[Congressional Bills 108th Congress]
[From the U.S. Government Publishing Office]
[S. 1484 Introduced in Senate (IS)]







108th CONGRESS
  1st Session
                                S. 1484

 To require a report on Federal Government use of commercial and other 
  databases for national security, intelligence, and law enforcement 
                   purposes, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                July 29 (legislative day, July 21), 2003

   Mr. Wyden introduced the following bill; which was read twice and 
               referred to the Committee on the Judiciary

_______________________________________________________________________

                                 A BILL


 
 To require a report on Federal Government use of commercial and other 
  databases for national security, intelligence, and law enforcement 
                   purposes, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Citizens' Protection in Federal 
Databases Act''.

SEC. 2. FINDINGS.

    Congress makes the following findings:
            (1) Many Federal national security, law enforcement, and 
        intelligence agencies are currently accessing large databases, 
        both public and private, containing information that was not 
        initially collected for national security, law enforcement, or 
        intelligence purposes.
            (2) These databases contain personal and sensitive 
        information on millions of United States persons.
            (3) Some of these databases are subject to Federal privacy 
        protections when in private sector control.
            (4) Risks to personal privacy are heightened when personal 
        information from different sources, including public records, 
        is aggregated in a single file and made accessible to thousands 
        of national security, law enforcement, and intelligence 
        personnel.
            (5) It is unclear what standards, policies, procedures, and 
        guidelines govern the access to or use of these public and 
        private databases by the Federal Government.
            (6) It is unclear what Federal Government agencies believe 
        they legally can and cannot do with the information once 
        acquired.
            (7) The Federal Government should be required to adhere to 
        clear civil liberties and privacy standards when accessing 
        personal information.
            (8) There is a need for clear accountability standards with 
        regard to the accessing or usage of information contained in 
        public and private databases by Federal agencies.
            (9) Without accountability, individuals and the public have 
        no way of knowing who is reading, using, or disseminating 
        personal information.
            (10) The Federal Government should not access personal 
        information on United States persons without some nexus to 
        suspected counterintelligence, terrorist, or other illegal 
        activity.

SEC. 3. LIMITATION ON USE OF FUNDS FOR PROCUREMENT OR ACCESS OF 
              COMMERCIAL DATABASES PENDING REPORT ON USE OF 
              INFORMATION.

    (a) Limitation.--Notwithstanding any other provision of law, 
commencing 60 days after the date of the enactment of this Act, no 
funds appropriated or otherwise made available to the Department of 
Justice, the Department of Defense, the Department of Homeland 
Security, the Central Intelligence Agency, the Department of Treasury, 
or the Federal Bureau of Investigation may be obligated or expended by 
such department or agency on the procurement of or access to any 
commercially available database unless such head of such department or 
agency submits to Congress the report required by subsection (b) not 
later than 60 days after the date of the enactment of this Act.
    (b) Report.--(1) The Attorney General, the Secretary of Defense, 
the Secretary of Homeland Security, the Secretary of the Treasury, the 
Director of Central Intelligence, and the Director of the Federal 
Bureau of Investigation shall each prepare, submit to the appropriate 
committees of Congress, and make available to the public a report, in 
writing, containing a detailed description of any use by the department 
or agency under the jurisdiction of such official, or any national 
security, intelligence, or law enforcement element under the 
jurisdiction of the department or agency, of databases that were 
obtained from or remain under the control of a non-Federal entity, or 
that contain information that was acquired initially by another 
department or agency of the Federal Government for purposes other than 
national security, intelligence or law enforcement, regardless of 
whether any compensation was paid for such databases.
    (2) Each report shall include--
            (A) a list of all contracts, memoranda of understanding, or 
        other agreements entered into by the department or agency, or 
        any other national security, intelligence, or law enforcement 
        element under the jurisdiction of the department or agency for 
        the use of, access to, or analysis of databases that were 
obtained from or remain under the control of a non-Federal entity, or 
that contain information that was acquired initially by another 
department or agency of the Federal Government for purposes other than 
national security, intelligence, or law enforcement;
            (B) the duration and dollar amount of such contracts;
            (C) the types of data contained in the databases referred 
        to in subparagraph (A);
            (D) the purposes for which such databases are used, 
        analyzed, or accessed;
            (E) the extent to which such databases are used, analyzed, 
        or accessed;
            (F) the extent to which information from such databases is 
        retained by the department or agency, or any national security, 
        intelligence, or law enforcement element under the jurisdiction 
        of the department or agency, including how long the information 
        is retained and for what purpose;
            (G) a thorough description, in unclassified form, of any 
        methodologies being used or developed by the department or 
        agency, or any intelligence or law enforcement element under 
        the jurisdiction of the department or agency, to search, 
        access, or analyze such databases;
            (H) an assessment of the likely efficacy of such 
        methodologies in identifying or locating criminals, terrorists, 
        or terrorist groups, and in providing practically valuable 
        predictive assessments of the plans, intentions, or 
        capabilities of criminals, terrorists, or terrorist groups;
            (I) a thorough discussion of the plans for the use of such 
        methodologies;
            (J) a thorough discussion of the activities of the 
        personnel, if any, of the department or agency while assigned 
        to the Terrorist Threat Integration Center; and
            (K) a thorough discussion of the policies, procedures, 
        guidelines, regulations, and laws, if any, that have been or 
        will be applied in the access, analysis, or other use of the 
        databases referred to in subparagraph (A), including--
                    (i) the personnel permitted to access, analyze, or 
                otherwise use such databases;
                    (ii) standards governing the access, analysis, or 
                use of such databases;
                    (iii) any standards used to ensure that the 
                personal information accessed, analyzed, or used is the 
                minimum necessary to accomplish the intended legitimate 
                Government purpose;
                    (iv) standards limiting the retention and 
                redisclosure of information obtained from such 
                databases;
                    (v) procedures ensuring that such data meets 
                standards of accuracy, relevance, completeness, and 
                timeliness;
                    (vi) the auditing and security measures to protect 
                against unauthorized access, analysis, use, or 
                modification of data in such databases;
                    (vii) applicable mechanisms by which individuals 
                may secure timely redress for any adverse consequences 
                wrongfully incurred due to the access, analysis, or use 
                of such databases;
                    (viii) mechanisms, if any, for the enforcement and 
                independent oversight of existing or planned 
                procedures, policies, or guidelines; and
                    (ix) an outline of enforcement mechanisms for 
                accountability to protect individuals and the public 
                against unlawful or illegitimate access or use of 
                databases.

SEC. 4. GENERAL PROHIBITIONS.

    (a) In General.--Notwithstanding any other provision of law, no 
department, agency, or other element of the Federal Government, or 
officer or employee of the Federal Government, may conduct a search or 
other analysis for national security, intelligence, or law enforcement 
purposes of a database based solely on a hypothetical scenario or 
hypothetical supposition of who may commit a crime or pose a threat to 
national security.
    (b) Construction.--The limitation in subsection (a) shall not be 
construed to endorse or allow any other activity that involves use or 
access of databases referred to in section 3(b)(2)(A).

SEC. 5. DEFINITIONS.

    In this Act:
            (1) Appropriate committees of congress.--The term 
        ``appropriate committees of Congress'' means--
                    (A) the Select Committee on Intelligence and the 
                Committee on the Judiciary of the Senate; and
                    (B) the Permanent Select Committee on Intelligence 
                and the Committee on the Judiciary of the House of 
                Representatives.
            (2) Database.--The term ``database'' means any collection 
        or grouping of information about individuals that contains 
        personally identifiable information about individuals, such as 
        individual's names, or identifying numbers, symbols, or other 
        identifying particulars associated with individuals, such as 
        fingerprints, voice prints, photographs, or other biometrics. 
        The term does not include telephone directories or information 
        publicly available on the Internet without fee.
            (3) United states person.--The term ``United States 
        person'' has the meaning given that term in section 101(i) of 
        the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 
        1801(i)).
                                 <all>