I wrote previously about Rep. Lofgren (and others) proposing a modification to the Stored Communications Act (SCA) as well as an addition to the ECPA regarding disclosure of geolocation information; that post can be found, here: Quick details on H.R. 983, the ECPA reform bill announced today.
I decided to update the relevant portions of the SCA (18 U.S.C. 2701-2705) with the modifications in H.R. 983. You can see the bill and my markup, below (original from Cornell's LII):
18 USC § 2701 -
Unlawful access to stored communications
(a) Offense.— Except as provided in subsection (c)
of this section whoever—
(1) intentionally accesses without
authorization a facility through which an electronic communication service is
provided; or
and thereby obtains, alters, or prevents authorized access to a
wire or electronic communication while it is in electronic storage in such
system shall be punished as provided in subsection (b) of this section.
(1) if the offense is committed for purposes
of commercial advantage, malicious destruction or damage, or private commercial
gain, or in furtherance of any criminal or tortious act in violation of the
Constitution or laws of the United States or any State—
(A) a fine under this title or imprisonment
for not more than 5 years, or both, in the case of a first offense under this
subparagraph; and
(B) a fine under this title or imprisonment
for not more than 10 years, or both, for any subsequent offense under this
subparagraph; and
(A) a fine under this title or imprisonment
for not more than 1 year or both, in the case of a first offense under this
paragraph; and
(B) a fine under this title or imprisonment
for not more than 5 years, or both, in the case of an offense under this
subparagraph that occurs after a conviction of another offense under this
section.
18 USC § 2702 -
Voluntary disclosure of customer communications or records
(a) Prohibitions.— Except as provided in subsection
(b) or (c)—
(1) a person or entity providing an electronic communication
service to the public shall not knowingly divulge to any person or entity the
contents of a communication while in electronic storage by that service; and
(2) a person or entity providing remote computing service to the
public shall not knowingly divulge to any person or entity the contents of any
communication which is carried or maintained on that service—
(A) on behalf of, and received by means of
electronic transmission from (or created by means of computer processing of
communications received by means of electronic transmission from), a subscriber
or customer of such service;
(B) solely for the purpose of providing
storage or computer processing services to such subscriber or customer, if the
provider is not authorized to access the contents of any such communications
for purposes of providing any services other than storage or computer
processing; and
(3) a provider of remote computing service or
electronic communication service to the public shall not knowingly divulge to any governmental entity the contents of
communication covered by subsection (a) of section 2703 or any a record or other information pertaining to a
subscriber to or customer or
user of such service (not including the contents of communications
covered by paragraph (1) or (2)) to any governmental entity.
(b) Exceptions for disclosure of communications.— A
provider described in subsection (a) may divulge the contents of a
communication—
(1) to an addressee or intended recipient of such communication
or an agent of such addressee or intended recipient;
(3) with the lawful consent of the originator
or an addressee or intended recipient of such communication, or the subscriber
in the case of remote computing service;
(4) to a person employed or authorized or
whose facilities are used to forward such communication to its destination;
(5) as may be necessarily incident to the
rendition of the service or to the protection of the rights or property of the
provider of that service;
(6) to the National Center for Missing and
Exploited Children, in connection with a report submitted thereto under
section 2258A;
[(B) Repealed. Pub. L. 108–21, title V, § 508(b)(1)(A),Apr. 30,
2003, 117 Stat. 684]
(8) to a governmental entity, if the provider,
in good faith, believes that an emergency involving danger of death or serious
physical injury to any person requires disclosure without delay of
communications relating to the emergency.
(c) Exceptions for Disclosure of Customer Records.— A
provider described in subsection (a) may divulge a record or other information
pertaining to a subscriber to or customer of such service (not including the
contents of communications covered by subsection (a)(1) or (a)(2))—
(1) as otherwise authorized in section 2703;
(2) with the lawful consent of the customer or subscriber;
(3) as may be necessarily incident to the rendition of the
service or to the protection of the rights or property of the provider of that
service;
(4) to a governmental entity, if the provider,
in good faith, believes that an emergency involving danger of death or serious
physical injury to any person requires disclosure without delay of information
relating to the emergency;
(5) to the National Center for Missing and
Exploited Children, in connection with a report submitted thereto under
section 2258A; or
(d) Reporting of Emergency
Disclosures.— On an annual basis, the Attorney General shall submit to
the Committee on the Judiciary of the House of Representatives and the
Committee on the Judiciary of the Senate a report containing—
(1) the number of accounts from which the
Department of Justice has received voluntary disclosures under subsection
(b)(8); and
(B) the investigation pertaining to those
disclosures was closed without the filing of criminal charges.
18 USC § 2703 -
Required disclosure of customer communications or records
(a) Contents of Wire or Electronic Communications in Electronic Storage.— A governmental entity may require the disclosure by a provider of
electronic communication service or remote computing service of the contents of a wire or electronic communication, that is in electronic storage in an electronic
communications system for one hundred and eighty days or less, that is stored, held, or maintained by that
service, only pursuant to a
warrant issued using the procedures described in the Federal Rules of Criminal
Procedure (or, in the case of a State court, issued using State warrant procedures)
by a court of competent jurisdiction. Within three days after a governmental entity receives such contents
from a service provider pursuant to this subsection, the governmental entity
shall serve upon, or deliver by registered or first-class mail, or other means
reasonably calculated to be effective as specified by the court issuing the
warrant to the subscriber, customer, or user a copy of the warrant and a notice
that includes the information referenced in section 2705(a)(4)(A) and (B)(i),
except that delayed notice may be provided, pursuant to section 2705 of this
title. A governmental entity may require the disclosure
by a provider of electronic communications services of the contents of a wire
or electronic communication that has been in electronic storage in an
electronic communications system for more than one hundred and eighty days by
the means available under subsection (b) of this section.
(c) Records Concerning Electronic Communication Service or
Remote Computing Service.—
(1) A governmental entity may require a provider of electronic
communication service or remote computing service to disclose a record or other
information pertaining to a subscriber to or customer of such service (not
including the contents of communications) only when the governmental entity—
(A) obtains a warrant issued using the
procedures described in the Federal Rules of Criminal Procedure (or, in the
case of a State court, issued using State warrant procedures) by a court of
competent jurisdiction;
(D) submits a formal written request relevant
to a law enforcement investigation concerning telemarketing fraud for the name,
address, and place of business of a subscriber or customer of such provider,
which subscriber or customer is engaged in telemarketing (as such term is
defined in section 2325 of this title); or
(2) A provider of electronic communication service or remote
computing service shall disclose to a governmental entity the—
(C) local and long distance telephone
connection records, or records of session times and durations;
(E) telephone or instrument number or other
subscriber number or identity, including any temporarily assigned network
address; and
(F) means and source of payment for such
service (including any credit card or bank account number),
of a subscriber to or customer of such service when the
governmental entity uses an administrative subpoena authorized by a Federal or
State statute or a Federal or State grand jury or trial subpoena or any means
available under paragraph (1).
(3) A governmental entity receiving records or information under
this subsection is not required to provide notice to a subscriber or customer.
(d) Requirements for Court Order.— A court order for
disclosure under subsection (b)
or (c) may be issued by
any court that is a court of competent jurisdiction and shall issue only if the
governmental entity offers specific and articulable facts showing that there
are reasonable grounds to believe that the contents of a wire or electronic
communication, or the records or other information sought, are relevant and
material to an ongoing criminal investigation. In the case of a State
governmental authority, such a court order shall not issue if prohibited by the
law of such State. A court issuing an order pursuant to this section, on a
motion made promptly by the service provider, may quash or modify such order,
if the information or records requested are unusually voluminous in nature or compliance
with such order otherwise would cause an undue burden on such provider.
(e) No Cause of Action Against a Provider
Disclosing Information Under This Chapter.— No cause of action shall
lie in any court against any provider of wire or electronic communication
service, its officers, employees, agents, or other specified persons for
providing information, facilities, or assistance in accordance with the terms
of a court order, warrant, subpoena, statutory authorization, or certification
under this chapter.
(1) In general.— A provider of
wire or electronic communication services or a remote computing service, upon
the request of a governmental entity, shall take all necessary steps to
preserve records and other evidence in its possession pending the issuance of a
court order or other process.
(2) Period of retention.— Records
referred to in paragraph (1) shall be retained for a period of 90 days, which
shall be extended for an additional 90-day period upon a renewed request by the
governmental entity.
(g) Presence of Officer Not
Required.— Notwithstanding section 3105 of this title, the presence of an officer shall not be
required for service or execution of a search warrant issued in accordance with
this chapter requiring disclosure by a provider of electronic communications
service or remote computing service of the contents of communications or records
or other information pertaining to a subscriber to or customer of such service.
18 USC § 2704 - Backup
preservation
(a) Backup Preservation.—
(1) A governmental entity acting under section 2703 (b)(2) may include in its subpoena or court order
a requirement that the service provider to whom the request is directed create
a backup copy of the contents of the electronic communications sought in order
to preserve those communications. Without notifying the subscriber or customer
of such subpoena or court order, such service provider shall create such backup
copy as soon as practicable consistent with its regular business practices and
shall confirm to the governmental entity that such backup copy has been made.
Such backup copy shall be created within two business days after receipt by the
service provider of the subpoena or court order.
(2) Notice to the subscriber or customer shall be made by the
governmental entity within three days after receipt of such confirmation,
unless such notice is delayed pursuant to section 2705 (a).
(3) The service provider shall not destroy such backup copy
until the later of—
(B) the resolution of any proceedings
(including appeals of any proceeding) concerning the government’s subpoena or
court order.
(4) The service provider shall release such
backup copy to the requesting governmental entity no sooner than fourteen days
after the governmental entity’s notice to the subscriber or customer if such
service provider—
(A) has not received notice from the
subscriber or customer that the subscriber or customer has challenged the
governmental entity’s request; and
(5) A governmental entity may seek to require
the creation of a backup copy under subsection (a)(1) of this section if in its
sole discretion such entity determines that there is reason to believe that
notification under section 2703 of this title of the existence of the subpoena or court
order may result in destruction of or tampering with evidence. This
determination is not subject to challenge by the subscriber or customer or
service provider.
(b) Customer Challenges.—
(1) Within fourteen days after notice by the governmental entity
to the subscriber or customer under subsection (a)(2) of this section, such
subscriber or customer may file a motion to quash such subpoena or vacate such
court order, with copies served upon the governmental entity and with written
notice of such challenge to the service provider. A motion to vacate a court
order shall be filed in the court which issued such order. A motion to quash a
subpoena shall be filed in the appropriate United States district court or
State court. Such motion or application shall contain an affidavit or sworn
statement—
(A) stating that the applicant is a customer
or subscriber to the service from which the contents of electronic
communications maintained for him have been sought; and
(B) stating the applicant’s reasons for
believing that the records sought are not relevant to a legitimate law
enforcement inquiry or that there has not been substantial compliance with the
provisions of this chapter in some other respect.
(2) Service shall be made under this section upon a governmental
entity by delivering or mailing by registered or certified mail a copy of the
papers to the person, office, or department specified in the notice which the
customer has received pursuant to this chapter. For the purposes of this
section, the term “delivery” has the meaning given that term in the Federal
Rules of Civil Procedure.
(3) If the court finds that the customer has complied with
paragraphs (1) and (2) of this subsection, the court shall order the governmental
entity to file a sworn response, which may be filed in camera if the
governmental entity includes in its response the reasons which make in camera
review appropriate. If the court is unable to determine the motion or
application on the basis of the parties’ initial allegations and response, the
court may conduct such additional proceedings as it deems appropriate. All such
proceedings shall be completed and the motion or application decided as soon as
practicable after the filing of the governmental entity’s response.
(4) If the court finds that the applicant is not the subscriber
or customer for whom the communications sought by the governmental entity are
maintained, or that there is a reason to believe that the law enforcement
inquiry is legitimate and that the communications sought are relevant to that
inquiry, it shall deny the motion or application and order such process
enforced. If the court finds that the applicant is the subscriber or customer
for whom the communications sought by the governmental entity are maintained,
and that there is not a reason to believe that the communications sought are
relevant to a legitimate law enforcement inquiry, or that there has not been
substantial compliance with the provisions of this chapter, it shall order the
process quashed.
(5) A court order denying a motion or application under this
section shall not be deemed a final order and no interlocutory appeal may be
taken therefrom by the customer.
18 USC § 2705 -
Delayed notice
(a) Delay of Notification.—
(A) where a court order warrant is sought, include in the application a request, which the court
shall grant, for an order delaying the notification required under
section 2703(b) 2703(a) of this title for a
period not to exceed ninety days, if the court determines that there is reason
to believe that notification of the existence of the court order warrant may have an adverse result described in
paragraph (2) of this subsection; or
(2) An adverse result for the purposes of paragraph (1) of this
subsection is—
(A) endangering the life or physical safety of
an individual;
(B) flight from prosecution;
(4) Extensions of the delay of notification provided in section
2703 of up to ninety days each may be granted by the court upon application, or by certification by a governmental entity, but
only in accordance with subsection (b) of this section.
(5) Upon expiration of the period of delay of notification under
paragraph (1) or (4) of this subsection, the governmental entity shall serve
upon, or deliver by registered or first-class mail or other means reasonably calculated to be
effective as specified by the court issuing the warrant to, the customer or subscriber a copy of the process or request warrant together with notice
that—
(i) that information maintained for such
customer or subscriber by the service provider named in such process or request
was supplied to or requested by that governmental authority and the date on
which the supplying or request took place;
(iii) what governmental entity or court made the certification or
determination pursuant to which that delay was made; and
(b) Preclusion of Notice to Subject of Governmental Access.— A
governmental entity acting under section 2703, when it is not required to
notify the subscriber or customer under section 2703 (b)(1), or to the extent that it may delay such notice
pursuant to subsection (a) of this section, may apply to a court for an order
commanding a provider of electronic communications service or remote computing
service to whom a warrant, subpoena,
or court order is directed, for such
period as the court deems appropriate, not to notify any other person of the
existence of the warrant, subpoena,
or court order. The court shall enter
such an order if it determines that there is reason to believe that notification
of the existence of the warrant, subpoena, or court order will result in—
(1) endangering the life or physical safety of an individual;
(2) flight from prosecution;
(3) destruction of or tampering with evidence;
(4) intimidation of potential witnesses; or
(5) otherwise seriously jeopardizing an investigation or unduly
delaying a trial.
0 comments:
Post a Comment