CLOUD Act

De JFCM
Aller à : navigation, rechercher

[Congressional Bills 115th Congress] [From the U.S. Government Publishing Office] [S. 2383 Introduced in Senate (IS)]

115th CONGRESS 2d Session S. 2383

To amend title 18, United States Code, to improve law enforcement access to data stored across borders, and for other purposes.

IN THE SENATE OF THE UNITED STATES

February 6, 2018

Mr. Hatch (for himself, Mr. Coons, Mr. Graham, and Mr. Whitehouse) introduced the following bill; which was read twice and referred to the Committee on the Judiciary

A BILL



To amend title 18, United States Code, to improve law enforcement access to data stored across borders, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,


SECTION 1. SHORT TITLE.[modifier]

This Act may be cited as the ``Clarifying Lawful Overseas Use of Data Act or the ``CLOUD Act.

SEC. 2. CONGRESSIONAL FINDINGS.[modifier]

Congress finds the following:

(1) Timely access to electronic data held by communications-service providers is an essential component of government efforts to protect public safety and combat serious crime, including terrorism.

(2) Such efforts by the United States Government are being impeded by the inability to access data stored outside the United States that is in the custody, control, or possession of communications-service providers that are subject to jurisdiction of the United States.

(3) Foreign governments also increasingly seek access to electronic data held by communications-service providers in the United States for the purpose of combating serious crime.

(4) Communications-service providers face potential conflicting legal obligations when a foreign government orders production of electronic data that United States law may prohibit providers from disclosing.

(5) Foreign law may create similarly conflicting legal obligations when chapter 121 of title 18, United States Code (commonly known as the ``Stored Communications Act), requires disclosure of electronic data that foreign law prohibits communications-service providers from disclosing.

(6) International agreements provide a mechanism for resolving these potential conflicting legal obligations where the United States and the relevant foreign government share a common commitment to the rule of law and the protection of privacy and civil liberties.

SEC. 3. PRESERVATION OF RECORDS; COMITY ANALYSIS OF LEGAL PROCESS.[modifier]

(a) Required Preservation and Disclosure of Communications and Records.--

(1) Amendment.--Chapter 121 of title 18, United States Code, is amended by adding at the end the following:

"Sec. 2713. Required preservation and disclosure of communications and records
"A provider of electronic communication service or remote computing service shall comply with the obligations of this chapter to preserve, backup, or disclose the contents of a wire or electronic communication and any record or other information pertaining to a customer or subscriber within such provider's possession, custody, or control, regardless of whether such communication, record, or other information is located within or outside of the United States..

(2) Table of sections.--The table of sections for chapter 121 of title 18, United States Code, is amended by inserting after the item relating to section 2712 the following::"2713. Required preservation and disclosure of communications and records..

(b) Comity Analysis of Legal Process Seeking Contents of Wire or Electronic Communication.--Section 2703 of title 18, United States Code, is amended by adding at the end the following:

"(h) Comity Analysis and Disclosure of Information Regarding Legal Process Seeking Contents of Wire or Electronic Communication.--
"(1) Definitions.--In this subsection--
"(A) the term `qualifying foreign government' means a foreign government--
"(i) with which the United States has an executive agreement that has entered into force under section 2523; and
"(ii) the laws of which provide to electronic communication service providers and remote computing service providers substantive and procedural opportunities similar to those provided under paragraphs (2) and (5); and
"(B) the term `United States person' has the meaning given the term in section 2523.
"(2) Motions to quash or modify.--(A) A provider of electronic communication service to the public or remote computing service, that is being required to disclose pursuant to legal process issued under this section the contents of a wire or electronic communication of a subscriber or customer, may file a motion to modify or quash the legal process where the provider reasonably believes--
"(i) that the customer or subscriber is not a United States person and does not reside in the United States; and
"(ii) that the required disclosure would create a material risk that the provider would violate the laws of a qualifying foreign government. Such a motion shall be filed not later than 14 days after the date on which the provider was served with the legal process, absent agreement with the government or permission from the court to extend the deadline based on an application made within the 14 days. The right to move to quash is without prejudice to any other grounds to move to quash or defenses thereto, but it shall be the sole basis for moving to quash on the grounds of a conflict of law related to a qualifying foreign government.
"(B) Upon receipt of a motion filed pursuant to subparagraph (A), the court shall afford the governmental entity that applied for or issued the legal process under this section the opportunity to respond. The court may modify or quash the legal process, as appropriate, only if the court finds that--
"(i) the required disclosure would cause the provider to violate the laws of a qualifying foreign government;
"(ii) based on the totality of the circumstances, the interests of justice dictate that the legal process should be modified or quashed; and
"(iii) the customer or subscriber is not a United States person and does not reside in the United States.
"(3) Comity analysis.--For purposes of making a determination under paragraph (2)(B)(ii), the court shall take into account, as appropriate--
"(A) the interests of the United States, including the investigative interests of the governmental entity seeking to require the disclosure;
"(B) the interests of the qualifying foreign government in preventing any prohibited disclosure;
"(C) the likelihood, extent, and nature of penalties to the provider or any employees of the provider as a result of inconsistent legal requirements imposed on the provider;
"(D) the location and nationality of the subscriber or customer whose communications are being sought, if known, and the nature and extent of the subscriber or customer's connection to the United States, or if the legal process has been sought on behalf of a foreign authority pursuant to section 3512, the nature and extent of the subscriber or customer's connection to the foreign authority's country;
"(E) the nature and extent of the provider's ties to and presence in the United States;
"(F) the importance to the investigation of the information required to be disclosed;
"(G) the likelihood of timely and effective access to the information required to be disclosed through means that would cause less serious negative consequences; and
"(H) if the legal process has been sought on behalf of a foreign authority pursuant to section 3512, the investigative interests of the foreign authority making the request for assistance.
"(4) Disclosure obligations during pendency of challenge.--A service provider shall preserve, but not be obligated to produce, information sought during the pendency of a motion brought under this subsection, unless the court finds that immediate production is necessary to prevent an adverse result identified in section 2705(a)(2).
"(5) Disclosure to qualifying foreign government.--(A) It shall not constitute a violation of a protective order issued under section 2705 for a provider of electronic communication service to the public or remote computing service to disclose to the entity within a qualifying foreign government, designated in an executive agreement under section 2523, the fact of the existence of legal process issued under this section seeking the contents of a wire or electronic communication of a customer or subscriber who is a national or resident of the qualifying foreign government.
"(B) Nothing in this paragraph shall be construed to modify or otherwise affect any other authority to make a motion to modify or quash a protective order issued under section 2705..

(c) Rule of Construction.--Nothing in this section, or an amendment made by this section, shall be construed to modify or otherwise affect the common law standards governing the availability or application of comity analysis to other types of compulsory process or to instances of compulsory process issued under section 2703 of title 18, United States Code, as amended by this section, and not covered under subsection

(h)(2) of such section 2703.

SEC. 4. ADDITIONAL AMENDMENTS TO CURRENT COMMUNICATIONS LAWS.[modifier]

Title 18, United States Code, is amended--

(1) in chapter 119--

(A) in section 2511(2), by adding at the end the following:

"(j) It shall not be unlawful under this chapter for a provider of electronic communication service to the public or remote computing service to intercept or disclose the contents of a wire or electronic communication in response to an order from a foreign government that is subject to an executive agreement that the Attorney General has determined and certified to Congress satisfies section 2523.; and

(B) in section 2520(d), by amending paragraph (3) to read as follows:

"(3) a good faith determination that section 2511(3), 2511(2)(i), or 2511(2)(j) of this title permitted the conduct complained of;;

(2) in chapter 121--

(A) in section 2702--

(i) in subsection (b)--

(I) in paragraph (8), by striking the period at the end and inserting ``; or; and

(II) by adding at the end the following:

"(9) to a foreign government pursuant to an order from a foreign government that is subject to an executive agreement that the Attorney General has determined and certified to Congress satisfies section 2523.; and

(ii) in subsection (c)--

(I) in paragraph (5), by striking

"or at the end;

(II) in paragraph (6), by striking the period at the end and inserting ``; or; and

(III) by adding at the end the following:

"(7) to a foreign government pursuant to an order from a foreign government that is subject to an executive agreement that the Attorney General has determined and certified to Congress satisfies section 2523.; and

(B) in section 2707(e), by amending paragraph (3) to read as follows:

"(3) a good faith determination that section 2511(3), section 2702(b)(9), or section 2702(c)(7) of this title permitted the conduct complained of;; and

(3) in chapter 206--

(A) in section 3121(a), by inserting before the period at the end the following: ``or an order from a foreign government that is subject to an executive agreement that the Attorney General has determined and certified to Congress satisfies section 2523; and

(B) in section 3124--

(i) by amending subsection (d) to read as follows:

"(d) No Cause of Action Against a Provider Disclosing Information Under This Chapter.--No cause of action shall lie in any court against any provider of a wire or electronic communication service, its officers, employees, agents, or other specified persons for providing information, facilities, or assistance in accordance with a court order under this chapter, request pursuant to section 3125 of this title, or an order from a foreign government that is subject to an executive agreement that the Attorney General has determined and certified to Congress satisfies section 2523.; and

(ii) by amending subsection (e) to read as follows:

"(e) Defense.--A good faith reliance on a court order under this chapter, a request pursuant to section 3125 of this title, a legislative authorization, a statutory authorization, or a good faith determination that the conduct complained of was permitted by an order from a foreign government that is subject to executive agreement that the Attorney General has determined and certified to Congress satisfies section 2523, is a complete defense against any civil or criminal action brought under this chapter or any other law..

SEC. 5. EXECUTIVE AGREEMENTS ON ACCESS TO DATA BY FOREIGN GOVERNMENTS.[modifier]

(a) In General.--Chapter 119 of title 18, United States Code, is amended by adding at the end the following:

"Sec. 2523. Executive agreements on access to data by foreign governments
"(a) Definitions.--In this section--
"(1) the term `lawfully admitted for permanent residence' has the meaning given the term in section 101(a) of the Immigration and Nationality Act (8 U.S.C. 1101(a)); and
"(2) the term `United States person' means a citizen or national of the United States, an alien lawfully admitted for permanent residence, an unincorporated association a substantial number of members of which are citizens of the United States or aliens lawfully admitted for permanent residence, or a corporation that is incorporated in the United States.
"(b) Executive Agreement Requirements.--For purposes of this chapter, chapter 121, and chapter 206, an executive agreement governing access by a foreign government to data subject to this chapter, chapter 121, or chapter 206 shall be considered to satisfy the requirements of this section if the Attorney General, with the concurrence of the Secretary of State, determines, and submits a written certification of such determination to Congress, that--
"(1) the domestic law of the foreign government, including the implementation of that law, affords robust substantive and procedural protections for privacy and civil liberties in light of the data collection and activities of the foreign government that will be subject to the agreement, if--
"(A) such a determination under this section takes into account, as appropriate, credible information and expert input; and
"(B) the factors to be considered in making such a determination include whether the foreign government--
"(i) has adequate substantive and procedural laws on cybercrime and electronic evidence, as demonstrated by being a party to the Convention on Cybercrime, done at Budapest November 23, 2001, and entered into force January 7, 2004, or through domestic laws that are consistent with definitions and the requirements set forth in chapters I and II of that Convention;
"(ii) demonstrates respect for the rule of law and principles of nondiscrimination;
"(iii) adheres to applicable international human rights obligations and commitments or demonstrates respect for international universal human rights, including--
"(I) protection from arbitrary and unlawful interference with privacy;
"(II) fair trial rights;
"(III) freedom of expression, association, and peaceful assembly;
"(IV) prohibitions on arbitrary arrest and detention; and
"(V) prohibitions against torture and cruel, inhuman, or degrading treatment or punishment;
"(iv) has clear legal mandates and procedures governing those entities of the foreign government that are authorized to seek data under the executive agreement, including procedures through which those authorities collect, retain, use, and share data, and effective oversight of these activities;
"(v) has sufficient mechanisms to provide accountability and appropriate transparency regarding the collection and use of electronic data by the foreign government; and
"(vi) demonstrates a commitment to promote and protect the global free flow of information and the open, distributed, and interconnected nature of the Internet;
"(2) the foreign government has adopted appropriate procedures to minimize the acquisition, retention, and dissemination of information concerning United States persons subject to the agreement; and
"(3) the agreement requires that, with respect to any order that is subject to the agreement--
"(A) the foreign government may not intentionally target a United States person or a person located in the United States, and shall adopt targeting procedures designed to meet this requirement;
"(B) the foreign government may not target a non- United States person located outside the United States if the purpose is to obtain information concerning a United States person or a person located in the United States;
"(C) the foreign government may not issue an order at the request of or to obtain information to provide to the United States Government or a third-party government, nor shall the foreign government be required to share any information produced with the United States Government or a third-party government;
"(D) an order issued by the foreign government--
"(i) shall be for the purpose of obtaining information relating to the prevention, detection, investigation, or prosecution of serious crime, including terrorism;
"(ii) shall identify a specific person, account, address, or personal device, or any other specific identifier as the object of the order;
"(iii) shall be in compliance with the domestic law of that country, and any obligation for a provider of an electronic communications service or a remote computing service to produce data shall derive solely from that law;
"(iv) shall be based on requirements for a reasonable justification based on articulable and credible facts, particularity, legality, and severity regarding the conduct under investigation;
"(v) shall be subject to review or oversight by a court, judge, magistrate, or other independent authority; and
"(vi) in the case of an order for the interception of wire or electronic communications, and any extensions thereof, shall require that the interception order--
"(I) be for a fixed, limited duration;
"(II) may not last longer than is reasonably necessary to accomplish the approved purposes of the order; and
"(III) be issued only if the same information could not reasonably be obtained by another less intrusive method;
"(E) an order issued by the foreign government may not be used to infringe freedom of speech;
"(F) the foreign government shall promptly review material collected pursuant to the agreement and store any unreviewed communications on a secure system accessible only to those persons trained in applicable procedures;
"(G) the foreign government shall, using procedures that, to the maximum extent possible, meet the definition of minimization procedures in section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801), segregate, seal, or delete, and not disseminate material found not to be information that is, or is necessary to understand or assess the importance of information that is, relevant to the prevention, detection, investigation, or prosecution of serious crime, including terrorism, or necessary to protect against a threat of death or serious bodily harm to any person;
"(H) the foreign government may not disseminate the content of a communication of a United States person to United States authorities unless the communication may be disseminated pursuant to subparagraph (G) and relates to significant harm, or the threat thereof, to the United States or United States persons, including crimes involving national security such as terrorism, significant violent crime, child exploitation, transnational organized crime, or significant financial fraud;
"(I) the foreign government shall afford reciprocal rights of data access, to include, where applicable, removing restrictions on communications service providers, including providers subject to United States jurisdiction, and thereby allow them to respond to valid legal process sought by a governmental entity (as defined in section 2711) if foreign law would otherwise prohibit communications-service providers from disclosing the data;
"(J) the foreign government shall agree to periodic review of compliance by the foreign government with the terms of the agreement to be conducted by the United States Government; and
"(K) the United States Government shall reserve the right to render the agreement inapplicable as to any order for which the United States Government concludes the agreement may not properly be invoked.
"(c) Limitation on Judicial Review.--A determination or certification made by the Attorney General under subsection (b) shall not be subject to judicial or administrative review.
"(d) Effective Date of Certification.--
"(1) Notice.--Not later than 7 days after the date on which the Attorney General certifies an executive agreement under subsection (b), the Attorney General shall provide notice of the determination under subsection (b) and a copy of the executive agreement to Congress, including--
"(A) the Committee on the Judiciary and the Committee on Foreign Relations of the Senate; and
"(B) the Committee on the Judiciary and the Committee on Foreign Affairs of the House of Representatives.
"(2) Entry into force.--An executive agreement that is determined and certified by the Attorney General to satisfy the requirements of this section shall enter into force not earlier than the date that is 90 days after the date on which notice is provided under paragraph (1), unless Congress enacts a joint resolution of disapproval in accordance with paragraph (4).
"(3) Consideration by committees.--
"(A) In general.--During the 60-day period beginning on the date on which notice is provided under paragraph (1), each congressional committee described in paragraph (1) may--
"(i) hold one or more hearings on the executive agreement; and
"(ii) submit to their respective House of Congress a report recommending whether the executive agreement should be approved or disapproved.
"(B) Requests for information.--Upon request by the Chairman or Ranking Member of a congressional committee described in paragraph (1), the head of an agency shall promptly furnish a summary of factors considered in determining that the foreign government satisfies the requirements of this section.
"(4) Congressional review.--
"(A) Joint resolution defined.--In this paragraph, the term `joint resolution' means only a joint resolution--
"(i) introduced during the 90-day period described in paragraph (2);
"(ii) which does not have a preamble;
"(iii) the title of which is as follows: `Joint resolution disapproving the executive agreement signed by the United States and __.', the blank space being appropriately filled in; and
"(iv) the matter after the resolving clause of which is as follows: `That Congress disapproves the executive agreement governing access by ___ to certain electronic data as submitted by the Attorney General on ___', the blank spaces being appropriately filled in.
"(B) Joint resolution enacted.--Notwithstanding any other provision of this section, if not later than 90 days after the date on which notice is provided to Congress under paragraph (1), there is enacted into law a joint resolution disapproving of an executive agreement under this section, the executive agreement shall not enter into force.
"(C) Introduction.--During the 90-day period described in subparagraph (B), a joint resolution of disapproval may be introduced--
"(i) in the House of Representatives, by the majority leader or the minority leader; and
"(ii) in the Senate, by the majority leader (or the majority leader's designee) or the minority leader (or the minority leader's designee).
"(5) Floor consideration in house of representatives.--If a committee of the House of Representatives to which a joint resolution of disapproval has been referred has not reported the joint resolution within 60 days after the date of referral, that committee shall be discharged from further consideration of the joint resolution.
"(6) Consideration in the senate.--
"(A) Committee referral.--A joint resolution of disapproval introduced in the Senate shall be--
"(i) referred to the Committee on the Judiciary; and
"(ii) referred to the Committee on Foreign Relations.
"(B) Reporting and discharge.--If a committee to which a joint resolution of disapproval was referred has not reported the joint resolution within 60 days after the date of referral of the joint resolution, that committee shall be discharged from further consideration of the joint resolution and the joint resolution shall be placed on the appropriate calendar.
"(C) Proceeding to consideration.--Notwithstanding rule XXII of the Standing Rules of the Senate, it is in order at any time after either the Committee on the Judiciary or the Committee on Foreign Relations, as the case may be, reports a joint resolution of disapproval to the Senate or has been discharged from consideration of such a joint resolution (even though a previous motion to the same effect has been disagreed to) to move to proceed to the consideration of the joint resolution, and all points of order against the joint resolution (and against consideration of the joint resolution) are waived. The motion is not subject to a motion to postpone. A motion to reconsider the vote by which the motion is agreed to or disagreed to shall not be in order.
"(D) Rulings of the chair on procedure.--Appeals from the decisions of the Chair relating to the application of the rules of the Senate, as the case may be, to the procedure relating to a joint resolution of disapproval shall be decided without debate.
"(E) Consideration of veto messages.--Debate in the Senate of any veto message with respect to a joint resolution of disapproval, including all debatable motions and appeals in connection with the joint resolution, shall be limited to 10 hours, to be equally divided between, and controlled by, the majority leader and the minority leader or their designees.
"(7) Rules relating to senate and house of representatives.--
"(A) Treatment of senate joint resolution in house.--In the House of Representatives, the following procedures shall apply to a joint resolution of disapproval received from the Senate (unless the House has already passed a joint resolution relating to the same proposed action):
"(i) The joint resolution shall be referred to the appropriate committees.
"(ii) If a committee to which a joint resolution has been referred has not reported the joint resolution within 7 days after the date of referral, that committee shall be discharged from further consideration of the joint resolution.
"(iii) Beginning on the third legislative day after each committee to which a joint resolution has been referred reports the joint resolution to the House or has been discharged from further consideration thereof, it shall be in order to move to proceed to consider the joint resolution in the House. All points of order against the motion are waived. Such a motion shall not be in order after the House has disposed of a motion to proceed on the joint resolution. The previous question shall be considered as ordered on the motion to its adoption without intervening motion. The motion shall not be debatable. A motion to reconsider the vote by which the motion is disposed of shall not be in order.
"(iv) The joint resolution shall be considered as read. All points of order against the joint resolution and against its consideration are waived. The previous question shall be considered as ordered on the joint resolution to final passage without intervening motion except 2 hours of debate equally divided and controlled by the sponsor of the joint resolution (or a designee) and an opponent. A motion to reconsider the vote on passage of the joint resolution shall not be in order.
"(B) Treatment of house joint resolution in senate.--
"(i) If, before the passage by the Senate of a joint resolution of disapproval, the Senate receives an identical joint resolution from the House of Representatives, the following procedures shall apply:
"(I) That joint resolution shall not be referred to a committee.
"(II) With respect to that joint resolution--
"(aa) the procedure in the Senate shall be the same as if no joint resolution had been received from the House of Representatives; but
"(bb) the vote on passage shall be on the joint resolution from the House of Representatives.
"(ii) If, following passage of a joint resolution of disapproval in the Senate, the Senate receives an identical joint resolution from the House of Representatives, that joint resolution shall be placed on the appropriate Senate calendar.
"(iii) If a joint resolution of disapproval is received from the House, and no companion joint resolution has been introduced in the Senate, the Senate procedures under this subsection shall apply to the House joint resolution.
"(C) Application to revenue measures.--The provisions of this paragraph shall not apply in the House of Representatives to a joint resolution of disapproval that is a revenue measure.
"(8) Rules of house of representatives and senate.--This subsection is enacted by Congress--
"(A) as an exercise of the rulemaking power of the Senate and the House of Representatives, respectively, and as such is deemed a part of the rules of each House, respectively, and supersedes other rules only to the extent that it is inconsistent with such rules; and
"(B) with full recognition of the constitutional right of either House to change the rules (so far as relating to the procedure of that House) at any time, in the same manner, and to the same extent as in the case of any other rule of that House.
"(e) Renewal of Determination.--
"(1) In general.--The Attorney General, with the concurrence of the Secretary of State, shall renew a determination under subsection (b) every 5 years.
"(2) Report.--Upon renewing a determination under subsection (b), the Attorney General shall file a report with the Committee on the Judiciary and the Committee on Foreign Relations of the Senate and the Committee on the Judiciary and the Committee on Foreign Affairs of the House of Representatives describing--
"(A) the reasons for the renewal;
"(B) any substantive changes to the agreement or to the relevant laws or procedures of the foreign government since the original determination or, in the case of a second or subsequent renewal, since the last renewal; and
"(C) how the agreement has been implemented and what problems or controversies, if any, have arisen as a result of the agreement or its implementation.
"(3) Nonrenewal.--If a determination is not renewed under paragraph (1), the agreement shall no longer be considered to satisfy the requirements of this section.
"(f) Publication.--Any determination or certification under subsection (b) regarding an executive agreement under this section, including any termination or renewal of such an agreement, shall be published in the Federal Register as soon as is reasonably practicable.
"(g) Minimization Procedures.--A United States authority that receives the content of a communication described in subsection

(b)(3)(H) from a foreign government in accordance with an executive agreement under this section shall use procedures that, to the maximum extent possible, meet the definition of minimization procedures in section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801) to appropriately protect nonpublicly available information concerning United States persons..

(b) Table of Sections Amendment.--The table of sections for chapter 119 of title 18, United States Code, is amended by inserting after the item relating to section 2522 the following::"2523. Executive agreements on access to data by foreign governments..

SEC. 6. RULE OF CONSTRUCTION.[modifier]

Nothing in this Act, or the amendments made by this Act, shall be construed to preclude any foreign authority from obtaining assistance in a criminal investigation or prosecution pursuant to section 3512 of title 18, United States Code, section 1782 of title 28, United States Code, or as otherwise provided by law.