[Congressional Bills 112th Congress]
[From the U.S. Government Publishing Office]
[S. 3569 Introduced in Senate (IS)]

112th CONGRESS
  2d Session
                                S. 3569

 To improve the enforcement of criminal and civil law with respect to 
                cloud computing, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                           September 19, 2012

  Ms. Klobuchar (for herself and Mr. Hoeven) introduced the following 
 bill; which was read twice and referred to the Committee on Commerce, 
                      Science, and Transportation

_______________________________________________________________________

                                 A BILL


 
 To improve the enforcement of criminal and civil law with respect to 
                cloud computing, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Cloud Computing Act of 2012''.

SEC. 2. UNLAWFUL ACCESS TO CLOUD COMPUTING SERVICES.

    (a) In General.--Section 1030 of title 18, United States Code, is 
amended by adding at the end the following:
    ``(k) For purposes of an offense described in paragraph (2)(C), 
(4), or (5) of subsection (a) or an attempt or conspiracy to commit 
such an offense, if the protected computer is part of a cloud computing 
service, each instance of unauthorized access of a cloud computing 
account, access in excess of authorization of a cloud computing 
account, or attempt or conspiracy to access a cloud computing account 
without authorization or in excess of authorization shall constitute a 
separate offense.''.
    (b) Definitions.--Section 1030(e) of title 18, United States Code, 
is amended--
            (1) in paragraph (11), by striking ``and'' at the end;
            (2) in paragraph (12), by striking the period at the end 
        and inserting a semicolon; and
            (3) by adding at the end the following:
            ``(13) the term `cloud computing account' means information 
        stored on a cloud computing service that requires a password or 
        similar information to access and is attributable to an 
        individual, which may include allowing a customer of the cloud 
        computing service to have multiple accounts; and
            ``(14) the term `cloud computing service' means a service 
        that enables convenient, on-demand network access to a shared 
        pool of configurable computing resources (including networks, 
        servers, storage, applications, and services) that can be 
        rapidly provisioned and released with minimal management effort 
        or interaction by the provider of the service.''.

SEC. 3. PRESUMED LOSSES.

    Section 1030 of title 18, United States Code, as amended by section 
2(a), is amended by adding at the end the following:
    ``(l) If an offense under this section involves a protected 
computer that is part of a cloud computing service, the value of the 
loss of the use of the protected computer for purposes of subsection 
(a)(4), the value of the information obtained for purposes of 
subsection (c)(2)(B)(iii), and the value of the aggregated loss for 
purposes of subsection (c)(4)(A)(i)(I) shall be the greater of--
            ``(1) the value of the loss of use, information, or 
        aggregated loss to 1 or more persons; or
            ``(2) the product obtained by multiplying the number of 
        cloud computing accounts accessed by $500.''.

SEC. 4. INTERACTION WITH INTERNATIONAL FORA TO ADVANCE INTERNATIONAL 
              INTEROPERABILITY WITH LAW AND POLICIES OF UNITED STATES.

    The Secretary of State shall work with other international fora, 
such as the Organization for Economic Cooperation and Development, to 
advance the aims of ensuring interoperability between the provisions of 
this Act, the amendments made by this Act, and other laws and policies 
of the United States and foreign countries, including in consultations 
between the United States and the European Union.

SEC. 5. ANNUAL STUDY AND REPORT ON INTERNATIONAL COOPERATION REGARDING 
              DATA PRIVACY, RETENTION, AND SECURITY.

    (a) In General.--Not later than 180 days after the date of the 
enactment of this Act and not less frequently than once each year 
thereafter for 4 years, the Secretary of State shall--
            (1) conduct a study on international cooperation regarding 
        data privacy, retention, and security; and
            (2) submit to Congress a report on the findings of the 
        Secretary with respect to the most recent study carried out 
        under paragraph (1) and the activities of the Secretary under 
        section 4.
    (b) Matters Studied.--Each study conducted under subsection (a)(1) 
shall include development of recommendations for best practices, 
treaties, common policy frameworks, mutual recognition agreements, the 
creation of hybrid public-private authorities, codes of conduct, or 
other guidance the Secretary of State considers necessary to promote 
the development of laws and policies in foreign countries that are 
interoperable with and that will reinforce the effectiveness of--
            (1) the provisions of this Act and the amendments made by 
        this Act; and
            (2) policies relating to data privacy, data retention, 
        security of data, and assertions of jurisdiction over data, 
        including with respect to law enforcement access to data.
    (c) Interagency Coordination.--In conducting the studies required 
by subsection (a)(1), the Secretary of State shall consult with the 
heads of relevant agencies, such as the following:
            (1) The National Economic Council.
            (2) The Attorney General.
            (3) The Secretary of Commerce.
            (4) The Federal Trade Commission.
            (5) The Secretary of Homeland Security.
            (6) The United States Trade Representative.

SEC. 6. ANNUAL FEDERAL INFORMATION TECHNOLOGY AND CLOUD COMPUTING 
              PROCUREMENT FORECAST.

    (a) Cloud Computing Service Defined.--In this section, the term 
``cloud computing service'' has the meaning given the term by the Under 
Secretary of Commerce for Standards and Technology.
    (b) Forecast Required.--Not later than 180 days after the date of 
the enactment of this Act and not less frequently than once each year 
thereafter for 4 years, the head of each Federal agency described in 
section 901(b) of title 31, United States Code, shall, consistent with 
Cloud First policy outlined in the document of the Office of Management 
and Budget entitled ``Federal Cloud Computing Strategy'' and dated 
February 8, 2011, submit to the Administrator of the Office of 
Electronic Government and Information Technology of the Office of 
Management and Budget a 3-year forecast of the plans of the agency 
relating to the procurement of cloud computing services and support 
relating to such services.
    (c) Publication.--The Administrator shall make each 3-year forecast 
submitted under subsection (b) available to the public via an Internet 
website.
                                 <all>