[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[S. 3893 Introduced in Senate (IS)]
<DOC>
119th CONGRESS
2d Session
S. 3893
To amend the Foreign Intelligence Surveillance Act of 1978 to
reauthorize and reform certain authorities and to provide greater
transparency and oversight.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
February 23, 2026
Mr. Lee (for himself, Mr. Durbin, Mr. Cramer, and Ms. Hirono)
introduced the following bill; which was read twice and referred to the
Committee on the Judiciary
_______________________________________________________________________
A BILL
To amend the Foreign Intelligence Surveillance Act of 1978 to
reauthorize and reform certain authorities and to provide greater
transparency and oversight.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
(a) Short Title.--This Act may be cited as the ``Security And
Freedom Enhancement Act of 2026'' or the ``SAFE Act''.
(b) Table of Contents.--The table of contents for this Act is as
follows:
Sec. 1. Short title; table of contents.
TITLE I--PROTECTIONS FOR UNITED STATES PERSONS WHOSE COMMUNICATIONS ARE
COLLECTED UNDER SECTION 702 OF THE FOREIGN INTELLIGENCE SURVEILLANCE
ACT OF 1978
Sec. 101. Query procedure reform.
Sec. 102. Annual reports.
Sec. 103. Accountability and reporting procedures for compliance
violations relating to queries conducted by
the Federal Bureau of Investigation.
Sec. 104. Prohibition on reverse targeting of United States persons and
persons located in the United States.
Sec. 105. FISA court review of targeting decisions.
Sec. 106. Sunset of changes to definition of electronic communication
service provider.
Sec. 107. Limitation on directives under Foreign Intelligence
Surveillance Act of 1978 relating to
certain electronic communication service
providers.
Sec. 108. Extension of title VII of FISA; expiration of FISA
authorities; effective dates.
TITLE II--ADDITIONAL REFORMS RELATING TO ACTIVITIES UNDER THE FOREIGN
INTELLIGENCE SURVEILLANCE ACT OF 1978
Sec. 201. Required disclosure of information and limits on use of
certain information and on issuance of
orders.
Sec. 202. Criminal penalties for violations of FISA.
Sec. 203. Agency procedures to ensure compliance.
Sec. 204. Limit on civil immunity for providing information,
facilities, or technical assistance to the
Government absent a court order.
Sec. 205. Prohibition on avoiding disclosure obligations through
parallel construction.
Sec. 206. Sunset on grandfather clause of FISA's business records
provision.
TITLE III--REFORMS RELATING TO PROCEEDINGS BEFORE THE FOREIGN
INTELLIGENCE SURVEILLANCE COURT AND OTHER COURTS
Sec. 301. Foreign Intelligence Surveillance Court reform.
Sec. 302. Public disclosure and declassification of certain documents.
Sec. 303. Technical amendment to contempt power of FISC and FISC-R.
TITLE IV--INDEPENDENT EXECUTIVE BRANCH OVERSIGHT
Sec. 401. Periodic audit of FISA compliance by Inspector General.
TITLE V--PROTECTIONS FOR UNITED STATES PERSONS WHOSE SENSITIVE
INFORMATION IS PURCHASED BY INTELLIGENCE AND LAW ENFORCEMENT AGENCIES
Sec. 501. Limitation on intelligence acquisition of United States
person data.
Sec. 502. Limitation on law enforcement purchase of personal data from
data brokers.
Sec. 503. Consistent protections for demands for data held by
interactive computing services.
Sec. 504. Consistent privacy protections for data held by data brokers.
Sec. 505. Protection of data entrusted to intermediary or ancillary
service providers.
TITLE VI--TRANSPARENCY
Sec. 601. Enhanced reports by Director of National Intelligence.
Sec. 602. Notification to Congress of certain unauthorized disclosures.
TITLE VII--LIMITED DELAYS IN IMPLEMENTATION
Sec. 701. Limited delays in implementation.
TITLE I--PROTECTIONS FOR UNITED STATES PERSONS WHOSE COMMUNICATIONS ARE
COLLECTED UNDER SECTION 702 OF THE FOREIGN INTELLIGENCE SURVEILLANCE
ACT OF 1978
SEC. 101. QUERY PROCEDURE REFORM.
(a) Mandatory Audits of United States Person Queries Conducted by
Federal Bureau of Investigation.--
(1) In general.--The Department of Justice shall conduct an
audit that reviews each covered query, as defined in paragraph
(8) of section 702(f) of the Foreign Intelligence Surveillance
Act of 1978 (50 U.S.C. 1881a(f)), as redesignated and amended
by subsection (b) of this section, conducted during the 180-day
period beginning on the date of enactment of this Act, and
during each 180-day period thereafter.
(2) Completion of audit.--
(A) In general.--Not later than 90 days after the
end of each 180-day period described in paragraph (1),
the Department of Justice shall complete the audit
described in such paragraph with respect to such 180-
day period.
(B) Submission to congress.--Not later than 30 days
after completing each audit required under paragraph
(1), the Department of Justice shall submit to the
appropriate committees of Congress the complete and
unredacted results of the audit.
(C) Briefing regarding untimely audits.--If the
Department of Justice fails to complete and send the
results of an audit required under paragraph (1) to the
appropriate committees of Congress on or before the
date that is 120 days after the end of the 180-day
period to which the audit relates, not later than 127
days after the end of such 180-day period, the
Department of Justice shall conduct an in-person
briefing with the appropriate committees of Congress.
(D) Definition.--In this paragraph, the term
``appropriate committees of Congress'' means--
(i) the congressional intelligence
committees (as defined in section 3 of the
National Security Act of 1947 (50 U.S.C.
3003));
(ii) the Committee on the Judiciary of the
Senate; and
(iii) the Committee on the Judiciary of the
House of Representatives.
(3) Repeal of superseded audit requirement.--Section 2(c)
of the Reforming Intelligence and Securing America Act (50
U.S.C. 1881a note) is repealed.
(b) Restrictions Relating to Conduct of Certain Queries by Federal
Bureau of Investigation.--Section 702(f) of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1881a(f)) is amended--
(1) by redesignating paragraph (5) as paragraph (8);
(2) by inserting before paragraph (8), as so redesignated,
the following:
``(7) Querying procedures applicable to federal bureau of
investigation.--For any procedures adopted under paragraph (1)
applicable to the Federal Bureau of Investigation, the Attorney
General, in consultation with the Director of National
Intelligence, shall include the following requirements:
``(A) Training.--A requirement that, prior to
conducting any query, and on an annual basis thereafter
as a prerequisite for continuing to conduct queries,
personnel of the Federal Bureau of Investigation
successfully complete training on the querying
procedures.
``(B) Additional prior approvals for sensitive
queries.--A requirement that, absent exigent
circumstances, prior to conducting certain queries,
personnel of the Federal Bureau of Investigation
receive approval, at minimum, as follows:
``(i) Approval from an attorney at the
Federal Bureau of Investigation if the query
uses a query term reasonably believed to
identify a United States elected official, a
governor of a State, an appointee of the
President or the governor of a State, a United
States political candidate, a United States
political organization or a United States
person prominent in such organization, a United
States media organization or a United States
person who is a member of such organization, a
justice, judge, bankruptcy judge, or magistrate
judge of the United States, or a judge or
justice of the highest court of a State.
``(ii) Approval from an attorney of the
Federal Bureau of Investigation if the query
uses a query term reasonably believed to
identify a United States religious organization
or a United States person who is prominent in
such organization.
``(iii) Approval from an attorney of the
Federal Bureau of Investigation for 2 or more
queries conducted together, including through
the use of batch job technology, any successor
tool, or any other batch query method.
``(C) Prior written justification.--A requirement
that--
``(i) prior to conducting a covered query,
personnel of the Federal Bureau of
Investigation generate a written statement of
the specific factual basis to support the
reasonable belief that such query meets the
standards required by the procedures adopted
under paragraph (1), which shall, for each
covered query relating to the same United
States person or persons, explain and support
each individual query; and
``(ii) for each covered query, the Federal
Bureau of Investigation shall keep a record of
the query term or terms, the date of the query,
the identifier of the personnel conducting the
query, and the written statement of the
specific factual basis required under clause
(i).
``(D) Affirmative election to include section 702
information in queries.--Any system of the Federal
Bureau of Investigation that stores unminimized
contents or noncontents obtained through acquisitions
authorized under subsection (a) together with contents
or noncontents obtained through other lawful means
shall be configured in a manner that requires personnel
of the Federal Bureau of Investigation who are in
compliance with the training requirement under
subparagraph (A) to conduct such a query to
affirmatively elect to include such unminimized
contents or noncontents obtained through acquisitions
authorized under subsection (a) when running a
query.''; and
(3) in paragraph (8), as so redesignated--
(A) by striking subparagraph (B) and inserting the
following:
``(B) The term `covered person' means--
``(i) a United States person; or
``(ii) a person reasonably believed to be
located in the United States--
``(I) at the time of the applicable
query; or
``(II) at the time of the
communication or creation of the
information subject to the applicable
query.
``(C)(i) The term `covered query' means a query
that--
``(I) is conducted using 1 or more terms
associated with 1 or more covered persons,
including but not limited to personally
identifiable information;
``(II) is conducted in whole or in part for
the purpose of detecting or retrieving
information of or concerning 1 or more covered
persons; or
``(III) is conducted with specific reason
to believe the query will detect or retrieve
information of or concerning 1 or more covered
persons.
``(ii) Whether a query is a covered query shall be
determined without regard to whether the information
subject to the query has already been detected or
retrieved using a method other than a query described
in clause (i).
``(D) The term `query'--
``(i) means the use of any technique,
whether manual or automated, to detect or
retrieve information obtained through
acquisitions authorized under subsection (a)
from within a system, collection, or assortment
of information, or a subset thereof; and
``(ii) does not include the manual
observation of retrieved information.''.
(c) Prohibition on Warrantless Access to the Communications and
Other Information of United States Persons and Persons Located in the
United States.--Section 702(f) of the Foreign Intelligence Surveillance
Act of 1978 (50 U.S.C. 1881a(f)) is amended--
(1) in paragraph (1)(A) by inserting ``and the limitations
and requirements in paragraph (2)'' after ``Constitution of the
United States'';
(2) by redesignating paragraph (4) as paragraph (5); and
(3) by striking paragraphs (2) and (3) and inserting the
following:
``(2) Prohibition on warrantless access to the
communications and other information of united states persons
and persons located in the united states.--
``(A) In general.--Except as provided in
subparagraph (B), no officer or employee of any agency
that has access to unminimized communications or
information obtained through an acquisition under this
section may access communications content, or
information the compelled disclosure of which would
require a probable cause warrant if sought for law
enforcement purposes inside the United States, acquired
under subsection (a) and returned in response to a
covered query.
``(B) Exceptions for concurrent authorization,
exigent circumstances, consent, and certain defensive
cybersecurity queries.--
``(i) In general.--Subparagraph (A) shall
not apply if--
``(I) the person to whom the
covered query relates is the subject of
an order authorizing electronic
surveillance, a physical search, or an
acquisition under section 105, section
304, section 703, or section 704 of
this Act or a warrant issued pursuant
to the Federal Rules of Criminal
Procedure by a court of competent
jurisdiction;
``(II)(aa) the person to whom the
covered query relates is the subject of
an emergency authorization authorizing
electronic surveillance, a physical
search, or an acquisition under section
105, section 304, section 703, or
section 704 of this Act;
``(bb) not later than 7 days after
the results of the covered query are
accessed, a description of the
circumstances justifying the accessing
of the results of the covered query is
provided to the congressional
intelligence committees, the Committee
on the Judiciary of the House of
Representatives, and the Committee on
the Judiciary of the Senate;
``(cc) the Attorney General makes
or has made an application to the
Foreign Intelligence Surveillance Court
in accordance with section
105(e)(1)(D), section 304(e)(1)(D),
section 703(d)(1), or section 704(d)(1)
of this Act; and
``(dd) in the event such
application is denied, the requirements
of section 105(e)(5), 304(e)(5),
section 703(d)(4), or section
704(d)(4), as applicable, are followed;
``(III) such person or, if such
person is incapable of providing
consent, a third party legally
authorized to consent on behalf of such
person, has provided consent for the
access on a case-by-case basis; or
``(IV)(aa) the communications
content or information is accessed and
used for the sole purpose of
identifying a potential victim or
unwitting conduit of malicious cyber
activity who is not a potential
perpetrator of such activity;
``(bb) other than for the purposes
described in item (aa), no
communications content or other
information described in subparagraph
(A) are accessed or reviewed; and
``(cc) the accessing of query
results is reported to the Foreign
Intelligence Surveillance Court.
``(ii) Limitations.--No communications
content or information accessed under clause
(i)(II) or information derived from such access
may be used, received in evidence, or otherwise
disseminated in any trial, hearing, or other
proceeding in or before any court, grand jury,
department, office, agency, regulatory body,
legislative committee, or other authority of
the United States, a State, or political
subdivision thereof, except in a proceeding
that arises from the circumstances to which the
applicable emergency authorization relates.
``(iii) Assessment of compliance.--Not less
frequently than annually, the Attorney General
shall assess--
``(I) compliance with the
requirements under clause (i)(II)(cc);
and
``(II) compliance with the
requirements under clause (ii).
``(C) Foreign intelligence purpose.--
``(i) In general.--Except as provided in
clause (ii) of this subparagraph, no officer or
employee of any agency that has access to
unminimized communications or information
obtained through an acquisition under this
section may conduct a covered query of
information acquired under subsection (a)
unless the query is reasonably likely to
retrieve foreign intelligence information.
``(ii) Exceptions.--An officer or employee
of an agency that has access to unminimized
communications or information obtained through
an acquisition under this section may conduct a
covered query of information acquired under
this section if--
``(I)(aa) the officer or employee
conducting the query has a reasonable
belief that--
``(AA) an emergency exists
involving an imminent threat of
death or serious bodily harm;
and
``(BB) the query could
reasonably be expected to
assist in mitigating or
eliminating that threat to life
or serious bodily harm; and
``(bb) not later than 7 days after
the query is conducted, a description
of the query is provided to the Foreign
Intelligence Surveillance Court, the
congressional intelligence committees,
the Committee on the Judiciary of the
House of Representatives, and the
Committee on the Judiciary of the
Senate; or
``(II) the query is necessary to
identify information that must be
produced or preserved in connection
with a litigation matter or to fulfill
discovery obligations in a criminal
matter under the laws of the United
States or any State thereof.
``(D) Notification and consent requirements.--
``(i) Appropriate congressional leadership
defined.--In this subparagraph, the term
`appropriate congressional leadership' means
the following:
``(I) The chairs and ranking
minority members of the congressional
intelligence committees.
``(II) The chair and ranking
minority member of the Committee on the
Judiciary of the Senate and the chair
and ranking minority member of
Committee on the Judiciary of the House
of Representatives.
``(III) The Speaker and minority
leader of the House of Representatives.
``(IV) The majority and minority
leaders of the Senate.
``(ii) Notification requirement for certain
fbi queries.--
``(I) Requirement.--The Director of
the Federal Bureau of Investigation
shall promptly notify appropriate
congressional leadership of any query
conducted by the Federal Bureau of
Investigation using a query term that
is reasonably believed to be the name
or other personally identifying
information of a Member of Congress,
and shall also notify the Member who is
the subject of such query.
``(II) National security
considerations.--In submitting a
notification under subclause (I), the
Director shall give due regard to the
protection of classified information,
sources and methods, and national
security.
``(III) Waiver.--
``(aa) In general.--The
Director may waive a
notification required under
subclause (I) if the Director
determines such notification
would impede an ongoing
national security or law
enforcement investigation.
``(bb) Termination.--A
waiver under item (aa) shall
terminate on the date the
Director determines the
relevant notification would not
impede the relevant national
security or law enforcement
investigation or on the date
that such investigation ends,
whichever is earlier.
``(iii) Consent required for fbi to conduct
certain queries for purpose of defensive
briefing.--
``(I) Consent required.--The
Federal Bureau of Investigation may
not, for the purpose of supplementing
the contents of a briefing on the
defense against a counterintelligence
threat to a Member of Congress, conduct
a query using a query term that is the
name or restricted personal information
(as such term is defined in section 119
of title 18, United States Code) of
that Member unless--
``(aa) the Member provides
consent to the use of the query
term; or
``(bb) the Deputy Director
of the Federal Bureau of
Investigation determines that
exigent circumstances exist
sufficient to justify the
conduct of such query.
``(II) Notification.--
``(aa) Notification of
consent sought.--Not later than
3 business days after
submitting a request for
consent from a Member of
Congress under subclause (I),
the Director of the Federal
Bureau of Investigation shall
notify the appropriate
congressional leadership,
regardless of whether the
Member provided such consent.
``(bb) Notification of
exception used.--Not later than
3 business days after the
conduct of a query under
subclause (I) without consent
on the basis of the existence
of exigent circumstances
determined under item (bb) of
such subclause, the Director of
the Federal Bureau of
Investigation shall notify the
appropriate congressional
leadership.
``(III) Rule of construction.--
Nothing in this clause may be construed
as--
``(aa) applying to matters
outside of the scope of the
briefing on the defense against
a counterintelligence threat to
be provided or supplemented
under subclause (I); or
``(bb) limiting the lawful
investigative activities of the
Federal Bureau of Investigation
other than supplementing the
contents of a briefing on the
defense against a
counterintelligence threat to a
Member of Congress.
``(3) Documentation.--No officer or employee of any agency
that has access to unminimized communications or information
obtained through an acquisition under this section may access
communications content, or information the compelled disclosure
of which would require a probable cause warrant if sought for
law enforcement purposes inside the United States, returned in
response to a covered query unless an electronic record is
created that includes a statement of facts showing that the
access is authorized pursuant to an exception specified in
paragraph (2)(B).
``(4) Query record system.--The head of each agency that
has access to unminimized communications or information
obtained through an acquisition under this section shall ensure
that a system, mechanism, or business practice is in place to
maintain the records described in paragraph (3). Not later than
90 days after the date of enactment of the SAFE Act, the head
of each agency that has access to unminimized communications or
information obtained through an acquisition under this section
shall report to Congress on its compliance with this
procedure.''.
(d) Conforming Amendments.--
(1) Section 603(b)(2) of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1873(b)(2)) is amended, in
the matter preceding subparagraph (A), by striking ``,
including pursuant to subsection (f)(2) of such section,''.
(2) Section 706(a)(2)(A)(i) of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1881e(a)(2)(A)(i)) is
amended by striking ``obtained an order of the Foreign
Intelligence Surveillance Court to access such information
pursuant to section 702(f)(2)'' and inserting ``accessed such
information in accordance with section 702(b)(2)''.
SEC. 102. ANNUAL REPORTS.
(a) In General.--Section 707 of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1881f) is amended by adding at the
end the following:
``(c) Annual Reports.--
``(1) In general.--The Attorney General, in consultation
with the Director of National Intelligence, shall submit to the
congressional intelligence committees, the Committee on the
Judiciary of the Senate, and the Committee on the Judiciary of
the House of Representatives an annual report, which shall
include, for that year, disaggregated by each agency that
conducts queries of information acquired under section 702, the
following information:
``(A) The total number of covered queries (as
defined in section 702(f)(8)) conducted of information
acquired under section 702.
``(B) The number of times an officer or employee of
the United States accessed communications contents (as
defined in section 2510(8) of title 18, United States
Code) or information the compelled disclosure of which
would require a probable cause warrant if sought for
law enforcement purposes in the United States, returned
in response to such queries.
``(C) The number of applications for orders
described in subclause (I) of section 702(f)(2)(B)(i)
with respect to a person for which communications
contents or information relating to such person were
accessed under such subclause and the number of such
orders granted.
``(D) The number of times an exception under
subclause (II), (III), or (IV) of section
702(f)(2)(B)(i) was asserted, disaggregated by the
subclause under which an exception was asserted.
``(E) The number of times that 2 or more approved
queries were conducted together, through the use of
batch job technology, any successor tool, or any other
batch query method.
``(F) The number of queries run by an agency with
access to unminimized communications or information
obtained through an acquisition under section 702 run
at the request of or on behalf of 1 or more other
agencies that do not have such access, broken down by
the agency that ran the query, the agency for whom the
query was run, and the date of the query.
``(2) Public availability.--Subject to declassification
review by the Attorney General and the Director of National
Intelligence, each annual report submitted pursuant to
paragraph (1) shall be made publicly available during April of
each year and include information relating to the previous
calendar year.''.
(b) Repeal of Superseded Reporting Requirement.--Section 603 of the
Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1873) is
amended--
(1) by striking subsection (f); and
(2) by redesignating subsection (g) as subsection (f).
SEC. 103. ACCOUNTABILITY AND REPORTING PROCEDURES FOR COMPLIANCE
VIOLATIONS RELATING TO QUERIES CONDUCTED BY THE FEDERAL
BUREAU OF INVESTIGATION.
(a) In General.--Title VII of the Foreign Intelligence Surveillance
Act of 1978 (50 U.S.C. 1881 et seq.) is amended by adding at the end
the following:
``SEC. 710. ACCOUNTABILITY PROCEDURES FOR INCIDENTS RELATING TO QUERIES
CONDUCTED BY THE FEDERAL BUREAU OF INVESTIGATION.
``(a) In General.--The Director of the Federal Bureau of
Investigation shall establish procedures to hold employees of the
Federal Bureau of Investigation accountable for violations of law,
guidance, and procedure governing queries of information acquired
pursuant to section 702.
``(b) Elements.--The procedures established under subsection (a)
shall include the following:
``(1) Centralized tracking of individual employee
performance incidents involving violations of law, guidance,
and procedure described in subsection (a), over time.
``(2) Escalating consequences for such incidents,
including--
``(A) consequences for initial incidents,
including, at a minimum--
``(i) suspension of access to information
acquired under this Act pending remedial
action; and
``(ii) documentation of the incident in the
personnel file of each employee responsible for
the violation; and
``(B) consequences for subsequent incidents,
including, at a minimum--
``(i) possible indefinite suspension of
access to information acquired under this Act;
``(ii) reassignment of each employee
responsible for the violation; and
``(iii) referral of the incident to the
Inspection Division of the Federal Bureau of
Investigation for review of potentially
reckless conduct.
``(3) Clarification of requirements for referring
intentional misconduct and reckless conduct to the Inspection
Division of the Federal Bureau of Investigation for
investigation and disciplinary action by the Office of
Professional Responsibility of the Federal Bureau of
Investigation.''.
(b) Clerical Amendment.--The table of contents for the Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.) is
amended by inserting after the item relating to section 709 the
following:
``Sec. 710. Accountability procedures for incidents relating to queries
conducted by the Federal Bureau of
Investigation.''.
(c) Report Required.--
(1) Initial report.--Not later than 180 days after the date
of enactment of this Act, the Director of the Federal Bureau of
Investigation shall submit to the Committee on the Judiciary of
the House of Representatives, the Committee on the Judiciary of
the Senate, and the congressional intelligence committees (as
such term is defined in section 801 of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1885)) a report detailing
the procedures established under section 710 of the Foreign
Intelligence Surveillance Act of 1978, as added by subsection
(a).
(2) Annual report.--Not later than 1 year after the date of
enactment of this Act, and annually thereafter, the Federal
Bureau of Investigation shall submit to the Committee on the
Judiciary of the House of Representatives, the Committee on the
Judiciary of the Senate, and the congressional intelligence
committees (as such term is defined in section 801 of the
Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1885))
a report on any disciplinary actions taken pursuant to the
procedures established under section 710 of the Foreign
Intelligence Surveillance Act of 1978, as added by subsection
(a), including a description of the circumstances surrounding
each such disciplinary action, and the results of each such
disciplinary action.
(3) Form.--The reports required under paragraphs (1) and
(2) shall be submitted in unclassified form, but may include a
classified annex to the extent necessary to protect sources and
methods.
(d) Annual Reports.--Paragraph (5) of section 702(f) of the Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1881a(f)), as
redesignated by section 101(c)(2) of this Act, is amended--
(1) by redesignating subparagraphs (A), (B), and (C) as
clauses (i), (ii), and (iii), respectively, and adjusting the
margin accordingly;
(2) by striking ``The Director'' and inserting the
following:
``(A) In general.--The Director''; and
(3) by adding at the end the following:
``(B) Annual reports.--The Director of the Federal
Bureau of Investigation shall submit to the
congressional intelligence committees, the Committee on
the Judiciary of the Senate, and the Committee on the
Judiciary of the House of Representatives an annual
report on the actions taken under the minimum
accountability standards issued under subparagraph
(A).''.
(e) Restriction on Certain Information Available to the Federal
Bureau of Investigation.--Section 702(n)(2) of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1881a(n)(2)) is amended by
inserting ``the Committee on the Judiciary of the Senate, the Committee
on the Judiciary of the House of Representatives,'' after ``the
congressional intelligence committees,''.
SEC. 104. PROHIBITION ON REVERSE TARGETING OF UNITED STATES PERSONS AND
PERSONS LOCATED IN THE UNITED STATES.
Section 702 of the Foreign Intelligence Surveillance Act of 1978
(50 U.S.C. 1881a) is amended--
(1) in subsection (b)(2), by striking ``if the purpose of
such acquisition is to target a particular, known person
reasonably believed to be in the United States;'' and inserting
``if a purpose of such acquisition is to target 1 or more
United States persons or persons reasonably believed to be
located in the United States at the time of acquisition or
communication;'';
(2) in subsection (d)(1), by amending subparagraph (A) to
read as follows:
``(A) ensure that--
``(i) any acquisition authorized under
subsection (a) is limited to targeting persons
reasonably believed to be non-United States
persons located outside the United States; and
``(ii) targeting 1 or more United States
persons or persons reasonably believed to be in
the United States at the time of acquisition or
communication is not a purpose of an
acquisition; and'';
(3) in subsection (h)(2)(A)(i), by amending subclause (I)
to read as follows:
``(I) ensure that--
``(aa) an acquisition
authorized under subsection (a)
is limited to targeting persons
reasonably believed to be non-
United States persons located
outside the United States; and
``(bb) a purpose of an
acquisition is not to target 1
or more United States persons
or persons reasonably believed
to be in the United States at
the time of acquisition or
communication; and''; and
(4) in subsection (j)(2)(B), by amending clause (i) to read
as follows:
``(i) ensure that--
``(I) an acquisition authorized
under subsection (a) is limited to
targeting persons reasonably believed
to be non-United States persons located
outside the United States; and
``(II) a purpose of an acquisition
is not to target 1 or more United
States persons or persons reasonably
believed to be in the United States at
the time of acquisition or
communication; and''.
SEC. 105. FISA COURT REVIEW OF TARGETING DECISIONS.
Section 702 of the Foreign Intelligence Surveillance Act of 1978
(50 U.S.C. 1881a) is amended--
(1) in subsection (h)(2)--
(A) in subparagraph (D)(ii), by striking ``and'' at
the end;
(B) in subparagraph (E), by striking the period at
the end and inserting ``; and''; and
(C) by adding at the end the following:
``(F) include a random sample of targeting
decisions and supporting written justifications from
the prior year, using a sample size and methodology
that has been approved by the Foreign Intelligence
Surveillance Court.''; and
(2) in subsection (j)(1)--
(A) by striking ``subsection (g)'' each place it
appears and inserting ``subsection (h)''; and
(B) in subparagraph (A), as amended by subparagraph
(A) of this paragraph, by inserting ``, including
reviewing the random sample of targeting decisions and
written justifications submitted under subsection
(h)(2)(F),'' after ``subsection (h)''.
SEC. 106. SUNSET OF CHANGES TO DEFINITION OF ELECTRONIC COMMUNICATION
SERVICE PROVIDER.
Effective on December 31, 2026, the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1801 et seq.) is amended--
(1) in section 701(b)(4) (50 U.S.C. 1881(b)(4))--
(A) in subparagraph (D), by adding ``or'' at the
end;
(B) by striking subparagraph (E);
(C) by redesignating subparagraph (F) as
subparagraph (E); and
(D) in subparagraph (E), as so redesignated--
(i) by striking ``custodian,''; and
(ii) by striking ``(D), or (E)'' and
inserting ``or (D)''; and
(2) in section 801(6) (50 U.S.C. 1885(6))--
(A) by striking subparagraph (E);
(B) by redesignating subparagraphs (F) and (G) as
subparagraphs (E) and (F), respectively;
(C) in subparagraph (E), as so redesignated, by
adding ``or'' at the end; and
(D) in subparagraph (F), as so redesignated--
(i) by striking ``custodian,''; and
(ii) by striking ``(E), or (F)'' and
inserting ``or (E)''.
SEC. 107. LIMITATION ON DIRECTIVES UNDER FOREIGN INTELLIGENCE
SURVEILLANCE ACT OF 1978 RELATING TO CERTAIN ELECTRONIC
COMMUNICATION SERVICE PROVIDERS.
(a) In General.--Section 702(i) of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1881a(i)) is amended by adding at
the end the following:
``(7) Limitation relating to certain electronic
communication service providers.--
``(A) Definitions.--In this paragraph:
``(i) Appropriate committees of congress.--
The term `appropriate committees of Congress'
means--
``(I) the congressional
intelligence committees;
``(II) the Committee on the
Judiciary of the Senate; and
``(III) the Committee on the
Judiciary of the House of
Representatives.
``(ii) Covered electronic communication
service provider.--
``(I) In general.--Subject to
subclause (II), the term `covered
electronic communication service
provider' means--
``(aa) a service provider
described in section
701(b)(4)(E);
``(bb) a custodian of an
entity as defined in section
701(b)(4)(F); or
``(cc) an officer,
employee, or agent of a service
provider described in section
701(b)(4)(E).
``(II) Exclusion.--The term
`covered electronic communication
service provider' does not include--
``(aa) an electronic
communication service provider
described in subparagraph (A),
(B), (C), or (D) of section
701(b)(4); or
``(bb) an officer,
employee, or agent of an
electronic communication
service provider described in
subparagraph (A), (B), (C), or
(D) of section 701(b)(4),
to the extent that the electronic
communication service provider is
providing the United States Government
with information, facilities, or
assistance pursuant to such
subparagraphs.
``(iii) Covered opinions.--The term
`covered opinions' means the opinions of the
Foreign Intelligence Surveillance Court and the
Foreign Intelligence Surveillance Court of
Review authorized for public release on August
23, 2023 (Opinion and Order, In re Petition to
Set Aside or Modify Directive Issued to
[REDACTED], No. [REDACTED], (FISA Ct.
[REDACTED] 2022) (Contreras J.); Opinion, In re
Petition to Set Aside or Modify Directive
Issued to [REDACTED], No. [REDACTED], (FISA Ct.
Rev. [REDACTED] 2023) (Sentelle, J.; Higginson,
J.; Miller J.)).
``(B) Limitation.--A directive may not be issued
under paragraph (1) to a covered electronic
communication service provider unless the covered
electronic communication service provider is a provider
of the type of service at issue in the covered
opinions.
``(C) Declassification review required.--
``(i) In general.--Not later than 180 days
after the date of enactment of the SAFE Act,
the Director of National Intelligence, in
consultation with the Attorney General, shall
complete a declassification review in
accordance with section 3 of Executive Order
13526 (50 U.S.C. 3161 note; relating to
classified national security information), or
any successor order, (in this subparagraph
referred to as `Executive Order 13526') and,
consistent with that review, make publicly
available to the greatest extent practicable
the type of service provider and services at
issue in the covered opinions.
``(ii) Specific inquiry.--In conducting the
review required under clause (i), the Director
of National Intelligence and the Attorney
General shall determine--
``(I) whether the information
described in clause (i) continues to
meet the requirements for
classification set forth in Executive
Order 13526; and
``(II) if the information described
in clause (i) continues to meet the
requirements for classification set
forth in Executive Order 13526, whether
the information should nonetheless be
declassified pursuant to section 3.1(d)
of Executive Order 13526.
``(iii) Factors.--In making a determination
under subclause (II) of clause (ii), the
Director of National Intelligence and the
Attorney General shall consider--
``(I) the public interest served by
ensuring that laws are public and
transparent; and
``(II) the fact that the type of
service provider or services at issue
in the covered opinions have been the
subject of public disclosures.
``(D) Requirements for directives to covered
electronic communication service providers.--
``(i) In general.--Subject to clause (ii),
any directive issued under paragraph (1) on or
after the date of the enactment of the SAFE Act
to a covered electronic communication service
provider that is not prohibited by subparagraph
(B) of this paragraph shall include a summary
description of the services at issue in the
covered opinions.
``(ii) Duplicate summaries not required.--A
directive need not include a summary
description of the services at issue in the
covered opinions if such summary was included
in a prior directive issued to the covered
electronic communication service provider and
the summary has not materially changed.
``(E) Foreign intelligence surveillance court
notification and review.--
``(i) Notification.--
``(I) In general.--Subject to
subclause (II), on or after the date of
the enactment of the SAFE Act, each
time the Attorney General and the
Director of National Intelligence serve
a directive under paragraph (1) to a
covered electronic communication
service provider that is not prohibited
by subparagraph (B) and each time the
Attorney General and the Director
materially change a directive under
paragraph (1) served on a covered
electronic communication service
provider that is not prohibited by
subparagraph (B), the Attorney General
shall provide the directive to the
Foreign Intelligence Surveillance Court
on or before the date that is 7 days
after the date on which the Attorney
General and the Director served the
directive, along with a description of
the covered electronic communication
service provider to whom the directive
is issued and the services at issue.
``(II) Duplication not required.--
The Attorney General does not need to
provide a directive or description to
the Foreign Intelligence Surveillance
Court under subclause (I) if a
directive and description concerning
the covered electronic communication
service provider was previously
provided to the Court and the directive
or description has not materially
changed.
``(ii) Additional information.--As soon as
feasible and not later than the initiation of
collection, the Attorney General shall, for
each directive described in clause (i), provide
the Foreign Intelligence Surveillance Court a
summary description of the type of equipment to
be accessed, the nature of the access, and the
form of assistance required pursuant to the
directive.
``(iii) Review.--
``(I) In general.--The Foreign
Intelligence Surveillance Court may
review a directive received by the
Court under clause (i) to determine
whether the directive is consistent
with subparagraph (B) and affirm,
modify, or set aside the directive.
``(II) Notice of intent to
review.--Not later than 7 days after
the date on which the Court receives
information under clause (ii) with
respect to a directive, the Court shall
provide notice to the Attorney General
and cleared counsel for the covered
electronic communication service
provider indicating whether the Court
intends to undertake a review under
subclause (I) of this clause.
``(III) Completion of reviews.--In
a case in which the Court provides
notice under subclause (II) indicating
that the Court intends to review a
directive under subclause (I), the
Court shall, not later than 30 days
after the date on which the Court
provides notice under subclause (II)
with respect to the directive, complete
the review.
``(F) Congressional oversight.--
``(i) Notification.--
``(I) In general.--Subject to
subclause (II), on or after the date of
the enactment of the SAFE Act, each
time the Attorney General and the
Director of National Intelligence serve
a directive under paragraph (1) on a
covered electronic communication
service provider that is not prohibited
by subparagraph (B) and each time the
Attorney General and the Director
materially change a directive under
paragraph (1) served on a covered
electronic communication service
provider that is not prohibited by
subparagraph (B), the Attorney General
shall submit to the appropriate
committees of Congress the directive on
or before the date that is 7 days after
the date on which the Attorney General
and the Director serve the directive,
along with a description of the covered
electronic communication service
provider to whom the directive is
issued and the services at issue.
``(II) Duplication not required.--
The Attorney General does not need to
submit a directive or description to
the appropriate committees of Congress
under subclause (I) if a directive and
description concerning the covered
electronic communication service
provider was previously submitted to
the appropriate committees of Congress
and the directive or description has
not materially changed.
``(ii) Additional information.--As soon as
feasible and not later than the initiation of
collection, the Attorney General shall, for
each directive described in clause (i), provide
the appropriate committees of Congress a
summary description of the type of equipment to
be accessed, the nature of the access, and the
form of assistance required pursuant to the
directive.
``(iii) Reporting.--
``(I) Quarterly reports.--Not later
than 90 days after the date of the
enactment of the SAFE Act and not less
frequently than once each quarter
thereafter, the Attorney General shall
submit to the appropriate committees of
Congress a report on the number of
directives served, during the period
covered by the report, under paragraph
(1) to a covered electronic
communication service provider and the
number of directives provided during
the same period to the Foreign
Intelligence Surveillance Court under
subparagraph (E)(i).
``(II) Form of reports.--Each
report submitted pursuant to subclause
(I) shall be submitted in unclassified
form, but may include a classified
annex.
``(III) Submission of court
opinions.--Not later than 45 days after
the date on which the Foreign
Intelligence Surveillance Court or the
Foreign Intelligence Surveillance Court
of Review issues an opinion relating to
a directive issued to a covered
electronic communication service
provider under paragraph (1), the
Attorney General shall submit to the
appropriate committees of Congress a
copy of the opinion.''.
(b) Sunset.--Effective on December 31, 2026, section 702(i) of the
Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1881a(i)), as
amended by this section, is amended by striking paragraph (7).
SEC. 108. EXTENSION OF TITLE VII OF FISA; EXPIRATION OF FISA
AUTHORITIES; EFFECTIVE DATES.
(a) Effective Dates.--Section 403(b) of the FISA Amendments Act of
2008 (Public Law 110-261; 122 Stat. 2474) is amended--
(1) in paragraph (1) (50 U.S.C. 1881 note)--
(A) by striking ``two years after the date of
enactment of the Reforming Intelligence and Securing
America Act'' and inserting ``on April 20, 2028''; and
(B) by striking ``, as amended by section 101(a)
and by the FISA Amendments Reauthorization Act of 2017
and the Reforming Intelligence and Securing America
Act,'' and inserting ``, as most recently amended,'';
and
(2) in paragraph (2) (18 U.S.C. 2511 note), in the matter
preceding subparagraph (A), by striking ``two years after the
date of enactment of the Reforming Intelligence and Securing
America Act'' and inserting ``on April 20, 2028''.
(b) Conforming Amendments.--Section 404(b) of the FISA Amendments
Act of 2008 (Public Law 110-261; 122 Stat. 2476), is amended--
(1) in paragraph (1)--
(A) in the heading, by striking ``two years after
the date of enactment of the reforming intelligence and
securing america act'' and inserting ``April 20,
2028''; and
(B) by striking ``, as amended by section 101(a)
and by the FISA Amendments Reauthorization Act of 2017
and the Reforming Intelligence and Securing America
Act,'' and inserting ``, as most recently amended,'';
(2) in paragraph (2), by striking ``, as amended by section
101(a) and by the FISA Amendments Reauthorization Act of 2017
and the Reforming Intelligence and Securing America Act,'' and
inserting ``, as most recently amended,''; and
(3) in paragraph (4)--
(A) by striking ``, as added by section 101(a) and
amended by the FISA Amendments Reauthorization Act of
2017 and the Reforming Intelligence and Securing
America Act,'' both places it appears and inserting ``,
as added by section 101(a) and as most recently
amended,''; and
(B) by striking ``, as amended by section 101(a)
and by the FISA Amendments Reauthorization Act of 2017
and the Reforming Intelligence and Securing America
Act,'' both places it appears and inserting ``, as most
recently amended,''.
TITLE II--ADDITIONAL REFORMS RELATING TO ACTIVITIES UNDER THE FOREIGN
INTELLIGENCE SURVEILLANCE ACT OF 1978
SEC. 201. REQUIRED DISCLOSURE OF INFORMATION AND LIMITS ON USE OF
CERTAIN INFORMATION AND ON ISSUANCE OF ORDERS.
(a) Required Disclosure of Relevant Information in Foreign
Intelligence Surveillance Act of 1978 Applications.--
(1) In general.--The Foreign Intelligence Surveillance Act
of 1978 (50 U.S.C. 1801 et seq.) is amended by adding at the
end the following:
``TITLE IX--REQUIRED DISCLOSURE OF RELEVANT INFORMATION
``SEC. 901. DISCLOSURE OF RELEVANT INFORMATION.
``The Attorney General or any other Federal officer or employee
making an application for a court order under this Act shall provide
the court with all information in the possession of the Government that
is material to determining whether the application satisfies the
applicable requirements under this Act, including any exculpatory
information.''.
(2) Collection of communications under section 702.--
Section 702(h)(2) of the Foreign Intelligence Surveillance Act
of 1978 (50 U.S.C. 1881a(h)(2)) is amended--
(A) in subparagraph (D)(ii), by striking ``and'' at
the end;
(B) in subparagraph (E), by striking the period at
the end and inserting ``; and''; and
(C) by adding at the end the following:
``(F) attest that, to the best of the knowledge of
the person making the certification, the Attorney
General and the Director of National Intelligence have
been apprised of all information in the possession of
the Government that might reasonably--
``(i) call into question the accuracy of
the certification or the reasonableness of any
assessment in the certification conducted by
the department or agency on whose behalf the
application is made; or
``(ii) otherwise raise doubts with respect
to the findings that are required to be made
under subsection (j).''.
(3) Clerical amendments.--
(A) The table of contents for the Foreign
Intelligence Surveillance Act of 1978 is amended by
adding at the end the following:
``TITLE IX--REQUIRED DISCLOSURE OF RELEVANT INFORMATION
``Sec. 901. Disclosure of relevant information.''.
(B) Section 104(a) of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1804) is amended--
(i) by striking paragraphs (7) and (13);
and
(ii) by redesignating paragraphs (8)
through (12) as paragraphs (7) through (11),
respectively.
(b) Certification Regarding Accuracy Procedures.--
(1) Certification regarding accuracy procedures.--Title IX
of the Foreign Intelligence Surveillance Act of 1978, as added
by subsection (a) of this section, is amended by adding at the
end the following:
``SEC. 902. CERTIFICATION REGARDING ACCURACY PROCEDURES.
``(a) Definition of Accuracy Procedures.--In this section, the term
`accuracy procedures' means specific procedures, adopted by the
Attorney General, to ensure that an application for a court order under
this Act, including any application for renewal of an existing order,
is accurate and complete, including procedures that ensure, at a
minimum, that--
``(1) the application reflects all information that might
reasonably call into question the accuracy of the information
or the reasonableness of any assessment in the application, or
otherwise raises doubts about or contradicts the requested
findings;
``(2) the application reflects all material information
that might reasonably call into question the reliability and
reporting of any information from a confidential human source
that is used in the application;
``(3) a complete file documenting each factual assertion in
an application is maintained;
``(4) the applicant coordinates with the appropriate
elements of the intelligence community (as defined in section 3
of the National Security Act of 1947 (50 U.S.C. 3003)),
concerning any prior or existing relationship with the target
of any surveillance, search, or other means of investigation,
and discloses any such relationship in the application;
``(5) before any application targeting a United States
person (as defined in section 101) is made, the applicant
Federal officer shall document that the officer has collected
and reviewed for accuracy and completeness supporting
documentation for each factual assertion in the application;
and
``(6) the applicant Federal agency establish compliance and
auditing mechanisms to address, on an annual basis, the
efficacy of the accuracy procedures that have been adopted and
report such findings to the Attorney General.
``(b) Statement and Certification of Accuracy Procedures.--Any
Federal officer making an application for a court order under this Act
shall include with the application--
``(1) a description of the accuracy procedures employed by
the officer or the officer's designee; and
``(2) a certification that the officer or the officer's
designee has collected and reviewed for accuracy and
completeness--
``(A) supporting documentation for each factual
assertion contained in the application;
``(B) all information that might reasonably call
into question the accuracy of the information or the
reasonableness of any assessment in the application, or
otherwise raises doubts about the requested findings;
and
``(C) all material information that might
reasonably call into question the reliability and
reporting of any information from any confidential
human source that is used in the application.
``(c) Necessary Finding for Court Orders.--A judge may not enter an
order under this Act unless the judge finds, in addition to any other
findings required under this Act, that the accuracy procedures
described in the application for the order, as required under
subsection (b)(1), are actually accuracy procedures as defined in this
section.''.
(2) Technical amendment.--The table of contents for the
Foreign Intelligence Surveillance Act of 1978, as amended by
subsection (a) of this section, is amended by adding at the end
the following:
``Sec. 902. Certification regarding accuracy procedures.''.
(c) Prohibition on Use of Certain Information.--
(1) In general.--Section 104 of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1804) is amended by adding
at the end the following:
``(e) The statement of facts and circumstances under subsection
(a)(3) may only include information obtained from the content of a
media source or information gathered by a political campaign if--
``(1) such information is disclosed in the application as
having been so obtained or gathered;
``(2) with regard to information gathered from the content
of a media source, the application includes an explanation of
the investigative techniques used to corroborate the
information; and
``(3) with regard to information gathered by a political
campaign, such information is not the sole source of the
information used to justify the applicant's belief described in
subsection (a)(3).''.
(2) Technical and conforming amendments.--The Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.)
is amended--
(A) in section 104(a)(6) (50 U.S.C. 1804(a)(6))--
(i) in subparagraph (D), by striking the
semicolon at the end and inserting ``; and'';
(ii) in subparagraph (E)(ii), by striking
``and'' at the end; and
(iii) by striking subparagraphs (F) and
(G); and
(B) in section 303(a)(6) (50 U.S.C. 1823(a)(6))--
(i) in subparagraph (D), by striking the
semicolon at the end and inserting ``; and'';
(ii) in subparagraph (E), by striking
``and'' at the end; and
(iii) by striking subparagraphs (F) and
(G).
(d) Limitation on Issuance of Order.--Section 105(a) of the Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1805(a)) is amended--
(1) in paragraph (3), by striking ``; and'' and inserting a
semicolon;
(2) in paragraph (4), by striking the period and inserting
``; and''; and
(3) by adding at the end the following:
``(5) for an application that is based, in any part, on
information obtained from the content of a media source, on
information gathered by a political campaign, or on information
relating to activity protected under the First Amendment to the
Constitution of the United States--
``(A) such information is disclosed in the
application as having been so obtained or gathered, or
as being so related;
``(B) with regard to information gathered from the
content of a media source, the application includes an
explanation of the investigative techniques used to
corroborate the information; and
``(C) with regard to information gathered by a
political campaign, such information is not the sole
source of the information used to justify the
applicant's belief described in section 104(a)(3).''.
(e) Conforming Repeal of RISAA Exculpatory Information
Requirements.--The Foreign Intelligence Surveillance Act of 1978 (50
U.S.C. 1801 et seq.) is amended--
(1) in section 104(a) (50 U.S.C. 1804(a)), by striking
paragraph (13);
(2) in section 303(a) (50 U.S.C. 1823(a)), by striking
paragraph (11);
(3) in section 402(c) (50 U.S.C. 1842(c))--
(A) in paragraph (3), by adding ``and'' at the end;
(B) in paragraph (4)(B), by striking ``; and'' and
inserting a period; and
(C) by striking paragraph (5);
(4) in section 502(b)(2) (50 U.S.C. 1862(b)(2))--
(A) in subparagraph (B), by adding ``and'' at the
end;
(B) by redesignating subparagraph (E) as
subparagraph (C);
(C) in subparagraph (C)(ii), as so redesignated, by
striking ``; and'' and inserting a period; and
(D) by striking subparagraph (F);
(5) in section 703(b)(1) (50 U.S.C. 1881b(b)(1))--
(A) in subparagraph (J), by adding ``and'' at the
end;
(B) in subparagraph (K)(ii), by striking ``; and''
and inserting a period; and
(C) by striking subparagraph (L); and
(6) in section 704(b) (50 U.S.C. 1881c(b))--
(A) in paragraph (7), by adding ``and'' at the end;
(B) in paragraph (8)(B), by striking ``; and'' and
inserting a period; and
(C) by striking paragraph (9).
SEC. 202. CRIMINAL PENALTIES FOR VIOLATIONS OF FISA.
(a) In General.--Section 109(a) of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1809(a)) is amended--
(1) in paragraph (2), by striking ``or'' at the end;
(2) in paragraph (3), by striking the period at the end and
inserting a semicolon; and
(3) by adding at the end the following:
``(4) knowingly submits any document to or makes any
statement before the court established under section 103(a) or
the court established under section 103(b), knowing such
document or statement to contain--
``(A) a false material declaration; or
``(B) a material omission; or
``(5) knowingly discloses the existence of an application
for an order authorizing surveillance under this title, or any
information contained therein, to any person not authorized to
receive such information, except insofar as such disclosure is
authorized by statute or executive order setting forth
permissible disclosures by whistleblowers.''.
(b) Rule of Construction.--This section and the amendments made by
this section may not be construed to interfere with the enforcement of
section 798 of title 18, United States Code, or any other provision of
law regarding the unlawful disclosure of classified information.
SEC. 203. AGENCY PROCEDURES TO ENSURE COMPLIANCE.
(a) Agency Procedures To Ensure Compliance.--Title VI of the
Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1871 et seq.)
is amended by adding at the end the following:
``SEC. 605. AGENCY PROCEDURES TO ENSURE COMPLIANCE.
``The head of each Federal department or agency authorized to
acquire foreign intelligence information under this Act shall establish
procedures--
``(1) setting forth clear rules on what constitutes a
violation of this Act by an officer or employee of that
department or agency; and
``(2) for taking appropriate adverse personnel action
against any officer or employee of the department or agency who
engages in a violation described in paragraph (1), including
more severe adverse personnel actions for any subsequent
violation by such officer or employee.''.
(b) Clerical Amendment.--The table of contents for the Foreign
Intelligence Surveillance Act of 1978 is amended by inserting after the
item relating to section 604 the following:
``Sec. 605. Agency procedures to ensure compliance.''.
(c) Report.--Not later than 90 days after the date of enactment of
this Act, the head of each Federal department or agency that is
required to establish procedures under section 605 of the Foreign
Intelligence Surveillance Act of 1978, as added by subsection (a) of
this section, shall report to Congress on the implementation of such
procedures.
SEC. 204. LIMIT ON CIVIL IMMUNITY FOR PROVIDING INFORMATION,
FACILITIES, OR TECHNICAL ASSISTANCE TO THE GOVERNMENT
ABSENT A COURT ORDER.
Section 2511(2)(a) of title 18, United States Code, is amended--
(1) in subparagraph (ii), by striking clause (B) and
inserting the following:
``(B) a certification in writing--
``(I) by a person specified in section
2518(7) or the Attorney General of the United
States;
``(II) that the requirements for an
emergency authorization to intercept a wire,
oral, or electronic communication under section
2518(7) have been met; and
``(III) that the specified assistance is
required,''; and
(2) by striking subparagraph (iii) and inserting the
following:
``(iii) For assistance provided pursuant to a certification
under subparagraph (ii)(B), the limitation on causes of action
under the last sentence of the matter following that
subparagraph shall only apply to the extent that the assistance
ceased at the earliest of the time the application for a court
order was denied, the time the communication sought was
obtained, or 48 hours after the interception began.''.
SEC. 205. PROHIBITION ON AVOIDING DISCLOSURE OBLIGATIONS THROUGH
PARALLEL CONSTRUCTION.
(a) Derived Defined.--
(1) In general.--Section 101 of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1801) is amended by adding
at the end the following:
``(q) `Derived from', with respect to an electronic surveillance,
physical search, use of a pen register or trap and trace device,
production of tangible things, or acquisition under this Act or
pursuant to executive authority, means the Government would not have
originally possessed the information or evidence but for that
electronic surveillance, physical search, use of a pen register or trap
and trace device, production of tangible things, or acquisition, which
shall be determined without regard to any claim that the information or
evidence is attenuated from the surveillance, search, use, production,
or acquisition, would inevitably have been discovered, or was
subsequently reobtained through other means.''.
(2) Conforming addition to other titles.--The Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.)
is amended--
(A) in section 301(1) (50 U.S.C. 1821(1)), by
inserting ```derived from','' after ``destruction','';
(B) in section 401(1) (50 U.S.C. 1841(1)), by
inserting ```derived from','' after ``person','';
(C) in section 501(1) (50 U.S.C. 1861(1)), by
inserting ```derived from','' after ``terrorism','';
and
(D) in section 701(a) (50 U.S.C. 1881(a)), by
inserting ```derived from','' after ``United
States',''.
(b) Policies and Guidance.--
(1) In general.--Not later than 90 days after the date of
enactment of this Act, the Attorney General and the Director of
National Intelligence shall publish--
(A) policies concerning the application of
subsection (q) of section 101 of the Foreign
Intelligence Surveillance Act of 1978, as added by
subsection (a); and
(B) guidance for all members of the intelligence
community (as defined in section 3 of the National
Security Act of 1947 (50 U.S.C. 3003)) and all Federal
agencies with law enforcement responsibilities
concerning the application of subsection (q) of section
101 of the Foreign Intelligence Surveillance Act of
1978, as added by subsection (a).
(2) Modifications.--Whenever the Attorney General and the
Director of National Intelligence modify a policy or guidance
published under paragraph (1), the Attorney General and the
Director shall publish the modifications.
(c) Use of Information Acquired Under Title VII.--Section 706 of
the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1881e) is
amended--
(1) in subsection (a)(1), by striking ``, except for the
purposes of subsection (j) of such section''; and
(2) by amending subsection (b) to read as follows:
``(b) Information Acquired Under Sections 703, 704, or 705.--
Information acquired under sections 703, 704, or 705 shall be deemed to
be information acquired from an electronic surveillance pursuant to
title I for the purposes of section 106.''.
SEC. 206. SUNSET ON GRANDFATHER CLAUSE OF FISA'S BUSINESS RECORDS
PROVISION.
Section 102(b)(2) of the USA PATRIOT Improvement and
Reauthorization Act of 2005 (Public Law 109-177; 50 U.S.C. 1805 note)
is amended by inserting ``, except that title V of the Foreign
Intelligence Surveillance Act of 1978, as in effect on March 14, 2020,
shall cease to be in effect with respect to such an investigation,
offense, or potential offense on the date that is 180 days after the
date of the enactment of the SAFE Act'' after ``continue in effect''.
TITLE III--REFORMS RELATING TO PROCEEDINGS BEFORE THE FOREIGN
INTELLIGENCE SURVEILLANCE COURT AND OTHER COURTS
SEC. 301. FOREIGN INTELLIGENCE SURVEILLANCE COURT REFORM.
(a) Expansion of Appointment Authority.--
(1) In general.--Section 103(i)(2) of the Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1803(i)(2)) is
amended--
(A) in subparagraph (A)--
(i) by striking clause (i) and inserting
the following:
``(i) shall, unless the court issues a
finding that appointment is not appropriate,
appoint one or more individuals who have been
designated under paragraph (1), not fewer than
one of whom possesses privacy and civil
liberties expertise, unless the court finds
that such a qualification is inappropriate, to
serve as amicus curiae to assist the court in
the consideration of any application or motion
for an order or review that, in the opinion of
the court--
``(I) presents a novel or
significant interpretation of the law;
``(II) presents significant
concerns with respect to the activities
of a United States person that are
protected by the first amendment to the
Constitution of the United States;
``(III) presents or involves a
sensitive investigative matter;
``(IV) presents a request for
approval of a new program, a new
technology, or a new use of existing
technology;
``(V) presents a request for
reauthorization of programmatic
surveillance; or
``(VI) otherwise presents novel or
significant civil liberties issues;'';
and
(ii) in clause (iii), by striking ``,
unless the court issues a finding that such
appointment is not appropriate or is likely to
result in undue delay'';
(B) by striking subparagraph (B); and
(C) by redesignating subparagraph (C) as
subparagraph (B).
(2) Definition of sensitive investigative matter.--Section
103(i) of the Foreign Intelligence Surveillance Act of 1978 (50
U.S.C. 1803(i)) is amended by adding at the end the following:
``(12) Definition.--In this subsection, the term `sensitive
investigative matter' means--
``(A) an investigative matter involving the
activities of--
``(i) a domestic public official or
political candidate, or an individual serving
on the staff of such an official or candidate;
``(ii) a domestic religious or political
organization, or a known or suspected United
States person prominent in such an
organization; or
``(iii) the domestic news media; or
``(B) any other investigative matter involving a
domestic entity or a known or suspected United States
person that, in the judgment of the applicable court
established under subsection (a) or (b), is as
sensitive as an investigative matter described in
subparagraph (A).''.
(b) Authority To Seek Review.--Section 103(i) of the Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1803(i)), as amended
by subsection (a) of this section, is amended--
(1) in paragraph (4)--
(A) in the paragraph heading, by inserting ``;
authority'' after ``Duties'';
(B) in the matter preceding subparagraph (A), by
striking ``shall'';
(C) by striking subparagraph (A);
(D) by redesignating subparagraph (B) as
subparagraph (A);
(E) in subparagraph (A), as so redesignated--
(i) in the matter preceding clause (i), by
inserting ``shall'' before ``provide'';
(ii) in clause (i), by inserting before the
semicolon at the end the following: ``,
including legal arguments regarding any privacy
or civil liberties interest of any United
States person that would be significantly
impacted by the application or motion''; and
(iii) in clause (iii), by striking the
period at the end and inserting ``; and''; and
(F) by adding at the end the following:
``(B) may seek leave to raise any novel or
significant privacy or civil liberties issue relevant
to the application or motion or other issue directly
impacting the legality of the proposed electronic
surveillance with the court, regardless of whether the
court has requested assistance on that issue.'';
(2) by redesignating paragraphs (7) through (12) as
paragraphs (8) through (13), respectively; and
(3) by inserting after paragraph (6) the following:
``(7) Authority to seek review of decisions.--
``(A) FISA court decisions.--
``(i) Petition.--Following issuance of an
order under this Act by the court established
under subsection (a), an amicus curiae
appointed under paragraph (2) may petition the
court to certify for review to the court
established under subsection (b) a question of
law pursuant to subsection (j).
``(ii) Written statement of reasons.--If
the court established under subsection (a)
denies a petition under this subparagraph, the
court shall provide for the record a written
statement of the reasons for the denial.
``(iii) Appointment.--Upon certification of
any question of law pursuant to this
subparagraph, the court established under
subsection (b) shall appoint the amicus curiae
to assist the court in its consideration of the
certified question, unless the court issues a
finding that such appointment is not
appropriate.
``(B) FISA court of review decisions.--An amicus
curiae appointed under paragraph (2) may petition the
court established under subsection (b) to certify for
review to the Supreme Court of the United States any
question of law pursuant to section 1254(2) of title
28, United States Code.
``(C) Declassification of referrals.--For purposes
of section 602, a petition filed under subparagraph (A)
or (B) of this paragraph and all of its content shall
be considered a decision, order, or opinion issued by
the Foreign Intelligence Surveillance Court or the
Foreign Intelligence Surveillance Court of Review
described in section 602(a).''.
(c) Access to Information.--
(1) Application and materials.--Section 103(i)(6) of the
Foreign Intelligence Surveillance Act of 1978 (50 U.S.C.
1803(i)(6)) is amended by striking subparagraph (A) and
inserting the following:
``(A) In general.--
``(i) Right of amicus.--If a court
established under subsection (a) or (b)
appoints an amicus curiae under paragraph (2),
the amicus curiae--
``(I) shall have access, to the
extent such information is available to
the Government, to--
``(aa) the application,
certification, petition,
motion, and other information
and supporting materials,
including any information
described in section 901,
submitted to the court
established under subsection
(a) in connection with the
matter in which the amicus
curiae has been appointed,
including access to any
relevant legal precedent
(including any such precedent
that is cited by the
Government, including in such
an application);
``(bb) an unredacted copy
of each relevant decision made
by the court established under
subsection (a) or the court
established under subsection
(b) in which the court decides
a question of law, without
regard to whether the decision
is classified; and
``(cc) any other
information or materials that
the court determines are
relevant to the duties of the
amicus curiae; and
``(II) may make a submission to the
court requesting access to any other
particular materials or information (or
category of materials or information)
that the amicus curiae believes to be
relevant to the duties of the amicus
curiae.
``(ii) Supporting documentation regarding
accuracy.--The court established under
subsection (a), upon the motion of an amicus
curiae appointed under paragraph (2) or upon
its own motion, may require the Government to
make available the supporting documentation
described in section 902.''.
(2) Clarification of access to certain information.--
Section 103(i)(6) of the Foreign Intelligence Surveillance Act
of 1978 (50 U.S.C. 1803(i)(6)) is amended--
(A) in subparagraph (B), by striking ``may'' and
inserting ``shall''; and
(B) by striking subparagraph (C) and inserting the
following:
``(C) Classified information.--An amicus curiae
designated or appointed by the court shall have access,
to the extent such information is available to the
Government, to unredacted copies of each opinion,
order, transcript, pleading, or other document of the
court established under subsection (a) and the court
established under subsection (b), including, if the
individual is eligible for access to classified
information, any classified documents, information, and
other materials or proceedings.''.
(3) Consultation among amici curiae.--Section 103(i)(6) of
the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C.
1803(i)(6)) is amended--
(A) by redesignating subparagraph (D) as
subparagraph (E); and
(B) by inserting after subparagraph (C) the
following:
``(D) Consultation among amici curiae.--An amicus
curiae appointed under paragraph (2) by the court
established under subsection (a) or the court
established under subsection (b) may consult with 1 or
more of the other individuals designated by the court
to serve as amicus curiae pursuant to paragraph (1) of
this subsection regarding any of the information
relevant to any assigned proceeding.''.
(d) Effective Date.--The amendments made by this section shall take
effect on the date of enactment of this Act and shall apply with
respect to proceedings under the Foreign Intelligence Surveillance Act
of 1978 (50 U.S.C. 1801 et seq.) that take place on or after, or are
pending on, that date.
SEC. 302. PUBLIC DISCLOSURE AND DECLASSIFICATION OF CERTAIN DOCUMENTS.
Section 602(a) of the Foreign Intelligence Surveillance Act of 1978
(50 U.S.C. 1872(a)) is amended--
(1) by striking ``, to be concluded as soon as practicable,
but not later than 180 days after the commencement of such
review,''; and
(2) by inserting ``to be concluded as soon as practicable,
but not later than 180 days after the issuance of such
decision, order, or opinion,'' before ``and, consistent with
that review''.
SEC. 303. TECHNICAL AMENDMENT TO CONTEMPT POWER OF FISC AND FISC-R.
(a) In General.--Chapter 21 of title 18, United States Code, is
amended--
(1) in section 402, by striking ``, including the Foreign
Intelligence Surveillance Court or the Foreign Intelligence
Surveillance Court of Review established by section 103 of the
Foreign Intelligence Surveillance Act of 1978 (50 U.S.C.
1803),'' and inserting the following: ``, the Foreign
Intelligence Surveillance Court, the Foreign Intelligence
Surveillance Court of Review,''; and
(2) by adding at the end the following:
``Sec. 404. Definitions
``For purposes of this chapter--
``(1) the term `court of the United States' includes the
Foreign Intelligence Surveillance Court or the Foreign
Intelligence Surveillance Court of Review; and
``(2) the terms `Foreign Intelligence Surveillance Court'
and `Foreign Intelligence Surveillance Court of Review' have
the meanings given those terms in section 601(e) of the Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1871(e)).''.
(b) Clerical Amendment.--The table of sections for chapter 21 of
title 18, United States Code, is amended by adding at the end the
following:
``404. Definitions.''.
TITLE IV--INDEPENDENT EXECUTIVE BRANCH OVERSIGHT
SEC. 401. PERIODIC AUDIT OF FISA COMPLIANCE BY INSPECTOR GENERAL.
(a) Report Required.--Title VI of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1871 et seq.), as amended by
section 203 of this Act, is amended by adding at the end the following:
``SEC. 606. PERIODIC AUDIT OF FISA COMPLIANCE BY INSPECTOR GENERAL.
``Not later than June 30 of the first calendar year that begins
after the date of enactment of this section, and every 3 years
thereafter, the Inspector General of the Department of Justice shall--
``(1) conduct an audit of alleged or potential violations
and failures to comply with the requirements of this Act, and
any procedures established pursuant to this Act, which shall
include an analysis of the accuracy and completeness of
applications and certifications for orders submitted under each
of sections 105, 303, 402, 502, 702, 703, and 704; and
``(2) submit to the Select Committee on Intelligence of the
Senate, the Committee on the Judiciary of the Senate, the
Permanent Select Committee on Intelligence of the House of
Representatives, and the Committee on the Judiciary of the
House of Representatives a report on the audit required under
paragraph (1).''.
(b) Clerical Amendment.--The table of contents for the Foreign
Intelligence Surveillance Act of 1978, as amended by section 203 of
this Act, is amended by inserting after the item relating to section
605 the following:
``Sec. 606. Periodic audit of FISA compliance by Inspector General.''.
TITLE V--PROTECTIONS FOR UNITED STATES PERSONS WHOSE SENSITIVE
INFORMATION IS PURCHASED BY INTELLIGENCE AND LAW ENFORCEMENT AGENCIES
SEC. 501. LIMITATION ON INTELLIGENCE ACQUISITION OF UNITED STATES
PERSON DATA.
(a) Definitions.--In this section:
(1) Appropriate committees of congress.--The term
``appropriate committees of Congress'' means--
(A) the congressional intelligence committees (as
defined in section 3 of the National Security Act of
1947 (50 U.S.C. 3003));
(B) the Committee on the Judiciary of the Senate;
and
(C) the Committee on the Judiciary of the House of
Representatives.
(2) Covered data.--The term ``covered data'' means data,
derived data, or any unique identifier that--
(A) is linked to or is reasonably linkable to a
covered person; and
(B) does not include--
(i) data that--
(I) is lawfully available to the
public through Federal, State, or local
government records or through widely
distributed media;
(II) is reasonably believed to have
been voluntarily made available to the
general public by the covered person;
or
(III) is a specific communication
or transaction with a targeted
individual who is not a covered person;
or
(ii) human intelligence other than data
transfers.
(3) Covered person.--The term ``covered person'' means an
individual who--
(A) is reasonably believed to be located in the
United States at the time of the creation or
acquisition of the covered data; or
(B) is a United States person.
(4) Intelligence community.--The term ``intelligence
community'' has the meaning given such term in section 3 of the
National Security Act of 1947 (50 U.S.C. 3003).
(5) State, united states, united states person.--The terms
``State'', ``United States'', and ``United States person'' have
the meanings given such terms in section 101 of the Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1801).
(b) Limitation.--
(1) In general.--Subject to paragraphs (2) through (7), an
element of the intelligence community may not acquire covered
data, which shall include acquiring covered data directly or
indirectly, such as by acquiring covered data from another
entity that directly acquired the covered data.
(2) Authorization pursuant to court order.--An element of
the intelligence community may acquire covered data if the
collection has been authorized by an order issued pursuant to
the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C.
1801 et seq.) or title 18, United States Code, by a court of
competent jurisdiction covering the period of the acquisition,
subject to the use, dissemination, querying, retention, and
other minimization limitations required by such authorization.
(3) Authorization for employment-related use.--An element
of the intelligence community may acquire covered data about an
employee of, or applicant for employment by, an element of the
intelligence community for employment-related purposes, but
only if--
(A) access to and use of the covered data is
limited to such purposes; and
(B) the covered data is destroyed at such time as
it is no longer necessary for such purposes.
(4) Exception for compliance purposes.--An element of the
intelligence community may acquire covered data for the purpose
of supporting compliance with collection limitations and
minimization requirements imposed by statute, guidelines,
procedures, or the Constitution of the United States, but only
if--
(A) access to and use of the covered data is
limited to such purpose; and
(B) the covered data is destroyed at such time as
it is no longer necessary for such purpose.
(5) Exception for life or safety.--An element of the
intelligence community may acquire covered data if there is a
reasonable belief that an emergency exists involving an
imminent threat of death or serious bodily harm and the covered
data is necessary to mitigate that threat, but only if--
(A) access to and use of the covered data is
limited to addressing the threat; and
(B) the covered data is destroyed at such time as
it is no longer necessary for such purpose.
(6) Exception for consent.--An element of the intelligence
community may acquire covered data if--
(A) each covered person linked or reasonably
linkable to the covered data, or, if such person is
incapable of providing consent, a third party legally
authorized to consent on behalf of the person, has
provided consent to the acquisition and use of the data
on a case-by-case basis;
(B) access to and use of the covered data is
limited to the purposes for which the consent was
provided; and
(C) the covered data is destroyed at such time as
it is no longer necessary for such purposes.
(7) Exception for nonsegregable data.--An element of the
intelligence community may acquire a dataset that includes
covered data if the covered data is not reasonably segregable
prior to acquisition, but only if the element of the
intelligence community complies with the minimization
procedures in subsection (c).
(c) Minimization Procedures.--
(1) In general.--The Attorney General shall adopt specific
procedures that are reasonably designed to minimize the
acquisition and retention, and to restrict the querying, of
covered data that is not subject to 1 or more of the exceptions
set forth in subsection (b).
(2) Acquisition and retention.--The procedures adopted
under paragraph (1) shall require elements of the intelligence
community to exhaust all reasonable means--
(A) to exclude covered data not subject to 1 or
more exceptions set forth in subsection (b) from
datasets prior to acquisition; and
(B) to remove and delete covered data not subject
to 1 or more exceptions set forth in subsection (b)
prior to the operational use of the acquired dataset or
the inclusion of the dataset in a database intended for
operational use.
(3) Destruction.--The procedures adopted under paragraph
(1) shall require that if an element of the intelligence
community identifies covered data not subject to 1 or more
exceptions set forth in paragraphs (2) through (6) of
subsection (b), such covered data shall be promptly destroyed.
(4) Querying.--
(A) In general.--Except as provided in
subparagraphs (B) and (C), no officer or employee of an
element of the intelligence community may conduct a
query of covered data, including covered data already
subjected to minimization, in an effort to find records
of or about a particular covered person.
(B) Exceptions.--Subparagraph (A) shall not apply
to a query related to a particular covered person if--
(i) such covered person is the subject of a
court order issued under the Foreign
Intelligence Surveillance Act of 1978 (50
U.S.C. 1801 et seq.) or title 18, United States
Code, that would authorize the element of the
intelligence community to compel the production
of the covered data, during the effective
period of that order;
(ii) the purpose of the query is to
retrieve information about an employee of, or
applicant for employment by, an element of the
intelligence community, provided that any
covered data accessed through such query is
used only for such purpose;
(iii) the query is conducted for the
purpose of supporting compliance with
collection limitations and minimization
requirements imposed by statute, guidelines,
procedures, or the Constitution of the United
States, provided that any covered data accessed
through such query is used only for such
purpose;
(iv) the officer or employee of an element
of the intelligence community carrying out the
query has a reasonable belief that an emergency
exists involving an imminent threat of death or
serious bodily harm, and that in order to
prevent or mitigate such threat, the query must
be conducted before a court order can, with due
diligence, be obtained, provided that any
covered data accessed through such query is
used only for such purpose; or
(v) such covered person or, if such person
is incapable of providing consent, a third
party legally authorized to consent on behalf
of the person has consented to the query,
provided that any use of covered data accessed
through such query is limited to the purposes
for which the consent was provided.
(C) Special rule for nonsegregable datasets.--For a
query of a dataset acquired under subsection (b)(7)--
(i) each query shall be reasonably designed
to exclude personal data of covered persons,
unless the query is subject to an exception set
forth in subparagraph (B); and
(ii) any personal data of covered persons
returned pursuant to a query that is not
subject to an exception set forth in paragraphs
(2) through (7) of subsection (b) shall not be
reviewed and shall immediately be destroyed.
(d) Prohibition on Use of Data Obtained in Violation of This
Section.--Covered data acquired by an element of the intelligence
community in violation of subsection (b), and any evidence derived
therefrom, may not be used, received in evidence, or otherwise
disseminated in any investigation by or in any trial, hearing, or other
proceeding in or before any court, grand jury, department, office,
agency, regulatory body, legislative committee, or other authority of
the United States, a State, or political subdivision thereof.
(e) Reporting Requirement.--
(1) In general.--Not later than 180 days after the date of
the enactment of this Act, the Director of National
Intelligence shall submit to the appropriate committees of
Congress and the Privacy and Civil Liberties Oversight Board a
report on the acquisition of datasets that the Director
anticipates will contain information of covered persons that is
significant in volume, proportion, or sensitivity.
(2) Contents.--The report submitted pursuant to paragraph
(1) shall include the following:
(A) A description of the covered person information
in each dataset.
(B) An estimate of the amount of covered person
information in each dataset.
(3) Notifications.--After submitting the report required by
paragraph (1), the Director shall, in coordination with the
Under Secretary of Defense for Intelligence and Security,
notify the appropriate committees of Congress of any changes to
the information contained in such report.
(4) Availability to the public.--The Director shall make
available to the public on the website of the Director--
(A) the unclassified portion of the report
submitted pursuant to paragraph (1); and
(B) any notifications submitted pursuant to
paragraph (3).
(f) Rule of Construction.--Nothing in this section shall authorize
an acquisition otherwise prohibited by the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1801 et seq.) or title 18, United
States Code.
SEC. 502. LIMITATION ON LAW ENFORCEMENT PURCHASE OF PERSONAL DATA FROM
DATA BROKERS.
Section 2702 of title 18, United States Code, is amended by adding
at the end the following:
``(e) Prohibition on Obtaining in Exchange for Anything of Value
Personal Data by Law Enforcement Agencies.--
``(1) Definitions.--In this subsection and subsection (f)--
``(A) the term `covered governmental entity' means
a law enforcement agency of a governmental entity;
``(B) the term `covered organization' means a
person who--
``(i) is not a governmental entity; and
``(ii) is not an individual;
``(C) the term `covered person' means an individual
who--
``(i) is reasonably believed to be located
inside the United States at the time of the
creation of the covered personal data; or
``(ii) is a United States person, as
defined in section 101 of the Foreign
Intelligence Surveillance Act of 1978 (50
U.S.C. 1801);
``(D) the term `covered personal data' means
personal data relating to a covered person;
``(E) the term `electronic device' has the meaning
given the term `computer' in section 1030(e);
``(F) the term `lawfully obtained public data'
means personal data obtained by a particular covered
organization that the covered organization--
``(i) reasonably understood to have been
voluntarily made available to the general
public by the covered person; and
``(ii) obtained in compliance with all
applicable laws, regulations, contracts,
privacy policies, and terms of service;
``(G) the term `obtain in exchange for anything of
value' means to obtain by purchasing, to receive in
connection with services being provided for monetary or
nonmonetary consideration, or to otherwise obtain in
exchange for consideration, including an access fee,
service fee, maintenance fee, or licensing fee; and
``(H) the term `personal data'--
``(i) means data, derived data, or any
unique identifier that is linked to, or is
reasonably linkable to, an individual or to an
electronic device that is linked to, or is
reasonably linkable to, 1 or more individuals
in a household;
``(ii) includes anonymized data that, if
combined with other data, can be linked to, or
is reasonably linkable to, an individual or to
an electronic device that identifies, is linked
to, or is reasonably linkable to 1 or more
individuals in a household; and
``(iii) does not include--
``(I) data that is lawfully
available through Federal, State, or
local government records or through
widely distributed media; or
``(II) a specific communication or
transaction with a targeted individual
who is not a covered person.
``(2) Limitation.--
``(A) In general.--
``(i) Prohibition.--Subject to clauses (ii)
through (x), a covered governmental entity may
not obtain in exchange for anything of value
covered personal data if--
``(I) the covered personal data is
directly or indirectly obtained from a
covered organization; or
``(II) the covered personal data is
derived from covered personal data that
was directly or indirectly obtained
from a covered organization.
``(ii) Exception for certain compilations
of data.--A covered governmental entity may
obtain in exchange for something of value
covered personal data as part of a larger
compilation of data which includes personal
data about persons who are not covered persons,
if--
``(I) the covered governmental
entity is unable through reasonable
means to exclude covered personal data
from the larger compilation obtained;
and
``(II) the covered governmental
entity minimizes any covered personal
data from the larger compilation, in
accordance with subsection (f).
``(iii) Exception for whistleblower
disclosures to law enforcement.--Clause (i)
shall not apply to covered personal data that
is obtained by a covered governmental entity
under a program established by an Act of
Congress under which a portion of a penalty or
a similar payment or bounty is paid to an
individual who discloses information about an
unlawful activity to the Government, such as
the program authorized under section 7623 of
the Internal Revenue Code of 1986 (relating to
awards to whistleblowers in cases of
underpayments or fraud).
``(iv) Exception for cost reimbursement
under compulsory legal process.--Clause (i)
shall not apply to covered personal data that
is obtained by a covered governmental entity
from a covered organization in accordance with
compulsory legal process that--
``(I) is established by a Federal
or State statute; and
``(II) provides for the
reimbursement of costs of the covered
organization that are incurred in
connection with providing the record or
information to the covered governmental
entity, such as the reimbursement of
costs under section 2706.
``(v) Exception for employment-related
use.--Clause (i) shall not apply to covered
personal data about an employee of, or
applicant for employment by, a covered
governmental entity that is--
``(I) obtained by the covered
governmental entity for employment-
related purposes;
``(II) accessed and used by the
covered governmental entity only for
employment-related purposes; and
``(III) destroyed at such time as
the covered personal data is no longer
needed for employment-related purposes.
``(vi) Exception for use in background
checks.--Clause (i) shall not apply to covered
personal data about a covered person that is--
``(I) obtained by a covered
governmental entity for purposes of
conducting a background check of the
covered person with the written consent
of the covered person;
``(II) accessed and used by the
covered governmental entity only for
background check-related purposes; and
``(III) destroyed at such time as
the covered personal data is no longer
needed for background check-related
purposes.
``(vii) Exception for lawfully obtained
public data.--Clause (i) shall not apply to
covered personal data that is obtained by a
covered governmental entity if--
``(I) the covered personal data is
lawfully obtained public data; or
``(II) the covered personal data is
derived from covered personal data that
solely consists of lawfully obtained
public data.
``(viii) Exception for life or safety.--
Clause (i) shall not apply to covered personal
data that is obtained by a covered governmental
entity if there is a reasonable belief than an
emergency exists involving an imminent threat
of death or serious bodily harm to a covered
person and the covered data is necessary to
mitigate that threat, provided that--
``(I) access to and use of the
covered personal data is limited to
addressing the threat; and
``(II) the covered personal data is
destroyed at such time as it is no
longer necessary for such purpose.
``(ix) Exception for compliance purposes.--
Clause (i) shall not apply to covered personal
data that is obtained by a covered governmental
entity for the purpose of supporting compliance
with collection limitations and minimization
requirements imposed by statute, guidelines,
procedures, or the Constitution of the United
States, provided that--
``(I) access to and use of the
covered personal data is limited to
such purpose; and
``(II) the covered personal data is
destroyed at such time as it is no
longer necessary for such purpose.
``(x) Exception for consent.--Clause (i)
shall not apply to covered personal data that
is obtained by a covered governmental entity
if--
``(I) each covered person linked or
reasonably linkable to the covered
personal data, or, if such covered
person is incapable of providing
consent, a third party legally
authorized to consent on behalf of the
covered person, has provided consent to
the acquisition and use of the data on
a case-by-case basis;
``(II) access to and use of the
covered personal data is limited to the
purposes for which the consent was
provided; and
``(III) the covered personal data
is destroyed at such time as it is no
longer necessary for such purposes.
``(B) Indirectly acquired records and
information.--The limitation under subparagraph (A)
shall apply without regard to whether the covered
organization possessing the covered personal data is
the covered organization that initially obtained or
collected, or is the covered organization that
initially received the disclosure of, the covered
personal data.
``(3) Limit on sharing between agencies.--An agency of a
governmental entity that is not a covered governmental entity
may not provide to a covered governmental entity covered
personal data that was obtained in a manner that would violate
paragraph (2) if the agency of a governmental entity were a
covered governmental entity, unless the covered governmental
entity would have been permitted to obtain the covered personal
data under an exception set forth in paragraph (2)(A).
``(4) Prohibition on use of data obtained in violation of
this section.--
``(A) In general.--Covered personal data obtained
by or provided to a covered governmental entity in
violation of paragraph (2) or (3), and any evidence
derived therefrom, may not be used, received in
evidence, or otherwise disseminated by, on behalf of,
or upon a motion or other action by a covered
governmental entity in any investigation by or in any
trial, hearing, or other proceeding in or before any
court, grand jury, department, officer, agency,
regulatory body, legislative committee, or other
authority of the United States, a State, or a political
subdivision thereof.
``(B) Use by aggrieved parties.--Nothing in
subparagraph (A) shall be construed to limit the use of
covered personal data by a covered person aggrieved of
a violation of paragraph (2) or (3) in connection with
any action relating to such a violation.
``(f) Minimization Procedures.--
``(1) In general.--The Attorney General shall adopt
specific procedures that are reasonably designed to minimize
the acquisition and retention, and to restrict the querying, of
covered personal data, and prohibit the dissemination of
information derived from covered personal data.
``(2) Acquisition and retention.--The procedures adopted
under paragraph (1) shall require covered governmental entities
to exhaust all reasonable means--
``(A) to exclude covered personal data that is not
subject to 1 or more of the exceptions set forth in
clauses (iii) through (x) of subsection (e)(2)(A) from
the data obtained; and
``(B) to remove and delete covered personal data
described in subparagraph (A) not subject to 1 or more
exceptions set forth in clauses (iii) through (x) of
subsection (e)(2)(A) after a compilation is obtained
and before operational use of the compilation or
inclusion of the compilation in a dataset intended for
operational use.
``(3) Destruction.--The procedures adopted under paragraph
(1) shall require that, if a covered governmental entity
identifies covered personal data in a compilation described in
clause (ii) of subsection (e)(2)(A) not subject to 1 or more
exceptions set forth in clauses (iii) through (x) of such
subsection, the covered governmental entity shall promptly
destroy the covered personal data and any dissemination of
information derived from the covered personal data shall be
prohibited.
``(4) Querying.--
``(A) In general.--Except as provided in
subparagraphs (B) and (C), no officer or employee of a
covered governmental entity may conduct a query of
personal data, including personal data already
subjected to minimization, in an effort to find records
of or about a particular covered person.
``(B) Exceptions.--Subparagraph (A) shall not apply
to a query related to a particular covered person if--
``(i) such covered person is the subject of
a court order issued under this title that
would authorize the covered governmental entity
to compel the production of the covered
personal data, during the effective period of
that order;
``(ii) the purpose of the query is to
retrieve information obtained by a covered
governmental entity under a program established
by an Act of Congress under which a portion of
a penalty or a similar payment or bounty is
paid to an individual who discloses information
about an unlawful activity to the Government,
such as the program authorized under section
7623 of the Internal Revenue Code of 1986
(relating to awards to whistleblowers in cases
of underpayments or fraud), provided that any
covered personal data accessed through such
query is used only for such purpose;
``(iii) the purpose of the query is to
retrieve information about an employee of, or
applicant for employment by, a covered
governmental entity that has been obtained by
the covered governmental entity for employment-
related purposes, provided that any covered
personal data accessed through such query is
used only for such purposes;
``(iv) the purpose of the query is to
retrieve information obtained by a covered
governmental entity for purposes of conducting
a background check of the covered person with
the written consent of the covered person,
provided that any covered personal data
accessed through such query is used only for
such purposes;
``(v) the purpose of the query is to
retrieve, and the query is reasonably designed
to retrieve, only lawfully obtained public
data, and only lawfully obtained public data is
accessed and used as a result of the query;
``(vi) the officer or employee of a covered
governmental entity carrying out the query has
a reasonable belief that an emergency exists
involving an imminent threat of death or
serious bodily harm, and in order to prevent or
mitigate that threat, the query must be
conducted before a court order can, with due
diligence, be obtained, provided that any
covered personal data accessed through such
query is used only for such purpose;
``(vii) the query is conducted for the
purpose of supporting compliance with
collection limitations and minimization
requirements imposed by statute, guidelines,
procedures, or the Constitution of the United
States, provided that any covered personal data
accessed through such query is used only for
such purpose; or
``(viii) such covered person or, if such
covered person is incapable of providing
consent, a third party legally authorized to
consent on behalf of the covered person has
consented to the query, provided that any use
of covered personal data accessed through such
query is limited to the purposes for which the
consent was provided.
``(C) Special rule for compilations of data.--For a
query of a compilation of data obtained under
subsection (e)(2)(A)(ii)--
``(i) each query shall be reasonably
designed to exclude personal data of covered
persons, unless the query is subject to an
exception set forth in subparagraph (B); and
``(ii) any personal data of covered persons
returned pursuant to a query that is not
subject to an exception set forth in clauses
(ii) through (x) of subsection (e)(2)(A) shall
not be reviewed and shall immediately be
destroyed.''.
SEC. 503. CONSISTENT PROTECTIONS FOR DEMANDS FOR DATA HELD BY
INTERACTIVE COMPUTING SERVICES.
(a) Definition.--Section 2711 of title 18, United States Code, is
amended--
(1) in paragraph (3)(C), by striking ``and'' at the end;
(2) in paragraph (4), by striking the period at the end and
inserting a semicolon; and
(3) by adding at the end the following:
``(5) the term `online service provider' means a provider
of electronic communication service, a provider of remote
computing service, any information service, system, or access
software provider that provides or enables computer access by
multiple users to a computer server, including specifically a
service or system that provides access to the Internet and such
systems operated or services offered by libraries or
educational institutions; and''.
(b) Required Disclosure.--Section 2703 of title 18, United States
Code, is amended--
(1) in subsection (a), in the first sentence, by striking
``a provider of electronic communication service'' and
inserting ``an online service provider'';
(2) in subsection (c)--
(A) in paragraph (1), in the matter preceding
subparagraph (A), by striking ``a provider of
electronic communication service or remote computing
service'' and inserting ``an online service provider'';
and
(B) in paragraph (2), in the matter preceding
subparagraph (A), by striking ``A provider of
electronic communication service or remote computing
service'' and inserting ``An online service provider'';
and
(3) in subsection (g), by striking ``a provider of
electronic communications service or remote computing service''
and inserting ``an online service provider''.
(c) Limitation on Voluntary Disclosure.--Section 2702(a) of title
18, United States Code, is amended--
(1) in paragraph (1), by striking ``a person or entity
providing an electronic communication service to the public''
and inserting ``an online service provider'';
(2) in paragraph (2), by striking ``a person or entity
providing remote computing service to the public'' and
inserting ``an online service provider''; and
(3) in paragraph (3), by striking ``a provider of remote
computing service or electronic communication service to the
public'' and inserting ``an online service provider''.
SEC. 504. CONSISTENT PRIVACY PROTECTIONS FOR DATA HELD BY DATA BROKERS.
Section 2703 of title 18, United States Code is amended by adding
at the end the following:
``(i) Covered Personal Data.--
``(1) Definitions.--In this subsection, the terms `covered
personal data' and `covered organization' have the meanings
given such terms in section 2702(e).
``(2) Limitation.--Unless a governmental entity obtains an
order in accordance with paragraph (3), the governmental entity
may not require a covered organization that is not an online
service provider to disclose covered personal data if a court
order would be required for the governmental entity to require
an online service provider to disclose such covered personal
data that is a record of a customer or subscriber of the online
service provider.
``(3) Orders.--
``(A) In general.--A court may only issue an order
requiring a covered organization that is not an online
service provider to disclose covered personal data on
the same basis and subject to the same limitations as
would apply to a court order to require disclosure by
an online service provider.
``(B) Standard.--For purposes of subparagraph (A),
a court shall apply the most stringent standard under
Federal statute or the Constitution of the United
States that would be applicable to a request for a
court order to require a comparable disclosure by an
online service provider of a customer or subscriber of
the online service provider.''.
SEC. 505. PROTECTION OF DATA ENTRUSTED TO INTERMEDIARY OR ANCILLARY
SERVICE PROVIDERS.
(a) Definition.--Section 2711 of title 18, United States Code, as
amended by section 503 of this Act, is amended by adding at the end the
following:
``(6) the term `intermediary or ancillary service provider'
means an entity or facilities owner or operator that directly
or indirectly delivers, transmits, stores, or processes
communications or any other covered personal data (as defined
in section 2702(e) of this title) for, or on behalf of, an
online service provider.''.
(b) Prohibition.--Section 2702(a) of title 18, United States Code,
is amended--
(1) in paragraph (1), by striking ``and'' at the end;
(2) in paragraph (2)(B), by striking ``and'' at the end;
(3) in paragraph (3), by striking the period at the end and
inserting ``; and''; and
(4) by adding at the end the following:
``(4) an intermediary or ancillary service provider may not
knowingly disclose--
``(A) to any person or entity the contents of a
communication while in electronic storage by that
intermediary or ancillary service provider; or
``(B) to any governmental entity a record or other
information pertaining to a subscriber to or customer
of, a recipient of a communication from a subscriber to
or customer of, or the sender of a communication to a
subscriber to or customer of, the online service
provider for, or on behalf of, which the intermediary
or ancillary service provider directly or indirectly
delivers, transmits, stores, or processes
communications or any other covered personal data (as
defined in subsection (e)).''.
TITLE VI--TRANSPARENCY
SEC. 601. ENHANCED REPORTS BY DIRECTOR OF NATIONAL INTELLIGENCE.
(a) In General.--Section 603(b) of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1873(b)) is amended--
(1) in paragraph (2)(C), by striking the semicolon and
inserting ``; and'';
(2) by redesignating paragraphs (3) through (7) as
paragraphs (6) through (10), respectively;
(3) by inserting after paragraph (2) the following:
``(3) a description of the subject matter of each of the
certifications provided under section 702(h);
``(4) statistics revealing the number of persons targeted
and the number of selectors used under section 702(a),
disaggregated by the certification under which the person was
targeted;
``(5) the total number of directives issued pursuant to
section 702(i)(1), disaggregated by each type of electronic
communication service provider described in section
701(b)(4);'';
(4) in paragraph (9), as so redesignated, by striking
``and'' at the end;
(5) in paragraph (10), as so redesignated, by striking the
period at the end and inserting a semicolon; and
(6) by adding at the end the following:
``(11)(A) the total number of disseminated intelligence
reports derived from collection pursuant to section 702
containing the identities of United States persons, regardless
of whether the identities of the United States persons were
openly included or masked;
``(B) the total number of disseminated intelligence reports
derived from collection not authorized by this Act and
conducted under procedures approved by the Attorney General
containing the identities of United States persons, regardless
of whether the identities of the United States persons were
openly included or masked;
``(C) the total number of disseminated intelligence reports
derived from collection pursuant to section 702 containing the
identities of United States persons in which the identities of
the United States persons were masked;
``(D) the total number of disseminated intelligence reports
derived from collection not authorized by this Act and
conducted under procedures approved by the Attorney General
containing the identities of United States persons in which the
identities of the United States persons were masked;
``(E) the total number of disseminated intelligence reports
derived from collection pursuant to section 702 containing the
identities of United States persons in which the identities of
the United States persons were openly included; and
``(F) the total number of disseminated intelligence reports
derived from collection not authorized by this Act and
conducted under procedures approved by the Attorney General
containing the identities of United States persons in which the
identities of the United States persons were openly included;
``(12) the number of queries conducted in an effort to find
communications or information of or about 1 or more United
States persons or persons reasonably believed to be located in
the United States at the time of the query or the time of the
communication or creation of the information, where such
communications or information were obtained under procedures
approved by the Attorney General and without a court order,
subpoena, or other legal process established by statute;
``(13) the number of criminal proceedings in which the
Federal Government or a government of a State or political
subdivision thereof entered into evidence or otherwise used or
disclosed in a criminal proceeding any information obtained or
derived from an acquisition conducted under procedures approved
by the Attorney General and without a court order, subpoena, or
other legal process established by statute; and
``(14) a good faith estimate of what percentage of the
communications that are subject to the procedures described in
section 309(b)(3) of the Intelligence Authorization Act for
Fiscal Year 2015 (50 U.S.C. 1813(b)(3))--
``(A) are retained for more than 5 years; and
``(B) are retained for more than 5 years because,
in whole or in part, the communications are
encrypted.''.
(b) Repeal of Nonapplicability to Federal Bureau of Investigation
of Certain Requirements.--Section 603(d) of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1873(d)) is amended--
(1) by striking paragraph (2); and
(2) by redesignating paragraph (3) as paragraph (2).
(c) Conforming Amendment.--Section 603(d)(1) of the Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1873(d)(1)) is amended
by striking ``paragraphs (3), (5), or (6)'' and inserting ``paragraph
(6), (8), or (9)''.
SEC. 602. NOTIFICATION TO CONGRESS OF CERTAIN UNAUTHORIZED DISCLOSURES.
Section 18(a) of the Reforming Intelligence and Securing America
Act (50 U.S.C. 1881a note) is amended by striking ``congressional
intelligence committees'' and inserting ``appropriate congressional
committees''.
TITLE VII--LIMITED DELAYS IN IMPLEMENTATION
SEC. 701. LIMITED DELAYS IN IMPLEMENTATION.
(a) Definition.--In this section, the term ``appropriate committees
of Congress'' means--
(1) the congressional intelligence committees (as defined
in section 3 of the National Security Act of 1947 (50 U.S.C.
3003));
(2) the Committee on the Judiciary of the Senate; and
(3) the Committee on the Judiciary of the House of
Representatives.
(b) Authority.--The Attorney General may, in coordination with the
Director of National Intelligence as may be appropriate, delay
implementation of a provision of this Act or an amendment made by this
Act for a period of not more than 180 days upon a showing to the
appropriate committees of Congress that the delay is necessary--
(1) to develop and implement technical systems needed to
comply with the provision or amendment; or
(2) to hire or train personnel needed to comply with the
provision or amendment.
<all>