New U.S. Cyber-Security Legislation May Help Reassert Fourth Amendment

Senators Mike Lee (R-UT) and Patrick Leahy (D-VT) have introduced the Senate version of a bill to modernize the Electronic Communications Privacy Act.

The new bill, which would modernize the original ECPA to require warrants for access to electronic communications such as email, also adds a requirement for a warrant for location information. The original House bill, the Email Privacy Act, did not cover location information.

The bill, which if passed, would need to go to a conference committee for reconciliation. While the bill appears to have broad bipartisan support, it still needs to go the relevant committees before it will be considered by the full Senate.

In its current version, the Senate bill would reform the use of gag orders by requiring that the court issuing the warrant have a “reason to believe” that notice of the warrant by the subject would have an adverse effect based on “specific and articulatable facts.”

Privacy boost

The bill also allows for suppression of evidence in cases where the information was obtained in violation of the ECPA. The same fact-based requirement would be put into place for pen register/tap and trace actions, but would also require that the data not only be relevant, but also material.

The bill would allow subpoenas calling on companies to hand over information where the data is held by a third party. In an important change, the warrant would be required for all data regardless of age. The old and confusing standard of allowing some data older than six months to be obtained without a warrant would be eliminated.

Meanwhile, over at the House of Representatives, two bills have made it out of committee and are set to be considered by the full House. One, the Cybersecurity and Infrastructure Security Agency Act of 2017 (HR 3359), would reform the structure of part of the Department of Homeland Security to create an operational directorate to manage the department’s actions regarding critical infrastructure, cyber-security and physical security, including emergency communications.

Loading ...

The agency would be headed by a director who would report to the Secretary of Homeland Security, a cabinet-level post, rather than the undersecretary that handles such functions now. If this bill becomes law, it would consolidate the DHS Cyber Operations Division, the sharing of cyber-threat information and the protection of federal networks.

A second companion bill was voted out of committee July 27 for consideration by the full House. That bill is the Cyber Vulnerability Disclosure Reporting Act (HR 3202), which would handle the reporting of cyber-vulnerabilities that are found by government investigators. The bill would require DHS to report on how such disclosures were handled and the results to the House Homeland Security Committee and the Senate Homeland Security and Government Affairs committees within 240 days after the bill’s passage.

The bill addresses complaints by Microsoft and other companies about the hoarding of cyber-vulnerabilities by the government.

It was files of such vulnerabilities that were released by the hacking group ShadowBrokers last year that resulted in a series of ransomware attacks over the Past few months.

The bill would require agencies that are holding such vulnerabilities to report to Congress on how they’re handling the existing requirements to report them to the responsible companies so they can be fixed.

Originally published on eWeek

Continues on page 2…

Page: 1 2

Wayne Rash

Wayne Rash is senior correspondent for eWEEK and a writer with 30 years of experience. His career includes IT work for the US Air Force.

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago