Report text available as:

  • TXT
  • PDF   (PDF provides a complete and accurate display of this text.) Tip ?

107th Congress                                                   Report
                        HOUSE OF REPRESENTATIVES
 2d Session                                                     107-497

======================================================================



 
                 CYBER SECURITY ENHANCEMENT ACT OF 2002

                                _______
                                

 June 11, 2002.--Committed to the Committee of the Whole House on the 
              State of the Union and ordered to be printed

                                _______
                                

 Mr. Sensenbrenner, from the Committee on the Judiciary, submitted the 
                               following

                              R E P O R T

                        [To accompany H.R. 3482]

      [Including cost estimate of the Congressional Budget Office]

    The Committee on the Judiciary, to whom was referred the 
bill (H.R. 3482) to provide greater cybersecurity, having 
considered the same, reports favorably thereon with an 
amendment and recommends that the bill as amended do pass.

                                CONTENTS

                                                                   Page
The Amendment....................................................     1
Purpose and Summary..............................................     6
Background and Need for the Legislation..........................     7
Hearings.........................................................     8
Committee Consideration..........................................     8
Vote of the Committee............................................     9
Committee Oversight Findings.....................................     9
Performance Goals and Objectives.................................     9
New Budget Authority and Tax Expenditures........................     9
Congressional Budget Office Cost Estimate........................     9
Constitutional Authority Statement...............................    11
Section-by-Section Analysis and Discussion.......................    11
Agency Views.....................................................    21
Changes in Existing Law Made by the Bill, as Reported............    27
Markup Transcript................................................    32

    The amendment is as follows:
    Strike all after the enacting clause and insert the 
following:

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Cyber Security Enhancement Act of 
2002''.

                        TITLE I--COMPUTER CRIME

SEC. 101. AMENDMENT OF SENTENCING GUIDELINES RELATING TO CERTAIN 
                    COMPUTER CRIMES.

    (a) Directive to the United States Sentencing Commission.--Pursuant 
to its authority under section 994(p) of title 28, United States Code, 
and in accordance with this section, the United States Sentencing 
Commission shall review and, if appropriate, amend its guidelines and 
its policy statements applicable to persons convicted of an offense 
under section 1030 of title 18, United States Code.
    (b) Requirements.--In carrying out this section, the Sentencing 
Commission shall--
            (1) ensure that the sentencing guidelines and policy 
        statements reflect the serious nature of the offenses described 
        in subsection (a), the growing incidence of such offenses, and 
        the need for an effective deterrent and appropriate punishment 
        to prevent such offenses;
            (2) consider the following factors and the extent to which 
        the guidelines may or may not account for them--
                    (A) the potential and actual loss resulting from 
                the offense;
                    (B) the level of sophistication and planning 
                involved in the offense;
                    (C) whether the offense was committed for purposes 
                of commercial advantage or private financial benefit;
                    (D) whether the defendant acted with malicious 
                intent to cause harm in committing the offense;
                    (E) the extent to which the offense violated the 
                privacy rights of individuals harmed;
                    (F) whether the offense involved a computer used by 
                the government in furtherance of national defense, 
                national security, or the administration of justice;
                    (G) whether the violation was intended to or had 
                the effect of significantly interfering with or 
                disrupting a critical infrastructure; and
                    (H) whether the violation was intended to or had 
                the effect of creating a threat to public health or 
                safety, or injury to any person;
            (3) assure reasonable consistency with other relevant 
        directives and with other sentencing guidelines;
            (4) account for any additional aggravating or mitigating 
        circumstances that might justify exceptions to the generally 
        applicable sentencing ranges;
            (5) make any necessary conforming changes to the sentencing 
        guidelines; and
            (6) assure that the guidelines adequately meet the purposes 
        of sentencing as set forth in section 3553(a)(2) of title 18, 
        United States Code.

SEC. 101A. STUDY AND REPORT ON COMPUTER CRIMES.

    Not later than May 1, 2003, the United States Sentencing Commission 
shall submit a brief report to Congress that explains any actions taken 
by the Sentencing Commission in response to this Act and includes any 
recommendations the Commission may have regarding statutory penalties 
for offenses under section 1030 of title 18, United States Code.

SEC. 102. EMERGENCY DISCLOSURE EXCEPTION.

    (a) In General.--Section 2702(b) of title 18, United States Code, 
is amended--
            (1) by striking ``or'' at the end of paragraph (5);
            (2) by striking subparagraph (C) of paragraph (6);
            (3) in paragraph (6), by inserting ``or'' at the end of 
        subparagraph (A); and
            (4) by inserting after paragraph (6) the following:
            ``(7) to a Federal, State, or local governmental entity, if 
        the provider, in good faith, believes that an emergency 
        involving danger of death or serious physical injury to any 
        person requires disclosure without delay of communications 
        relating to the emergency.''.
    (b) Reporting of Disclosures.--A government entity that receives a 
disclosure under this section shall file, no later than 90 days after 
such disclosure, a report to the Attorney General stating the 
subparagraph under which the disclosure was made, the date of the 
disclosure, the entity to which the disclosure was made, the number of 
customers or subscribers to whom the information disclosed pertained, 
and the number of communications, if any, that were disclosed. The 
Attorney General shall publish all such reports into a single report to 
be submitted to Congress one year after enactment of the bill.

SEC. 103. GOOD FAITH EXCEPTION.

    Section 2520(d)(3) of title 18, United States Code, is amended by 
inserting ``or 2511(2)(i)'' after ``2511(3)''.

SEC. 104. NATIONAL INFRASTRUCTURE PROTECTION CENTER.

    (a) In General.--The Attorney General shall establish and maintain 
a National Infrastructure Protection Center (hereinafter in this 
section referred to as the ``Center'') to serve as a national focal 
point for threat assessment, warning, investigation, and response to 
attacks on the Nation's critical infrastructure for both physical and 
cyber sources.
    (b) Authorization of Appropriations.--There are authorized to be 
appropriated for fiscal year 2003 to carry out this section, 
$125,000,000.

SEC. 105. INTERNET ADVERTISING OF ILLEGAL DEVICES.

    Section 2512(1)(c) of title 18, United States Code, is amended--
            (1) by inserting ``or disseminates by electronic means'' 
        after ``or other publication''; and
            (2) by inserting ``knowing the content of the advertisement 
        and'' before ``knowing or having reason to know''.

SEC. 106. STRENGTHENING PENALTIES.

    Section 1030(c) of title 18, United States Code, is amended--
            (1) by striking ``and'' at the end of paragraph (3);
            (2) in each of subparagraphs (A) and (C) of paragraph (4), 
        by inserting ``except as provided in paragraph (5),'' before 
        ``a fine under this title'';
            (3) by striking the period at the end of paragraph (4)(C) 
        and inserting ``; and''; and
            (4) by adding at the end the following:
            ``(5)(A) if the offender knowingly or recklessly causes or 
        attempts to cause serious bodily injury from conduct in 
        violation of subsection (a)(5)(A)(i), a fine under this title 
        or imprisonment for not more than 20 years, or both; and
            ``(B) if the offender knowingly or recklessly causes or 
        attempts to cause death from conduct in violation of subsection 
        (a)(5)(A)(i), a fine under this title or imprisonment for any 
        term of years or for life, or both.''.

SEC. 107. PROVIDER ASSISTANCE.

    (a) Section 2703.--Section 2703(e) of title 18, United States Code, 
is amended by inserting ``, statutory authorization'' after 
``subpoena''.
    (b) Section 2511.--Section 2511(2)(a)(ii) of title 18, United 
States Code, is amended by inserting ``, statutory authorization,'' 
after ``court order'' the last place it appears.

SEC. 108. EMERGENCIES.

    Section 3125(a)(1) of title 18, United States Code, is amended--
            (1) by striking ``or'' at the end of subparagraph (A);
            (2) by striking the comma at the end of subparagraph (B) 
        and inserting a semicolon; and
            (3) by adding at the end the following:
                    ``(C) an immediate threat to a national security 
                interest; or
                    ``(D) an ongoing attack on a protected computer (as 
                defined in section 1030) that constitutes a crime 
                punishable by a term of imprisonment greater than one 
                year;''.

SEC. 109. PROTECTING PRIVACY.

    (a) Section 2511.--Section 2511(4) of title 18, United States Code, 
is amended--
            (1) by striking paragraph (b); and
            (2) by redesignating paragraph (c) as paragraph (b).
    (b) Section 2701.--Section 2701(b) of title 18, United States Code, 
is amended--
            (1) in paragraph (1), by inserting ``, or in furtherance of 
        any criminal or tortious act in violation of the Constitution 
        or laws of the United States or any State'' after ``commercial 
        gain'';
            (2) in paragraph (1)(A), by striking ``one year'' and 
        inserting ``5 years'';
            (3) in paragraph (1)(B), by striking ``two years'' and 
        inserting ``10 years''; and
            (4) so that paragraph (2) reads as follows:
            ``(2) in any other case--
                    ``(A) a fine under this title or imprisonment for 
                not more than one year or both, in the case of a first 
                offense under this paragraph; and
                    ``(B) a fine under this title or imprisonment for 
                not more than 5 years, or both, in the case of an 
                offense under this subparagraph that occurs after a 
                conviction of another offense under this section.''.
    (c) Presence of Officer at Service and Execution of Warrants for 
Communications and Customer Records.--Section 3105 of title 18, United 
States Code, is amended by adding at the end the following: ``The 
presence of an officer is not required for service or execution of a 
warrant under section 2703 when the provider of electronic 
communications service or remote computing service produces the 
information required in the warrant.''.

               TITLE II--OFFICE OF SCIENCE AND TECHNOLOGY

SEC. 201. ESTABLISHMENT OF OFFICE; DIRECTOR.

    (a) Establishment.--
            (1) In general.--There is hereby established within the 
        Department of Justice an Office of Science and Technology 
        (hereinafter in this title referred to as the ``Office'').
            (2) Authority.--The Office shall be under the general 
        authority of the Assistant Attorney General, Office of Justice 
        Programs, and shall be independent of the National Institute of 
        Justice.
    (b) Director.--The Office shall be headed by a Director, who shall 
be an individual appointed based on approval by the Office of Personnel 
Management of the executive qualifications of the individual.

SEC. 202. MISSION OF OFFICE; DUTIES.

    (a) Mission.--The mission of the Office shall be--
            (1) to serve as the national focal point for work on law 
        enforcement technology; and
            (2) to carry out programs that, through the provision of 
        equipment, training, and technical assistance, improve the 
        safety and effectiveness of law enforcement technology and 
        improve access to such technology by Federal, State, and local 
        law enforcement agencies.
    (b) Duties.--In carrying out its mission, the Office shall have the 
following duties:
            (1) To provide recommendations and advice to the Attorney 
        General.
            (2) To establish and maintain advisory groups (which shall 
        be exempt from the provisions of the Federal Advisory Committee 
        Act (5 U.S.C. App.)) to assess the law enforcement technology 
        needs of Federal, State, and local law enforcement agencies.
            (3) To establish and maintain performance standards in 
        accordance with the National Technology Transfer and 
        Advancement Act of 1995 (Public Law 104-113) for, and test and 
        evaluate law enforcement technologies that may be used by, 
        Federal, State, and local law enforcement agencies.
            (4) To establish and maintain a program to certify, 
        validate, and mark or otherwise recognize law enforcement 
        technology products that conform to standards used by the 
        Office in accordance with the National Technology Transfer and 
        Advancement Act of 1995 (Public Law 104-113), which may, in the 
        discretion of the Office, allow for supplier declaration of 
        conformity with such standards.
            (5) To work with other entities within the Department of 
        Justice, other Federal agencies, and the executive office of 
        the President to establish a coordinated Federal approach on 
        issues related to law enforcement technology.
            (6) To carry out research, development, testing, and 
        evaluation in fields that would improve the safety, 
        effectiveness, and efficiency of law enforcement technologies 
        used by Federal, State, and local law enforcement agencies, 
        including, but not limited to--
                    (A) weapons capable of preventing use by 
                unauthorized persons, including personalized guns;
                    (B) protective apparel;
                    (C) bullet-resistant and explosion-resistant glass;
                    (D) monitoring systems and alarm systems capable of 
                providing precise location information;
                    (E) wire and wireless interoperable communication 
                technologies;
                    (F) tools and techniques that facilitate 
                investigative and forensic work, including computer 
                forensics;
                    (G) equipment for particular use in 
                counterterrorism, including devices and technologies to 
                disable terrorist devices;
                    (H) guides to assist State and local law 
                enforcement agencies;
                    (I) DNA identification technologies; and
                    (J) tools and techniques that facilitate 
                investigations of computer crime.
            (7) To administer a program of research, development, 
        testing, and demonstration to improve the interoperability of 
        voice and data public safety communications.
            (8) To serve on the Technical Support Working Group of the 
        Department of Defense, and on other relevant interagency 
        panels, as requested.
            (9) To develop, and disseminate to State and local law 
        enforcement agencies, technical assistance and training 
        materials for law enforcement personnel, including prosecutors.
            (10) To operate the regional National Law Enforcement and 
        Corrections Technology Centers and, to the extent necessary, 
        establish additional centers through a competitive process.
            (11) To administer a program of acquisition, research, 
        development, and dissemination of advanced investigative 
        analysis and forensic tools to assist State and local law 
        enforcement agencies in combating cybercrime.
            (12) To support research fellowships in support of its 
        mission.
            (13) To serve as a clearinghouse for information on law 
        enforcement technologies.
            (14) To represent the United States and State and local law 
        enforcement agencies, as requested, in international activities 
        concerning law enforcement technology.
            (15) To enter into contracts and cooperative agreements and 
        provide grants, which may require in-kind or cash matches from 
        the recipient, as necessary to carry out its mission.
            (16) To carry out other duties assigned by the Attorney 
        General to accomplish the mission of the Office.
    (c) Competition Required.--Except as otherwise expressly provided 
by law, all research and development carried out by or through the 
Office shall be carried out on a competitive basis.
    (d) Information From Federal Agencies.--Federal agencies shall, 
upon request from the Office and in accordance with Federal law, 
provide the Office with any data, reports, or other information 
requested, unless compliance with such request is otherwise prohibited 
by law.
    (e) Publications.--Decisions concerning publications issued by the 
Office shall rest solely with the Director of the Office.
    (f) Transfer of Funds.--The Office may transfer funds to other 
Federal agencies or provide funding to non-Federal entities through 
grants, cooperative agreements, or contracts to carry out its duties 
under this section.
    (g) Annual Report.--The Director of the Office shall include with 
the budget justification materials submitted to Congress in support of 
the Department of Justice budget for each fiscal year (as submitted 
with the budget of the President under section 1105(a) of title 31, 
United States Code) a report on the activities of the Office. Each such 
report shall include the following:
            (1) For the period of 5 fiscal years beginning with the 
        fiscal year for which the budget is submitted--
                    (A) the Director's assessment of the needs of 
                Federal, State, and local law enforcement agencies for 
                assistance with respect to law enforcement technology 
                and other matters consistent with the mission of the 
                Office; and
                    (B) a strategic plan for meeting such needs of such 
                law enforcement agencies.
            (2) For the fiscal year preceding the fiscal year for which 
        such budget is submitted, a description of the activities 
        carried out by the Office and an evaluation of the extent to 
        which those activities successfully meet the needs assessed 
        under paragraph (1)(A) in previous reports.

SEC. 203. DEFINITION OF LAW ENFORCEMENT TECHNOLOGY.

    For the purposes of this title, the term ``law enforcement 
technology'' includes investigative and forensic technologies, 
corrections technologies, and technologies that support the judicial 
process.

SEC. 204. ABOLISHMENT OF OFFICE OF SCIENCE AND TECHNOLOGY OF NATIONAL 
                    INSTITUTE OF JUSTICE; TRANSFER OF FUNCTIONS.

    (a) Transfers From Office Within NIJ.--The Office of Science and 
Technology of the National Institute of Justice is hereby abolished, 
and all functions and activities performed immediately before the date 
of the enactment of this Act by the Office of Science and Technology of 
the National Institute of Justice are hereby transferred to the Office.
    (b) Authority To Transfer Additional Functions.--The Attorney 
General may transfer to the Office any other program or activity of the 
Department of Justice that the Attorney General, in consultation with 
the Committee on the Judiciary of the Senate and the Committee on the 
Judiciary of the House of Representatives, determines to be consistent 
with the mission of the Office.
    (c) Transfer of Funds.--
            (1) In general.--Any balance of appropriations that the 
        Attorney General determines is available and needed to finance 
        or discharge a function, power, or duty of the Office or a 
        program or activity that is transferred to the Office shall be 
        transferred to the Office and used for any purpose for which 
        those appropriations were originally available. Balances of 
        appropriations so transferred shall--
                    (A) be credited to any applicable appropriation 
                account of the Office; or
                    (B) be credited to a new account that may be 
                established on the books of the Department of the 
                Treasury;
        and shall be merged with the funds already credited to that 
        account and accounted for as one fund.
            (2) Limitations.--Balances of appropriations credited to an 
        account under paragraph (1)(A) are subject only to such 
        limitations as are specifically applicable to that account. 
        Balances of appropriations credited to an account under 
        paragraph (1)(B) are subject only to such limitations as are 
        applicable to the appropriations from which they are 
        transferred.
    (d) Transfer of Personnel and Assets.--With respect to any 
function, power, or duty, or any program or activity, that is 
transferred to the Office, those employees and assets of the element of 
the Department of Justice from which the transfer is made that the 
Attorney General determines are needed to perform that function, power, 
or duty, or for that program or activity, as the case may be, shall be 
transferred to the Office.
    (e) Report on Implementation.--Not later than 1 year after the date 
of the enactment of this Act, the Attorney General shall submit to the 
Committee on the Judiciary of the Senate and the Committee on the 
Judiciary of the House of Representatives a report on the 
implementation of this title. The report shall--
            (1) identify each transfer carried out pursuant to 
        subsection (b);
            (2) provide an accounting of the amounts and sources of 
        funding available to the Office to carry out its mission under 
        existing authorizations and appropriations, and set forth the 
        future funding needs of the Office;
            (3) include such other information and recommendations as 
        the Attorney General considers appropriate.

SEC. 205. NATIONAL LAW ENFORCEMENT AND CORRECTIONS TECHNOLOGY CENTERS.

    (a) In General.--The Director of the Office shall operate and 
support National Law Enforcement and Corrections Technology Centers 
(hereinafter in this section referred to as ``Centers'') and, to the 
extent necessary, establish new centers through a merit-based, 
competitive process.
    (b) Purpose of Centers.--The purpose of the Centers shall be to--
            (1) support research and development of law enforcement 
        technology;
            (2) support the transfer and implementation of technology;
            (3) assist in the development and dissemination of 
        guidelines and technological standards; and
            (4) provide technology assistance, information, and support 
        for law enforcement, corrections, and criminal justice 
        purposes.
    (c) Annual Meeting.--Each year, the Director shall convene a 
meeting of the Centers in order to foster collaboration and 
communication between Center participants.
    (d) Report.--Not later than 12 months after the date of the 
enactment of this Act, the Director shall transmit to the Congress a 
report assessing the effectiveness of the existing system of Centers 
and identify the number of Centers necessary to meet the technology 
needs of Federal, State, and local law enforcement in the United 
States.

SEC. 206. COORDINATION WITH OTHER ENTITIES WITHIN DEPARTMENT OF 
                    JUSTICE.

    Section 102 of the Omnibus Crime Control and Safe Streets Act of 
1968 (42 U.S.C. 3712) is amended in subsection (a)(5) by inserting 
``coordinate and'' before ``provide''.

                          Purpose and Summary

    H.R. 3482, the ``Cyber Security Enhancement Act of 2002,'' 
would increase penalties for cybercrimes to better reflect the 
seriousness of the crime; enhance law enforcement efforts 
through better coordination; provide the authority and 
resources for the National Infrastructure Protection Center to 
serve as a national focal point for threat assessment, warning, 
investigation, and response to attacks on the nation's critical 
infrastructure from both physical and cyber sources; and make 
the Office of Science and Technology an independent office to 
serve as the national focal point for law enforcement science 
and technology and to assist in the development and 
dissemination of law enforcement technology, and to make 
technical assistance available to Federal, State, and local law 
enforcement agencies.

                Background and Need for the Legislation

    Since the beginning of the 107th Congress, the Subcommittee 
on Crime, Terrorism, and Homeland Security has examined the 
need for legislation to update and improve Federal law to 
protect the nation from cyber-crime and -terrorism.
    On May 24, 2001, the Subcommittee heard from three State 
and local officials on law enforcement efforts and needs to 
fight cybercrime, expressing views from the police, the 
prosecutors and the State governments. The witnesses were 
Michael T. McCaul, the Texas Deputy Attorney General for 
Criminal Justice; the Honorable Joseph I. Cassilly, the State's 
Attorney for Harford County, Maryland and Chairman of the Cyber 
Crime Committee for the National District Attorneys 
Association; and Ronald R. Stevens, the Senior Investigator for 
the Bureau of Criminal Investigation for the New York State 
Police, Computer Crime Unit. All three testified with regard to 
the need for better resources, training, standards, and 
equipment.
    On June 12, 2001, officials from three Federal agencies 
testified before the Subcommittee. The witnesses were Michael 
Chertoff, the Assistant Attorney General of the Criminal 
Division for the Department of Justice; Thomas T. Kubic, the 
Deputy Assistant Director of the Criminal Investigative 
Division for the Federal Bureau of Investigation; and James A. 
Savage, Jr., the Deputy Special Agent in Charge of the 
Financial Crimes Division for United States Secret Service. 
These three witnesses agreed that Federal laws regarding the 
processes and procedures to investigate and prosecute 
cybercrime were outdated in certain areas.
    Alan Davidson, Associate Director at the Center for 
Democracy and Technology (CDT), a Washington, DC, non-profit 
group interested in civil liberties and human rights on the 
Internet and other new digital media, also testified. He urged 
the Subcommittee to consider privacy issues when drafting new 
legislation and updating the law. At a February 12, 2002 
legislative hearing on H.R. 3482, the ``Cyber Security 
Enhancement Act of 2002,'' Mr. Davidson testified that the 
``[Center for Democracy and Technology (CDT)] commends this 
Committee for holding this hearing, and for the relatively 
measured approach taken in H.R. 3482. We agree that computer 
crime and security is a serious problem that requires serious 
Government response.''
    On June 14, 2001, representatives from the business 
community testified about the problems they face with 
cybercrime. The hearing focused on the efforts and concerns of 
private industry with regard to this issue. The witnesses 
agreed that sharing information was key to successfully 
addressing and preventing cybercrime. Additionally, the 
witnesses urged Congress to examine stricter penalties for 
cybercrime.
    The three hearings highlighted the growing threat of 
cybercrime and cyberterrorism against our citizens and our 
nation and the definitive need for legislation. Criminals use 
computers and other types of technology to target the income 
and well-being of American citizens, the nation's economy, 
America's national security, and our critical infrastructure.
    On September 20, 2001, H.R. 2915, ``the Public Safety and 
Cyber Security Enhancement Act of 2002'' was introduced to 
address the concerns brought forth in the hearings. Most of 
H.R. 2915 was adopted as part of the USA PATRIOT Act \1\, the 
anti-terrorism bill, that was enacted in October 26, 2001. 
There remained some additional issues that were not addressed.
---------------------------------------------------------------------------
    \1\ Pub. L No. 107-56.
---------------------------------------------------------------------------
    H.R. 3482, ``the Cyber Security Enhancement Act of 2002,'' 
responds to the previous hearings and ongoing discussions with 
law enforcement, industry, and academia representatives and the 
need to address issues not covered in the USA PATRIOT Act.
    While technology has improved the standard of living for 
the United States and her citizens, it has also assisted 
criminals and terrorists with their nefarious activities. 
Terrorists and high-tech vandals use computers and other 
technology to terrorize and harass businesses, private citizens 
and the Government, which costs the taxpayers millions. For 
example, hackers are invading the privacy of our citizens' 
homes to program personal computers into ``zombie computers.'' 
These zombie computers are then used for the denial-of-service 
attacks that bombard a target site with nonsense data. In 
February 2000, a denial-of-service attack on Yahoo and other 
companies cost millions of dollars. These types of attacks not 
only threaten our economy, but also our public safety. An 
attack on an emergency service network could prevent prompt 
responses to people in life threatening situations, causing 
injury or death.
    The protection of our national security, critical 
infrastructure and economic base is essential. The terrorist 
attacks on September 11th severely affected our economy and 
demonstrated a need to evaluate and improve our security. A 
terrorist or criminal cyber attack could further harm our 
economy and critical infrastructure. It is imperative that the 
penalties and law enforcement capabilities are adequate to 
prevent and deter such attacks.

                                Hearings

    The Committee's Subcommittee on Crime held 1 day of 
hearings on H.R. 3482 on February 12, 2002. Testimony was 
received from four witnesses: John G. Malcolm, Deputy Assistant 
Attorney General, Criminal Division of the Department of 
Justice; Susan Kelley Koeppen, Corporate Attorney, Microsoft 
Corporation; Clint Smith, Vice President and Chief Network 
Counsel of WorldCom; and Alan Davidson, Staff Counsel, Center 
for Democracy and Technology.

                        Committee Consideration

    On February 26, 2002, the Subcommittee on Crime met in open 
session and ordered favorably reported the bill H.R. 3482, as 
amended, by a voice vote, a quorum being present. On May 1, 
2002, the Committee met in open session and ordered favorably 
reported the bill H.R. 3482, with an amendment in the nature of 
a substitute, by voice vote, a quorum being present.

                         Vote of the Committee

    There were no recorded votes on H.R. 3482.

                      Committee Oversight Findings

    In compliance with clause 3(c)(1) of rule XIII of the Rules 
of the House of Representatives, the Committee reports that the 
findings and recommendations of the Committee, based on 
oversight activities under clause 2(b)(1) of rule X of the 
Rules of the House of Representatives, are incorporated in the 
descriptive portions of this report.

                    Performance Goals and Objectives

    The bill is intended to improve the ability of Federal, 
State and local law enforcement efforts to deter, prevent and 
resolve cyber attacks carried out by terrorists and other 
criminals. The bill will implement accountability in the 
management of grants for technology investment at the State and 
local levels through assessments and better Federal grant 
management. Additionally, the bill will improve the protection 
of the nation's critical infrastructure from cyber and physical 
attacks.

               New Budget Authority and Tax Expenditures

    Clause 3(c)(2) of House rule XII is inapplicable because 
this legislation does not provide new budgetary authority or 
increased tax expenditures.

               Congressional Budget Office Cost Estimate

    In compliance with clause 3(c)(3) of rule XIII of the Rules 
of the House of Representatives, the Committee sets forth, with 
respect to the bill, H.R. 3482, the following estimate and 
comparison prepared by the Director of the Congressional Budget 
Office under section 402 of the Congressional Budget Act of 
1974:

                                     U.S. Congress,
                               Congressional Budget Office,
                                      Washington, DC, May 22, 2002.
Hon. F. James Sensenbrenner, Jr., Chairman,
Committee on the Judiciary,
House of Representatives, Washington, DC.
    Dear Mr. Chairman: The Congressional Budget Office has 
prepared the enclosed cost estimate for H.R. 3482, the Cyber 
Security Enhancement Act of 2002.
    If you wish further details on this estimate, we will be 
pleased to provide them. The CBO staff contact is Mark 
Grabowicz, who can be reached at 226-2860.
            Sincerely,
                                  Dan L. Crippen, Director.

Enclosure

cc:
        Honorable John Conyers, Jr.
        Ranking Member
H.R. 3482--Cyber Security Enhancement Act of 2002.

                                SUMMARY

    H.R. 3482 would authorize the appropriation of $125 million 
for fiscal year 2003 for the National Infrastructure Protection 
Center (NIPC) in the Department of Justice. The bill also would 
establish new federal crimes and would increase penalties for 
unauthorized use of computers and related offenses.
    CBO estimates that implementing H.R. 3482 would cost $125 
million over the 2003-2004 period, subject to appropriation of 
the authorized amount. Enacting the bill also would affect 
direct spending and receipts, but CBO estimates that any such 
effects would not be significant. Because the bill would affect 
direct spending and receipts, pay-as-you-go procedures would 
apply.
    H.R. 3482 would impose reporting requirements on State and 
local government agencies that receive certain disclosures from 
providers of electronic communication services. Such a 
requirement would constitute an intergovernmental mandate as 
defined in the Unfunded Mandates Reform Act (UMRA). CBO 
estimates that the cost of complying with these new reporting 
requirements would not likely be significant, and would not 
exceed the threshold established in UMRA ($58 million in 2002, 
adjusted annually for inflation). Overall, the bill would 
benefit State, local, and tribal governments by providing 
technological assistance and training materials to State and 
local law enforcement agencies. H.R. 3482 contains no new 
private-sector mandates as defined in UMRA.

                ESTIMATED COST TO THE FEDERAL GOVERNMENT

    The estimated budgetary impact of H.R. 3482 is shown in the 
following table. CBO assumes that the amounts authorized for 
the NIPC will be appropriated by the start of fiscal year 2003. 
We expect that outlays will occur somewhat more slowly than the 
historical rate of spending for this program because of the 
increase in funding compared to the 2002 level. The costs of 
this legislation fall within budget function 750 
(administration of justice).

                 By Fiscal Year, in Millions of Dollars
------------------------------------------------------------------------
                                 2002   2003   2004   2005   2006   2007
------------------------------------------------------------------------
SPENDING SUBJECT TO APPROPRIATION
Spending for NIPC Under
 Current Law
  Budget Authority \1\             90      0      0      0      0      0
  Estimated Outlays                75     25      0      0      0      0

Proposed Changes
  Authorization Level               0    125      0      0      0      0
  Estimated Outlays                 0     88     38      0      0      0

Spending for NIPC Under H.R.
 3482
  Authorization Level              90    125      0      0      0      0
  Estimated Outlays                75    113     38      0      0      0
------------------------------------------------------------------------
1. The 2002 level is the amount appropriated for that year for the
  National Infrastructure Protection Center.


    Enacting H.R. 3482 could increase collections of criminal 
fines for unauthorized use of computers and other offenses. CBO 
estimates that any additional collections would not be 
significant. Criminal fines are recorded as receipts and 
deposited in the Crime Victims Fund, then later spent.

                      PAY-AS-YOU-GO CONSIDERATIONS

    The Balanced Budget and Emergency Deficit Control Act 
specifies pay-as-you-go procedures for legislation affecting 
direct spending and receipts. These procedures would apply to 
H.R. 3482 because it would affect both direct spending and 
receipts, but CBO estimates that the annual amount of such 
changes would not be significant.

        ESTIMATED IMPACT ON STATE, LOCAL, AND TRIBAL GOVERNMENTS

    H.R. 3482 would impose reporting requirements on State and 
local government agencies that receive certain disclosures from 
providers of electronic communication services. Such a 
requirement would constitute an intergovernmental mandate as 
defined in UMRA. CBO estimates that the cost of complying with 
these new reporting requirements would not likely be 
significant, and would not exceed the threshold established in 
UMRA ($58 million in 2002, adjusted annually for inflation). 
Overall, the bill would benefit State, local, and tribal 
governments by providing technological assistance and training 
materials to State and local law enforcement agencies.

                 ESTIMATED IMPACT ON THE PRIVATE SECTOR

    H.R. 3482 contains no new private-sector mandates as 
defined in UMRA.

                         ESTIMATE PREPARED BY:

Federal Costs: Mark Grabowicz (226-2860)
Impact on State, Local, and Tribal Governments: Angela Seitz 
    (225-3220)
Impact on the Private Sector: Paige Piper/Bach (226-2960)

                         ESTIMATE APPROVED BY:

Peter H. Fontaine
Deputy Assistant Director for Budget Analysis

                   Constitutional Authority Statement

    Pursuant to clause 3(d)(1) of rule XIII of the Rules of the 
House of Representatives, the Committee finds the authority for 
this legislation in article I, section 8, of the Constitution.

               Section-by-Section Analysis and Discussion

Sec. 1. Short Title.
    This Act may be cited as the ``Cyber Security Enhancement 
Act of 2002.''

                        TITLE I--COMPUTER CRIME

Sec. 101. Amendment of Sentencing Guidelines relating to Certain 
        Computer Crimes.
    This section would direct the United States Sentencing 
Commission to review, and if appropriate amend, the Federal 
sentencing guidelines to provide a wider range of criteria for 
sentencing of those convicted for cybercrimes under 18 U.S.C. 
Sec. 1030. The Committee is concerned that the sentencing 
guidelines do not adequately account for the serious nature of 
computer crimes. Computer crimes can cost businesses millions 
of dollars, can harm the nation's economy, threaten public 
safety, and violate the privacy of individuals.
    Recognizing the growing threats posed by cybercrime, 
Congress, in the USA PATRIOT Act,\2\ increased maximum 
penalties for certain violations of 18 U.S.C. Sec. 1030 that 
can threaten lives as well as national security. Additionally, 
the USA PATRIOT Act added three new violations under section 
1030 where the offense involved an attack on computers used by 
the Government in furtherance of national defense, national 
security, or the administration of justice. This section of the 
bill reflects those changes.
---------------------------------------------------------------------------
    \2\ Uniting and Strengthening America by Providing Appropriate 
Tools Required to Intercept and Obstruct Terrorism. Pub. L. No. 107-56.
---------------------------------------------------------------------------
    This section of the bill also reflects the enhanced 
penalties for cybercrime under H.R. 3482. In section 106, the 
bill enhances the maximum penalty for cybercrimes where an 
offender of 18 U.S.C. Sec. 1030 knowingly or recklessly causes 
or attempts to cause death or serious bodily injury through a 
cyber attack. This section also covers the grave threat that 
cyber attacks pose to critical infrastructures.
    The Committee believes that the United States Sentencing 
Commission must review the guidelines to ensure that they 
appropriately reflect the grievous nature of cyber attacks. The 
Committee believes that these new guidelines will allows judges 
to better account for the seriousness of a computer crime. 
Judges will be able to consider, among other things, the level 
of sophistication of the offense, whether the defendant acted 
with malicious intent to cause harm in committing the offense, 
and the extent to which the privacy rights of the victims of 
the crime were violated.
    This section also requires the U.S. Sentencing Commission 
to submit by May 1, 2003, to Congress a brief report that 
explains any actions taken by the Sentencing Commission in 
response to this act.
Sec. 102. Emergency Disclosure Exception.
    Under current law, communication providers are prohibited 
from disclosing electronic stored communications unless the 
disclosure is under a specified exception. One of those 
exceptions, 18 U.S.C. Sec. 2702(b)(6)(C), provides that a 
communication service provider may disclose a communication to 
a law enforcement agency if the provider reasonably believes 
that an emergency involving immediate danger of death or 
serious physical injury to any person requires disclosure of 
the information without delay. Communication providers 
expressed concern to the Committee that the standard was too 
difficult for them to meet and that, as a result, providers may 
not disclose information relating emergencies, such as a 
biological terrorist attack, to the appropriate Government 
officials.
    This section would amend the current law to allow 
communications providers to disclose communications to a 
Federal, State or local government entity in emergency 
situations. The provider could only disclose communications 
that relate to the emergency if the provider, in good faith, 
believes that an emergency exists and that the emergency 
involves a danger of death or serious physical injury which 
requires disclosure without delay.
    Specifically, this section would make three changes to 
current law to enhance cooperation with law enforcement and 
communications providers. First, it would change the legal 
standard for providers to determine whether there is an 
emergency from ``reasonable'' to ``good faith.'' Second it 
would remove the requirement that a provider determine what is 
or is not an immediate danger. Third, the provision would allow 
the provider to disclose the information to any Government 
entity, such as the Centers Disease Control (CDC), as well as 
to law enforcement.
    Based upon the testimony presented to the Subcommittee on 
Crime at the February 12, 2002 hearing, the Committee believes 
that changing the standard for providers from reasonable to 
good faith is an appropriate and a necessary change. As Susan 
Koeppen testified, providers are concerned that 
``communications providers or Internet Service Providers may be 
unnecessarily constrained in making decisions in good faith to 
disclose information in an emergency situation involving the 
danger of death or serious physical injury which requires 
immediate disclosure of that information.'' She went on to 
testify that section 102 made ``several improvements to 
existing law that will enable such providers to make decisions 
promptly and without hesitation in emergency situations.''
    The Committee finds that certain emergencies may make it 
more appropriate for a provider to call the CDC or a hospital 
instead of, or in addition to, law enforcement, and thus the 
notification restriction should not be limited to law 
enforcement.
    Additionally, the word ``immediate'' is not needed. The 
language of the bill requires that the provider, in good faith, 
believes (1) that there is an emergency, (2) that emergency 
involves danger of death or serious physical injury, and (3) 
that the emergency requires disclosure of the communications 
without delay. The American Heritage College dictionary defines 
``emergency'' as ``a serious situation or occurrence that 
happens unexpectedly and demands immediate action.''
    Furthermore, the provider must have a good faith belief 
that the information should be disclosed without delay.
    Accordingly, the Committee believes Congress should not add 
an additional ``immediate'' requirement that makes the provider 
determine whether or not the danger itself is immediate. For 
example, if someone plans to bomb an elementary school next 
week, then the communications provider should be able to 
disclose that information and not have to guess whether an 
action which is to occur a week later constitutes ``an 
immediate'' danger or not. In such a case, law enforcement may 
need all the time it can get to locate the perpetrator and 
prevent the crime. Another example is where an individual sends 
an e-mail to another person describing an upcoming terrorist 
attack he or she is planning, but does not put a date on the 
attack. A terrorist attack would clearly constitute an 
emergency that threatens life or limb, but the timing of the 
attack may not be evident. The attack could be planned for 
tomorrow or for a year from now. It is clear that there is a 
danger, but the immediacy of that danger is unclear.
    Accordingly, this section changes current law to reflect 
the fact that if a provider, in good faith, believes there is 
an emergency, the provider should not be held liable. The 
Committee would note that section 102 of this bill does not 
change the standard or lower the standard for law enforcement 
behavior. This section, instead, requires that a communications 
provider must have a ``good faith'' belief that there is an 
emergency involving danger of death or serious physical injury 
to any person that requires disclosure without delay. This 
section is aimed at protecting providers who in good faith 
attempt to assist law enforcement with an emergency situation.
    This section does not reduce the standard under which law 
enforcement must act. If police abuse that standard, there are 
appropriate consequences. The courts have applied a judicially 
created exclusionary rule for years. As the Supreme Court 
stated the rule exists as a ``judicially created remedy 
designed to safeguard Fourth amendment rights generally through 
its deterrent effect. . . .'' \3\
---------------------------------------------------------------------------
    \3\ United States v. Leon, 468 U.S. 897, 906 (1984), quoting United 
States v. Calandra, 414 U.S. 338,348 (1974), quoted with approval in 
Illinois v. Krull, 480 340, 347 (1987); see also Terry v. Ohio, 392 
U.S. 1, 12-4 (1968); United States v. Janis, 428 U.S. 433, 446 (1976).
---------------------------------------------------------------------------
    Any criminal evidence that is secured, directly or 
indirectly, in violation of the Fourth amendment, may not be 
admitted against a defendant in a criminal proceeding. A police 
officer who makes a false claim to a communications provider 
that there is an emergency that authorizes the disclosure of 
information under section 102 of the Cyber Security Enhancement 
Act has conducted an illegal search and seizure. The police 
officer must have a reasonable belief to make such a claim and 
if she or he does not, the evidence would be subject to the 
existing judicially created exclusionary rule.
    Finally, this section would require Government officials to 
report quarterly to the Attorney General for the first year 
after enactment of the bill. At the end of that year, the 
Attorney General would send a report on the quarterly reports 
to Congress. This is a one time reporting requirement for the 
Attorney General.
Sec. 103. Good Faith Exception.
    This section would update the ``good faith reliance'' 
defense in 18 U.S.C. Sec. 2520(d) so that the new computer 
trespasser law \4\ created in section 217 of the USA PATRIOT 
Act is also covered. Current law provides that a communications 
provider that relies in good faith on a court order or other 
listed authorization has a complete defense against civil or 
criminal action brought under this chapter or any other law. It 
appears that the current defense, as written, would not cover a 
provider acting in good faith under the new computer trespasser 
law to assist law enforcement.
---------------------------------------------------------------------------
    \4\ Prior to the enactment of the USA PATRIOT Act, victims of a 
computer trespasser attack were not able to authorize law enforcement 
to intercept the trespassers communications. Rather law enforcement 
would have had to go to get a court order to help the owners of systems 
providing communication services protect their own systems. The USA 
PATRIOT Act amended the law to clarify that law enforcement may 
intercept such communications when authorized by the victims.
---------------------------------------------------------------------------
    This section clarifies that communications providers, who 
assist law enforcement officials under the new computer 
trespasser are covered. This language was included in the House 
version of the PATRIOT Act \5\ that was reported unanimously 
out of Committee. The final version of the USA PATRIOT Act, 
however, adopted the Senate language that did not include this 
provision.
---------------------------------------------------------------------------
    \5\ Provide Appropriate Tools Required to Intercept and Obstruct 
Terrorism, H.R. 2975, H. Rep. No. 107-236, Part 1.
---------------------------------------------------------------------------
    This section simply clarifies that communications providers 
assisting law-enforcement under this section will continue to 
be covered by the good faith reliance defense under 18 U.S.C. 
Sec. 2520.
Sec. 104. National Infrastructure Protection Center.
    This section authorizes the Attorney General to establish 
and maintain a National Infrastructure Protection Center (NIPC) 
to serve as a national focal point for threat assessment, 
warning, investigation, and response to attacks on the nation's 
critical infrastructure from both physical and cyber sources. 
This section authorizes the appropriation of $125,000,000 for 
fiscal year 2003.
    The Committee believes that information sharing is a key to 
protecting the security of the nation. The NIPC facilitates 
information sharing to protect the critical infrastructure of 
the nation. It was created in 1998, but it was not authorized. 
In addition to working with Federal, State and local Government 
officials, NIPC works with private sector infrastructure owners 
and operators.
    The Committee believes that the war on terrorism demands 
additional efforts to protect the nation's critical 
infrastructure. By authorizing NIPC, the Congress demonstrates 
its support for this important task.
Sec. 105. Internet Advertising of Illegal Devices.
    Section 105 was included to address a statutory loophole 
that allows for the distribution of advertisements of illegal 
interception devices through contemporary means of 
communication. This section would amend 18 U.S.C. 
Sec. 2512(1)(c) to make the language technology neutral and 
close the existing loophole to further protect privacy. Under 
current law, 18 U.S.C. Sec. 2512(1)(c) prohibits the 
advertisement of illegal interception devices in any magazine, 
newspaper, handbill, or other publication. The current law, 
however, does not mention advertising such devices on the 
Internet. This section would correct that loophole and ensure 
consistent treatment among advertising mediums by amending 18 
U.S.C. Sec. 2512(1)(c) to include the advertisements 
disseminated by electronic means.
Sec. 106. Increased Penalty.
    This section amends 18 U.S.C. Sec. 1030(c) to allow for 
criminal penalties to be increased if the offender knowingly or 
recklessly causes or attempts to cause death or serious bodily 
injury through a cyber attack. When a terrorist or other 
criminal attacks a computer system that, for instance, controls 
the 9-1-1 telephone systems, and causes a death or deaths, the 
current 10-year prison term may not be enough. This section 
provides the flexibility for a more severe punishment when the 
computer crime is severe. The Committee believes that cyber 
attacks can pose a serious threat to life and limb and that the 
penalties should reflect that threat.
Sec. 107. Provider Assistance.
    This section would ensure that providers of communications 
remain covered under 18 U.S.C. Sec. 2703(e), a ``no cause of 
action provision,'' which protects providers from law suits 
when they legally assist law enforcement with an investigation 
under the new emergency disclosure exception created in section 
212 of the USA PATRIOT Act. Under current law, there is a ``no 
cause of action [protection] against providers disclosing 
information . . . in accordance with the terms of a court 
order, warrant, subpoena, or certification under [chapter 
121].'' Section 107 would add information disclosed under 
``statutory authorization,'' to cover providers that contact 
authorities in emergency situations. This language was 
previously included in the House version of the PATRIOT Act 
that was reported unanimously out of Committee. The final 
version of the USA PATRIOT Act, however, adopted the Senate 
language that did not include this provision.
    This section would also ensure that providers of 
communications remain covered under 18 U.S.C. 
Sec. 2511(2)(a)(ii), another ``no cause of action'' provision 
which protects providers from law suits when they are legally 
assisting law enforcement with an investigation under the new 
computer trespasser provision, Sec. 2511(2)(i), created in the 
USA PATRIOT Act.
Sec. 108. Emergencies.
    This section amends 18 U.S.C. Sec. 3125(a)(1) to expand 
when law enforcement may use pen registers and trap and trace 
devices in an emergency situation. Law enforcement uses pen 
registers and trap and trace devices to provide information 
about the source or destination of a communication without 
capturing the content of the communication. This is the least 
invasive method of surveillance of electronic communications 
and is indispensable to investigations. Trap and trace devices 
can identify, for example, the source of phone calls placed by 
a kidnapper in order to identify his whereabouts. In ordinary 
circumstances, any attorney for the Government may obtain a 
pen/trap order by certifying to a court that the information 
collected will be relevant to a criminal investigation. In an 
emergency, law enforcement authorities may install a pen/trap 
device for forty-eight hours while court authorization is 
sought.
    This amendment expands the list of situations during which 
an emergency pen/trap can be used by adding immediate threats 
to national security interests and ongoing attacks on protected 
computers. Under current law, threats to national security 
interests already justify the emergency use of a full-content 
wiretap--a much more invasive tool than a pen/trap.\6\
---------------------------------------------------------------------------
    \6\ 18 U.S.C. Sec. 2518 (7)(a)(ii).
---------------------------------------------------------------------------
    The Committee notes that this section in no way changes the 
limitations under current law on the emergency use of this 
authority. Those limitations are: (1) a Government official 
authorizing an emergency pen/trap must determine that there are 
grounds upon which a court could enter a pen/trap order; \7\ 
(2) emergency authorization lasts only forty-eight hours, 
within which time a court order must be obtained for the 
surveillance to continue; \8\ and (3) it is a violation of the 
statute to fail to apply for an order within forty-eight hours 
of installation or use of the device.\9\
---------------------------------------------------------------------------
    \7\ 18 U.S.C. Sec. 3125(a)(2).
    \8\ 18 U.S.C. Sec. 3125(b).
    \9\ 18 U.S.C. Sec. 3125(c).
---------------------------------------------------------------------------
Sec. 109. Protecting Privacy.
    Section 109(a) would amend 18 U.S.C. Sec. 2511(4)(b) to 
raise the penalties for a person who illegally intercepts cell-
phone conversations. Under current law, Sec. 2511(4)(b) 
provides lesser penalties for certain wiretap violations. For 
example, while most illegal wiretapping constitutes a 5-year 
felony, the statute punishes first time offenders who intercept 
a cellular phone call with a mere fine. The requirement that 
violations be committed intentionally \10\ ensures that mere 
inadvertent overhearing of a brief portion of a communication 
is not criminalized. The Committee believes that the special 
penalty scheme for cell phone violations should be eliminated 
and that all wire interceptions should be treated equally. 
Therefore, this section makes the statutory maximum penalty for 
all such offenses the same regardless of the technology used.
---------------------------------------------------------------------------
    \10\ See 18 U.S.C. Sec. 2511(1)(a)-(d).
---------------------------------------------------------------------------
    Section 109(b) amends 18 U.S.C. Sec. 2701 to increase 
penalties for a person who invades the privacy of another 
person's stored communications. Under current law, subsection 
2701(b) defines the penalties when an individual invades the 
privacy of others by accessing communications in ``electronic 
storage.'' Such privacy invasions include, for example, the 
reading of an e-mail stored on an e-mail server awaiting 
delivery to its recipient. Thus, a system administrator for a 
company would violate this provision if, outside of his regular 
duties, he used his access to the computer system to read the 
CEO's e-mail and use the information contained in those e-mails 
for his own financial gain.
    The Committee believes that this section is necessary 
because current law punishes what are often very significant 
privacy invasions as misdemeanors. Under current law, where the 
invasion of privacy occurs for commercial gain or advantage or 
malicious destruction, the maximum penalty is 1 year 
imprisonment for first time offenders. Violators without these 
mental states receive a maximum of 6 months in jail. The 
current penalty structure, in which all first-time offenses are 
misdemeanors, does not adequately reflect the seriousness of 
the offense. According to the Department of Justice, few (if 
any) prosecutions have been brought for this violation, 
limiting the deterrent effect of the statute. In addition, in 
order to qualify for the enhanced penalty provision, a violator 
must have the intent to cause damage or to benefit financially 
from the action. This list of aggravating mental states does 
not include those who violate the statute in furtherance of any 
criminal or tortious act.
    The amendments to 2701(b) raise the maximum criminal 
penalties to 5 years where the actor has the aggravating mental 
state (ten years for repeat offenders) and to 1 year for other 
violations (five years for repeat offenders). The amendments 
would assure that individuals who violate this section in 
furtherance of some other criminal or tortious act are 
appropriately punished. The Committee believes this change in 
the law will provide judges with the flexibility and discretion 
to impose more serious penalties for more serious crimes.
    Section 109(c) amends 18 U.S.C. Sec. 3105, a 1917 
provision, to clarify that a law enforcement officer does not 
need to be present for a warrant to be serviced or executed 
under the Electronic Communications Privacy Act (ECPA). Due to 
the nature of electronic communications, much of this 
information is in the possession of Internet Provider Services 
(ISPs) and law enforcement officials often serve such warrants 
over facsimile machines and are not present at the site of the 
ISP. In a recent child pornography case, a Minnesota Federal 
district court, in U.S. v. Bach,\11\ however, ruled that this 
procedure was an unreasonable search and seizure. The Court 
found that a police officer had to be present at the time. This 
subsection makes it clear that a police officer does not have 
to be present at the time a warrant is served under ECPA.
---------------------------------------------------------------------------
    \11\ United States v. Bach, No. 01-221, (PAM/ESS) 2001 U.S. Dist. 
LEXIS 21853 (D. Minn. Dec. 14, 2001).
---------------------------------------------------------------------------

               TITLE II--OFFICE OF SCIENCE AND TECHNOLOGY

Sec. 201. Establishment of Office; Director.
    This section establishes the Office of Science and 
Technology (OST) as an independent office. The office will be 
under the general authority of the Assistant Attorney General, 
Office of Justice Programs (OJP), and shall no longer be housed 
in the National Institute of Justice (NIJ).
    The mission of the OST is to provide State and local law 
enforcement access to new technologies and to help develop 
those new technologies. Currently, OST is housed in NIJ, which 
was created in 1968, in the Omnibus Crime Control and Safe 
Streets Act to support Federal criminal justice research. The 
mission of NIJ is to improve police work and the judicial 
system and to gain a better understanding of criminal behavior. 
NIJ was created when technology was not the overriding 
priority. Today, technology is a priority and the establishment 
of OST as an independent office will ensure that technology is 
treated as a priority.
    The Committee believes that there is a need for a real 
reform of the OJP programs and the way those programs are 
managed. The change proposed by this bill is part of a larger 
restructuring process. It will help the OJP to focus the 
necessary resources on the development of technology and hard 
science research.
    At hearings held on reforming OJP, the former Assistant 
Attorney General for OJP, Laurie Robinson, testified that this 
is one area OJP really needs to reorganize. States need to have 
a more clear direction as to how and where to obtain technology 
grants. This section will assist that process. Additionally, 
the Committee believes that this change will help focus at OJP 
on the important area of technology research and at the same 
time maintain the core functions for which NIJ was established.
    Today, the duties of NIJ are to:

         L[research] the nature and impact of crime and 
        delinquency;

         L[develop] applied technologies, standards and 
        tools for criminal justice practitioners;

         L[evaluate] existing programs and responses to 
        crime;

         L[test] innovative concepts and program models 
        in the field;

         L[assist] policymakers, program partners, and 
        justice agencies; and

         L[disseminate] knowledge to many 
        audiences.\12\
---------------------------------------------------------------------------
    \12\ http://www.ojp.usdoj.gov/nij/about.htm (June 6, 2002).

    NIJ would continue to carry out all of its functions except 
for the development of applied technologies, standards, and 
tools. These would be the responsibilities of OST. 
Additionally, one of the NIJ's responsibilities is to evaluate 
existing programs. To avoid a conflict of interest and allow 
NIJ to evaluate the work of OST, it makes sense to transfer OST 
outside of NIJ. This change will allow NIJ to maintain its 
integrity as an independent evaluator of OJP.
Sec. 202. Mission of Office; Duties.
    This section establishes the mission and duties of OST to 
serve as the national focal point to improve law enforcement 
technology and to make technical assistance available to 
Federal, State, and local law enforcement agencies. This 
section was modified by the Committee with regard to 
subsections (3) and (4) to clarify that OST may use input from 
industry in developing technology standards; however, the 
Committee does not intend this modification to prevent OST from 
independently developing whatever standards it deems 
appropriate for law enforcement technology and equipment.
    This section requires the Office to award research and 
development work on a competitive basis. Additionally, it 
requires the Director of the OST to provide to Congress a needs 
assessment for Federal, State and local law enforcement and a 
strategic plan for meeting those needs.
Sec. 203. Definition of Law Enforcement Technology.
    This section defines ``law enforcement technology'' to 
include investigative and forensic technologies, corrections 
technologies, and technologies that support the judicial 
process.
Sec. 204. Abolishment of Office of Science and Technology of National 
        Institute of Justice, Transfer of Functions.
    This section transfers OST and all of its assets and 
personnel out of the NIJ within OJP to be a separate office 
within OJP. The Attorney General shall have the authority under 
this section to transfer any other program or activity he or 
she determines is appropriate for this office and provide a 
report to Congress on its implementation after 1 year. The 
Committee believes that the Attorney General should review all 
law enforcement technology programs within the Department, 
including such programs as the Office of Community Oriented 
Policing Services (COPS).
Sec. 205. National Law Enforcement And Corrections Technology Centers.
    This section requires the Director of the OST to operate 
and support National Law Enforcement and Corrections Technology 
Centers. These centers support research, development, and 
implementation of technology to assist law enforcement. This 
bill will require the Director of the OST to make 
recommendations regarding the effectiveness of the centers and 
the need for additional centers.
    Presently, OST uses the existing National Law Enforcement 
and Corrections Technology Centers as one of the primary 
mechanisms to accomplish its mission. Currently, there are five 
regional centers and one national office.
Sec. 206. Coordination with Other Entities within Department of 
        Justice.
    This section provides that the Assistant Attorney General 
shall coordinate the activities of the various bureaus whose 
functions relate to technology programs. In several hearings 
regarding the operations of OJP, it became apparent that the 
lack of coordination among the various bureaus and offices at 
OJP creates confusion and unnecessary duplication. The 
Committee believes that requiring more coordination among the 
various offices will increase efficiency and effectiveness of 
the programs.

                              Agency Views


         Changes in Existing Law Made by the Bill, as Reported

    In compliance with clause 3(e) of rule XIII of the Rules of 
the House of Representatives, changes in existing law made by 
the bill, as reported, are shown as follows (existing law 
proposed to be omitted is enclosed in black brackets, new 
matter is printed in italics, existing law in which no change 
is proposed is shown in roman):

TITLE 18, UNITED STATES CODE

           *       *       *       *       *       *       *


PART I--CRIMES

           *       *       *       *       *       *       *


CHAPTER 47--FRAUD AND FALSE STATEMENTS

           *       *       *       *       *       *       *


Sec. 1030. Fraud and related activity in connection with computers

    (a) * * *

           *       *       *       *       *       *       *

    (c) The punishment for an offense under subsection (a) or 
(b) of this section is--
            (1) * * *

           *       *       *       *       *       *       *

            (3)(A) a fine under this title or imprisonment for 
        not more than five years, or both, in the case of an 
        offense under subsection (a)(4) or (a)(7) of this 
        section which does not occur after a conviction for 
        another offense under this section, or an attempt to 
        commit an offense punishable under this subparagraph; 
        and
            (B) a fine under this title or imprisonment for not 
        more than ten years, or both, in the case of an offense 
        under subsection (a)(4) (a)(5)(A)(iii), or (a)(7) of 
        this section which occurs after a conviction for 
        another offense under this section, or an attempt to 
        commit an offense punishable under this subparagraph; 
        [and]
            (4)(A) except as provided in paragraph (5), a fine 
        under this title, imprisonment for not more than 10 
        years, or both, in the case of an offense under 
        subsection (a)(5)(A)(i), or an attempt to commit an 
        offense punishable under that subsection;
            (B) a fine under this title, imprisonment for not 
        more than 5 years, or both, in the case of an offense 
        under subsection (a)(5)(A)(ii), or an attempt to commit 
        an offense punishable under that subsection;
            (C) except as provided in paragraph (5), a fine 
        under this title, imprisonment for not more than 20 
        years, or both, in the case of an offense under 
        subsection (a)(5)(A)(i) or (a)(5)(A)(ii), or an attempt 
        to commit an offense punishable under either 
        subsection, that occurs after a conviction for another 
        offense under this section[.]; and
            (5)(A) if the offender knowingly or recklessly 
        causes or attempts to cause serious bodily injury from 
        conduct in violation of subsection (a)(5)(A)(i), a fine 
        under this title or imprisonment for not more than 20 
        years, or both; and
            (B) if the offender knowingly or recklessly causes 
        or attempts to cause death from conduct in violation of 
        subsection (a)(5)(A)(i), a fine under this title or 
        imprisonment for any term of years or for life, or 
        both.

           *       *       *       *       *       *       *


   CHAPTER 119--WIRE AND ELECTRONIC COMMUNICATIONS INTERCEPTION AND 
INTERCEPTION OF ORAL COMMUNICATIONS

           *       *       *       *       *       *       *


Sec. 2511. Interception and disclosure of wire, oral, or electronic 
                    communications prohibited

    (1) * * *
    (2)(a)(i) * * *
    (ii) Notwithstanding any other law, providers of wire or 
electronic communication service, their officers, employees, 
and agents, landlords, custodians, or other persons, are 
authorized to provide information, facilities, or technical 
assistance to persons authorized by law to intercept wire, 
oral, or electronic communications or to conduct electronic 
surveillance, as defined in section 101 of the Foreign 
Intelligence Surveillance Act of 1978, if such provider, its 
officers, employees, or agents, landlord, custodian, or other 
specified person, has been provided with--
            (A) * * *

           *       *       *       *       *       *       *

setting forth the period of time during which the provision of 
the information, facilities, or technical assistance is 
authorized and specifying the information, facilities, or 
technical assistance required. No provider of wire or 
electronic communication service, officer, employee, or agent 
thereof, or landlord, custodian, or other specified person 
shall disclose the existence of any interception or 
surveillance or the device used to accomplish the interception 
or surveillance with respect to which the person has been 
furnished a court order or certification under this chapter, 
except as may otherwise be required by legal process and then 
only after prior notification to the Attorney General or to the 
principal prosecuting attorney of a State or any political 
subdivision of a State, as may be appropriate. Any such 
disclosure, shall render such person liable for the civil 
damages provided for in section 2520. No cause of action shall 
lie in any court against any provider of wire or electronic 
communication service, its officers, employees, or agents, 
landlord, custodian, or other specified person for providing 
information, facilities, or assistance in accordance with the 
terms of a court order, statutory authorization, or 
certification under this chapter.

           *       *       *       *       *       *       *

    (4)(a) * * *
    [(b) If the offense is a first offense under paragraph (a) 
of this subsection and is not for a tortious or illegal purpose 
or for purposes of direct or indirect commercial advantage or 
private commercial gain, and the wire or electronic 
communication with respect to which the offense under paragraph 
(a) is a radio communication that is not scrambled, encrypted, 
or transmitted using modulation techniques the essential 
parameters of which have been withheld from the public with the 
intention of preserving the privacy of such communication, 
then--
            [(i) if the communication is not the radio portion 
        of a cellular telephone communication, a cordless 
        telephone communication that is transmitted between the 
        cordless telephone handset and the base unit, a public 
        land mobile radio service communication or a paging 
        service communication, and the conduct is not that 
        described in subsection (5), the offender shall be 
        fined under this title or imprisoned not more than one 
        year, or both; and
            [(ii) if the communication is the radio portion of 
        a cellular telephone communication, a cordless 
        telephone communication that is transmitted between the 
        cordless telephone handset and the base unit, a public 
        land mobile radio service communication or a paging 
        service communication, the offender shall be fined 
        under this title.]
    [(c)] (b) Conduct otherwise an offense under this 
subsection that consists of or relates to the interception of a 
satellite transmission that is not encrypted or scrambled and 
that is transmitted--
            (i) * * *

           *       *       *       *       *       *       *


Sec. 2512. Manufacture, distribution, possession, and advertising of 
                    wire, oral, or electronic communication 
                    intercepting devices prohibited

    (1) Except as otherwise specifically provided in this 
chapter, any person who intentionally--
            (a) * * *

           *       *       *       *       *       *       *

            (c) places in any newspaper, magazine, handbill, or 
        other publication or disseminates by electronic means 
        any advertisement of--
                    (i) any electronic, mechanical, or other 
                device knowing the content of the advertisement 
                and knowing or having reason to know that the 
                design of such device renders it primarily 
                useful for the purpose of the surreptitious 
                interception of wire, oral, or electronic 
                communications; or

           *       *       *       *       *       *       *


Sec. 2520. Recovery of civil damages authorized

    (a) * * *

           *       *       *       *       *       *       *

    (d) Defense.--A good faith reliance on--
            (1) * * *

           *       *       *       *       *       *       *

            (3) a good faith determination that section 2511(3) 
        or 2511(2)(i) of this title permitted the conduct 
        complained of;

           *       *       *       *       *       *       *


      CHAPTER 121--STORED WIRE AND ELECTRONIC COMMUNICATIONS AND 
TRANSACTIONAL RECORDS ACCESS

           *       *       *       *       *       *       *


Sec. 2701. Unlawful access to stored communications

    (a) * * *
    (b) Punishment.--The punishment for an offense under 
subsection (a) of this section is--
            (1) if the offense is committed for purposes of 
        commercial advantage, malicious destruction or damage, 
        or private commercial gain, or in furtherance of any 
        criminal or tortious act in violation of the 
        Constitution or laws of the United States or any 
        State--
                    (A) a fine under this title or imprisonment 
                for not more than [one year] 5 years, or both, 
                in the case of a first offense under this 
                subparagraph; and
                    (B) a fine under this title or imprisonment 
                for not more than [two years] 10 years, or 
                both, for any subsequent offense under this 
                subparagraph; and
            [(2) a fine under this title or imprisonment for 
        not more than six months, or both, in any other case.]
            (2) in any other case--
                    (A) a fine under this title or imprisonment 
                for not more than one year or both, in the case 
                of a first offense under this paragraph; and
                    (B) a fine under this title or imprisonment 
                for not more than 5 years, or both, in the case 
                of an offense under this subparagraph that 
                occurs after a conviction of another offense 
                under this section.

           *       *       *       *       *       *       *


Sec. 2702. Voluntary disclosure of customer communications or records 

    (a) * * *
    (b) Exceptions for disclosure of communications.-- A 
provider described in subsection (a) may divulge the contents 
of a communication--
            (1) * * *

           *       *       *       *       *       *       *

            (5) as may be necessarily incident to the rendition 
        of the service or to the protection of the rights or 
        property of the provider of that service; [or]
            (6) to a law enforcement agency--
                    (A) if the contents--
                            (i) were inadvertently obtained by 
                        the service provider; and
                            (ii) appear to pertain to the 
                        commission of a crime; or
                    (B) if required by section 227 of the Crime 
                Control Act of 1990; or
                    [(C) if the provider reasonably believes 
                that an emergency involving immediate danger of 
                death or serious physical injury to any person 
                requires disclosure of the information without 
                delay.]
            (7) to a Federal, State, or local governmental 
        entity, if the provider, in good faith, believes that 
        an emergency involving danger of death or serious 
        physical injury to any person requires disclosure 
        without delay of communications relating to the 
        emergency.

           *       *       *       *       *       *       *


Sec. 2703. Required disclosure of customer communications or records

    (a) * * *

           *       *       *       *       *       *       *

    (e) No Cause of Action Against a Provider Disclosing 
Information Under This Chapter.--No cause of action shall lie 
in any court against any provider of wire or electronic 
communication service, its officers, employees, agents, or 
other specified persons for providing information, facilities, 
or assistance in accordance with the terms of a court order, 
warrant, subpoena, statutory authorization, or certification 
under this chapter.

           *       *       *       *       *       *       *


PART II--CRIMINAL PROCEDURE

           *       *       *       *       *       *       *


CHAPTER 205--SEARCHES AND SEIZURES

           *       *       *       *       *       *       *


Sec. 3105. Persons authorized to serve search warrant

    A search warrant may in all cases be served by any of the 
officers mentioned in its direction or by an officer authorized 
by law to serve such warrant, but by no other person, except in 
aid of the officer on his requiring it, he being present and 
acting in its execution. The presence of an officer is not 
required for service or execution of a warrant under section 
2703 when the provider of electronic communications service or 
remote computing service produces the information required in 
the warrant.

           *       *       *       *       *       *       *


CHAPTER 206--PEN REGISTERS AND TRAP AND TRACE DEVICES

           *       *       *       *       *       *       *


Sec. 3125. Emergency pen register and trap and trace device 
                    installation

    (a) Notwithstanding any other provision of this chapter, 
any investigative or law enforcement officer, specially 
designated by the Attorney General, the Deputy Attorney 
General, the Associate Attorney General, any Assistant Attorney 
General, any acting Assistant Attorney General, or any Deputy 
Assistant Attorney General, or by the principal prosecuting 
attorney of any State or subdivision thereof acting pursuant to 
a statute of that State, who reasonably determines that--
            (1) an emergency situation exists that involves--
                    (A) immediate danger of death or serious 
                bodily injury to any person; [or]
                    (B) conspiratorial activities 
                characteristic of organized crime[,];
                    (C) an immediate threat to a national 
                security interest; or
                    (D) an ongoing attack on a protected 
                computer (as defined in section 1030) that 
                constitutes a crime punishable by a term of 
                imprisonment greater than one year;

           *       *       *       *       *       *       *

                              ----------                              


 SECTION 102 OF THE OMNIBUS CRIME CONTROL AND SAFE STREETS ACT OF 1968

           duties and functions of assistant attorney general

    Sec. 102. (a) The Assistant Attorney General shall--
            (1) * * *

           *       *       *       *       *       *       *

            (5) coordinate and provide staff support to 
        coordinate the activities of the Office and the Bureau 
        of Justice Assistance, the National Institute of 
        Justice, the Bureau of Justice Statistics, and the 
        Office of Juvenile Justice and Delinquency Prevention; 
        and

           *       *       *       *       *       *       *


                           Markup Transcript



                            BUSINESS MEETING

                         WEDNESDAY, MAY 8, 2002

                  House of Representatives,
                                Committee on the Judiciary,
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 10:03 a.m., in 
Room 2141, Rayburn House Office Building, Hon. F. James 
Sensenbrenner, Jr. [Chairman of the Committee] presiding.
    Chairman Sensenbrenner. [Presiding.] The Committee will be 
in order.
    When the Committee last recessed, the Judicial Improvement 
Act had been favorably reported.
    The next item on the agenda is H.R. 3482, the ``Cyber 
Security Enhancement Act of 2001.'' The Chair recognizes the 
gentleman from Texas, Mr. Smith, Chairman of the Subcommittee 
on Crime, Terrorism, and Homeland Security, for a motion.
    Mr. Smith. Thank you, Mr. Chairman.
    Mr. Chairman, the Subcommittee on Crime, Terrorism, and 
Homeland Security reports favorably the bill H.R. 3482 with a 
single amendment in the nature of a substitute and moves its 
favorable recommendation to the full House.
    Chairman Sensenbrenner. Without objection, the bill will be 
considered as read and open for amendment at any point. And the 
Subcommittee amendment in the nature of a substitute, which the 
Members have before them, will be considered as read and 
considered as the original text for purposes of amendment.
    [The amendment follows:]
      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


    Chairman Sensenbrenner. The Chair recognizes the gentleman 
from Texas, Mr. Smith, to strike the last word.
    Mr. Smith. Thank you, Mr. Chairman.
    H.R. 3482, the ``Cyber Security Enhancement Act of 2002,'' 
will strengthen penalties to better reflect the seriousness of 
cyberattacks. It will assist State and local law enforcement 
through better grant management, accountability, and 
dissemination of technical advice and information; will help 
protect the Nation's critical infrastructure; and will enhance 
privacy protections. H.R. 3482 was approved by the Subcommittee 
on a voice vote.
    Last summer, the Subcommittee on Crime held three hearings 
on the growing threat of cybercrime and cyberterrorism. In 
fact, the Subcommittee held more hearings on the subject of 
cybercrime than any other issue. Cybercrime knows no borders or 
restraints and can harm the Nation's economy and endanger the 
public's health and safety.
    Cybercrime is a growing concern, but many are reluctant to 
report it. A recent survey conducted by the FBI and the 
Computer Security Institute revealed most corporations and 
Government agencies had been victims of computer hackers, but 
they rarely report these security breaches to authorities.
    While nearly 90 percent of the respondents detected 
breaches in the last year, only 34 percent reported the 
attacks. Common forms of attack included denials of services, 
viruses and worms, financial fraud, and Web site defacement.
    But businesses and Government agencies aren't the only 
victims. Last year, Mr. Chairman, nearly 10,000 Americans 
reported losing $18 million on online scams. Law enforcement 
officials and private industry representatives agree that 
better coordination, cooperation, and information sharing are 
needed, as well as stronger penalties for cyberattacks.
    In this legislation, penalties are strengthened by 
directing the United States Sentencing Commission to review 
and, if appropriate, amend its guidelines to provide a wider 
range of criteria in sentencing cybercrimes. It also increases 
penalties for those who cause or attempt to cause death or 
serious bodily injury through cyberattacks.
    This bill contains provisions that protect Internet service 
providers who, for example, share information about potential 
terrorist attacks when they legally assist law enforcement 
officers under the new USA PATRIOT Act.
    Finally, the bill helps protect the Nation's critical 
infrastructure by providing State and local law enforcement 
personnel access to new technologies through better grant 
management and accountability.
    So, Mr. Chairman, I urge my colleagues to support this bill 
and yield back the balance of my time.
    Chairman Sensenbrenner. Without objection, all Members may 
insert opening statements in the record at this point in time.
    And since there are no Members from the minority present, 
without objection, we will set this bill temporarily aside, 
because I know that there are some amendments that the minority 
wishes to offer.
    Well, I see the gentleman from Virginia present.
    Are there amendments?
    Ms. Hart. Mr. Chairman?
    Mr. Smith. Mr. Chairman, I have----
    Ms. Hart. Mr. Chairman?
    Chairman Sensenbrenner. Does the gentleman from Texas, the 
Subcommittee Chair, have an amendment?
    Mr. Smith. Yes, Mr. Chairman. I ask unanimous consent that 
my amendment in the nature of a substitute be considered as 
read.
    Chairman Sensenbrenner. Already been given--the gentleman 
from Texas has an amendment at the desk.
    The Clerk will report the amendment.
    The Clerk. Amendment in the nature of a substitute to H.R. 
3482. Strike all after the enacting clause and insert the 
following----
    Chairman Sensenbrenner. Without objection, the amendment 
will be considered as read and open for amendment at any point.
    [The amendment follows:]
      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


      
      

  


    Chairman Sensenbrenner. And without objection, this 
amendment in the nature of a substitute will be considered the 
original text for purposes of amendment.
    Hearing no objection, so ordered.
    The gentleman from Texas is recognized for 5 minutes.
    Mr. Smith. Thank you, Mr. Chairman.
    I offer this amendment in the nature of a substitute at the 
suggestion of legislative counsel. This amendment makes only a 
few discrete changes to the bill.
    First, section 102 is amended at the request of the Center 
for Democracy and Technology. The amendment clarifies that if a 
communication provider believes in good faith that a life-
threatening emergency exists and discloses electronically 
stored information relating to the emergency to a Federal, 
State or local government official, then the provider will not 
be held liable.
    Second, section 105 is amended technically to clarify that 
dissemination by electronic means is another form of 
publication.
    Third, section 107 is amended to strike the reimbursement 
provisions in the remedies section. Neither industry nor the 
Department of Justice have been able to agree on the nature of 
the problem here or on a solution. It will be better to request 
a study by the General Accounting Office on both the issue of 
compliance by communication providers and preserving records 
and the issue of reimbursement by the Government entities that 
request the providers' compliance.
    Mr. Chairman, I believe this amendment strengthens the bill 
and urge my colleagues to support it.
    I yield back the balance of my time.
    Chairman Sensenbrenner. Are there any amendments to this 
new amendment in the nature of a substitute?
    The gentleman from Virginia.
    Mr. Scott. Mr. Chairman, I have an amendment at the desk.
    Chairman Sensenbrenner. The clerk will report the 
amendment. Is the clerk clear which amendment to report?
    Mr. Scott. I just have one.
    Chairman Sensenbrenner. The clerk will report the 
amendment.
    The Clerk. Amendment to the amendment in the nature of the 
substitute to H.R. 3482, offered by Mr. Scott. On page 4, at 
the end of section 102, insert the following new subsection: 
(c) Reporting of disclosures----
    Chairman Sensenbrenner. Without objection, the amendment is 
considered as read.
    [The amendment follows:]
    
    
    Chairman Sensenbrenner. And the gentleman from Virginia is 
recognized for 5 minutes.
    Mr. Scott. Thank you, Mr. Chairman.
    I'm pleased to join you in convening this markup of the 
cybersecurity act of 2001. And generally, I support the concept 
of allowing Internet service providers to give information to 
law enforcement officials when there is an emergency--of death 
or serious bodily injury.
    Under the current law, an ISP can only release information 
if it reasonably believes that immediate danger exists. And I 
support that change, too--believe it's in good faith.
    If the FBI presents information that the ISP believes, if 
true, could present a threat of death or serious injury, the 
ISP dispatcher on duty shouldn't have to wake up the corporate 
counsel to determine what to do. They ought to give up the 
information. If there's time to do all the--check with the 
corporate counsel, then the FBI could have just gone to the 
magistrate or judge and gotten a search warrant.
    Mr. Chairman, I agree with the bill. This amendment 
clarifies one part of it. It's been, as I understand it, worked 
with staff, requiring reporting disclosures, so that the 
Attorney General will report each year how often these 
procedures are used, so we have some handle on what we're 
dealing with.
    Ms. Lofgren. Would the gentleman yield for a question?
    Mr. Scott. I yield.
    Ms. Lofgren. Is it the intent of the amendment that this 
publication would be the number but not necessarily the 
entities that disclose? There'd be anonymity, a compilation, or 
not?
    Mr. Scott. It says the number of customers or subscribers, 
not the name of the customer or subscriber.
    Ms. Lofgren. Well, it says: report to the Attorney General, 
stating the subparagraph under which the disclosure was made.
    I think it's ambiguous. I want to make sure--I think it's 
fine to have a compilation, but if we have the individual 
entities, I think it would be a deterrent.
    Mr. Scott. The intent is the number of customers or 
subscribers whom the information disclosed pertained, the 
number of communications. Where it says ``entity,'' that's the 
Government entity.
    Ms. Lofgren. Okay, thank you very much.
    Mr. Scott. Thank you.
    Chairman Sensenbrenner. Does the gentleman yield back?
    Mr. Scott. I yield back.
    Chairman Sensenbrenner. The gentleman from Texas?
    Mr. Smith. Mr. Chairman, I'm going to express a couple of 
concerns about this amendment.
    Chairman Sensenbrenner. The gentleman is recognized for 5 
minutes.
    Mr. Smith. Thank you, Mr. Chairman.
    Let me ask the gentleman from Virginia--and I will say that 
I haven't seen this amendment until right now, and it comes as 
a surprise to me--that it seems to me--a couple of the concerns 
that I had would be, first of all, unfunded mandates, in the 
sense that we're adding burdens to State and local governments 
to compile all this information. And I sort of have a 
Constitutional objection to that.
    It also seems that we're setting a precedent here in 
requiring reports that might impose a burden on the 
Administration and just add to the bureaucracy rather than 
solving any particular problem.
    And I appreciate what the gentleman is trying to do. But as 
I recall, if the gentleman is trying to find out whether 
there's been an abuse of the process or whether there's been 
violations of an individual's civil liberties and so forth, 
that just reporting the items that the gentleman has in this 
amendment is not going to necessarily disclose that. And so 
what I would like to do is to work in good faith with the 
gentleman to refine the language, so that we can--if the 
gentleman--and it's a worthy goal--try to ferret out any abuse 
by law enforcement officials without overreaching.
    Mr. Scott. Will the gentleman yield?
    Mr. Smith. I'd be happy to yield.
    Mr. Scott. This anticipates that if a Government entity 
takes advantage of the section, within 90 days, they'll report 
that fact to the Attorney General. And the Attorney General 
shall publish a 1-year summary, a single report, not an annual 
report, a single report, so that we can get a handle on what 
happened during the first year of the use of this section.
    It is not anticipated that this section would be used very 
often, so there shouldn't be--if there is in fact an 
administrative burden, that means it is being used a lot more 
than you and I anticipate that it would be used.
    But we just say that, if the Government entity gets 
information, they'll just let the Attorney General know, and 
the Attorney General will wrap it up in one report and publish 
it, so it should not be a burden.
    Mr. Smith. Well, it may not be as much of a burden as it 
would be if they were doing these reports on a regular basis.
    Mr. Chairman, I think I am not going to object to this 
amendment and urge my colleagues to support it, with the 
understanding, I might say, if I may engage the gentleman from 
Virginia in a colloquy, that he is not going to seek to do this 
in future years; this will be a one-time evaluation of the 
process.
    Mr. Smith. Well, the expectation is that, if things go 
well, you would not need to. But if there is abuse--you would 
have to pass a new law to get an additional--additional 
reports. So, I mean, the thing essentially sunsets itself.
    Mr. Smith. Okay.
    Okay, Mr. Chairman, I'm going to acknowledge that my 
colleague from Virginia is acting in good faith and not trying 
to increase the burden on the Government, and I won't object to 
this.
    Chairman Sensenbrenner. The question is on the Scott 
amendment to the amendment in the nature of a substitute.
    Those in favor will say aye.
    Opposed, no.
    The ayes appear to have it. Thy ayes have it, and the 
amendment to the amendment in the nature of a substitute is 
agreed to.
    Are there further amendments?
    Ms. Hart. Mr. Chairman?
    Chairman Sensenbrenner. The gentlewoman from Pennsylvania.
    Ms. Hart. Mr. Chairman, I have an amendment at the desk.
    Chairman Sensenbrenner. The Clerk will report the 
amendment.
    The Clerk. Amendment to the Subcommittee amendment in the 
nature of a substitute to H.R. 3482, offered by Ms. Hart, Mr. 
Berman, and Ms. Lofgren.
    Chairman Sensenbrenner. Without objection, the amendment is 
considered as read.
    [The amendment follows:]
    
    
    Chairman Sensenbrenner. And the gentlewoman from 
Pennsylvania is recognized for 5 minutes.
    Ms. Hart. Thank you, Mr. Chairman.
    My amendment is also sponsored by Mr. Berman and Ms. 
Lofgren. It addresses an ambiguity in the current law for 
warrants issued under the Electronic Communications Privacy 
Act. The amendment also addresses issues we raised in the 
passage of the USA PATRIOT Act. It would clarify that a law 
enforcement officer does not need to be present for a warrant 
executed under the Electronic Communications Privacy Act.
    With increased communications through e-mail and other 
activities on the Internet, acquiring access to this 
information is essential for any successful investigation. Much 
of this information is in the hands of a third party ISP, and 
law enforcement must obtain this information directly from that 
ISP. While the ECPA search warrants are issued by neutral 
magistrates, they are not generally executed like traditional 
search warrants. Law enforcement officials do not routinely 
enter the ISP's centers; rather, the ISP accepts the warrant, 
assigns it to network technicians to search for the requested 
information, then delivers that information in a suitable 
format to the officer.
    Recently, though, a Michigan Federal district court, in 
U.S. v. Bach, ruled that an officer must actually be present 
during the execution of the ECPA search warrants. That really 
does change what practice has been.
    The court had applied a provision originally passed in 
1917, which is intended to require officers to be present 
during the execution of coercive, physical search. Not only has 
this notion never before been recognized by a court, but it 
raises a variety of additional problems that my amendment would 
seek to resolve.
    First, the 1917 provision was designed to protect privacy, 
but application of that provision to the ECPA warrant actually 
hinders individual privacy. If an officer is required to be 
present during the execution of that warrant, they will have 
access to all information, including the information of 
additional consumers who aren't named in that warrant, that is, 
that the ISP's technician has to review to fill the 
requirements of the warrant. The court's ruling actually harms 
the privacy rights of individuals.
    Second, requiring that an officer be present raises a 
variety of practical problems for the execution of the warrant. 
Investigations will be halted until a law enforcement officer 
arrives at each location. More than one ISP may have relevant 
information, and that information may be stored in more than 
one location, meaning that an officer must be at each location. 
This is a drain on the resources of law enforcement agencies.
    Third, the requirement imperils any pending case where a 
law enforcement official has acquired information from an ISP 
without meeting the requirement established by that court.
    Finally, this amendment is practical, as it puts into law 
established and very workable practice. A large ISP may receive 
as many as 500 requests a month for what is fairly 
straightforward information.
    To require law enforcement to be present when each 
amendment is executed is not practical.
    The amendment clarifies, again, that an officer need not be 
present during the execution of a warrant granted under the 
ECPA. It helps law enforcement, it helps ISPs, and most 
importantly, it protects the private information of the 
consumers that are involved with that ISP.
    And I ask for the support of the amendment, and I yield 
back.
    Chairman Sensenbrenner. The gentlewoman from California.
    Ms. Lofgren. Mr. Chairman, I am strongly supportive of this 
amendment.
    Chairman Sensenbrenner. The gentlewoman is recognized for 5 
minutes.
    Ms. Lofgren. I want to thank my colleagues, Mr. Berman and 
Ms. Hart, for co-sponsoring it.
    And I think this is a perfect example of how laws created 
long ago for the off-line world really don't make any sense in 
the online world. It doesn't make a lot of sense that law 
enforcement that should be present in a physical search, 
because they have, potentially, a role to play, would have to 
be present, overlooking a technician's should and, for the most 
part, not even understanding, probably, what that technician is 
doing.
    So I think this does no harm and certainly does a lot of 
good in being efficient. And I strongly support the amendment 
and thank the gentlelady for taking the lead on this, and would 
yield additional time to Mr. Berman.
    Mr. Berman. I thank the gentlelady for yielding, and I'll 
be very brief, because I think the author of the amendment 
described it quite completely and well.
    It's a direct result of a court interpretation, and it's 
somewhat counterintuitive, because while you might normally 
want to think that it makes sense to have an officer serve the 
warrant, when you're dealing with the ISPs, they're getting 
thousands of warrants, so it's very inefficient in terms of 
time. But it also raises some privacy concerns, because it 
allows that officer to have access to communications that are 
outside the scope of the investigation.
    So both from an efficiency point of view and a privacy 
point of view, I think this amendment is appropriate and urge 
its passage. And I yield back to the gentlelady.
    Ms. Lofgren. Thank you. And, Mr. Chairman, to avoid asking 
for an additional 5 minutes, I would also like to praise the 
underlying bill, the provision establishing the National Law 
Enforcement Corrections Technology Center.
    Recently, I had occasion to try and discover, or at least 
have validated, a technology that is being deployed for 
biometrics. And there's a lot of technology in Silicon Valley; 
this is a technology that is not coming out of Silicon Valley. 
In fact, it's licensed to a firm in Massachusetts--having to do 
with iris scans. And it looks to be the cheapest and most 
reliable form of biometrics.
    And yet, we would not want to deploy it without some kind 
of assessment or validation from a disinterested party. I asked 
NIST to take a look at the technology and to tell me whether or 
not it was as good as it appeared and was claimed.
    But I would just like to note that the establishment of 
this National Law Enforcement Corrections Technology Center in 
the underlying bill is an excellent advance to make sure that 
we are deploying the right technology in law enforcement as 
well as other security agencies.
    So not only will this amendment make the execution of 
warrants tech-friendly, the underlying bill also improves it.
    And I yield back my time.
    Chairman Sensenbrenner. The question is on agreeing to the 
amendment offered by the gentlewoman from Pennsylvania.
    Those in favor will say aye.
    Opposed, no.
    The ayes appear to have it. The ayes have it, and the 
amendment is agreed to.
    Are there further amendments?
    If there are no further amendments, the Chair notes the 
presence of a reporting quorum. The question is on the 
amendment in the nature of a substitute as amended.
    Those in favor will say aye.
    Opposed, no.
    The ayes appear to have it. The ayes have it.
    The question now occurs on the motion to report the bill 
H.R. 3482 favorably as amended by the amendment in the nature 
of a substitute.
    All in favor will say aye.
    Opposed, no.
    The ayes appear to have it. The ayes have it, and the 
motion to report favorably is agreed to.
    Without objection, the Chairman is authorized to move to go 
to conference pursuant to House rules. Without objection, the 
staff is directed to make any technical and conforming changes, 
and all Members will be given 2 days, as provided by House 
rules, in which to submit additional, dissenting, supplemental, 
or minority views.