New U.S. Cyber-Security Legislation May Help Reassert Fourth Amendment

Senators Mike Lee (R-UT) and Patrick Leahy (D-VT) have introduced the Senate version of a bill to modernize the Electronic Communications Privacy Act.

The new bill, which would modernize the original ECPA to require warrants for access to electronic communications such as email, also adds a requirement for a warrant for location information. The original House bill, the Email Privacy Act, did not cover location information.

The bill, which if passed, would need to go to a conference committee for reconciliation. While the bill appears to have broad bipartisan support, it still needs to go the relevant committees before it will be considered by the full Senate.

In its current version, the Senate bill would reform the use of gag orders by requiring that the court issuing the warrant have a “reason to believe” that notice of the warrant by the subject would have an adverse effect based on “specific and articulatable facts.”

Privacy boost

The bill also allows for suppression of evidence in cases where the information was obtained in violation of the ECPA. The same fact-based requirement would be put into place for pen register/tap and trace actions, but would also require that the data not only be relevant, but also material.

The bill would allow subpoenas calling on companies to hand over information where the data is held by a third party. In an important change, the warrant would be required for all data regardless of age. The old and confusing standard of allowing some data older than six months to be obtained without a warrant would be eliminated.

Meanwhile, over at the House of Representatives, two bills have made it out of committee and are set to be considered by the full House. One, the Cybersecurity and Infrastructure Security Agency Act of 2017 (HR 3359), would reform the structure of part of the Department of Homeland Security to create an operational directorate to manage the department’s actions regarding critical infrastructure, cyber-security and physical security, including emergency communications.

Loading ...

The agency would be headed by a director who would report to the Secretary of Homeland Security, a cabinet-level post, rather than the undersecretary that handles such functions now. If this bill becomes law, it would consolidate the DHS Cyber Operations Division, the sharing of cyber-threat information and the protection of federal networks.

A second companion bill was voted out of committee July 27 for consideration by the full House. That bill is the Cyber Vulnerability Disclosure Reporting Act (HR 3202), which would handle the reporting of cyber-vulnerabilities that are found by government investigators. The bill would require DHS to report on how such disclosures were handled and the results to the House Homeland Security Committee and the Senate Homeland Security and Government Affairs committees within 240 days after the bill’s passage.

The bill addresses complaints by Microsoft and other companies about the hoarding of cyber-vulnerabilities by the government.

It was files of such vulnerabilities that were released by the hacking group ShadowBrokers last year that resulted in a series of ransomware attacks over the Past few months.

The bill would require agencies that are holding such vulnerabilities to report to Congress on how they’re handling the existing requirements to report them to the responsible companies so they can be fixed.

Originally published on eWeek

Continues on page 2…

Page: 1 2

Wayne Rash

Wayne Rash is senior correspondent for eWEEK and a writer with 30 years of experience. His career includes IT work for the US Air Force.

Recent Posts

OpenAI In Talks With California Over For-Profit Shift

OpenAI reportedly begins early talks with California attorney general over complex transition from nonprofit to…

5 hours ago

EU To Assess Apple’s iPad Compliance Plans

European Commission says it will review Apple's iPad compliance with DMA rules as it seeks…

6 hours ago

James Dyson Says ‘Spiteful’ Budget Will Kill Start-Ups

James Dyson delivers most high-profile criticism so far of Labour's first Budget that raises £40bn…

6 hours ago

Nvidia, Meta Ask Supreme Court To Axe Investor Lawsuits

Nvidia, Meta bring cases before US Supreme Court this month seeking tighter limits on investors'…

7 hours ago

Nvidia To Replace Intel On Dow Jones Industrial Average

Nvidia to replace Intel this week on Dow Jones Industrial Average after years of turmoil…

7 hours ago

Toyota-Backed Joby Flies ‘Air Taxi’ In Japan

Joby Aviation and Toyota Motor complete demonstration flight in Shizuoka as companies prepare to bring…

8 hours ago