[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[H.R. 1251 Referred in Senate (RFS)]
<DOC>
117th CONGRESS
1st Session
H. R. 1251
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
April 22, 2021
Received; read twice and referred to the Committee on Foreign Relations
_______________________________________________________________________
AN ACT
To support United States international cyber diplomacy, and for other
purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
(a) Short Title.--This Act may be cited as the ``Cyber Diplomacy
Act of 2021''.
(b) Table of Contents.--The table of contents for this Act is as
follows:
Sec. 1. Short title; table of contents.
Sec. 2. Findings.
Sec. 3. Definitions.
Sec. 4. United states international cyberspace policy.
Sec. 5. Department of state responsibilities.
Sec. 6. International cyberspace executive arrangements.
Sec. 7. International strategy for cyberspace.
Sec. 8. Annual country reports on human rights practices.
Sec. 9. Gao report on cyber diplomacy.
Sec. 10. Sense of congress on cybersecurity sanctions against north
korea and cybersecurity legislation in
vietnam.
SEC. 2. FINDINGS.
Congress makes the following findings:
(1) The stated goal of the United States International
Strategy for Cyberspace, launched on May 16, 2011, is to ``work
internationally to promote an open, interoperable, secure, and
reliable information and communications infrastructure that
supports international trade and commerce, strengthens
international security, and fosters free expression and
innovation * * * in which norms of responsible behavior guide
states' actions, sustain partnerships, and support the rule of
law in cyberspace''.
(2) In its June 24, 2013, report, the Group of Governmental
Experts on Developments in the Field of Information and
Telecommunications in the Context of International Security
(referred to in this section as ``GGE''), established by the
United Nations General Assembly, concluded that ``State
sovereignty and the international norms and principles that
flow from it apply to States' conduct of [information and
communications technology] ICT-related activities and to their
jurisdiction over ICT infrastructure with their territory''.
(3) In January 2015, China, Kazakhstan, Kyrgyzstan, Russia,
Tajikistan, and Uzbekistan proposed a troubling international
code of conduct for information security, which could be used
as a pretext for restricting political dissent, and includes
``curbing the dissemination of information that incites
terrorism, separatism or extremism or that inflames hatred on
ethnic, racial or religious grounds''.
(4) In its July 22, 2015, consensus report, GGE found that
``norms of responsible State behavior can reduce risks to
international peace, security and stability''.
(5) On September 25, 2015, the United States and China
announced a commitment that neither country's government ``will
conduct or knowingly support cyber-enabled theft of
intellectual property, including trade secrets or other
confidential business information, with the intent of providing
competitive advantages to companies or commercial sectors''.
(6) At the Antalya Summit on November 15 and 16, 2015, the
Group of 20 Leaders' communique--
(A) affirmed the applicability of international law
to state behavior in cyberspace;
(B) called on states to refrain from cyber-enabled
theft of intellectual property for commercial gain; and
(C) endorsed the view that all states should abide
by norms of responsible behavior.
(7) The March 2016 Department of State International
Cyberspace Policy Strategy noted that ``the Department of State
anticipates a continued increase and expansion of our cyber-
focused diplomatic efforts for the foreseeable future''.
(8) On December 1, 2016, the Commission on Enhancing
National Cybersecurity, which was established within the
Department of Commerce by Executive Order No. 13718 (81 Fed.
Reg. 7441), recommended that ``the President should appoint an
Ambassador for Cybersecurity to lead U.S. engagement with the
international community on cybersecurity strategies, standards,
and practices''.
(9) On April 11, 2017, the 2017 Group of 7 Declaration on
Responsible States Behavior in Cyberspace--
(A) recognized ``the urgent necessity of increased
international cooperation to promote security and
stability in cyberspace'';
(B) expressed commitment to ``promoting a strategic
framework for conflict prevention, cooperation and
stability in cyberspace, consisting of the recognition
of the applicability of existing international law to
State behavior in cyberspace, the promotion of
voluntary, non-binding norms of responsible State
behavior during peacetime, and the development and the
implementation of practical cyber confidence building
measures (CBMs) between States''; and
(C) reaffirmed that ``the same rights that people
have offline must also be protected online''.
(10) In testimony before the Select Committee on
Intelligence of the Senate on May 11, 2017, Director of
National Intelligence Daniel R. Coats identified six cyber
threat actors, including--
(A) Russia, for ``efforts to influence the 2016
U.S. election'';
(B) China, for ``actively targeting the U.S.
Government, its allies, and U.S. companies for cyber
espionage'';
(C) Iran, for ``leverag[ing] cyber espionage,
propaganda, and attacks to support its security
priorities, influence events and foreign perceptions,
and counter threats'';
(D) North Korea, for ``previously conduct[ing]
cyber-attacks against U.S. commercial entities--
specifically, Sony Pictures Entertainment in 2014'';
(E) terrorists, who ``use the Internet to organize,
recruit, spread propaganda, raise funds, collect
intelligence, inspire action by followers, and
coordinate operations''; and
(F) criminals, who ``are also developing and using
sophisticated cyber tools for a variety of purposes
including theft, extortion, and facilitation of other
criminal activities''.
(11) On May 11, 2017, President Donald J. Trump issued
Executive Order No. 13800 (82 Fed. Reg. 22391), entitled
``Strengthening the Cybersecurity of Federal Networks and
Infrastructure'', which--
(A) designates the Secretary of State to lead an
interagency effort to develop an engagement strategy
for international cooperation in cybersecurity; and
(B) notes that ``the United States is especially
dependent on a globally secure and resilient internet
and must work with allies and other partners toward
maintaining * * * the policy of the executive branch to
promote an open, interoperable, reliable, and secure
internet that fosters efficiency, innovation,
communication, and economic prosperity, while
respecting privacy and guarding against disruption,
fraud, and theft''.
SEC. 3. DEFINITIONS.
In this Act:
(1) Appropriate congressional committees.--The term
``appropriate congressional committees'' means the Committee on
Foreign Relations of the Senate and the Committee on Foreign
Affairs of the House of Representatives.
(2) Information and communications technology; ict.--The
terms ``information and communications technology'' and ``ICT''
include hardware, software, and other products or services
primarily intended to fulfill or enable the function of
information processing and communication by electronic means,
including transmission and display, including via the Internet.
(3) Executive agency.--The term ``Executive agency'' has
the meaning given the term in section 105 of title 5, United
States Code.
SEC. 4. UNITED STATES INTERNATIONAL CYBERSPACE POLICY.
(a) In General.--It is the policy of the United States to work
internationally to promote an open, interoperable, reliable,
unfettered, and secure Internet governed by the multi-stakeholder
model, which--
(1) promotes human rights, democracy, and rule of law,
including freedom of expression, innovation, communication, and
economic prosperity; and
(2) respects privacy and guards against deception, fraud,
and theft.
(b) Implementation.--In implementing the policy described in
subsection (a), the President, in consultation with outside actors,
including private sector companies, nongovernmental organizations,
security researchers, and other relevant stakeholders, in the conduct
of bilateral and multilateral relations, shall pursue the following
objectives:
(1) Clarifying the applicability of international laws and
norms to the use of ICT.
(2) Reducing and limiting the risk of escalation and
retaliation in cyberspace, damage to critical infrastructure,
and other malicious cyber activity that impairs the use and
operation of critical infrastructure that provides services to
the public.
(3) Cooperating with like-minded democratic countries that
share common values and cyberspace policies with the United
States, including respect for human rights, democracy, and the
rule of law, to advance such values and policies
internationally.
(4) Encouraging the responsible development of new,
innovative technologies and ICT products that strengthen a
secure Internet architecture that is accessible to all.
(5) Securing and implementing commitments on responsible
country behavior in cyberspace based upon accepted norms,
including the following:
(A) Countries should not conduct, or knowingly
support, cyber-enabled theft of intellectual property,
including trade secrets or other confidential business
information, with the intent of providing competitive
advantages to companies or commercial sectors.
(B) Countries should take all appropriate and
reasonable efforts to keep their territories clear of
intentionally wrongful acts using ICTs in violation of
international commitments.
(C) Countries should not conduct or knowingly
support ICT activity that, contrary to international
law, intentionally damages or otherwise impairs the use
and operation of critical infrastructure providing
services to the public, and should take appropriate
measures to protect their critical infrastructure from
ICT threats.
(D) Countries should not conduct or knowingly
support malicious international activity that, contrary
to international law, harms the information systems of
authorized emergency response teams (also known as
``computer emergency response teams'' or
``cybersecurity incident response teams'') of another
country or authorize emergency response teams to engage
in malicious international activity.
(E) Countries should respond to appropriate
requests for assistance to mitigate malicious ICT
activity emanating from their territory and aimed at
the critical infrastructure of another country.
(F) Countries should not restrict cross-border data
flows or require local storage or processing of data.
(G) Countries should protect the exercise of human
rights and fundamental freedoms on the Internet and
commit to the principle that the human rights that
people have offline should also be protected online.
(6) Advancing, encouraging, and supporting the development
and adoption of internationally recognized technical standards
and best practices.
SEC. 5. DEPARTMENT OF STATE RESPONSIBILITIES.
(a) In General.--Section 1 of the State Department Basic
Authorities Act of 1956 (22 U.S.C. 2651a) is amended--
(1) by redesignating subsection (g) as subsection (h); and
(2) by inserting after subsection (f) the following new
subsection:
``(g) Bureau of International Cyberspace Policy.--
``(1) In general.--There is established, within the
Department of State, a Bureau of International Cyberspace
Policy (referred to in this subsection as the `Bureau'). The
head of the Bureau shall have the rank and status of ambassador
and shall be appointed by the President, by and with the advice
and consent of the Senate.
``(2) Duties.--
``(A) In general.--The head of the Bureau shall
perform such duties and exercise such powers as the
Secretary of State shall prescribe, including
implementing the policy of the United States described
in section 4 of the Cyber Diplomacy Act of 2021.
``(B) Duties described.--The principal duties and
responsibilities of the head of the Bureau shall be--
``(i) to serve as the principal cyberspace
policy official within the senior management of
the Department of State and as the advisor to
the Secretary of State for cyberspace issues;
``(ii) to lead the Department of State's
diplomatic cyberspace efforts, including
efforts relating to international
cybersecurity, Internet access, Internet
freedom, digital economy, cybercrime,
deterrence and international responses to cyber
threats, and other issues that the Secretary
assigns to the Bureau;
``(iii) to coordinate cyberspace policy and
other relevant functions within the Department
of State and with other components of the
United States Government, including through the
Cyberspace Policy Coordinating Committee
described in paragraph (6), and by convening
other coordinating meetings with appropriate
officials from the Department and other
components of the United States Government on a
regular basis;
``(iv) to promote an open, interoperable,
reliable, unfettered, and secure information
and communications technology infrastructure
globally;
``(v) to represent the Secretary of State
in interagency efforts to develop and advance
the policy described in section 4 of the Cyber
Diplomacy Act of 2021;
``(vi) to act as a liaison to civil
society, the private sector, academia, and
other public and private entities on relevant
international cyberspace issues;
``(vii) to lead United States Government
efforts to establish a global deterrence
framework for malicious cyber activity;
``(viii) to develop and execute adversary-
specific strategies to influence adversary
decisionmaking through the imposition of costs
and deterrence strategies, in coordination with
other relevant Executive agencies;
``(ix) to advise the Secretary and
coordinate with foreign governments on external
responses to national security-level cyber
incidents, including coordination on diplomatic
response efforts to support allies threatened
by malicious cyber activity, in conjunction
with members of the North Atlantic Treaty
Organization and other like-minded countries;
``(x) to promote the adoption of national
processes and programs that enable threat
detection, prevention, and response to
malicious cyber activity emanating from the
territory of a foreign country, including as
such activity relates to the United States'
European allies, as appropriate;
``(xi) to promote the building of foreign
capacity relating to cyberspace policy
priorities;
``(xii) to promote the maintenance of an
open and interoperable Internet governed by the
multistakeholder model, instead of by
centralized government control;
``(xiii) to promote an international
regulatory environment for technology
investments and the Internet that benefits
United States economic and national security
interests;
``(xiv) to promote cross-border flow of
data and combat international initiatives
seeking to impose unreasonable requirements on
United States businesses;
``(xv) to promote international policies to
protect the integrity of United States and
international telecommunications infrastructure
from foreign-based, cyber-enabled threats;
``(xvi) to lead engagement, in coordination
with Executive agencies, with foreign
governments on relevant international
cyberspace and digital economy issues as
described in the Cyber Diplomacy Act of 2021;
``(xvii) to promote international policies
to secure radio frequency spectrum for United
States businesses and national security needs;
``(xviii) to promote and protect the
exercise of human rights, including freedom of
speech and religion, through the Internet;
``(xix) to promote international
initiatives to strengthen civilian and private
sector resiliency to threats in cyberspace;
``(xx) to build capacity of United States
diplomatic officials to engage on cyberspace
issues;
``(xxi) to encourage the development and
adoption by foreign countries of
internationally recognized standards, policies,
and best practices;
``(xxii) to consult, as appropriate, with
other Executive agencies with related functions
vested in such Executive agencies by law; and
``(xxiii) to conduct such other matters as
the Secretary of State may assign.
``(3) Qualifications.--The head of the Bureau should be an
individual of demonstrated competency in the fields of--
``(A) cybersecurity and other relevant cyberspace
issues; and
``(B) international diplomacy.
``(4) Organizational placement.--During the 1-year period
beginning on the date of the enactment of the Cyber Diplomacy
Act of 2021, the head of the Bureau shall report to the Under
Secretary for Political Affairs or to an official holding a
higher position in the Department of State than the Under
Secretary for Political Affairs. After the conclusion of such
period, the head of the Bureau may report to a different Under
Secretary or to an official holding a higher position than
Under Secretary if, not less than 15 days prior to any change
in such reporting structure, the Secretary of State consults
with and provides to the Committee on Foreign Relations of the
Senate and the Committee on Foreign Affairs of the House of
Representatives the following:
``(A) A notification that the Secretary has, with
respect to the reporting structure of the Bureau,
consulted with and solicited feedback from--
``(i) other relevant Federal entities with
a role in international aspects of cyber
policy; and
``(ii) the elements of the Department of
State with responsibility over aspects of cyber
policy, including the elements reporting to--
``(I) the Under Secretary for
Political Affairs;
``(II) the Under Secretary for
Civilian Security, Democracy, and Human
Rights;
``(III) the Under Secretary for
Economic Growth, Energy, and the
Environment;
``(IV) the Under Secretary for Arms
Control and International Security
Affairs; and
``(V) the Under Secretary for
Management.
``(B) A description of the new reporting structure
for the head of the Bureau, as well as a description of
the data and evidence used to justify such new
structure.
``(C) A plan describing how the new reporting
structure will better enable the head of the Bureau to
carry out the responsibilities specified in paragraph
(2), including the security, economic, and human rights
aspects of cyber diplomacy.
``(5) Rule of construction.--Nothing in this subsection may
be construed to preclude the head of the Bureau from being
designated as an Assistant Secretary, if such an Assistant
Secretary position does not increase the number of Assistant
Secretary positions at the Department above the number
authorized under subsection (c)(1).
``(6) Coordination.--
``(A) Cyberspace policy coordinating committee.--In
conjunction with establishing the Bureau pursuant to
this subsection, there is established a senior-level
Cyberspace Policy Coordinating Committee to ensure that
cyberspace issues receive broad senior level-attention
and coordination across the Department of State and
provide ongoing oversight of such issues. The
Cyberspace Policy Coordinating Committee shall be
chaired by the head of the Bureau or an official of the
Department of State holding a higher position, and
operate on an ongoing basis, meeting not less
frequently than quarterly. Committee members shall
include appropriate officials at the Assistant
Secretary level or higher from--
``(i) the Under Secretariat for Political
Affairs;
``(ii) the Under Secretariat for Civilian
Security, Democracy, and Human Rights;
``(iii) the Under Secretariat for Economic
Growth, Energy and the Environment;
``(iv) the Under Secretariat for Arms
Control and International Security;
``(v) the Under Secretariat for Management;
and
``(vi) other senior level Department
participants, as appropriate.
``(B) Other meetings.--The head of the Bureau shall
convene other coordinating meetings with appropriate
officials from the Department of State and other
components of the United States Government to ensure
regular coordination and collaboration on crosscutting
cyber policy issues.
``(b) Sense of Congress.--It is the sense of Congress that the
Bureau of International Cyberspace Policy established under section
1(g) of the State Department Basic Authorities Act of 1956, as added by
subsection (a), should have a diverse workforce composed of qualified
individuals, including such individuals from traditionally under-
represented groups.
``(c) United Nations.--The Permanent Representative of the United
States to the United Nations should use the voice, vote, and influence
of the United States to oppose any measure that is inconsistent with
the policy described in section 4.''.
SEC. 6. INTERNATIONAL CYBERSPACE EXECUTIVE ARRANGEMENTS.
(a) In General.--The President is encouraged to enter into
executive arrangements with foreign governments that support the policy
described in section 4.
(b) Transmission to Congress.--Section 112b of title 1, United
States Code, is amended--
(1) in subsection (a) by striking ``International
Relations'' and inserting ``Foreign Affairs'';
(2) in subsection (e)(2)(B), by adding at the end the
following new clause:
``(iii) A bilateral or multilateral
cyberspace agreement.'';
(3) by redesignating subsection (f) as subsection (g); and
(4) by inserting after subsection (e) the following new
subsection:
``(f) With respect to any bilateral or multilateral cyberspace
agreement under subsection (e)(2)(B)(iii) and the information required
to be transmitted to Congress under subsection (a), or with respect to
any arrangement that seeks to secure commitments on responsible country
behavior in cyberspace consistent with section 4(b)(5) of the Cyber
Diplomacy Act of 2021, the Secretary of State shall provide an
explanation of such arrangement, including--
``(1) the purpose of such arrangement;
``(2) how such arrangement is consistent with the policy
described in section 4 of such Act; and
``(3) how such arrangement will be implemented.''.
(c) Status Report.--During the 5-year period immediately following
the transmittal to Congress of an agreement described in clause (iii)
of section 112b(e)(2)(B) of title 1, United States Code, as added by
subsection (b)(2), or until such agreement has been discontinued, if
discontinued within 5 years, the President shall--
(1) notify the appropriate congressional committees if
another country fails to adhere to significant commitments
contained in such agreement; and
(2) describe the steps that the United States has taken or
plans to take to ensure that all such commitments are
fulfilled.
(d) Existing Executive Arrangements.--Not later than 180 days after
the date of the enactment of this Act, the Secretary of State shall
brief the appropriate congressional committees regarding any executive
bilateral or multilateral cyberspace arrangement in effect before the
date of enactment of this Act, including--
(1) the arrangement announced between the United States and
Japan on April 25, 2014;
(2) the arrangement announced between the United States and
the United Kingdom on January 16, 2015;
(3) the arrangement announced between the United States and
China on September 25, 2015;
(4) the arrangement announced between the United States and
Korea on October 16, 2015;
(5) the arrangement announced between the United States and
Australia on January 19, 2016;
(6) the arrangement announced between the United States and
India on June 7, 2016;
(7) the arrangement announced between the United States and
Argentina on April 27, 2017;
(8) the arrangement announced between the United States and
Kenya on June 22, 2017;
(9) the arrangement announced between the United States and
Israel on June 26, 2017;
(10) the arrangement announced between the United States
and France on February 9, 2018;
(11) the arrangement announced between the United States
and Brazil on May 14, 2018; and
(12) any other similar bilateral or multilateral
arrangement announced before such date of enactment.
SEC. 7. INTERNATIONAL STRATEGY FOR CYBERSPACE.
(a) Strategy Required.--Not later than one year after the date of
the enactment of this Act, the President, acting through the Secretary
of State, and in coordination with the heads of other relevant Federal
departments and agencies, shall develop a strategy relating to United
States engagement with foreign governments on international norms with
respect to responsible state behavior in cyberspace.
(b) Elements.--The strategy required under subsection (a) shall
include the following:
(1) A review of actions and activities undertaken to
support the policy described in section 4.
(2) A plan of action to guide the diplomacy of the
Department of State with regard to foreign countries,
including--
(A) conducting bilateral and multilateral
activities to--
(i) develop norms of responsible country
behavior in cyberspace consistent with the
objectives specified in section 4(b)(5); and
(ii) share best practices and advance
proposals to strengthen civilian and private
sector resiliency to threats and access to
opportunities in cyberspace; and
(B) reviewing the status of existing efforts in
relevant multilateral fora, as appropriate, to obtain
commitments on international norms in cyberspace.
(3) A review of alternative concepts with regard to
international norms in cyberspace offered by foreign countries.
(4) A detailed description of new and evolving threats in
cyberspace from foreign adversaries, state-sponsored actors,
and private actors to--
(A) United States national security;
(B) Federal and private sector cyberspace
infrastructure of the United States;
(C) intellectual property in the United States; and
(D) the privacy and security of citizens of the
United States.
(5) A review of policy tools available to the President to
deter and de-escalate tensions with foreign countries, state-
sponsored actors, and private actors regarding threats in
cyberspace, the degree to which such tools have been used, and
whether such tools have been effective deterrents.
(6) A review of resources required to conduct activities to
build responsible norms of international cyber behavior.
(7) A plan of action, developed in consultation with
relevant Federal departments and agencies as the President may
direct, to guide the diplomacy of the Department of State with
regard to inclusion of cyber issues in mutual defense
agreements.
(c) Form of Strategy.--
(1) Public availability.--The strategy required under
subsection (a) shall be available to the public in unclassified
form, including through publication in the Federal Register.
(2) Classified annex.--The strategy required under
subsection (a) may include a classified annex, consistent with
United States national security interests, if the Secretary of
State determines that such annex is appropriate.
(d) Briefing.--Not later than 30 days after the completion of the
strategy required under subsection (a), the Secretary of State shall
brief the appropriate congressional committees on the strategy,
including any material contained in a classified annex.
(e) Updates.--The strategy required under subsection (a) shall be
updated--
(1) not later than 90 days after any material change to
United States policy described in such strategy; and
(2) not later than one year after the inauguration of each
new President.
SEC. 8. ANNUAL COUNTRY REPORTS ON HUMAN RIGHTS PRACTICES.
The Foreign Assistance Act of 1961 is amended--
(1) in section 116 (22 U.S.C. 2151n), by adding at the end
the following new subsection:
``(h)(1) The report required under subsection (d) shall include an
assessment of freedom of expression with respect to electronic
information in each foreign country, which information shall include
the following:
``(A) An assessment of the extent to which government
authorities in the country inappropriately attempt to filter,
censor, or otherwise block or remove nonviolent expression of
political or religious opinion or belief through the Internet,
including electronic mail, and a description of the means by
which such authorities attempt to inappropriately block or
remove such expression.
``(B) An assessment of the extent to which government
authorities in the country have persecuted or otherwise
punished, arbitrarily and without due process, an individual or
group for the nonviolent expression of political, religious, or
ideological opinion or belief through the Internet, including
electronic mail.
``(C) An assessment of the extent to which government
authorities in the country have sought, inappropriately and
with malicious intent, to collect, request, obtain, or disclose
without due process personally identifiable information of a
person in connection with that person's nonviolent expression
of political, religious, or ideological opinion or belief,
including expression that would be protected by the
International Covenant on Civil and Political Rights, adopted
at New York December 16, 1966, and entered into force March 23,
1976, as interpreted by the United States.
``(D) An assessment of the extent to which wire
communications and electronic communications are monitored
without due process and in contravention to United States
policy with respect to the principles of privacy, human rights,
democracy, and rule of law.
``(2) In compiling data and making assessments under paragraph (1),
United States diplomatic personnel should consult with relevant
entities, including human rights organizations, the private sector, the
governments of like-minded countries, technology and Internet
companies, and other appropriate nongovernmental organizations or
entities.
``(3) In this subsection--
``(A) the term `electronic communication' has the meaning
given the term in section 2510 of title 18, United States Code;
``(B) the term `Internet' has the meaning given the term in
section 231(e)(3) of the Communications Act of 1934 (47 U.S.C.
231(e)(3));
``(C) the term `personally identifiable information' means
data in a form that identifies a particular person; and
``(D) the term `wire communication' has the meaning given
the term in section 2510 of title 18, United States Code.'';
and
(2) in section 502B (22 U.S.C. 2304)--
(A) by redesignating the second subsection (i)
(relating to child marriage) as subjection (j); and
(B) by adding at the end the following new
subsection:
``(k)(1) The report required under subsection (b) shall include an
assessment of freedom of expression with respect to electronic
information in each foreign country, which information shall include
the following:
``(A) An assessment of the extent to which government
authorities in the country inappropriately attempt to filter,
censor, or otherwise block or remove nonviolent expression of
political or religious opinion or belief through the Internet,
including electronic mail, and a description of the means by
which such authorities attempt to inappropriately block or
remove such expression.
``(B) An assessment of the extent to which government
authorities in the country have persecuted or otherwise
punished, arbitrarily and without due process, an individual or
group for the nonviolent expression of political, religious, or
ideological opinion or belief through the Internet, including
electronic mail.
``(C) An assessment of the extent to which government
authorities in the country have sought, inappropriately and
with malicious intent, to collect, request, obtain, or disclose
without due process personally identifiable information of a
person in connection with that person's nonviolent expression
of political, religious, or ideological opinion or belief,
including expression that would be protected by the
International Covenant on Civil and Political Rights, adopted
at New York December 16, 1966, and entered into force March 23,
1976, as interpreted by the United States.
``(D) An assessment of the extent to which wire
communications and electronic communications are monitored
without due process and in contravention to United States
policy with respect to the principles of privacy, human rights,
democracy, and rule of law.
``(2) In compiling data and making assessments under paragraph (1),
United States diplomatic personnel should consult with relevant
entities, including human rights organizations, the private sector, the
governments of like-minded countries, technology and Internet
companies, and other appropriate nongovernmental organizations or
entities.
``(3) In this subsection--
``(A) the term `electronic communication' has the meaning
given the term in section 2510 of title 18, United States Code;
``(B) the term `Internet' has the meaning given the term in
section 231(e)(3) of the Communications Act of 1934 (47 U.S.C.
231(e)(3));
``(C) the term `personally identifiable information' means
data in a form that identifies a particular person; and
``(D) the term `wire communication' has the meaning given
the term in section 2510 of title 18, United States Code.''.
SEC. 9. GAO REPORT ON CYBER DIPLOMACY.
Not later than one year after the date of the enactment of this
Act, the Comptroller General of the United States shall submit a report
and provide a briefing to the appropriate congressional committees that
includes--
(1) an assessment of the extent to which United States
diplomatic processes and other efforts with foreign countries,
including through multilateral fora, bilateral engagements, and
negotiated cyberspace agreements, advance the full range of
United States interests in cyberspace, including the policy
described in section 4;
(2) an assessment of the Department of State's
organizational structure and approach to managing its
diplomatic efforts to advance the full range of United States
interests in cyberspace, including a review of--
(A) the establishment of a Bureau in the Department
of State to lead the Department's international cyber
mission;
(B) the current or proposed diplomatic mission,
structure, staffing, funding, and activities of the
Bureau;
(C) how the establishment of the Bureau has
impacted or is likely to impact the structure and
organization of the Department; and
(D) what challenges, if any, the Department has
faced or will face in establishing such Bureau; and
(3) any other matters determined relevant by the
Comptroller General.
SEC. 10. SENSE OF CONGRESS ON CYBERSECURITY SANCTIONS AGAINST NORTH
KOREA AND CYBERSECURITY LEGISLATION IN VIETNAM.
It is the sense of Congress that--
(1) the President should designate all entities that
knowingly engage in significant activities undermining
cybersecurity through the use of computer networks or systems
against foreign persons, governments, or other entities on
behalf of the Government of North Korea, consistent with
section 209(b) of the North Korea Sanctions and Policy
Enhancement Act of 2016 (22 U.S.C. 9229(b));
(2) the cybersecurity law approved by the National Assembly
of Vietnam on June 12, 2018--
(A) may not be consistent with international trade
standards; and
(B) may endanger the privacy of citizens of
Vietnam; and
(3) the Government of Vietnam should work with the United
States and other countries to ensure that such law meets all
relevant international standards.
Passed the House of Representatives April 20, 2021.
Attest:
CHERYL L. JOHNSON,
Clerk.