[Congressional Bills 106th Congress]
[From the U.S. Government Publishing Office]
[S. 2448 Introduced in Senate (IS)]







106th CONGRESS
  2d Session
                                S. 2448

      To enhance the protections of the Internet and the critical 
      infrastructure of the United States, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             April 13, 2000

Mr. Hatch (for himself and Mr. Schumer) introduced the following bill; 
  which was read twice and referred to the Committee on the Judiciary

_______________________________________________________________________

                                 A BILL


 
      To enhance the protections of the Internet and the critical 
      infrastructure of the United States, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

    (a) Short Title.--This Act may be cited as the ``Internet Integrity 
and Critical Infrastructure Protection Act of 2000''.
    (b) Table of Contents.--The table of contents for this Act is as 
follows:

Sec. 1. Short title; table of contents.
                         TITLE I--CYBER-HACKING

Sec. 101. Deterrence and prevention of fraud, abuse, and criminal acts 
                            in connection with computers.
Sec. 102. Criminal and civil forfeiture for computer fraud and abuse.
Sec. 103. Enhanced coordination of Federal agencies.
Sec. 104. Deterring juvenile involvement in computer crimes.
Sec. 105. Additional defense to civil actions relating to preserving 
                            records in response to government request.
Sec. 106. Authority to intercept wire, oral, and electronic 
                            communications relating to computer fraud 
                            and abuse.
Sec. 107. Forfeiture of devices used in computer software 
                            counterfeiting and intellectual property 
                            theft.
Sec. 108. Sentencing directives for computer crimes.
Sec. 109. Assistance to Federal, State, and local computer crime 
                            enforcement and establishment of National 
                            Cyber-Crime Technical Support Center.
                    TITLE II--ANTI-FRAUD PROTECTIONS

Sec. 201. Protection from fraudulent unsolicited electronic mail.
           TITLE III--PRIVACY AND CONFIDENTIALITY PROTECTIONS

Sec. 301. Privacy protection concerning pen registers and trap and 
                            trace devices.
Sec. 302. Privacy protection for subscribers of satellite television 
                            services.
Sec. 303. Encryption reporting requirements.
Sec. 304. Fraud in online collection and dissemination of personally 
                            identifiable information.
Sec. 305. National media campaign on public awareness regarding online 
                            security and privacy.
Sec. 306. Fraudulent access to personally identifiable information.
   TITLE IV--NATIONAL SECURITY AND CRITICAL INFRASTRUCTURE PROTECTION

Sec. 401. Deputy Assistant Attorney General for Computer Crime and 
                            Intellectual Property.
Sec. 402. National Infrastructure Protection Center.
Sec. 403. Personnel exchange programs for critical infrastructure 
                            protection training.
           TITLE V--INTERNATIONAL COMPUTER CRIME ENFORCEMENT

Sec. 501. Short title. 
Sec. 502. Disclosure of computer crime evidence to foreign law 
                            enforcement authorities relating to 
                            enforcement of foreign computer crime laws. 

Sec. 503. Investigative assistance to foreign law enforcement 
                            authorities to obtain computer crime 
                            evidence relating to enforcement of foreign 
                            computer crime laws.
Sec. 504. Court orders to provide assistance to foreign law enforcement 
                            authorities relating to enforcement of 
                            foreign computer crime laws. 
Sec. 505. Limitations on activities under computer crime mutual 
                            assistance agreements. 
Sec. 506. Reimbursement.
Sec. 507. Judicial review. 
Sec. 508. Computer crime mutual assistance agreements.
Sec. 509. Preservation of existing authority. 
Sec. 510. Report to Congress. 
Sec. 511. Definitions. 
                         TITLE VI--SEVERABILITY

Sec. 601. Severability.

                         TITLE I--CYBER-HACKING

SEC. 101. DETERRENCE AND PREVENTION OF FRAUD, ABUSE, AND CRIMINAL ACTS 
              IN CONNECTION WITH COMPUTERS.

    (a) Penalties.--Subsection (c) of section 1030 of title 18, United 
States Code, is amended--
            (1) in paragraph (2)--
                    (A) in subparagraph (A)--
                            (i) by inserting ``except as provided in 
                        subparagraph (B),'' before ``a fine''; and
                            (ii) by striking ``and'' at the end;
                    (B) in subparagraph (B), by inserting ``or an 
                attempt to commit an offense punishable under this 
                subparagraph,'' after ``subsection (a)(2),'' in the 
                matter preceding clause (i); and
                    (C) in subparagraph (C), by striking ``and'' at the 
                end;
            (2) in paragraph (3)--
                    (A) by striking ``, (a)(5)(A), (a)(5)(B),'' both 
                places it appears; and
                    (B) by striking ``and'' at the end; and
            (3) by adding at the end the following new paragraphs:
            ``(4)(A) except as provided in subparagraph (B), a fine 
        under this title, imprisonment for not more than 3 years, or 
        both, in the case of an offense under subsection (a)(5)(A) or 
        (a)(5)(B) which does not occur after a conviction for another 
        offense under this section, or an attempt to commit an offense 
        punishable under this subparagraph;
            ``(B) a fine under this title, imprisonment for not more 
        than 10 years, or both, in the case of an offense under 
        subsection (a)(5)(A) or (a)(5)(B), or an attempt to commit an 
        offense punishable under this subparagraph, if--
                    ``(i) the defendant used, or attempted to use, a 
                person less than 18 years of age to commit the offense; 
                or
                    ``(ii) the offense caused (or, in the case of an 
                attempted offense, would, if completed, have caused)--
                            ``(I) loss to one or more persons during 
                        any one-year period (including loss resulting 
                        from a related course of conduct affecting one 
                        or more other protected computers) aggregating 
                        at least $5,000 in value;
                            ``(II) the modification or impairment, or 
                        potential modification or impairment, of the 
                        medical examination, diagnosis, treatment, or 
                        care of one or more individuals;
                            ``(III) physical injury to any person;
                            ``(IV) a threat to public health or safety; 
                        or
                            ``(V) damage affecting a computer system 
                        used by or for a government entity in 
                        furtherance of the administration of justice, 
                        national defense, or national security;
            ``(C) a fine under this title, imprisonment for not more 
        than 10 years, or both, in the case of an offense under 
        subsection (a)(5)(A) or (a)(5)(B), or an attempt to commit an 
        offense punishable under this subparagraph, that--
                    ``(i) would otherwise be punishable under 
                subparagraph (A); and
                    ``(ii) occurs after a conviction for another 
                offense under subsection (a)(5)(A) or (a)(5)(B) for 
                which the defendant was punished under subparagraph 
                (A); and
            ``(D) a fine under this title, imprisonment for not more 
        than 20 years, or both, in the case of an offense under 
        subsection (a)(5)(A) or (a)(5)(B), or an attempt to commit an 
        offense punishable under this subparagraph, that--
                    ``(i) would otherwise be punishable under 
                subparagraph (B); and
                    ``(ii) occurs after a conviction for another 
                offense under subsection (a)(5)(A) or (a)(5)(B) for 
                which the defendant was punished under subparagraph 
                (B); and
            ``(5) in the case of any felony offense under this section, 
        at the discretion of the court, termination of and 
        ineligibility for any financial assistance for post-secondary 
        education that is available under Federal law, which punishment 
        shall be in addition to any other punishment described in this 
        subsection.''.
    (b) Definitions.--Subsection (e) of that section is amended--
            (1) in paragraph (2)(B), by inserting ``, including a 
        computer located outside the United States'' before the 
        semicolon;
            (2) in paragraph (7), by striking ``and'' at the end;
            (3) by striking paragraph (8) and inserting the following 
        new paragraph (8):
            ``(8) the term `damage' means any impairment to the 
        integrity or availability of data, a program, a system, or 
        information;'';
            (4) in paragraph (9), by striking the period at the end and 
        inserting a semicolon; and
            (5) by adding at the end the following new paragraphs:
            ``(10) the term `conviction' shall include an adjudication 
        of juvenile delinquency for a violation of this section;
            ``(11) the term `loss' means any reasonable cost to any 
        victim, including the cost of responding to an offense, 
        conducting a damage assessment, and restoring the data, 
        program, system, or information to its condition prior to the 
        offense, and any revenue lost, cost incurred, or other 
        consequential damages incurred because of interruption of 
        service;
            ``(12) the term `person' means any person, firm, 
        educational institution, financial institution, government 
        entity, or other entity;''.
    (c) Damages in Civil Actions.--Subsection (g) of that section is 
amended in the second sentence by striking ``involving damage'' and all 
that follows through the end and inserting ``of subsection (a)(5) shall 
be limited to loss unless such action includes one of the elements set 
forth in subclauses (II) through (V) of section (c)(4)(B)(ii).''.
    (d) Certification.--That section is further amended--
            (1) by redesignating subsection (h) as subsection (i); and
            (2) by inserting after subsection (g) the following new 
        subsection (h):
    ``(h)(1) An offense, or an attempt to commit an offense, under 
subsection (a)(5)(A), (a)(5)(B), or (a)(5)(C) shall not be proceeded 
against under this section unless--
            ``(A) the offense is punishable under subsection (c)(4)(B); 
        or
            ``(B) the United States Attorney certifies to the 
        appropriate district court of the United States that there is a 
        substantial Federal interest in the offense that warrants the 
        exercise of Federal jurisdiction over the offense.
    ``(2) A certification under paragraph (1)(B) shall not be 
reviewable by any court.
    ``(3) The Attorney General shall submit to Congress on an annual 
basis a report on the number of prosecutions undertaken under paragraph 
(1)(B) during the year preceding the year in which such report is 
submitted.''.

SEC. 102. CRIMINAL AND CIVIL FORFEITURE FOR COMPUTER FRAUD AND ABUSE.

    (a) Criminal Forfeiture.--Section 1030 of title 18, United States 
Code, as amended by section 101 of this Act, is further amended--
            (1) by redesignating subsection (h) as subsection (l); and
            (2) by inserting after subsection (g) the following new 
        subsection (h):
    ``(h)(1) The court, in imposing sentence on any person convicted of 
a violation of this section, shall order, in addition to any other 
sentence imposed and irrespective of any provision of State law, that 
such person forfeit to the United States--
            ``(A) the interest of such person in any property, whether 
        real or personal, that was used or intended to be used to 
        commit or to facilitate the commission of such violation; and
            ``(B) any property, whether real or personal, constituting 
        or derived from any proceeds that such person obtained, whether 
        directly or indirectly, as a result of such violation.
    ``(2) The criminal forfeiture of property under this subsection, 
any seizure and disposition thereof, and any administrative or judicial 
proceeding relating thereto, shall be governed by the provisions of 
section 413 of the Comprehensive Drug Abuse Prevention and Control Act 
of 1970 (21 U.S.C. 853), except subsection (d) of that section.''.
    (b) Civil Forfeiture.--That section, as amended by subsection (a) 
of this section, is further amended by inserting after subsection (h) 
the following new subsection (i):
    ``(i)(1) The following shall be subject to forfeiture to the United 
States, and no property right shall exist in them:
            ``(A) Any property, whether real or personal, that is used 
        or intended to be used to commit or to facilitate the 
        commission of any violation of this section.
            ``(B) Any property, whether real or personal, that 
        constitutes or is derived from proceeds traceable to any 
        violation of this section.
    ``(2) The provisions of chapter 46 of this title relating to civil 
forfeiture shall apply to any seizure or civil forfeiture under this 
subsection.''.

SEC. 103. ENHANCED COORDINATION OF FEDERAL AGENCIES.

    Section 1030(d) of title 18, United States Code, is amended--
            (1) by striking ``subsections (a)(2)(A), (a)(2)(B), (a)(3), 
        (a)(4), (a)(5), and (a)(6) of''; and
            (2) by striking ``which shall be entered into by'' and 
        inserting ``between''.

SEC. 104. DETERRING JUVENILE INVOLVEMENT IN COMPUTER CRIMES.

    Section 5032 of title 18, United States Code, is amended in clause 
(3) of the first undesignated paragraph--
            (1) by striking ``or section 1002(a)'' and inserting 
        ``section 1002(a)''; and
            (2) by inserting after ``of this title,'' the following: 
        ``section 1030(a)(1), (a)(2)(B), (a)(3), (a)(5)(A)(i), or 
        (a)(5)(A)(ii) of this title,''.

SEC. 105. ADDITIONAL DEFENSE TO CIVIL ACTIONS RELATING TO PRESERVING 
              RECORDS IN RESPONSE TO GOVERNMENT REQUEST.

    Section 2707(e) of title 18, United States Code, is amended--
            (1) by redesignating paragraphs (2) and (3) as paragraphs 
        (3) and (4), respectively; and
            (2) by inserting after paragraph (1) the following new 
        paragraph (2):
            ``(2) a request of a governmental entity under section 
        2703(f) of this title;''.

SEC. 106. AUTHORITY TO INTERCEPT WIRE, ORAL, AND ELECTRONIC 
              COMMUNICATIONS RELATING TO COMPUTER FRAUD AND ABUSE.

    Section 2516(1)(c) of title 18, United States Code, is amended by 
striking ``and section 1341 (relating to mail fraud),'' and inserting 
``section 1341 (relating to mail fraud), a felony violation of section 
1030 (relating to computer fraud and abuse),''.

SEC. 107. FORFEITURE OF DEVICES USED IN COMPUTER SOFTWARE 
              COUNTERFEITING AND INTELLECTUAL PROPERTY THEFT.

    (a) In General.--Section 2318(d) of title 18, United States Code, 
is amended--
            (1) by inserting ``(1)'' before ``When'';
            (2) in paragraph (1), as so designated, by inserting ``, 
        and of any replicator or other device or thing used to copy or 
        produce the computer program or other item to which the 
        counterfeit labels have been affixed or which were intended to 
        have had such labels affixed'' before the period; and
            (3) by adding at the end the following:
    ``(2) The forfeiture of property under this section, including any 
seizure and disposition of the property, and any related judicial or 
administrative proceeding, shall be governed by the provisions of 
section 413 (other than subsection (d) of that section) of the 
Comprehensive Drug Abuse Prevention and Control Act of 1970 (21 U.S.C. 
853).''.
    (b) Conforming Amendment.--Section 492 of such title is amended in 
the first undesignated paragraph by striking ``or 1720,'' and inserting 
``, 1720, or 2318''.

SEC. 108. SENTENCING DIRECTIVES FOR COMPUTER CRIMES.

    (a) Amendment of Sentencing Guidelines Relating to Certain Computer 
Crimes.--Pursuant to its authority under section 994(p) of title 28, 
United States Code, the United States Sentencing Commission shall amend 
the Federal sentencing guidelines and, if appropriate, shall promulgate 
guidelines or policy statements or amend existing policy statements to 
address--
            (1) the potential and actual loss resulting from an offense 
        under section 1030 of title 18, United States Code (as amended 
        by section 101 of this Act);
            (2) the level of sophistication and planning involved in 
        such an offense;
            (3) the growing incidence of offenses under such 
        subsections and the need to provide an effective deterrent 
        against such offenses;
            (4) whether or not such an offense was committed for 
        purposes of commercial advantage or private financial benefit;
            (5) whether or not the defendant involved a juvenile in the 
        commission of such an offense;
            (6) whether or not the defendant acted with malicious 
        intent to cause harm in committing such an offense;
            (7) the extent to which such an offense violated the 
        privacy rights of individuals harmed by the offense; and
            (8) any other factor the Commission considers appropriate 
        in connection with any amendments made by this Act with regard 
        to such subsections.
    (b) Amendment of Sentencing Guidelines Relating to Certain Computer 
Fraud and Abuse.--Pursuant to its authority under section 994(p) of 
title 28, United States Code, the United States Sentencing Commission 
shall amend the Federal sentencing guidelines to ensure that any 
individual convicted of a violation of section 1030(a)(5)(A)(iii), of 
title 18, United States Code (as so amended), can be subjected to 
appropriate penalties, without regard to any mandatory minimum term of 
imprisonment.
    (c) Amendment of Sentencing Guidelines Relating to Use of 
Encryption.--Pursuant to its authority under section 994(p) of title 
28, United States Code, the United States Sentencing Commission shall 
amend the Federal sentencing guidelines and, if appropriate, shall 
promulgate guidelines or policy statements or amend existing policy 
statements to ensure that the guidelines provide sufficiently stringent 
penalties to deter and punish persons who intentionally use encryption 
in connection with the commission or concealment of criminal acts 
sentenced under the guidelines.
    (d) Emergency Authority.--The Commission may promulgate the 
guidelines or amendments provided for under this section in accordance 
with the procedures set forth in section 21(a) of the Sentencing Act of 
1987, as though the authority under that Act had not expired.

SEC. 109. ASSISTANCE TO FEDERAL, STATE, AND LOCAL COMPUTER CRIME 
              ENFORCEMENT AND ESTABLISHMENT OF NATIONAL CYBER-CRIME 
              TECHNICAL SUPPORT CENTER.

    (a) National Cyber-Crime Technical Support Center.--
            (1) Construction required.--The Director of the Federal 
        Bureau of Investigation shall provide for the construction and 
        equipping of the technical support center of the Federal Bureau 
        of Investigation referred to in section 811(a)(1)(A) of the 
        Antiterrorism and Effective Death Penalty Act of 1996 (Public 
        Law 104-132; 110 Stat. 1312; 28 U.S.C. 531 note).
            (2) Naming.--The technical support center constructed and 
        equipped under paragraph (1) shall be known as the ``National 
        Cyber-Crime Technical Support Center''.
            (3) Functions.--In addition to any other authorized 
        functions, the functions of the National Cyber-Crime Technical 
        Support Center shall be--
                    (A) to serve as a centralized technical resource 
                for Federal, State, and local law enforcement and to 
                provide technical assistance in the investigations of 
                computer-related criminal activities;
                    (B) to assist Federal, State, and local law 
                enforcement in enforcing Federal, State, and local 
                criminal laws relating to computer-related crime;
                    (C) to provide training and education for Federal, 
                State, and local law enforcement personnel regarding 
                investigative techniques and forensic analyses 
                pertaining to computer-related crime;
                    (D) to conduct research and to develop technologies 
                for assistance in investigations and forensic analyses 
                of evidence related to computer-related crimes;
                    (E) to facilitate and promote efficiencies in the 
                sharing of Federal law enforcement expertise and 
                investigative technologies and forensic analysis 
                pertaining to computer-related crimes with State and 
                local law enforcement personnel, prosecutors, regional 
                computer forensic laboratories and multijurisdictional 
                computer crime task forces; and
                    (F) to carry out such other activities as the 
                Director considers appropriate.
    (b) Development and Support of Computer Forensic Activities.--The 
Director shall take appropriate actions to develop at least 10 regional 
computer forensic laboratories, and to provide support, education, and 
assistance for existing computer forensic laboratories, in order that 
such computer forensic laboratories have the capability--
                    (1) to provide forensic examinations with respect 
                to seized or intercepted computer evidence relating to 
                criminal activity;
                    (2) to provide training and education for Federal, 
                State, and local law enforcement personnel and 
                prosecutors regarding investigations, forensic 
                analyses, and prosecutions of computer-related crime;
                    (3) to assist Federal, State, and local law 
                enforcement in enforcing Federal, State, and local 
                criminal laws relating to computer-related crime;
                    (4) to facilitate and promote the sharing of 
                Federal law enforcement expertise and information about 
                the investigation, analysis, and prosecution of 
                computer-related crime with State and local law 
                enforcement personnel and prosecutors, including the 
                use of multijurisdictional task forces; and
                    (5) to carry out such other activities as the 
                Director considers appropriate.
    (c) Grants to State and Local Law Enforcement.--
            (1) In General.--Subject to the provisions of 
        appropriations Acts, the Assistant Attorney General for the 
        Office of Justice Programs of the Department of Justice shall 
        make a grant to each State, which shall be used by the State, 
        in conjunction with units of local government, State and local 
        courts, other States, or combinations thereof, to establish and 
        develop programs to--
                    (A) assist State and local law enforcement agencies 
                in enforcing State and local criminal laws relating to 
                computer crime;
                    (B) assist State and local law enforcement agencies 
                in educating the public to prevent and identify 
                computer crime;
                    (C) educate and train State and local law 
                enforcement officers and prosecutors to conduct 
                investigations and forensic analyses of evidence and 
                prosecutions of computer crime;
                    (D) assist State and local law enforcement officers 
                and prosecutors in acquiring computer and other 
                equipment to conduct investigations and forensic 
                analysis of evidence of computer crimes; and
                    (E) facilitate and promote efficiencies in the 
                sharing of Federal law enforcement expertise and 
                information about the investigation, analysis, and 
                prosecution of computer crimes with State and local law 
                enforcement officers and prosecutors, including the use 
                of multijurisdictional task forces.
            (2) Assurances.--To be eligible to receive a grant under 
        this subsection, a State shall provide assurances to the 
        Attorney General that the State--
                    (A) has in effect laws that penalize computer 
                crime, such as penal laws prohibiting--
                            (i) fraudulent schemes executed by means of 
                        a computer system or network;
                            (ii) the unlawful damaging, destroying, 
                        altering, deleting, removing of computer 
                        software, or data contained in a computer, 
                        computer system, computer program, or computer 
                        network; or
                            (iii) the unlawful interference with the 
                        operation of or denial of access to a computer, 
                        computer program, computer system, or computer 
                        network;
                    (B) an assessment of the State and local resource 
                needs, including criminal justice resources being 
                devoted to the investigation and enforcement of 
                computer crime laws; and
                    (C) a plan for coordinating the programs funded 
                under this subsection with other Federally funded 
                technical assistant and training programs, including 
                directly funded local programs such as the Local Law 
                Enforcement Block Grant program (described under the 
heading ``Violent Crime Reduction Programs, State and Local Law 
Enforcement Assistance'' of the Departments of Commerce, Justice, and 
State, the Judiciary, and Related Agencies Appropriations Act, 1998 
(Public Law 105-119)).
            (3) Matching funds.--The Federal share of a grant received 
        under this subsection may not exceed 90 percent of the total 
        cost of a program or proposal funded under this subsection 
        unless the Attorney General waives, wholly or in part, the 
        requirements of this paragraph.
            (4) Grants to indian tribes.--Notwithstanding any other 
        provision of this subsection, the Attorney General may use 
        amounts made available under this subsection to make grants to 
        Indian tribes for use in accordance with this subsection.
            (5) Funding.--
                    (A) In general.--Of the amount authorized to be 
                appropriated by subsection (d), $25,000,000 shall be 
                available for grants under this subsection.
                    (B) Limitations.--Of the amount made available 
                under subparagraph (A) to carry out this subsection not 
                more than 3 percent may be used by the Attorney General 
                for salaries and administrative expenses.
                    (C) Minimum amount.--Unless all eligible 
                applications submitted by any State or units of local 
                government within a State for a grant under this 
                subsection have been funded, the State, together with 
                grantees within the State (other than Indian tribes), 
                shall be allocated not less than 0.75 percent of the 
                total amount made available under subparagraph (A) for 
                grants pursuant to this subsection, except that the 
                United States Virgin Islands, American Samoa, Guam, and 
                the Northern Mariana Islands each shall be allocated 
                0.25 percent.
    (d) Authorization of Appropriations.--
            (1) Authorization.--There is hereby authorized to be 
        appropriated for fiscal year 2001, $125,000,000 for purposes of 
        carrying out this section, of which $20,000,000 shall be 
        available solely for activities under subsection (b) and of 
        which $25,000,000 shall be available solely for activities 
        under subsection (c).
            (2) Availability.--Amounts appropriated pursuant to the 
        authorization of appropriations in paragraph (1) shall remain 
        available until expended.

                    TITLE II--ANTI-FRAUD PROTECTIONS

SEC. 201. PROTECTION FROM FRAUDULENT UNSOLICITED ELECTRONIC MAIL.

    (a) Violations.--Subsection (a) of section 1030 of title 18, United 
States Code, as amended by section 101 of this Act, is further amended 
by inserting after paragraph (7) the following new paragraph (8):
            ``(8) intentionally and without consent or authorization of 
        the recipient initiates the transmission of an unsolicited 
        commercial electronic mail advertisement to one or more 
        protected computers with knowledge that such advertisement 
        falsifies an Internet domain, header information, date or time 
        stamp, originating electronic mail address, or other 
        identifier;''.
    (b) Punishment.--Subsection (c)(2) of that section, as so amended, 
is further amended--
            (1) in subparagraph (A)--
                    (A) by inserting ``(i)'' after ``in the case of an 
                offense''; and
                    (B) by inserting after ``an offense punishable 
                under this subparagraph;'' the following: ``or (ii) 
                under subsection (a)(8) which results in damage to a 
                protected computer''; and
            (2) by adding at the end the following new subparagraph:
            ``(D) in the case of a violation of subsection (a)(8), 
        actual monetary loss and statutory damages of $15,000 per 
        violation, or an amount of up to $10 per message per violation 
        whichever is greater;''.
    (c) Definitions.--Subsection (e) of that section, as so amended, is 
further amended by adding after paragraph (12) the following new 
paragraphs:
            ``(13) the term `initiates the transmission', in the case 
        of an unsolicited commercial electronic mail advertisement, 
        means to originate the commercial electronic mail 
        advertisement, and excludes the actions of any interactive 
        computer service whose facilities or services are used by 
        another person to transmit, relay, or otherwise handle such 
        advertisement;
            ``(14) the term `Internet domain' means a specific computer 
        system (commonly referred to as a `host') or collection of 
        computer systems attached to or able to be referenced from the 
        Internet which are assigned a specific reference point on the 
        Internet (commonly referred to as an `Internet domain name') 
        and registered with an organization recognized by the Internet 
        industry as a registrant of Internet domains;
            ``(15) the term `unsolicited commercial electronic mail 
        advertisement' means any electronic mail message or 
        advertisement that is part of a plan, program, or campaign 
        conducted to induce purchases of goods or services, but does 
        not include electronic mail initiated by any person to others 
        with whom such person has a prior relationship, including a 
        prior business relationship, or electronic mail sent by a 
        source to recipients where such recipients, or their designees, 
        have at any time affirmatively requested to receive 
        communications from that source; and
            ``(16) the term `Internet' has the meaning given that term 
        in section 230(f)(1) of the Communications Act of 1934 (47 
        U.S.C. 230(f)(1)).''.

           TITLE III--PRIVACY AND CONFIDENTIALITY PROTECTIONS

SEC. 301. PRIVACY PROTECTION CONCERNING PEN REGISTERS AND TRAP AND 
              TRACE DEVICES.

    (a) Annual Reports.--The text of section 3126 of such title is 
amended to read as follows:
    ``(a) Annual Reports.--The Attorney General shall submit to 
Congress on an annual basis a report on the exercise of the authority 
under this chapter with respect to pen registers and trap and trace 
devices.
    ``(b) Contents of Reports.--Each report under subsection (a) shall 
set forth, for the period covered by such report, the following:
            ``(1) The number of orders for pen registers and for trap 
        and trace devices applied for by law enforcement agencies, and 
        the number and duration of any extensions of such orders.
            ``(2) The identity and location of the investigative or law 
        enforcement agency making each application.
            ``(3) The offense specified in each order or application, 
        or extension of order.
            ``(4) The number and nature of the facilities affected.''.
    (b) Applications for Orders.--Section 3122(b) of such title is 
amended--
            (1) by striking ``and'' at the end of paragraph (1);
            (2) by striking the period at the end of paragraph (2) and 
        inserting ``; and''; and
            (3) by adding at the end the following new paragraph:
            ``(3) a description of the facts on which the certification 
        described in paragraph (2) is based.''.

SEC. 302. PRIVACY PROTECTION FOR SUBSCRIBERS OF SATELLITE TELEVISION 
              SERVICES.

    (a) In General.--Section 631 of the Communications Act of 1934 (47 
U.S.C. 551) is amended by adding at the end the following:

``SEC. 631A. PRIVACY OF SUBSCRIBER INFORMATION FOR SUBSCRIBERS OF 
              SATELLITE TELEVISION SERVICE.

    ``(a) Notice to Subscribers Regarding Personally Identifiable 
Information.--At the time of entering into an agreement to provide any 
satellite home viewing service to a subscriber, and not less often than 
annually thereafter, a satellite carrier or distributor shall provide 
notice in the form of a separate, written or electronic statement to 
the subscriber that clearly and conspicuously informs the subscriber 
of--
            ``(1) the nature of personally identifiable information 
        collected or to be collected with respect to the subscriber as 
        a result of the provision of such service and the nature of the 
        use of such information;
            ``(2) the nature, frequency, and purpose of any disclosure 
        that may be made of such information, including an 
        identification of the types of persons to whom the disclosure 
        may be made;
            ``(3) the period during which such information will be 
        maintained by the satellite carrier or distributor;
            ``(4) the times and place at which the subscriber may have 
        access to such information in accordance with subsection (d); 
        and
            ``(5) the limitations provided by this section with respect 
        to the collection and disclosure of information by the 
        satellite carrier or distributor and the right of the 
        subscriber under this section to enforce such limitations.
    ``(b) Collection of Personally Identifiable Information.--
            ``(1) In general.--Except as provided in paragraph (2), a 
        satellite carrier or distributor shall not use its satellite 
        system to collect personally identifiable information 
        concerning any subscriber without the prior written or 
        electronic consent of such subscriber.
            ``(2) Exception.--A satellite carrier or distributor may 
        use its satellite system to collect information described in 
        paragraph (1) in order--
                    ``(A) to obtain information necessary to render a 
                satellite service provided by the satellite carrier or 
                distributor to the subscriber; or
                    ``(B) to detect unauthorized reception of satellite 
                communications.
    ``(c) Disclosure of Personally Identifiable Information.--
            ``(1) In general.--Except as provided in paragraph (2), a 
        satellite carrier or distributor--
                    ``(A) may not disclose personally identifiable 
                information concerning any subscriber without the prior 
                written or electronic consent of such subscriber; and
                    ``(B) shall take such actions as are necessary to 
                prevent unauthorized access to such information by a 
                person other than such subscriber or the satellite 
                carrier or distributor.
            ``(2) Exceptions.--A satellite carrier or distributor may 
        disclose information described in paragraph (1) only if the 
        disclosure is--
                    ``(A) necessary to render, or conduct a legitimate 
                business activity related to, a cable or satellite 
                service or other service provided by the satellite 
                carrier or distributor to the subscriber;
                    ``(B) to a law enforcement agency pursuant to a 
                warrant issued under the Federal Rules of Criminal 
                Procedures, or equivalent State warrant, a Federal or 
                State grand jury subpoena or equivalent process 
                authorized by a Federal or State statute, or a court 
                order issued in accordance with paragraph (3); and
                    ``(C) a disclosure of the names and addresses of 
                subscribers to any other provider of satellite service 
                or other service, if--
                            ``(i) the satellite carrier or distributor 
                        has provided the subscriber the opportunity to 
                        prohibit or limit such disclosure; and
                            ``(ii) the disclosure does not reveal, 
                        directly or indirectly--
                                    ``(I) the extent of any viewing or 
                                other use by the subscriber of 
                                satellite service or other service 
                                provided by the satellite carrier or 
                                distributor; or
                                    ``(II) the nature of any 
                                transaction made by the subscriber over 
                                the satellite system of the satellite 
                                carrier or distributor.
            ``(3) Court orders.--
                    ``(A) Limitations.--(i) A disclosure under 
                paragraph (2)(B) may be made only--
                            ``(I) with prior notice to the subscriber, 
                        except that delayed notice may be given 
                        pursuant to section 2705 of title 18, United 
                        States Code; and
                            ``(II) if the law enforcement agency shows 
                        that there is probable cause to believe that 
                        the information sought is relevant to an 
                        ongoing criminal investigation being conducted 
                        by the agency.
                    ``(ii) In the case of a State government authority, 
                such a court order shall not issue if prohibited by the 
                law of such State.
                    ``(B) Quash or modification.--A court issuing a 
                court order pursuant to this paragraph, on a motion 
                made promptly by the satellite carrier or distributor, 
                may quash or modify the order if the information 
                requested is unreasonably voluminous in nature or if 
                compliance with the order otherwise would cause an 
                unreasonable burden on the satellite carrier or 
                distributor, as the case may be.
    ``(d) Subscriber Access to Information.--A satellite subscriber 
shall be provided access to all personally identifiable information 
regarding that subscriber that is collected and maintained by a 
satellite carrier or distributor. Such information shall be made 
available to the subscriber at reasonable times and at a convenient 
place designated by such satellite carrier or distributor. A satellite 
subscriber shall be provided reasonable opportunity to correct any 
error in such information.
    ``(e) Relief.--
            ``(1) In general.--Any person aggrieved by any act of a 
        satellite carrier or distributor in violation of this section 
        may bring a civil action in a district court of the United 
        States.
            ``(2) Damages and costs.--In any action brought under 
        paragraph (1), the court may award a prevailing plaintiff 
        actual damages but not less than liquidated damages computed at 
        the rate of $100 a day for each day of violation or $1,000, 
        whichever is greater.
    ``(f) Definitions.--In this section:
            ``(1) Distributor.--The term `distributor' has the meaning 
        given that term in section 119(d)(1) of title 17, United States 
        Code.
            ``(2) Other service.--The term `other service' includes any 
        wire, electronic, or radio communications service provided 
        using any of the facilities of a satellite carrier or 
        distributor that are used in the provision of satellite home 
        viewing service.
            ``(3) Personally identifiable information.--The term 
        `personally identifiable information' does not include any 
        record of aggregate data that does not identify particular 
        persons.
            ``(4) Satellite carrier.--The term `satellite carrier' has 
        the meaning given that term in section 119(d)(6) of title 17, 
        United States Code.''.
    (b) Notice With Respect to Certain Agreements.--
            (1) In general.--Except as provided in paragraph (2), a 
        satellite carrier or distributor who has entered into 
        agreements referred to in section 631(a) of the Communications 
        Act of 1934, as amended by subsection (a), before the date of 
        enactment of this Act, shall provide any notice required under 
        that section, as so amended, to subscribers under such 
        agreements not later than 180 days after that date.
            (2) Exception.--Paragraph (1) shall not apply with respect 
        to any agreement under which a satellite carrier or distributor 
        was providing notice under section 631(a) of the Communications 
        Act of 1934, as in effect on the day before the date of 
        enactment of this Act, as of such date.

SEC. 303. ENCRYPTION REPORTING REQUIREMENTS.

    Section 2519(2)(b) of title 18, United States Code, is amended by 
striking ``and (iv)'' and inserting ``(iv) the number of orders in 
which encryption was encountered and whether such encryption prevented 
law enforcement from obtaining the plaintext of communications 
intercepted pursuant to any such order, (v) the approximate nature, 
amount, and cost of the manpower and other resources used in obtaining 
the plaintext of intercepted communications that were encrypted, and 
(vi)''.

SEC. 304. FRAUD IN ONLINE COLLECTION AND DISSEMINATION OF PERSONALLY 
              IDENTIFIABLE INFORMATION.

    Section 1030 of title 18, United States Code, as amended by section 
102(b) of this Act, is further amended by inserting after subsection 
(i) the following new subsection (j):
    ``(j)(1) Except as otherwise provided in this subsection, an 
interactive computer service may not disclose to a person other than 
the consumer concerned any personally identifiable information, 
unless--
            ``(A) the interactive computer service discloses to the 
        consumer, in a notice consistent with paragraph (2), the types 
        of persons to whom such information may be disclosed; and
            ``(B) the consumer is given--
                    ``(i) the opportunity, before the time that such 
                information is initially disclosed, to direct that such 
                information not be disclosed to such person; and
                    ``(ii) an explanation of how the consumer can 
                exercise that nondisclosure option available under 
                clause (i).
    ``(2) At the time of establishing a customer relationship with a 
consumer and before collecting any personally identifiable information 
from the consumer, an interactive computer service shall provide to the 
consumer a disclosure, which shall appear on the first webpage of the 
interactive computer service or be accessible by a hypertext link from 
such first webpage, of the policies and practices of the interactive 
computer service with respect to--
            ``(A) the collection and use of personally identifiable 
        information from customers who visit or use the website of the 
        interactive computer service;
            ``(B) the disclosure of such personally identifiable 
        information to persons other than such customers; and
            ``(C) the protection of the confidentiality and security of 
        such personally identifiable information.
    ``(3) This subsection shall not prohibit the disclosure of 
personally identifiable information regarding a consumer if such 
disclosure is--
            ``(A) with the consent or at the direction of the consumer 
        (including the use of an electronic agent to provide such 
        consent or direction);
            ``(B) to protect the confidentiality or security of the 
        records of the interactive computer service pertaining to the 
        consumer;
            ``(C) to protect against or prevent actual or potential 
        fraud or unauthorized transactions;
            ``(D) to persons holding a legal or beneficial interest 
        relating to the consumer;
            ``(E) to persons acting in a fiduciary or representative 
        capacity on behalf of the consumer; or
            ``(F) required--
                    ``(i) to comply with Federal, State, or local laws 
                or regulations, or other applicable legal requirements;
                    ``(ii) to comply with a properly authorized civil, 
                criminal, or regulatory investigation or subpoena by 
                Federal, State, or local authorities; or
                    ``(iii) to respond to judicial process or 
                government regulatory authorities for examination, 
                compliance, or other purposes as authorized by law.
    ``(4) Nothing in this subsection may be construed to prohibit an 
interactive computer service from using, disclosing, or permitting 
access to aggregate subscriber information from which personally 
identifiable information has been removed.
    ``(5) The Attorney General, any United States Attorney, or any 
State Attorney General may maintain a civil action against any person 
who violates this subsection for appropriate civil or equitable relief.
    ``(6) In this subsection:
            ``(A) The term `consumer' means an individual who visits or 
        transacts with an interactive computer service for personal, 
        family, or household purposes, and also means the legal 
        representative of such an individual.
            ``(B) The term `customer', with respect to an interactive 
        computer service, means any consumer (or authorized 
        representative of a consumer) of a commercial product or 
        service provided by such interactive computer service.
            ``(C) the term `customer information of an interactive 
        computer service' means any personally identifiable information 
        maintained by or for an interactive computer service which is 
        provided by a customer to an interactive computer service.
            ``(D) The term `time of establishing a customer 
        relationship' means the time when the website of an interactive 
        computer service is visited by a consumer.
            ``(E) The term `interactive computer service' means any 
        person who--
                    ``(i) operates, or on whose behalf is operated, a 
                website located on the Internet or an online service; 
                and
                    ``(ii) collects or maintains personal information 
                from or about the users of or visitors to such website 
                or online service, or on whose behalf such information 
                is collected or maintained, where such website or 
                online service is operated for commercial purposes, 
                including any person offering products or services for 
                sale through that websites or online service, involving 
                commerce--
                            ``(I) among the several States or with 1 or 
                        more foreign nations; and
                            ``(II) in any territory of the United 
                        States or in the District of Columbia, or 
                        between any such territory and--
                                    ``(aa) another such territory;
                                    ``(bb) any State or foreign nation; 
                                or
                                    ``(cc) between the District of 
                                Columbia and any State, territory, or 
                                foreign nation.
            ``(F) The term `personally identifiable information' means 
        any of the following information provided online by a consumer 
        to an interactive computer service:
                    ``(i) A first and last name.
                    ``(ii) A home or other physical address, including 
                a street name and name of a city or town.
                    ``(iii) An electronic mail address.
                    ``(iv) A telephone number.
                    ``(v) A Social Security number.
                    ``(vi) A credit card number or charge card, and any 
                related access code.
                    ``(vii) A photograph.''.

SEC. 305. NATIONAL MEDIA CAMPAIGN ON PUBLIC AWARENESS REGARDING ONLINE 
              SECURITY AND PRIVACY.

    (a) National Media Campaign Authorized.--
            (1) Campaign authorized.--The Attorney General, after 
        consultation with the Deputy Assistant Attorney General for 
        Computer Crime and Intellectual Property, may carry out a 
        national media campaign for purposes of raising public 
        awareness of existing rights, laws, and regulations relating to 
        Internet security and the privacy of personally identifiable 
        information over the Internet.
            (2) Outside assistance.--The Attorney General may--
                    (A) carry out the campaign in cooperation with 
                appropriate non-Federal persons and entities; and
                    (B) seek and utilize non-Federal funds and in-kind 
                donations in carrying out the campaign.
    (b) Objectives of Campaign.--The objectives of the campaign shall 
be--
            (1) to heighten and increase public awareness of the 
        occurrence and extent of the collection and dissemination of 
        personally identifiable information, and the security of such 
        information, by commercial, private, and public entities that 
        maintain Internet websites;
            (2) to encourage Americans to learn of and become familiar 
        with actions that can be taken to protect their personally 
        identifiable information from being transferred without their 
        consent or otherwise misused by a third party;
            (3) to inform Americans of their rights with respect to 
        their personally identifiable information; and
            (4) to inform Americans of Federal crimes relating to 
        computer fraud and abuse, and of the punishments for such 
        crimes.
    (c) Elements of Campaign.--Subject to subsection (d), the campaign 
shall be carried out through such means as the Attorney General 
considers appropriate, including--
            (1) public service announcements;
            (2) advertisements on television and radio;
            (3) banners on the World Wide Web that are adoptable by 
        commercial and community Internet websites;
            (4) newspapers and magazines, including advertisements and 
        submittals to editorial pages;
            (5) out-of-home message sites, including billboards, 
        posters, and signs;
            (6) information through a toll-free telephone number 
        (commonly referred to as an ``800'' number); and
            (7) other appropriate media and outlets.
    (d) Limitation on Use of Funds for Campaign.--
            (1) In general.--No funds available for the campaign may be 
        used as follows:
                    (A) To propose, influence, favor, or oppose any 
                change in any statute, rule, regulation, treaty, or 
                other provision of law.
                    (B) For any partisan political purpose.
                    (C) Except as provided in paragraph (2), to feature 
                any elected official, person seeking elected office, 
                cabinet-level official, or Federal official employed 
                pursuant to Schedule C under section 213 of title 5, 
                Code of Federal Regulations.
                    (D) In violation of section 1913 of title 18, 
                United States Code.
            (2) Exception.--Funds available for the campaign may be 
        used as described in paragraph (1)(C) if, not later than 15 
        days before the use of such funds in that manner, a notice 
        regarding the use of such funds in that manner is submitted to 
        the Committees on Appropriations and the Judiciary of the 
        Senate and House of Representatives.
    (e) Assessment of Campaign.--
            (1) Requirement.--The Attorney General shall enter into an 
        agreement with a qualified certified public accountant for 
        purposes of obtaining an assessment of the campaign, 
        including--
                    (A) an accounting of the amounts (including Federal 
                funds, other funds, and any in-kind donations) received 
                for purposes of conducting the campaign; and
                    (B) an objective assessment of the effects of the 
                campaign, including the cost-effectiveness of the 
                campaign.
            (2) Report.--The Attorney General shall submit to the 
        Committees on Appropriations and the Judiciary of the Senate 
        and House of Representatives a report on the assessment 
        obtained under paragraph (1). The report shall be submitted not 
        later than 270 days after the termination of the campaign under 
        subsection (f).
            (3) Availability of funds.--Of the amount available for the 
        campaign under subsection (h), not more than an amount equal to 
        5 percent of such amount shall be available to cover the costs 
        of the assessment obtained under this subsection.
    (f) Termination of Campaign.--Activities under the campaign, other 
than the assessment under subsection (e), shall terminate not later 
than three years after the date of the enactment of this Act.
    (g) Personally Identifiable Information Defined.--In this section, 
the term ``personally identifiable information'', has the meaning given 
that term in section 1030(j)(6)(F) of title 18, United States Code (as 
amended by section 304(a) of this Act).
    (h) Authorization of Appropriation.--
            (1) Authorization.--There is hereby authorized to be 
        appropriated for the Department of Justice for each of fiscal 
        years 2001, 2002, and 2003, $25,000,000 for purposes of the 
        campaign under this section.
            (2) Availability.--Amounts appropriated pursuant to the 
        authorization of appropriations in paragraph (1) shall remain 
        available until expended.

SEC. 306. FRAUDULENT ACCESS TO PERSONALLY IDENTIFIABLE INFORMATION.

    (a) In General.--Section 1030 of title 18, United States Code, as 
amended by this Act, is further amended by inserting after subsection 
(j) the following new subsection (k):
    ``(k)(1) Except as provided in paragraphs (2) and (3), whoever 
knowingly with intent to defraud obtains, or causes to be disclosed to 
any person, personally identifiable information of an interactive 
computer service relating to another person without such person's 
consent or authorization--
            ``(A) by making a false, fictitious, or fraudulent 
        statement or representation to an officer, employee, or agent 
        of an interactive computer service;
            ``(B) by making a false, fictitious, or fraudulent 
        statement or representation to a customer of an interactive 
        computer service; or
            ``(C) by providing any document to an officer, employee, or 
        agent of an interactive computer service, knowing that the 
        document is forged, counterfeit, or stolen, was fraudulently 
        obtained, or contains a false, fictitious, or fraudulent 
        statement or representation,
shall be punished as provided in subsection (c).
    ``(2) No provision of this subsection shall be construed to prevent 
any interactive computer service, or any officer, employee, or agent of 
an interactive computer service, from obtaining personally identifiably 
information of such interactive computer service in the course of--
            ``(A) testing the security procedures or systems of such 
        interactive computer service for maintaining the 
        confidentiality of personally identifiable information;
            ``(B) investigating allegations of misconduct or negligence 
        on the part of any officer, employee, or agent of such 
        interactive computer service; or
            ``(C) recovering customer information of such interactive 
        computer service which was obtained or received by another 
        person in any manner described in paragraph (1).
    ``(3) No provision of this section shall be construed to prevent 
any insurance institution, or any officer, employee, or agency of an 
insurance institution, from obtaining information as part of an 
insurance investigation into criminal activity, fraud, material 
misrepresentation, or material nondisclosure that is authorized for 
such institution under State law, regulation, interpretation, or 
order.''.
    (b) Attempted Offenses.--Subsection (b) of that section is amended 
by striking ``subsection (a)'' and inserting ``subsection (a) or (k)''.

   TITLE IV--NATIONAL SECURITY AND CRITICAL INFRASTRUCTURE PROTECTION

SEC. 401. DEPUTY ASSISTANT ATTORNEY GENERAL FOR COMPUTER CRIME AND 
              INTELLECTUAL PROPERTY.

    (a) Establishment of Position.--(1) Chapter 31 of title 28, United 
States Code, is amended by inserting after section 507 the following 
new section:
``Sec. 507a. Deputy Assistant Attorney General for Computer Crime and 
              Intellectual Property
    ``(a) The Attorney General shall appoint a Deputy Assistant 
Attorney General for Computer Crime and Intellectual Property.
    ``(b) The Deputy Assistant Attorney General shall be the head of 
the Computer Crime and Intellectual Property Section (CCIPS) of the 
Department of Justice.
    ``(c) The duties of the Deputy Assistant Attorney General shall 
include the following:
            ``(1) To advise Federal prosecutors and law enforcement 
        personnel regarding computer crime and intellectual property 
        crime.
            ``(2) To coordinate national and international activities 
        relating to combatting computer crime.
            ``(3) To provide guidance and assistance to Federal, State, 
        and local law enforcement agencies and personnel, and 
        appropriate foreign entities, regarding responses to threats of 
        computer crime and cyber-terrorism.
            ``(4) To serve as the liaison of the Attorney General to 
        the National Infrastructure Protection Center (NIPC), the 
        Department of Defense, the National Security Agency, and the 
        Central Intelligence Agency on matters relating to computer 
        crime.
            ``(5) To coordinate training for Federal, State, and local 
        prosecutors and law enforcement personnel on laws pertaining to 
        computer crime.
            ``(6) To propose and comment upon legislation concerning 
        computer crime, intellectual property crime, encryption, 
electronic privacy, and electronic commerce, and concerning the search 
and seizure of computers.
            ``(7) Any other duties carried out by the head of the 
        Computer Crime and Intellectual Property Section of the 
        Department of Justice as of the date of the enactment of the 
        Internet Integrity and Critical Infrastructure Protection Act 
        of 2000.
            ``(8) Such other duties as the Attorney General considers 
        appropriate.''.
    (2) The table of sections at the beginning of such chapter is 
amended by inserting after the item relating to section 507 the 
following new item:

``507a. Deputy Assistant Attorney General for Computer Crime and 
                            Intellectual Property.''.
    (b) First Appointment to Position of Deputy Assistant Attorney 
General.--(1) The individual who holds the position of head of the 
Computer Crime and Intellectual Property Section (CCIPS) of the 
Department of Justice as of the date of the enactment of this Act shall 
act as the Deputy Assistant Attorney General for Computer Crime and 
Intellectual Property under section 507a of title 28, United States 
Code, until the Attorney General appoints an individual to hold the 
position of Deputy Assistant Attorney General for Computer Crime and 
Intellectual Property under that section.
    (2) The individual first appointed as Deputy Assistant Attorney 
General for Computer Crime and Intellectual Property after the date of 
the enactment of this Act may be the individual who holds the position 
of head of the Computer Crime and Intellectual Property Section of the 
Department of Justice as of that date.
    (c) Authorization of Appropriations for CCIPS.--There is hereby 
authorized to be appropriated for the Department of Justice for fiscal 
year 2001, $5,000,000 for the Computer Crime and Intellectual Property 
Section of the Department for purposes of the discharge of the duties 
of the Deputy Assistant Attorney General for Computer Crime and 
Intellectual Property under section 507a of title 28, United States 
Code (as so added), during that fiscal year.

SEC. 402. NATIONAL INFRASTRUCTURE PROTECTION CENTER.

    (a) In General.--The Director of the National Infrastructure 
Protection Center (NPIC) within the Federal Bureau of Investigation 
shall use amounts authorized to be appropriated under subsection (b) 
for the following purposes:
            (1) To gather and analyze information concerning threats 
        to, and the vulnerability of, the national critical 
        infrastructure.
            (2) To provide assessments, warnings, and emergency 
        response information to other governmental entities, and other 
        owners and operators of critical infrastructure, concerning 
        threats to the national critical infrastructure.
            (3) To provide assistance to law enforcement in 
        investigating and prosecuting attacks against the national 
        critical infrastructure.
            (4) To develop and disseminate, in collaboration with the 
        private sector, technology and security procedures for 
        shielding the national critical infrastructure against attack.
            (5) Such other purposes as the Director considers 
        appropriate.
    (b) Authorization of Appropriations.--There is hereby authorized to 
be appropriated for the Federal Bureau of Investigation for the 
purposes set forth in subsection (a) the following:
            (1) For fiscal year 2001, $45,000,000.
            (2) For each of fiscal years 2002 through 2005, such sums 
        as may be necessary for such fiscal years.

SEC. 403. PERSONNEL EXCHANGE PROGRAMS FOR CRITICAL INFRASTRUCTURE 
              PROTECTION TRAINING.

    Section 3371(4) of title 5, United States Code, is amended--
            (1) by striking ``or'' at the end of subparagraph (C);
            (2) by striking the period at the end of subparagraph (D) 
        and inserting ``; or''; and
            (3) by adding at the end the following new subparagraph:
                    ``(E) a provider of wire or electronic 
                communication service, provider of data encryption or 
                related services, or other entity, for the purpose of 
                furthering the objectives of the Internet Integrity and 
                Critical Infrastructure Protection Act of 2000.''.

           TITLE V--INTERNATIONAL COMPUTER CRIME ENFORCEMENT

SEC. 501. SHORT TITLE.

    This title may be cited as the ``International Computer Crime 
Enforcement Assistance Act of 2000''.

SEC. 502. DISCLOSURE OF COMPUTER CRIME EVIDENCE TO FOREIGN LAW 
              ENFORCEMENT AUTHORITIES RELATING TO ENFORCEMENT OF 
              FOREIGN COMPUTER CRIME LAWS.

    (a) In General.--Subject to subsection (b) and section 505, the 
Attorney General of the United States may provide computer crime (other 
than trade secrets or propriety information otherwise not disclosable 
by the Attorney General) to a foreign law enforcement authority to 
assist the foreign law enforcement authority--
            (1) in determining whether a person has violated or is 
        about to violate a foreign computer crime law administered or 
        enforced by the foreign law enforcement authority; or
            (2) in enforcing such a foreign computer crime law.
    (b) Computer Crime Mutual Assistance Agreement Required.--The 
Attorney General may not provide evidence to a foreign law enforcement 
authority under subsection (a) except pursuant to the provisions of a 
computer crime mutual assistance agreement with respect to the foreign 
law enforcement authority that is in effect under this title.

SEC. 503. INVESTIGATIVE ASSISTANCE TO FOREIGN LAW ENFORCEMENT 
              AUTHORITIES TO OBTAIN COMPUTER CRIME EVIDENCE RELATING TO 
              ENFORCEMENT OF FOREIGN COMPUTER CRIME LAWS.

    (a) In General.--Subject to the provisions of this section and 
section 505, the Attorney General of the United States may exercise any 
authority set forth in subsection (b) to assist a foreign law 
enforcement authority--
            (1) in determining whether a person has violated or is 
        about to violate a foreign computer crime law administered or 
        enforced by the foreign law enforcement authority; or
            (2) in enforcing such a foreign computer crime law.
    (b) Covered Authorities.--
            (1) In general.--The authorities referred to in this 
        subsection are the authorities of the Attorney General as 
        follows:
                    (A) To investigate possible violations of the 
                Federal computer crime laws.
                    (B) To provide evidence obtained as a result of an 
                investigation under subparagraph (A) to the foreign law 
                enforcement authority concerned.
            (2) Scope of authority.--An investigation may be conducted 
        under subparagraph (A) of paragraph (1), and evidence obtained 
        through such investigation may be provided under subparagraph 
        (B) of that paragraph, without regard to whether the conduct 
        investigated violates any Federal computer crime law.
    (c) Computer Crime Mutual Assistance Agreement Required.--The 
Attorney General may not exercise any authority set forth in subsection 
(b) on behalf of a foreign law enforcement authority except pursuant to 
the provisions of a computer crime mutual assistance agreement with 
respect to the foreign law enforcement authority that is in effect 
under this title.
    (d) Requests.--
            (1) Submittal.--A foreign law enforcement authority seeking 
        the assistance of the Attorney General under this section shall 
        submit a request for such assistance to the Attorney General.
            (2) Response.--The Attorney General may approve or deny, in 
        whole or in part, a request submitted under paragraph (1).
            (3) Prohibition on action following denial.--The Attorney 
        General may not take any action under subsection (a) with 
        respect to any part of a request under this subsection that has 
        been denied by the Attorney General under paragraph (2).
    (e) Rights and Privileges Preserved.--A person may not be compelled 
in connection with an investigation under this section to give 
testimony or a statement, or to produce a document or other thing, in 
violation of any legally applicable right or privilege.

SEC. 504. COURT ORDERS TO PROVIDE ASSISTANCE TO FOREIGN LAW ENFORCEMENT 
              AUTHORITIES RELATING TO ENFORCEMENT OF FOREIGN COMPUTER 
              CRIME LAWS.

    (a) Authority of the District Courts.--On application of the 
Attorney General of the United States made in accordance with a 
computer crime mutual assistance agreement in effect under this title, 
the United States district court for the district in which a person 
resides, is found, or transacts business may order the person to give 
testimony or a statement, or to produce a document or other thing, to 
the Attorney General in order to assist a foreign law enforcement 
authority covered by the agreement--
            (1) in determining whether a person has violated or is 
        about to violate a foreign computer crime law administered or 
        enforced by the foreign law enforcement authority; or
            (2) in enforcing such a foreign computer crime law.
    (b) Limitation on Applications.--The making of applications by the 
Attorney General under subsection (a) is subject to the provisions of 
section 505.
    (c) Contents of Order.--
            (1) Use of appointee to receive evidence.--
                    (A) In general.--An order issued under subsection 
                (a) may direct that testimony or a statement be given, 
                or a document or other thing be produced, to a person 
                who shall be recommended by the Attorney General and 
                appointed by the court.
                    (B) Powers.--A person appointed with respect to an 
                order under subparagraph (A) shall have the power to 
                administer any oath necessary under the order and the 
                power to take testimony or statements.
            (2) Practice and procedure.--
                    (A) In general.--An order issued under subsection 
                (a) may prescribe the practice and procedure for taking 
                testimony and statements and for producing documents 
                and other things.
                    (B) Scope.--The practice and procedure prescribed 
                for an order under subparagraph (A) may be in whole or 
                in part the practice and procedure of the foreign 
                state, or the regional economic integration 
                organization, represented by the foreign law 
                enforcement authority with respect to which the 
                Attorney General requests the order.
                    (C) Default.--To the extent an order does not 
                prescribe otherwise, any testimony and statements 
                required to be taken shall be taken, and any documents 
                and other things required to be produced, shall be 
                produced, in accordance with the Federal Rules of Civil 
                Procedure.
    (c) Rights and Privileges Preserved.--A person may not be compelled 
under an order issued under subsection (a) to give testimony or a 
statement, or to produce a document or other thing, in violation of any 
legally applicable right or privilege.
    (d) Voluntary Conduct.--This section shall not be construed to 
preclude a person in the United States from voluntarily giving 
testimony or a statement, or producing a document or other thing, in 
any manner acceptable to the person for use in an investigation by a 
foreign law enforcement authority.

SEC. 505. LIMITATIONS ON ACTIVITIES UNDER COMPUTER CRIME MUTUAL 
              ASSISTANCE AGREEMENTS.

    (a) Determinations Required.--The Attorney General of the United 
States may not disclose evidence under section 502, exercise any 
authority under section 503, or apply for an order under section 504 
with respect to a computer crime mutual assistance agreement unless the 
Attorney General determines in the particular instance that--
            (1) the foreign law enforcement authority concerned--
                    (A) will satisfy the assurances, terms, and 
                conditions under the agreement that are specified in 
                paragraphs (1), (2), and (5) of section 508(b); and
                    (B) is capable of complying with and will comply 
                with the confidentiality requirements applicable under 
                the agreement with respect to any requested computer 
                crime evidence;
            (2) providing any requested computer crime evidence will 
        not violate a limitation in section 508(c); and
            (3) disclosing the evidence, exercising the authority, or 
        applying for the order, as the case may be, is consistent with 
        the public interest of the United States, taking into 
        consideration whether the foreign state or regional economic 
        integration organization represented concerned holds any 
        proprietary interest that could benefit or otherwise be 
        affected by the disclosure, the exercise of the authority, or 
        the granting of the order.
    (b) Limitation on Disclosure of Certain Computer Crime Evidence.--
The Attorney General may not disclose in violation of a computer crime 
mutual assistance agreement any computer crime evidence received under 
the agreement, except that the agreement may not prevent the disclosure 
of computer crime evidence to a defendant in an action or proceeding 
brought by the Attorney General for a violation of any Federal law if 
the disclosure would otherwise be required by Federal law.
    (c) Required Disclosure of Notice Received.--If the Attorney 
General receives a notice described in section 508(b)(8), the Attorney 
General shall transmit the notice to the person that provided the 
evidence with respect to which the notice is received.

SEC. 506. REIMBURSEMENT.

    The Attorney General of the United States is authorized to receive 
from a foreign law enforcement authority, or from the foreign state or 
regional economic integration organization represented by such foreign 
law enforcement authority, reimbursement of the costs incurred by the 
Attorney General in disclosing evidence under section 502, exercising 
any authority under section 503, or applying for an order under section 
504 with respect to a computer crime mutual assistance agreement.

SEC. 507. JUDICIAL REVIEW.

    (a) Determinations.--A determination made under paragraph (1), (2), 
or (3) of section 505(a) shall not be subject to judicial review.
    (b) Citations to and Descriptions of Confidentiality Laws.--Whether 
a computer crime mutual assistance agreement satisfies the requirement 
set forth in section 508(b)(3) shall not be subject to judicial review.
    (c) Rules of Construction.--
            (1) Administrative procedure act.--The requirements in 
        section 508(d), with respect to publication and request for 
        public comment, shall not be construed to create any 
        availability of judicial review under chapter 7 of title 5, 
        United States Code.
            (2) Excluded elements.--Nothing in this section shall be 
        construed to affect the availability of judicial review under 
        laws referred to in section 508(c).

SEC. 508. COMPUTER CRIME MUTUAL ASSISTANCE AGREEMENTS.

    (a) In General.--
            (1) Description generally.--Subject to the provisions of 
        this section, a computer crime mutual assistance agreement for 
        purposes of this title shall consist of a written agreement, or 
        written memorandum of understanding, that is entered into by 
        the United States and a foreign state or regional economic 
        integration organization with respect to the foreign law 
        enforcement authorities of the foreign state or organization 
        (and such other governmental entities of the foreign state or 
        organization as the Attorney General determines may be 
        necessary in order to provide the assistance described in 
        subsection (b)(1)) for purposes of carrying out activities 
        authorized by sections 502, 503, and 504, on a reciprocal 
        basis.
            (2) Officials.--A computer crime mutual assistance 
        agreement shall be entered into jointly by the Attorney General 
        of the United States and a foreign law enforcement authority.
    (b) Elements.--A computer crime mutual assistance agreement shall 
contain the following elements:
            (1) An assurance that any foreign law enforcement authority 
        covered by the agreement will provide to the Attorney General 
        assistance that is comparable in scope to the assistance the 
        Attorney General provides under the agreement.
            (2) An assurance that any foreign law enforcement authority 
        covered by the agreement--
                    (A) is subject to laws and procedures that are 
                adequate to maintain securely the confidentiality of 
                computer crime evidence that may be received under 
                section 502, 503, or 504; and
                    (B) will give protection to such evidence that is 
                not less than the protection that would be provided 
                such evidence under the laws of the United States.
            (3) Citations to and brief descriptions of the laws of the 
        United States, and the laws of the foreign state or regional 
        economic integration organization concerned, that protect the 
        confidentiality of computer crime evidence that may be provided 
under the agreement, which citations and descriptions shall set forth 
the enforcement mechanisms and penalties applicable under such laws 
and, in the case of a regional economic integration organization, the 
applicability of such laws, enforcement mechanisms, and penalties to 
the foreign states composing the organization.
            (4) Citations to the Federal computer crime laws and the 
        foreign computer crime laws with respect to which the agreement 
        applies.
            (5) Terms and conditions that specifically require using, 
        disclosing, or permitting the use or disclosure of computer 
        crime evidence received under the agreement only--
                    (A) for the purpose of administering or enforcing 
                the foreign computer crime laws concerned; or
                    (B) with respect to a specified disclosure or use 
                requested by a foreign law enforcement authority and 
                essential to a significant law enforcement objective, 
                in accordance with the prior written consent given by 
                the Attorney General after--
                            (i) determining that such computer crime 
                        evidence is not otherwise readily available 
                        with respect to such objective;
                            (ii) making the determinations described in 
                        paragraphs (2) and (3) of section 505(a), with 
                        respect to such disclosure or use; and
                            (iii) making the determinations applicable 
                        to a foreign law enforcement authority under 
                        section 505(a)(1) (other than the determination 
                        regarding the assurance described in paragraph 
                        (1) of this subsection), with respect to each 
                        additional governmental entity, if any, to be 
                        provided such computer crime evidence in the 
                        course of such disclosure or use, after having 
                        received adequate written assurances applicable 
                        to each such governmental entity.
            (6) An assurance that computer crime evidence received 
        under section 502, 503, or 504 from the Attorney General, and 
        all copies of such evidence, in the possession or control of 
        any foreign law enforcement authority covered by the agreement 
        will be returned to the Attorney General at the conclusion of 
        the foreign investigation or proceeding with respect to which 
        such evidence was so received.
            (7) Terms and conditions that specifically provide that the 
        agreement will be terminated if--
                    (A) the confidentiality required under the 
                agreement is violated with respect to computer crime 
                evidence; and
                    (B) adequate action is not taken to minimize any 
                harm resulting from such violation and to ensure that 
                the confidentiality required under the agreement is not 
                violated again.
            (8) Terms and conditions that specifically provide that if 
        the confidentiality required under the agreement is violated 
        with respect to computer crime evidence, notice of the 
        violation will be given--
                    (A) by the foreign law enforcement authority 
                concerned promptly to the Attorney General with respect 
                to computer crime evidence provided by the Attorney 
                General; and
                    (B) by the Attorney General to the person (if any) 
                that provided such evidence to the Attorney General.
    (c) Exclusions.--A computer crime mutual assistance agreement may 
not cover any of the following computer crime evidence:
            (1) Computer crime evidence in a matter occurring before a 
        grand jury and with respect to which disclosure is prevented by 
        Federal law, except that for the purpose of applying Rule 
        6(e)(3)(C)(iv) of the Federal Rules of Criminal Procedure with 
        respect to this paragraph--
                    (A) a foreign law enforcement authority with 
                respect to which a particularized need for such 
                computer crime evidence is shown shall be considered to 
                be an appropriate official of any of the several 
                States; and
                    (B) a foreign computer crime law administered or 
                enforced by the foreign law enforcement authority shall 
                be considered to be a State criminal law.
            (2) Computer crime evidence that is specifically authorized 
        under an Executive Order to be kept secret in the interest of 
        national defense or foreign policy and--
                    (A) that is classified pursuant to such order or a 
                successor order; or
                    (B) with respect to which a determination of 
                classification is pending under such order or successor 
                order.
            (3) Computer crime evidence that is classified under the 
        Atomic Energy Act of 1954 (42 U.S.C. 2011 et seq.).
    (d) Publication Requirements.--
            (1) Prior to entry.--Not later than 45 days before a 
        computer crime mutual assistance agreement is entered into for 
        purposes of this title, the Attorney General shall publish in 
        the Federal Register--
                    (A) the proposed text of the agreement; and
                    (B) a request for public comment with respect to 
                the text.
            (2) Prior to modification.--Not later than 45 days before 
        the entry into any agreement that makes a modification of a 
        computer crime mutual assistance agreement for purposes of this 
        title, the Attorney General shall publish in the Federal 
        Register--
                    (A) the proposed text of the modification; and
                    (B) a request for public comment with respect to 
                the modification.
            (3) Other significant events.--Not later than 45 days after 
        a computer crime mutual assistance agreement for purposes of 
        this title is entered into or terminated, or an agreement that 
        makes a modification of a computer crime mutual assistance 
        agreement is entered into, the Attorney General shall publish 
        in the Federal Register--
                    (A) the text of the agreement or modification, or 
                the terms of the termination, as the case may be; and
                    (B) in the case of an agreement that makes a 
                modification to a computer crime mutual assistance 
                agreement, a notice containing--
                            (i) citations to the locations of 
                        publication in the Federal Register of the text 
                        of the computer crime mutual assistance 
                        agreement that is so modified, and of any 
                        previous modification to such agreement; and
                            (ii) a description of the manner in which a 
                        copy of the computer crime mutual assistance 
                        agreement, as so modified, may be obtained from 
                        the Attorney General.
            (4) Condition for validity.--A computer crime mutual 
        assistance agreement, or an agreement that makes a modification 
        to a computer crime mutual assistance agreement, with respect 
        to which publication does not occur in accordance with 
        paragraph (1), (2), or (3), as applicable, shall not be 
        considered to be in effect for purposes of this title.

SEC. 509. PRESERVATION OF EXISTING AUTHORITY.

    The authority provided by this title is in addition to any other 
authority vested in the Attorney General of the United States, or any 
other officer of the United States.

SEC. 510. REPORT TO CONGRESS.

    Not later than 3 years after the date of the enactment of this Act, 
the Attorney General of the United States shall submit to the 
Committees on the Judiciary of the Senate and House of Representatives 
a report--
            (1) describing the effects of the operation of this title 
        on the enforcement of the Federal computer crime laws;
            (2) describing the extent to which foreign law enforcement 
        authorities have complied with the confidentiality requirements 
        applicable under computer crime mutual assistance agreements in 
        effect for purposes of this title;
            (3) specifying separately the identities of the foreign 
        states and regional economic integration organizations that 
        have entered into such agreements and the identities of the 
        foreign law enforcement authorities with respect to which such 
        foreign states and organizations have entered into such 
        agreements;
            (4) specifying the identity of each foreign state, and each 
        regional economic integration organization, that has in effect 
        a law similar to this title;
            (5) setting forth the approximate number of requests made 
        by the Attorney General under such agreements to foreign law 
        enforcement authorities for computer crime investigations and 
        for computer crime evidence;
            (6) setting forth the approximate number of requests made 
        to the Attorney General by foreign law enforcement authorities 
        under such agreements for disclosures of evidence under section 
        502, the exercise of any authority under section 503, or for 
        applications for orders under section 504; and
            (7) describing any significant problems or concerns of 
        which the Attorney General is aware with respect to the 
        operation of this title.

SEC. 511. DEFINITIONS.

    In this title:
            (1) Computer crime evidence.--The term ``computer crime 
        evidence'' means information, testimony, statements, documents, 
        or other things that are obtained in anticipation of, or during 
the course of, an investigation or proceeding under any Federal 
computer crime law or foreign computer crime law.
            (2) Federal computer crime law.--The term ``Federal 
        computer crime law'' means any law designated by the Attorney 
        General as a Federal computer crime law under regulations 
        prescribed by the Attorney General for purposes of this title 
        not later than 90 days after the date of the enactment of this 
        Act and modified by the Attorney General from time to time 
        after notice to Congress of such modification.
            (3) Foreign computer crime law.--The term ``foreign 
        computer crime law'' means a law of a foreign state, or of a 
        regional economic integration organization, that is 
        substantially similar to a Federal computer crime law and 
        prohibits conduct similar to conduct prohibited by a Federal 
        computer crime law.
            (4) Foreign law enforcement authority.--The term ``foreign 
        law enforcement authority'' means a governmental entity of a 
        foreign state or regional economic integration organization 
        that is vested by such state or organization with authority to 
        enforce the foreign computer crime laws of such state or 
        organization.
            (5) Regional economic integration organization.--The term 
        ``regional economic integration organization'' means an 
        organization--
                    (A) that is constituted by, and composed of, 
                foreign states; and
                    (B) on which such foreign states have conferred 
                sovereign authority to make decisions that are binding 
                on such foreign states and directly applicable to and 
                binding on persons within such foreign states, 
                including decisions with respect to--
                            (i) administering or enforcing the foreign 
                        computer crime laws of such organization; and
                            (ii) prohibiting and regulating disclosure 
                        of information that is obtained by such 
                        organization in the course of administering or 
                        enforcing such laws.

                         TITLE VI--SEVERABILITY

SEC. 601. SEVERABILITY.

    If any provision of this Act (including an amendment made by this 
Act), or the application thereof, to any person or circumstance, is 
held invalid, the remainder of this Act (including the amendments made 
by this Act), and the application thereof, to other persons or 
circumstances shall not be affected thereby.
                                 <all>