[Congressional Bills 110th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3791 Referred in Senate (RFS)]

  1st Session
                                H. R. 3791


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                            December 6, 2007

  Received; read twice and referred to the Committee on the Judiciary

_______________________________________________________________________

                                 AN ACT


 
 To modernize and expand the reporting requirements relating to child 
pornography, to expand cooperation in combating child pornography, and 
                          for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Securing Adolescents From 
Exploitation-Online Act of 2007'' or the ``SAFE Act of 2007''.

SEC. 2. REPORTING REQUIREMENTS OF ELECTRONIC COMMUNICATION SERVICE 
              PROVIDERS AND REMOTE COMPUTING SERVICE PROVIDERS.

    (a) In General.--Chapter 110 of title 18, United States Code, is 
amended by inserting after section 2258 the following:

``SEC. 2258A. REPORTING REQUIREMENTS OF ELECTRONIC COMMUNICATION 
              SERVICE PROVIDERS AND REMOTE COMPUTING SERVICE PROVIDERS.

    ``(a) Duty To Report.--
            ``(1) In general.--Whoever, while engaged in providing an 
        electronic communication service or a remote computing service 
        to the public through a facility or means of interstate or 
        foreign commerce, obtains actual knowledge of any facts or 
        circumstances described in paragraph (2) shall, as soon as 
        reasonably possible--
                    ``(A) complete and maintain with current 
                information a registration with the CyberTipline of the 
                National Center for Missing and Exploited Children, or 
                any successor to the CyberTipline operated by such 
                center, by providing the mailing address, telephone 
                number, facsimile number, electronic mail address of, 
                and individual point of contact for, such electronic 
                communication service provider or remote computing 
                service provider; and
                    ``(B) make a report of such facts or circumstances 
                to the CyberTipline, or any successor to the 
                CyberTipline operated by such center.
            ``(2) Facts or circumstances.--The facts or circumstances 
        described in this paragraph are any facts or circumstances that 
        appear to indicate a violation of--
                    ``(A) section 2251, 2251A, 2252, 2252A, 2252B, or 
                2260 that involves child pornography; or
                    ``(B) section 1466A.
    ``(b) Contents of Report.--To the extent available to an electronic 
communication service provider or a remote computing service provider, 
each report under subsection (a)(1) shall include the following 
information:
            ``(1) Information about the involved individual.--
        Information relating to the Internet identity of any individual 
        who appears to have violated a Federal law in the manner 
        described in subsection (a)(2), which shall, to the extent 
        reasonably practicable, include the electronic mail address, 
        website address, uniform resource locator, or any other 
        identifying information, including self-reported identifying 
        information.
            ``(2) Historical reference.--Information relating to when 
        any apparent child pornography was uploaded, transmitted, 
        reported to, or discovered by the electronic communication 
        service provider or remote computing service provider, as the 
        case may be, including a date and time stamp and time zone.
            ``(3) Geographic location information.--Information 
        relating to the geographic location of the involved individual, 
        hosting website, or uniform resource locator, which shall 
        include the Internet Protocol Address or verified billing 
        address, or, if not reasonably available, at least one form of 
        geographic identifying information, including area code or zip 
        code. The information shall also include any self-reported 
        geographic information.
            ``(4) Images of apparent child pornography.--Any image of 
        any apparent child pornography relating to the incident such 
        report is regarding.
            ``(5) Commingled images.--Any images, data, or other 
        digital files (collectively referred to as `digital files') 
        which are commingled or interspersed among the images of 
        apparent child pornography. If it would impose an undue 
        hardship to provide these commingled digital files as part of 
        the report, because of the volume of the digital files or for 
        other reasons, the reporting company shall, in lieu of 
        providing those digital files, inform the CyberTipline of the 
        existence of such digital files, and retain those digital files 
        as if they were part of the report as required pursuant to 
        subsection (h).
    ``(c) Forwarding of Report to Law Enforcement.--
            ``(1) In general.--The National Center for Missing and 
        Exploited Children shall forward each report made under 
        subsection (a)(1) to any appropriate law enforcement agency 
        designated by the Attorney General under subsection (d)(2).
            ``(2) State and local law enforcement.--The National Center 
        for Missing and Exploited Children may forward any report made 
        under subsection (a)(1) to an appropriate official of a State 
        or political subdivision of a State for the purpose of 
        enforcing State criminal law.
            ``(3) Foreign law enforcement.--The National Center for 
        Missing and Exploited Children may forward any report made 
        under subsection (a)(1) to any appropriate foreign law 
        enforcement agency designated by the Attorney General under 
        subsection (d)(3), subject to the conditions established by the 
        Attorney General under subsection (d)(3).
    ``(d) Attorney General Responsibilities.--
            ``(1) In general.--The Attorney General shall enforce this 
        section.
            ``(2) Designation of federal agencies.--The Attorney 
        General shall designate promptly the Federal law enforcement 
        agency or agencies to which a report shall be forwarded under 
        subsection (c)(1).
            ``(3) Designation of foreign agencies.--The Attorney 
        General shall promptly--
                    ``(A) designate the foreign law enforcement 
                agencies to which a report may be forwarded under 
                subsection (c)(3);
                    ``(B) establish the conditions under which such a 
                report may be forwarded to such agencies; and
                    ``(C) develop a process for foreign law enforcement 
                agencies to request assistance from Federal law 
                enforcement agencies in obtaining evidence related to a 
                report referred under subsection (c)(3).
    ``(e) Failure To Report.--An electronic communication service 
provider or remote computing service provider that knowingly and 
willfully fails to make a report required under subsection (a)(1) shall 
be fined--
            ``(1) in the case of an initial knowing and willful failure 
        to make a report, not more than $150,000; and
            ``(2) in the case of any second or subsequent knowing and 
        willful failure to make a report, not more than $300,000.
    ``(f) Protection of Privacy.--Nothing in this section shall be 
construed to require an electronic communication service provider or a 
remote computing service provider to--
            ``(1) monitor any user, subscriber, or customer of that 
        provider;
            ``(2) monitor the content of any communication of any 
        person described in paragraph (1); or
            ``(3) affirmatively seek facts or circumstances described 
        in subsection (a)(2).
    ``(g) Conditions of Disclosure Information Contained Within 
Report.--
            ``(1) In general.--Except as provided in paragraph (2), a 
        law enforcement agency that receives a report under subsection 
        (c) shall not disclose any information contained in that 
        report.
            ``(2) Permitted disclosures.--A law enforcement agency may 
        disclose information in a report received under subsection 
        (c)--
                    ``(A) to an attorney for the government for use in 
                the performance of the official duties of that 
                attorney;
                    ``(B) to such officers and employees of that law 
                enforcement agency, as may be necessary in the 
                performance of their investigative and recordkeeping 
                functions;
                    ``(C) to such other government personnel (including 
                personnel of a State or subdivision of a State) as are 
                determined to be necessary by an attorney for the 
                government to assist the attorney in the performance of 
                the official duties of the attorney in enforcing 
                Federal criminal law;
                    ``(D) if the report discloses a violation of State 
                criminal law, to an appropriate official of a State or 
                subdivision of a State for the purpose of enforcing 
                such State law;
                    ``(E) to a defendant in a criminal case or the 
                attorney for that defendant, to the extent the 
                information relates to a criminal charge pending 
                against that defendant;
                    ``(F) to an electronic communication service 
                provider or remote computing provider if necessary to 
                facilitate response to legal process issued in 
                connection to that report. The electronic communication 
                service provider or remote computing service provider 
                shall be prohibited from disclosing the contents of 
                that report to any person, except as necessary to 
                respond to the legal process; and
                    ``(G) as ordered by a court upon a showing of good 
                cause and pursuant to any protective orders or other 
                conditions that the court may impose.
    ``(h) Evidence Preservation.--
            ``(1) In general.--For the purposes of this section, the 
        notification to an electronic communication service provider or 
        a remote computing service provider by the CyberTipline of 
        receipt of a report under subsection (a)(1) shall be treated as 
        notice to preserve, as if such notice was made pursuant to 
        section 2703(f).
            ``(2) Preservation of report.--Pursuant to subsection 
        (h)(1), an electronic communication service provider or a 
        remote computing service shall preserve the contents of the 
        report provided pursuant to subsection (b) as well as the 
        information in subsection (c)(2) of section 2703 pertaining to 
        the involved individual for not less than 180 days after such 
        notification by the CyberTipline.
            ``(3) Authorities and duties not affected.--Nothing in this 
        section shall be construed as replacing, amending, or otherwise 
        interfering with the authorities and duties under section 2703.

``SEC. 2258B. LIMITED LIABILITY FOR ELECTRONIC COMMUNICATION SERVICE 
              PROVIDERS, REMOTE COMPUTING SERVICE PROVIDERS, OR DOMAIN 
              NAME REGISTRAR.

    ``(a) In General.--Except as provided in subsections (b) and (c), a 
civil claim or criminal charge against an electronic communication 
service provider, a remote computing service provider, or domain name 
registrar, including any director, officer, employee, or agent of such 
electronic communication service provider, remote computing service 
provider, or domain name registrar arising from the performance of the 
reporting responsibilities of such electronic communication service 
provider, remote computing service provider, or domain name registrar 
under this section, section 2258A, or section 2258C may not be brought 
in any Federal or State court.
    ``(b) Intentional, Reckless, or Other Misconduct.--Subsection (a) 
shall not apply to a claim if the electronic communication service 
provider, remote computing service provider, or domain name registrar, 
or a director, officer, employee, or agent of that electronic 
communication service provider, remote computing service provider, or 
domain name registrar--
            ``(1) engaged in intentional misconduct; or
            ``(2) acted, or failed to act--
                    ``(A) with actual malice;
                    ``(B) with reckless disregard to a substantial risk 
                of causing injury without legal justification; or
                    ``(C) for a purpose unrelated to the performance of 
                any responsibility or function under this section, 
                section 2258A, or section 2258C.
    ``(c) Ordinary Business Activities.--Subsection (a) shall not apply 
to an act or omission relating to an ordinary business activity of an 
electronic communication service provider, a remote computing service 
provider, or domain name registrar, including general administration or 
operations, the use of motor vehicles, or personnel management.
    ``(d) Minimizing Access.--An electronic communication service 
provider, a remote computing service provider, and domain name 
registrar shall--
            ``(1) minimize the number of employees that are provided 
        access to any image provided under section 2258A or 2258C; and
            ``(2) ensure that any such image is permanently destroyed, 
        upon notification from a law enforcement agency.

``SEC. 2258C. USE OF IMAGES FROM THE CYBERTIPLINE TO COMBAT CHILD 
              PORNOGRAPHY.

    ``(a) In General.--The National Center for Missing and Exploited 
Children is authorized to provide elements relating to any image 
reported to its CyberTipline to an electronic communication service 
provider or a remote computing service provider for the sole and 
exclusive purpose of permitting that electronic communication service 
provider or remote computing service provider to stop the further 
transmission of images. Such elements may include unique identifiers 
associated with a specific image, Internet location of images, and 
other technological elements that can be used to identify and stop the 
transmission of child pornography.
    ``(b) Use by Electronic Communication Service Providers and Remote 
Computing Service Providers.--Any electronic communication service 
provider or remote computing service provider that receives elements 
relating to an image from the National Center for Missing and Exploited 
Children under this section may use such information only for the 
purposes described in this section, provided that such use shall not 
relieve that electronic communication service provider or remote 
computing service provider from its reporting obligations under section 
2258A.

``SEC. 2258D. LIMITED LIABILITY FOR THE NATIONAL CENTER FOR MISSING AND 
              EXPLOITED CHILDREN.

    ``(a) In General.--Except as provided in subsections (b) and (c), a 
civil claim or criminal charge against the National Center for Missing 
and Exploited Children, including any director, officer, employee, or 
agent of such center, arising from the performance of the CyberTipline 
responsibilities or functions of such center, as described in this 
section, section 2258A or 2258C of this title, or section 404 of the 
Missing Children's Assistance Act (42 U.S.C. 5773), or from the effort 
of such center to identify child victims may not be brought in any 
Federal or State court.
    ``(b) Intentional, Reckless, or Other Misconduct.--Subsection (a) 
shall not apply to a claim or charge if the National Center for Missing 
and Exploited Children, or a director, officer, employee, or agent of 
such center--
            ``(1) engaged in intentional misconduct; or
            ``(2) acted, or failed to act--
                    ``(A) with actual malice;
                    ``(B) with reckless disregard to a substantial risk 
                of causing injury without legal justification; or
                    ``(C) for a purpose unrelated to the performance of 
                any responsibility or function under this section, 
                section 2258A or 2258C of this title, or section 404 of 
                the Missing Children's Assistance Act (42 U.S.C. 5773).
    ``(c) Ordinary Business Activities.--Subsection (a) shall not apply 
to an act or omission relating to an ordinary business activity, 
including general administration or operations, the use of motor 
vehicles, or personnel management.
    ``(d) Minimizing Access.--The National Center for Missing and 
Exploited Children shall--
            ``(1) minimize the number of employees that are provided 
        access to any image provided under section 2258A; and
            ``(2) ensure that any such image is permanently destroyed 
        upon notification from a law enforcement agency.

``SEC. 2258E. DEFINITIONS.

    ``In sections 2258A through 2258D--
            ``(1) the terms `attorney for the government' and `State' 
        have the meanings given those terms in rule 1 of the Federal 
        Rules of Criminal Procedure;
            ``(2) the term `electronic communication service' has the 
        meaning given that term in section 2510;
            ``(3) the term `electronic mail address' has the meaning 
        given that term in section 3 of the CAN-SPAM Act of 2003 (15 
        U.S.C. 7702);
            ``(4) the term `Internet' has the meaning given that term 
        in section 1101 of the Internet Tax Freedom Act (47 U.S.C. 151 
        note);
            ``(5) the term `remote computing service' has the meaning 
        given that term in section 2711; and
            ``(6) the term `website' means any collection of material 
        placed in a computer server-based file archive so that it is 
        publicly accessible, over the Internet, using hypertext 
        transfer protocol or any successor protocol.''.
    (b) Conforming Amendments.--
            (1) Repeal of superceded provision.--Section 227 of the 
        Crime Control Act of 1990 (42 U.S.C. 13032) is repealed.
            (2) Table of sections.--The table of sections for chapter 
        110 of title 18, United States Code, is amended by inserting 
        after the item relating to section 2258 the following:

``2258A. Reporting requirements of electronic communication service 
                            providers and remote computing service 
                            providers.
``2258B. Limited liability for electronic communication service 
                            providers and remote computing service 
                            providers.
``2258C. Use of images from the CyberTipline to combat child 
                            pornography.
``2258D. Limited liability for the National Center for Missing and 
                            Exploited Children.
``2258E. Definitions.''.

            Passed the House of Representatives December 5, 2007.

            Attest:

                                            LORRAINE C. MILLER,

                                                                 Clerk.