Burr-Feinstein Encryption Bill Discussion Draft

Apr 14, 2016

BAG16392 l l 4TH CONGRESS 2D SESSION Discussion Draft S.L.C. s. To require the provision of data in an intelligible format to a government pursuant to a court order, and for other purposes. IN THE SENATE OF THE UNITED STATES introdnced the following bill; which was read twice and referred to the Committee on -------~ A BILL To reqmre the provision of data in an intelligible format to a government pursuant to a court order, and for other purposes. 1 Be it enacted by the Senate and House of Representa- 2 tives of the United States of America in Congress assembled, 3 SECTION 1. SHORT TITLE. 4 This Act may be cited as the "Compliance with Court 5 Orders Act of 2016". 6 SEC. 2. SENSE OF CONGRESS. 7 It is the sense of Congress that- 8 ( 1) no person or entity is above the law; Discussion Draft S.L.C. 2 l (2) economic growth prosperity security, sta- 2 bility, and liberty require adherence to the rule of 3 law; 4 (3) the Constitution and laws of the United 5 States provide for the safety, security, and civil lib- 6 erties of all l: UnitedStates persons and the protec- 7 tions and obligations of these laws apply to all per- 8 sons within UUnitedStates jurisdiction; 9 ( 4) all providers of communications services and 10 products (including software) should protect the pri- 11 vacy of United States persons through implementa- 12 tion of appropriate data security and still respect the 13 rule of law and comply with all legal requirements 14 and court orders; 15 ( (5) to uphold both the rule of law and protect 16 the interests and security of the United States, all 17 persons receiving an authorized judicial order for in- 18 formation or data mnst provide,e, in a timely manner. 19 responsive, intelligible information or data, or appro- 20 priate technical assistance to obtain such informa- 21 tion or clata; ancl 22 ( (6)covered entities must provide responsive, in- 23 telligible information or data, or appropriate tech- 24 25 nical assistance to a government pursuant order. a court BAG16392 Discussion Draft S.L.C. 3 1 SEC. 3. REQUIREMENT FOR PROVIDING DATA IN AN INTEL- 2 LIGIBLE FORMAT UPON RECEIPT OF A 3 COURT ORDER. 4 (a) REQUIREMENT.„ 5 (1) IN GENERAL.„ Notwithstanding any other 6 provision of law and except as provided in paragraph 7 (2), a covered entity that receives a court order from 8 a government for information or data shall- 9 (A) provide such information or data to 10 such government in an intelligible format; or 11 (B) provide such technical assistance as is 12 necessary to obtain such information or data in 13 an intelligible format or to achieve the purpose 14 of the court order. 15 (2) SCOPE OF REQUIREMENT.„ Acovered enti- 16 ty that receives a court order referred to in para- 17 graph (l)(A) shall be responsible only for providing 18 data in an intelligible format if such data has been 19 made unintelligible by a feature, product, or service 20 owned, controlled, created, or provided, by the cov- 21 ered entity or by a third party on behalf of the cov- 22 ered entity. 23 (3) COMPENSATIONFOR TECHNICALASSIST- 24 ANCE.„ A covered entity that receives a court order 25 from a government as described in paragraph ( 1) 26 and furnishes technical assistance under subpara- Discussion Draft S.L.C. 4 1 graph (B) of such paragraph pursuant to such order 2 shall be compensated for such costs as are reason- 3 ably necessary and which have been directly incurred 4 iu providing such technical assistance or such data 5 in an intelligible format. 6 (b) DESIGN LIMITATIONS.„ Nothing in this Act may 7 be construed to anthorize any government officer to re- 8 quire or prohibit any specific design or operating system 9 to be adopted by any covered entity. 10 (c) LICENSE DISTRIBUTORS.„ provider of remote 11 computing service or electronic communication service to 12 the public that distributes licenses for products, services, 13 applications, or software of or by a covered entity shall 14 ensure that any such products, services, applications, or 15 software distributed by such person be capable of com- 16 plying with subsection (a). 17 SEC. 4. DEFINITIONS. In this Act: 18 19 20 (1) COMMUNICATION IDENTIFYING INFORMA- TION.„ The term "communication identifying infor- t'"1 21 mation" means dialing, routing, addressing, sig- 22 naling, switching, processing, transmitting, or other 23 information that- 24 (A) does uot constitute the contents of a 25 communication: BAG16392 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Discussion Draft S.L.C. 5 (B) identifies or assists m the identifica- tion of the origin, direction, destination, elate, time, duration, termination, or status of each communication generated, received, or con- trolled by a user; and (C) includes the following information or the equivalent function thereof: (i) Public and local source and des- tination addressing, including- (I) the local network and public Internet Protocol addresses or any similar or successor protocol; and (II) addressing information that may be dynamically or privately as- signed, including port numbers or any successor addressing method. (ii) Addresses or other information that uniquely identifies the equipment, fa- cility, or service used to access a provider or network by each party to the commu- nication. (iii) Service addresses and identifiers generated or received by each party to the communication. BAG16392 Discussion Draft S.L.C. 6 1 (iv) Information identifying quantity 2 or quality of the communication, including 3 packet size, quality of service information, 4 or other information from which the size or 5 priority of the communication can be 6 ascertained. 7 (v) Specification of the time zone as 8 an offset from Coordinated Universal Time 9 (UTC). 10 (2) COMMUNICATIONS.„ The term "communica- 11 tions" has the same meaning as the terms "wire 12 communication", "oral communication", and "elec- 13 tronic communication" in section 2510 of title 18, 14 United States Code. 15 (3) COURTORDER.„ The term "court order" 16 means any order or warrant issued by a court of 17 competent jurisdiction. 18 (4) COVERED ENTITY.„ The term "covered en- 19 tity" means a device manufacturer, a software man- 20 ufacturer, an electronic communication service, a re- 21 mote computing service, a provider of wire or elec- 22 tronic communication service, a provider of a remote 23 computing service, or any person who provides a 24 product or method to facilitate a communication or 25 the processing or storage of data. Discussion Draft S.L.C. 7 1 (5) DATA.„ The term "data" includes- 2 (A) communications and any information 3 concerning the identity of the parties to such 4 communications or the existence, substance, 5 purport, or meaning of such communications; 6 (B) information stored remotely or on a 7 device provided, designed, licensed, or manufac- 8 tured by a covered entity; 9 ( C) communication identifying information; 10 and 11 (D) information identifying a specific de- 12 vice. 13 ( 6) ELECTRONIC COMMUNICATION SERVICE.„ SERVICE.- 14 The term "electronic communication service" has 15 the meaning given such term in section 2510 of title 16 18, United States Code. 17 (7) FEATt;RE.-The term "feature" means a 18 property or function of a device or software applica- 19 tion. 20 (8) GOVERNMENT.„ The term "government" 21 means the Government of the United States and the 22 government of the District of Columbia, or any com- 23 monwealth, territory, or possession of the United 24 States, of an Indian tribe, or of any State or polit- 25 ical subdivision thereof. BAG16392 Discussion Draft S.L.C. 8 1 (9) INDIAN TRIBE.„ The term "Indian tribe" 2 has the meaning given such term in section 4 of the 3 Indian Self-Determination and Education Assistance 4 Act (25 U.S.C. 450b). 5 (10) INTELLIGIBLE.„ The term "intelligible", 6 with respect to information or data, mcans- 7 (A) the information or data has never been 8 encrypted, enciphered, encoded, modulated, or 9 obfuscated; or 10 (B) the information or data has been 11 encrypted, enciphered, encoded, modulated, or 12 obfuscated and then decrypted, deciphered, de- 13 coded, demodulated, or deobfuscated to its 14 original form. 15 (11) REMOTE COMPUTING SERVICE.„ The term 16 "remote computing service" has the meaning given 17 such term in section 2711 of title 18, United States 18 Code. 19 (12) TECHNICAL ASSISTANCE.„ The term 20 "technical assistance", with respect to a covered en- 21 tity that receives a court order pursuant to a provi- 22 sion of law for information or data described in sec- 23 tion 3(a)(l), includes- 24 (A) isolating such information or data; BAG16392 1 2 3 4 5 6 7 8 9 10 11 Discussion Draft S.L.C. 9 (B) rendering such information or data in an intelligible format if the information or data has been made unintelligible by a feature, prod- uct, or service owned, controlled, created, or provided by the covered entity or by a third party on behalf of the covered entity; and (C) delivering such information or data- (i) concurrently ,vith its transmission; or (ii) expeditiously, if stored by a cov- ered entity or on a device.

