[Congressional Record Volume 159, Number 40 (Tuesday, March 19, 2013)]
[Senate]
[Pages S1951-S1955]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
STATEMENTS ON INTRODUCED BILLS AND JOINT RESOLUTIONS
By Mr. LEAHY (for himself and Mr. Lee):
S. 607. A bill to improve the provisions relating to the privacy of
electronic communications; to the Committee on the Judiciary.
Mr. LEAHY. Mr. President, today I am pleased to introduce the
Electronic Communications Privacy Act Amendments Act of 2013--a bill to
strengthen the privacy protections for email and other electronic
communications. Last year, the Judiciary Committee favorably reported
substantially similar legislation with strong bipartisan support. I
thank Republican Senator Mike Lee for cosponsoring this important
privacy bill. Senator Lee and I understand that protecting Americans'
privacy rights is something that is important to all Americans,
regardless of political party or ideology. I hope that all Senators
will support this bill and that
[[Page S1952]]
the Senate will pass this privacy legislation this year.
Like many Americans, I am concerned about growing and unwelcome
intrusions into our private lives in cyberspace. I also understand that
we must update our digital privacy laws to keep pace with these threats
and the rapid advances in technology.
When I led the effort to write ECPA 27 years ago, email was a
novelty. No one could have imagined the way the Internet and mobile
technologies would transform how we communicate and exchange
information today. Three decades later, we must update this law to
reflect the realities of our time, so that our Federal privacy laws
keep pace with American innovation and the changing mission of our law
enforcement agencies.
My bill takes several important steps to improve Americans' digital
privacy rights, while also promoting new technologies, like cloud
computing, and accommodating the legitimate needs of law enforcement.
First, the bill requires that the government obtain a search warrant
based on probable cause to obtain the content of Americans' email and
other electronic communications, when those communications are
requested from a third-party service provider. There are balanced
exceptions to the warrant requirement to address emergency
circumstances and to protect national security under current law.
Second, the bill requires that the government promptly notify any
individual whose email content has been accessed via a third-party
service provider, and provide that individual with a copy of the search
warrant and other details about the information obtained. The bill
permits the government to seek a court order temporarily delaying such
notice in order to protect the integrity of ongoing government
investigations. In addition, the bill permits the government to ask a
court to temporarily preclude a service provider from notifying a
customer about the disclosure.
The bill contains several important provisions to ensure that the
reforms to ECPA do not hinder law enforcement. The bill adds a new
notice requirement to the law that requires service providers to notify
the government of their intent to inform a customer about a disclosure
of electronic communications information at least three business days
before giving such notice. Furthermore, to help law enforcement
investigate and prosecute corporate wrongdoing, the bill adds civil
discovery subpoenas to the existing tools that the government may use
to obtain non-content information under ECPA.
In addition, the bill makes clear that the government may also
continue to use administrative, civil discovery and grand jury subpoena
to obtain corporate email and other electronic communications directly
from a corporate entity, when those communications are contained on an
internal email system. Lastly, the bill also provides that the search
warrant requirement in the bill does not apply to other Federal
criminal or national security laws, including Title III of the Omnibus
Crime Control and Safe Streets Act of 1986, commonly known as the
Wiretap Act, and the Foreign Intelligence Surveillance Act of 1978, 50
U.S.C. Sec. 1801, et seq., commonly known as FISA.
Since I first put forward proposals to update ECPA in early 2011, I
have worked to make sure that these updates carefully balance privacy
interests, the needs of law enforcement and the interests of our
thriving American tech sector. During the past 2 years, I have
consulted with many stakeholders from the Federal, state and local law
enforcement communities, including--the Department of Justice, the
Federal Trade Commission, the Securities and Exchange Commission, the
International Association of Chiefs of Police, the Federal Law
Enforcement Officers Association, the Association of State Criminal
Investigative Agencies, and the National Sheriffs Association. I have
also consulted closely with many leaders in the privacy, civil
liberties, civil rights and technology communities who support these
reforms.
The 113th Congress has an important opportunity to address the
digital privacy challenges that Americans face today. We should do so
by enacting the commonsense privacy reforms contained in this bill.
When the Senate Judiciary Committee favorably reported the Electronic
Communications Privacy Act on September 19, 1986, it did so with the
unanimous support of all Democratic and Republican Senators. At the
time, the Committee recognized that protecting Americans' privacy
rights should not be a partisan issue.
In that bipartisan spirit, I am pleased to join with Senator Lee in
urging the Congress to enact these important privacy reforms without
delay. Senator Lee and I are joined in this effort by a broad coalition
of more than 50 privacy, civil liberties, civil rights and tech
industry leaders from across the political spectrum that have also
endorsed the ECPA reform effort. I thank the Digital Due Process
Coalition, the Digital 4th Coalition and the many other individuals and
organizations that have advocated for ECPA reform for their support. I
hope that all Members of the Senate will follow their example, so that
we can enact this digital privacy bill with strong, bipartisan support.
Mr. President, I ask unanimous consent that the text of the bill be
printed in the Record.
There being no objection, the text of the bill was ordered to be
printed in the Record, as follows:
S. 607
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Electronic Communications
Privacy Act Amendments Act of 2013''.
SEC. 2. CONFIDENTIALITY OF ELECTRONIC COMMUNICATIONS.
Section 2702(a)(3) of title 18, United States Code, is
amended to read as follows:
``(3) a provider of remote computing service or electronic
communication service to the public shall not knowingly
divulge to any governmental entity the contents of any
communication described in section 2703(a), or any record or
other information pertaining to a subscriber or customer of
such service.''.
SEC. 3. ELIMINATION OF 180-DAY RULE; SEARCH WARRANT
REQUIREMENT; REQUIRED DISCLOSURE OF CUSTOMER
RECORDS.
(a) In General.--Section 2703 of title 18, United States
Code, is amended--
(1) by striking subsections (a), (b), and (c) and inserting
the following:
``(a) Contents of Wire or Electronic Communications.--A
governmental entity may require the disclosure by a provider
of electronic communication service or remote computing
service of the contents of a wire or electronic communication
that is in electronic storage with or otherwise stored, held,
or maintained by the provider only if the governmental entity
obtains a warrant issued using the procedures described in
the Federal Rules of Criminal Procedure (or, in the case of a
State court, issued using State warrant procedures) that is
issued by a court of competent jurisdiction directing the
disclosure.
``(b) Notice.--Except as provided in section 2705, not
later than 10 business days in the case of a law enforcement
agency, or not later than 3 business days in the case of any
other governmental entity, after a governmental entity
receives the contents of a wire or electronic communication
of a subscriber or customer from a provider of electronic
communication service or remote computing service under
subsection (a), the governmental entity shall serve upon, or
deliver to by registered or first-class mail, electronic
mail, or other means reasonably calculated to be effective,
as specified by the court issuing the warrant, the subscriber
or customer--
``(1) a copy of the warrant; and
``(2) a notice that includes the information referred to in
clauses (i) and (ii) of section 2705(a)(4)(B).
``(c) Records Concerning Electronic Communication Service
or Remote Computing Service.--
``(1) In general.--Subject to paragraph (2), a governmental
entity may require a provider of electronic communication
service or remote computing service to disclose a record or
other information pertaining to a subscriber or customer of
the provider or service (not including the contents of
communications), only if the governmental entity--
``(A) obtains a warrant issued using the procedures
described in the Federal Rules of Criminal Procedure (or, in
the case of a State court, issued using State warrant
procedures) that is issued by a court of competent
jurisdiction directing the disclosure;
``(B) obtains a court order directing the disclosure under
subsection (d);
``(C) has the consent of the subscriber or customer to the
disclosure; or
``(D) submits a formal written request relevant to a law
enforcement investigation concerning telemarketing fraud for
the name, address, and place of business of a subscriber or
customer of the provider or service that is engaged in
telemarketing (as defined in section 2325).
[[Page S1953]]
``(2) Information to be disclosed.--A provider of
electronic communication service or remote computing service
shall, in response to an administrative subpoena authorized
by Federal or State statute, a grand jury, trial, or civil
discovery subpoena, or any means authorized under paragraph
(1), disclose to a governmental entity the--
``(A) name;
``(B) address;
``(C) local and long distance telephone connection records,
or records of session times and durations;
``(D) length of service (including start date) and types of
service used;
``(E) telephone or instrument number or other subscriber
number or identity, including any temporarily assigned
network address; and
``(F) means and source of payment for such service
(including any credit card or bank account number), of a
subscriber or customer of such service.
``(3) Notice not required.--A governmental entity that
receives records or information under this subsection is not
required to provide notice to a subscriber or customer.'';
and
(2) by adding at the end the following:
``(h) Rule of Construction.--Nothing in this section or in
section 2702 shall be construed to limit the authority of a
governmental entity to use an administrative subpoena
authorized under a Federal or State statute or to use a
Federal or State grand jury, trial, or civil discovery
subpoena to--
``(1) require an originator, addressee, or intended
recipient of an electronic communication to disclose the
contents of the electronic communication to the governmental
entity; or
``(2) require an entity that provides electronic
communication services to the officers, directors, employees,
or agents of the entity (for the purpose of carrying out
their duties) to disclose the contents of an electronic
communication to or from an officer, director, employee, or
agent of the entity to a governmental entity, if the
electronic communication is held, stored, or maintained on an
electronic communications system owned or operated by the
entity.''.
(b) Technical and Conforming Amendments.--Section 2703(d)
of title 18, United States Code, is amended--
(1) by striking ``A court order for disclosure under
subsection (b) or (c)'' and inserting ``A court order for
disclosure under subsection (c)''; and
(2) by striking ``the contents of a wire or electronic
communication, or''.
SEC. 4. DELAYED NOTICE.
Section 2705 of title 18, United States Code, is amended to
read as follows:
``SEC. 2705. DELAYED NOTICE.
``(a) Delay of Notification.--
``(1) In general.--A governmental entity that is seeking a
warrant under section 2703(a) may include in the application
for the warrant a request for an order delaying the
notification required under section 2703(b) for a period of
not more than 180 days in the case of a law enforcement
agency, or not more than 90 days in the case of any other
governmental entity.
``(2) Determination.--A court shall grant a request for
delayed notification made under paragraph (1) if the court
determines that there is reason to believe that notification
of the existence of the warrant may result in--
``(A) endangering the life or physical safety of an
individual;
``(B) flight from prosecution;
``(C) destruction of or tampering with evidence;
``(D) intimidation of potential witnesses; or
``(E) otherwise seriously jeopardizing an investigation or
unduly delaying a trial.
``(3) Extension.--Upon request by a governmental entity, a
court may grant 1 or more extensions of the delay of
notification granted under paragraph (2) of not more than 180
days in the case of a law enforcement agency, or not more
than 90 days in the case of any other governmental entity.
``(4) Expiration of the delay of notification.--Upon
expiration of the period of delay of notification under
paragraph (2) or (3), the governmental entity shall serve
upon, or deliver to by registered or first-class mail,
electronic mail, or other means reasonably calculated to be
effective as specified by the court approving the search
warrant, the customer or subscriber--
``(A) a copy of the warrant; and
``(B) notice that informs the customer or subscriber--
``(i) of the nature of the law enforcement inquiry with
reasonable specificity;
``(ii) that information maintained for the customer or
subscriber by the provider of electronic communication
service or remote computing service named in the process or
request was supplied to, or requested by, the governmental
entity;
``(iii) of the date on which the warrant was served on the
provider and the date on which the information was provided
by the provider to the governmental entity;
``(iv) that notification of the customer or subscriber was
delayed;
``(v) the identity of the court authorizing the delay; and
``(vi) of the provision of this chapter under which the
delay was authorized.
``(b) Preclusion of Notice to Subject of Governmental
Access.--
``(1) In general.--A governmental entity that is obtaining
the contents of a communication or information or records
under section 2703 may apply to a court for an order
directing a provider of electronic communication service or
remote computing service to which a warrant, order, subpoena,
or other directive under section 2703 is directed not to
notify any other person of the existence of the warrant,
order, subpoena, or other directive for a period of not more
than 180 days in the case of a law enforcement agency, or not
more than 90 days in the case of any other governmental
entity.
``(2) Determination.--A court shall grant a request for an
order made under paragraph (1) if the court determines that
there is reason to believe that notification of the existence
of the warrant, order, subpoena, or other directive may
result in--
``(A) endangering the life or physical safety of an
individual;
``(B) flight from prosecution;
``(C) destruction of or tampering with evidence;
``(D) intimidation of potential witnesses; or
``(E) otherwise seriously jeopardizing an investigation or
unduly delaying a trial.
``(3) Extension.--Upon request by a governmental entity, a
court may grant 1 or more extensions of an order granted
under paragraph (2) of not more than 180 days in the case of
a law enforcement agency, or not more than 90 days in the
case of any other governmental entity.
``(4) Prior notice to law enforcement.--Upon expiration of
the period of delay of notice under this section, and not
later than 3 business days before providing notice to a
customer or subscriber, a provider of electronic
communication service or remote computing service shall
notify the governmental entity that obtained the contents of
a communication or information or records under section 2703
of the intent of the provider of electronic communication
service or remote computing service to notify the customer or
subscriber of the existence of the warrant, order, or
subpoena seeking that information.
``(c) Definition.--In this section and section 2703, the
term `law enforcement agency' means an agency of the United
States, a State, or a political subdivision of a State,
authorized by law or by a government agency to engage in or
supervise the prevention, detection, investigation, or
prosecution of any violation of criminal law, or any other
Federal or State agency conducting a criminal
investigation.''.
SEC. 5. RULE OF CONSTRUCTION.
Nothing in this Act or an amendment made by this Act shall
be construed to apply the warrant requirement for contents of
a wire or electronic communication authorized under this Act
or an amendment made by this Act to any other section of
title 18, United States Code (including chapter 119 of such
title (commonly known as the ``Wiretap Act'')), the Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et
seq.), or any other provision of Federal law.
______
By Mr. CARDIN:
S. 608. A bill to amend title XVIII of the Social Security Act and
title XXVII of the Public Health Service Act to improve coverage for
colorectal screening tests under Medicare and private health insurance
coverage, and for other purposes; to the Committee on Finance.
Mr. CARDIN. Mr. President, I rise today to introduce the Supporting
Colorectal Examination and Education Now, SCREEN, Act. This legislation
promotes access to colon cancer screenings in an effort to help prevent
colorectal cancer, save lives, and reduce costs for families, the
Medicare program, and the health care system. I strongly urge my
colleagues to support this critical piece of legislation.
Colorectal cancer affects far too many Americans. The rate of colon
cancer deaths is shocking--taking the lives of over 50,000 people this
year alone, according to the American Cancer Society.
Fortunately, colorectal cancer is highly preventable with screening,
and colon cancer screening tests rank among the most effective
preventive screenings available. A recent study in the New England
Journal of Medicine found that removal of precancerous polyps during a
screening colonoscopy may reduce colon cancer deaths by over 50
percent. Early detection and intervention are key to preventing colon
cancer. Colonoscopy screenings are different from other types of
preventive or screening services because pre-cancerous polyps found
during a screening are removed during the same visit, thus preventing a
potential cancer from developing and helping to ensure detection,
intervention, and prevention.
Congress recognized the value of colon cancer screenings and, through
bipartisan legislation that I authored in 1998, established a Medicate
benefit for screening. The problem is that only half of individuals
coveted by the Medicare program receive a screening colonoscopy, even
though a Medicate
[[Page S1954]]
colorectal cancer screening benefit is available. According to the
Centers for Medicare & Medicaid Services, CMS, Medicare claims show
that only 52 percent of beneficiaries have had a colorectal cancer
screening test. Many barriers account for this, including patient
education on screenings and operational issues within the Medicare
program, but colorectal cancer has become too widespread and we have
reached the time to take action to promote prevention and save lives.
Ensuring that individuals receive colorectal cancer screening tests is
critical to this goal.
In addition, detection and intervention through proper colonoscopy
screening should reduce costs to the Medicare program and health care
system overall. Once colon cancer develops, the direct costs of
treating colon cancer are starting--reaching $4 billion in 2010. A
recent study published in the New England Journal of Medicine concluded
that colorectal cancer screening has been shown to reduce Medicare
long-term costs.
Congress must help promote access to colorectal cancer screenings and
help increase the number of persons receiving these life-saving
screening tests. The SCREEN Act takes many steps to increase the rate
of colorectal cancer screenings and help prevent colon cancer, while
also reducing Medicare costs.
The SCREEN Act first waives cost sharing for Medicare beneficiaries
receiving colorectal cancer screenings where precancerous polyps are
removed during the visit. Currently, Medicare waives cost-sharing for
any colorectal cancer screening recommended by the U.S. Preventive
Services Task Force, USPSTF. Colorectal cancer screens have a grade
``A'' recommendation by USPSTF. However, if the doctor finds and
removes a precancerous polyp during the visit, the procedure is no
longer considered a ``screening'' for Medicare purposes--and the
beneficiary would be forced to pay the Medicare coinsurance. In
February 2013, the Administration announced that private insurers
participating in State-based health insurance exchanges must waive all
cost sharing for colon cancers screenings where a polyp is removed.
This bill promotes a similar policy by waiving Medicare cost sharing
for diagnostic and screening colorectal cancer tests.
Additionally, the SCREEN Act extends Medicare coverage to include an
office visit or consultation so that a Medicare beneficiary may sit
down and discuss the screening with a doctor prior to the colonoscopy
procedures. One of the major barriers to increasing colorectal cancer
screening rates is a patient's lack of knowledge and the ``fear of the
procedure.'' This pre-procedure visit is not only good clinical
practice but also would help increase patient utilization of colorectal
cancer screening. This visit allows the individual to ask questions
about the procedure, assures selection of the proper screening test,
and increases beneficiary education and test preparation. There is no
reason for a Medicare beneficiary to be seeing his or her physician for
the first time only just before being sedated for the procedure.
The SCREEN Act also provides incentives for Medicare providers to
participate in nationally recognized quality improvement registries so
that our Medicare beneficiaries are receiving the quality screening
they deserve. Congress and other organizations can look to the SCREEN
Act as a model for Medicare reimbursement reform as the bill reimburses
providers in a budget neutral manner based on the quality of the
procedure and not volume of services.
Promoting access to colorectal cancer screening will help ensure
detection and intervention of this highly preventable disease and
reduce costs to the health care system. I ask my colleagues to join in
support of this fight to end colorectal cancer by cosponsoring this
important legislation.
______
By Mr. DURBIN (for himself and Mrs. Gillibrand):
S. 612. A bill to require the Secretary of Health and Human Services
to remove social security account numbers from Medicare identification
cards and communications provided to Medicare beneficiaries in order to
protect Medicare beneficiaries from identity theft; to the Committee on
Finance.
Mr. DURBIN. Mr. President, today I join my colleague, Senator Kirsten
Gillibrand, to introduce the Social Security Number Protection Act of
2013, a bill that would remove Social Security numbers from Medicare
cards to address a leading cause of identity theft among our Nation's
seniors.
It is estimated that 11.6 million Americans were victims of identity
theft in 2011, up from 10.2 million in 2010. We know that the misuse of
Social Security numbers is one of the primary drivers of this crime. In
many of these cases, identity thieves obtain them from Medicare cards.
Today, over 49 million beneficiaries carry their Medicare cards with
them in their purses and in their wallets. These cards display a
Medicare identification number, which consists of their Social Security
number with a one- or two-digit code at the end, leaving beneficiaries
particularly vulnerable to identity theft should a card be lost,
stolen, or left in plain sight.
With identity theft on the rise, we can't make it this easy for
thieves. Unfortunately, the Centers for Medicare and Medicaid Service,
CMS, has fallen behind many other public and private organizations in
better protecting seniors from identity theft by continuing to display
Social Security numbers on Medicare cards. The Department of Defense,
the Veterans Administration, and private insurers have all figured out
how to transition to individual identification cards that don't include
Social Security numbers.
In 2005, I offered an amendment to the Fiscal Year 2006 Labor-HHS-
Education appropriations bill to require CMS to remove Social Security
numbers from Medicare cards. Although my amendment was adopted with a
rollcall vote of 98 to 0, the final bill directed CMS to report to
Congress on the steps necessary to remove the numbers. CMS provided
that report in October 2006.
Six and a half years have passed since CMS first explored taking
steps to remove Social Security numbers from Medicare cards. The
Inspector General of the Social Security Administration took CMS to
task in 2008 for its inaction and confirmed the risk that display of
the numbers on Medicare cards poses to seniors. The Social Security
inspector concluded that ``immediate action is needed to address this
significant vulnerability.'' CMS has since issued another report, but
it has failed to take action.
The Social Security Number Protection Act of 2013 establishes a
reasonable timetable--3 years--for CMS to begin removing Social
Security numbers from Medicare cards. It also gives CMS flexibility in
determining the method by which it makes this change, enabling it to
pursue an option that minimizes burdens while maximizing cost
effectiveness. The bill also prohibits CMS from displaying Social
Security numbers on all written and electronic communications to
Medicare beneficiaries.
I urge my colleagues to cosponsor this important legislation and work
with me to advance this long overdue change. CMS already requires that
beneficiaries receiving benefits through Medicare Part C and Part D do
not display individuals' Social Security numbers. Further, it has 6
years' worth of reports and cost data that it can use as tools to make
these changes happen. We should extend this protection to all
beneficiaries and help safeguard our Nation's seniors from becoming
victims of identity theft in the future as quickly as possible.
Mr. President, I ask unanimous consent that the text of the bill be
printed in the Record.
There being no objection, the material was ordered to be printed in
the Record, as follows:
S. 612
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Social Security Number
Protection Act of 2011''.
SEC. 2. REQUIRING THE SECRETARY OF HEALTH AND HUMAN SERVICES
TO PROHIBIT THE DISPLAY OF SOCIAL SECURITY
ACCOUNT NUMBERS ON MEDICARE IDENTIFICATION
CARDS AND COMMUNICATIONS PROVIDED TO MEDICARE
BENEFICIARIES.
(a) In General.--Not later than 3 years after the date of
the enactment of this Act, the Secretary of Health and Human
Services shall establish and begin to implement procedures to
eliminate the unnecessary collection, use, and display of
social security account numbers of Medicare beneficiaries.
[[Page S1955]]
(b) Medicare Cards and Communications Provided to
Beneficiaries.--
(1) Cards.--
(A) New cards.--Not later than 3 years after the date of
the enactment of this Act, the Secretary of Health and Human
Services shall ensure that each newly issued Medicare
identification card meets the requirements described in
subparagraph (C).
(B) Replacement of existing cards.--Not later than 5 years
after the date of the enactment of this Act, the Secretary of
Health and Human Services shall ensure that all Medicare
beneficiaries have been issued a Medicare identification card
that meets the requirements of subparagraph (C).
(C) Requirements.--The requirements described in this
subparagraph are, with respect to a Medicare identification
card, that the card does not display or electronically store
(in an unencrypted format) a Medicare beneficiary's social
security account number.
(2) Communications provided to beneficiaries.--Not later
than 3 years after the date of the enactment of this Act, the
Secretary of Health and Human Services shall prohibit the
display of a Medicare beneficiary's social security account
number on written or electronic communication provided to the
beneficiary unless the Secretary determines that inclusion of
social security account numbers on such communications is
essential for the operation of the Medicare program.
(c) Medicare Beneficiary Defined.--In this section, the
term ``Medicare beneficiary'' means an individual who is
entitled to, or enrolled for, benefits under part A of title
XVIII of the Social Security Act or enrolled under part B of
such title.
(d) Conforming Reference in the Social Security Act.--
Section 205(c)(2)(C) of the Social Security Act (42 U.S.C.
405(c)(2)(C)) is amended by adding at the end the following
new clause:
``(xii) For provisions relating to requiring the Secretary
of Health and Human Services to prohibit the display of
social security account numbers on Medicare identification
cards and communications provided to Medicare beneficiaries,
see section 2 of the Social Security Number Protection Act of
2011.''.
(e) Authorization of Appropriations.--There are authorized
to be appropriated such sums as may be necessary to carry out
this section.
____________________