When the Senate Judiciary Committee favorably reported the Electronic
Communications Privacy Act on September 19, 1986, it did so with the
unanimous support of all Democratic and Republican Senators. At the
time, the Committee recognized that protecting Americans' privacy
rights should not be a partisan issue.
In that bipartisan spirit, I am pleased to join with Senator Lee in
urging the Congress to enact these important privacy reforms without
delay. Senator Lee and I are joined in this effort by a broad coalition
of more than 50 privacy, civil liberties, civil rights and tech
industry leaders from across the political spectrum that have also
endorsed the ECPA reform effort. I thank the Digital Due Process
Coalition, the Digital 4th Coalition and the many other individuals and
organizations that have advocated for ECPA reform for their support. I
hope that all Members of the Senate will follow their example, so that
we can enact this digital privacy bill with strong, bipartisan support.
Mr. President, I ask unanimous consent that the text of the bill be
printed in the Record.
There being no objection, the text of the bill was ordered to be
printed in the Record, as follows:
S. 607
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Electronic Communications
Privacy Act Amendments Act of 2013''.
SEC. 2. CONFIDENTIALITY OF ELECTRONIC COMMUNICATIONS.
Section 2702(a)(3) of title 18, United States Code, is
amended to read as follows:
``(3) a provider of remote computing service or electronic
communication service to the public shall not knowingly
divulge to any governmental entity the contents of any
communication described in section 2703(a), or any record or
other information pertaining to a subscriber or customer of
such service.''.
SEC. 3. ELIMINATION OF 180-DAY RULE; SEARCH WARRANT
REQUIREMENT; REQUIRED DISCLOSURE OF CUSTOMER
RECORDS.
(a) In General.--Section 2703 of title 18, United States
Code, is amended--
(1) by striking subsections (a), (b), and (c) and inserting
the following:
``(a) Contents of Wire or Electronic Communications.--A
governmental entity may require the disclosure by a provider
of electronic communication service or remote computing
service of the contents of a wire or electronic communication
that is in electronic storage with or otherwise stored, held,
or maintained by the provider only if the governmental entity
obtains a warrant issued using the procedures described in
the Federal Rules of Criminal Procedure (or, in the case of a
State court, issued using State warrant procedures) that is
issued by a court of competent jurisdiction directing the
disclosure.
``(b) Notice.--Except as provided in section 2705, not
later than 10 business days in the case of a law enforcement
agency, or not later than 3 business days in the case of any
other governmental entity, after a governmental entity
receives the contents of a wire or electronic communication
of a subscriber or customer from a provider of electronic
communication service or remote computing service under
subsection (a), the governmental entity shall serve upon, or
deliver to by registered or first-class mail, electronic
mail, or other means reasonably calculated to be effective,
as specified by the court issuing the warrant, the subscriber
or customer--
``(1) a copy of the warrant; and
``(2) a notice that includes the information referred to in
clauses (i) and (ii) of section 2705(a)(4)(B).
``(c) Records Concerning Electronic Communication Service
or Remote Computing Service.--
``(1) In general.--Subject to paragraph (2), a governmental
entity may require a provider of electronic communication
service or remote computing service to disclose a record or
other information pertaining to a subscriber or customer of
the provider or service (not including the contents of
communications), only if the governmental entity--
``(A) obtains a warrant issued using the procedures
described in the Federal Rules of Criminal Procedure (or, in
the case of a State court, issued using State warrant
procedures) that is issued by a court of competent
jurisdiction directing the disclosure;
``(B) obtains a court order directing the disclosure under
subsection (d);
``(C) has the consent of the subscriber or customer to the
disclosure; or
``(D) submits a formal written request relevant to a law
enforcement investigation concerning telemarketing fraud for
the name, address, and place of business of a subscriber or
customer of the provider or service that is engaged in
telemarketing (as defined in section 2325).
[[Page S1953]]
``(2) Information to be disclosed.--A provider of
electronic communication service or remote computing service
shall, in response to an administrative subpoena authorized
by Federal or State statute, a grand jury, trial, or civil
discovery subpoena, or any means authorized under paragraph
(1), disclose to a governmental entity the--
``(A) name;
``(B) address;
``(C) local and long distance telephone connection records,
or records of session times and durations;
``(D) length of service (including start date) and types of
service used;
``(E) telephone or instrument number or other subscriber
number or identity, including any temporarily assigned
network address; and
``(F) means and source of payment for such service
(including any credit card or bank account number), of a
subscriber or customer of such service.
``(3) Notice not required.--A governmental entity that
receives records or information under this subsection is not
required to provide notice to a subscriber or customer.'';
and
(2) by adding at the end the following:
``(h) Rule of Construction.--Nothing in this section or in
section 2702 shall be construed to limit the authority of a
governmental entity to use an administrative subpoena
authorized under a Federal or State statute or to use a
Federal or State grand jury, trial, or civil discovery
subpoena to--
``(1) require an originator, addressee, or intended
recipient of an electronic communication to disclose the
contents of the electronic communication to the governmental
entity; or
``(2) require an entity that provides electronic
communication services to the officers, directors, employees,
or agents of the entity (for the purpose of carrying out
their duties) to disclose the contents of an electronic
communication to or from an officer, director, employee, or
agent of the entity to a governmental entity, if the
electronic communication is held, stored, or maintained on an
electronic communications system owned or operated by the
entity.''.
(b) Technical and Conforming Amendments.--Section 2703(d)
of title 18, United States Code, is amended--
(1) by striking ``A court order for disclosure under
subsection (b) or (c)'' and inserting ``A court order for
disclosure under subsection (c)''; and
(2) by striking ``the contents of a wire or electronic
communication, or''.
SEC. 4. DELAYED NOTICE.
Section 2705 of title 18, United States Code, is amended to
read as follows:
``SEC. 2705. DELAYED NOTICE.
``(a) Delay of Notification.--
``(1) In general.--A governmental entity that is seeking a
warrant under section 2703(a) may include in the application
for the warrant a request for an order delaying the
notification required under section 2703(b) for a period of
not more than 180 days in the case of a law enforcement
agency, or not more than 90 days in the case of any other
governmental entity.
``(2) Determination.--A court shall grant a request for
delayed notification made under paragraph (1) if the court
determines that there is reason to believe that notification
of the existence of the warrant may result in--
``(A) endangering the life or physical safety of an
individual;
``(B) flight from prosecution;
``(C) destruction of or tampering with evidence;
``(D) intimidation of potential witnesses; or
``(E) otherwise seriously jeopardizing an investigation or
unduly delaying a trial.
``(3) Extension.--Upon request by a governmental entity, a
court may grant 1 or more extensions of the delay of
notification granted under paragraph (2) of not more than 180
days in the case of a law enforcement agency, or not more
than 90 days in the case of any other governmental entity.
``(4) Expiration of the delay of notification.--Upon
expiration of the period of delay of notification under
paragraph (2) or (3), the governmental entity shall serve
upon, or deliver to by registered or first-class mail,
electronic mail, or other means reasonably calculated to be
effective as specified by the court approving the search
warrant, the customer or subscriber--
``(A) a copy of the warrant; and
``(B) notice that informs the customer or subscriber--
``(i) of the nature of the law enforcement inquiry with
reasonable specificity;
``(ii) that information maintained for the customer or
subscriber by the provider of electronic communication
service or remote computing service named in the process or
request was supplied to, or requested by, the governmental
entity;
``(iii) of the date on which the warrant was served on the
provider and the date on which the information was provided
by the provider to the governmental entity;
``(iv) that notification of the customer or subscriber was
delayed;
``(v) the identity of the court authorizing the delay; and
``(vi) of the provision of this chapter under which the
delay was authorized.
``(b) Preclusion of Notice to Subject of Governmental
Access.--
``(1) In general.--A governmental entity that is obtaining
the contents of a communication or information or records
under section 2703 may apply to a court for an order
directing a provider of electronic communication service or
remote computing service to which a warrant, order, subpoena,
or other directive under section 2703 is directed not to
notify any other person of the existence of the warrant,
order, subpoena, or other directive for a period of not more
than 180 days in the case of a law enforcement agency, or not
more than 90 days in the case of any other governmental
entity.
``(2) Determination.--A court shall grant a request for an
order made under paragraph (1) if the court determines that
there is reason to believe that notification of the existence
of the warrant, order, subpoena, or other directive may
result in--
``(A) endangering the life or physical safety of an
individual;
``(B) flight from prosecution;
``(C) destruction of or tampering with evidence;
``(D) intimidation of potential witnesses; or
``(E) otherwise seriously jeopardizing an investigation or
unduly delaying a trial.
``(3) Extension.--Upon request by a governmental entity, a
court may grant 1 or more extensions of an order granted
under paragraph (2) of not more than 180 days in the case of
a law enforcement agency, or not more than 90 days in the
case of any other governmental entity.
``(4) Prior notice to law enforcement.--Upon expiration of
the period of delay of notice under this section, and not
later than 3 business days before providing notice to a
customer or subscriber, a provider of electronic
communication service or remote computing service shall
notify the governmental entity that obtained the contents of
a communication or information or records under section 2703
of the intent of the provider of electronic communication
service or remote computing service to notify the customer or
subscriber of the existence of the warrant, order, or
subpoena seeking that information.
``(c) Definition.--In this section and section 2703, the
term `law enforcement agency' means an agency of the United
States, a State, or a political subdivision of a State,
authorized by law or by a government agency to engage in or
supervise the prevention, detection, investigation, or
prosecution of any violation of criminal law, or any other
Federal or State agency conducting a criminal
investigation.''.
SEC. 5. RULE OF CONSTRUCTION.
Nothing in this Act or an amendment made by this Act shall
be construed to apply the warrant requirement for contents of
a wire or electronic communication authorized under this Act
or an amendment made by this Act to any other section of
title 18, United States Code (including chapter 119 of such
title (commonly known as the ``Wiretap Act'')), the Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et
seq.), or any other provision of Federal law.
______
