[Congressional Record Volume 167, Number 91 (Tuesday, May 25, 2021)]
[Senate]
[Pages S3442-S3445]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

  SA 1999. Mr. KING (for himself and Mr. Sasse) submitted an amendment 
intended to be proposed to amendment SA 1502 proposed by Mr. Schumer to 
the bill S. 1260, to establish a new Directorate for Technology and 
Innovation in the National Science Foundation, to establish a regional 
technology hub program, to require a strategy and report on economic 
security, science, research, innovation, manufacturing, and job 
creation, to establish a critical supply chain resiliency program, and 
for other purposes; which was ordered to lie on the table; as follows:

        At the appropriate place, insert the following:

               Subtitle C--Cyber and Technology Diplomacy

     SEC. 4271. SHORT TITLE.

       This subtitle may be cited as the ``Cyber Diplomacy Act of 
     2021''.

     SEC. 4272. FINDINGS.

       Congress makes the following findings:
       (1) The stated goal of the United States International 
     Strategy for Cyberspace, launched on May 16, 2011, is to 
     ``work internationally to promote an open, interoperable, 
     secure, and reliable information and communications 
     infrastructure that supports international trade and 
     commerce, strengthens international security, and fosters 
     free expression and innovation ... in which norms of 
     responsible behavior guide states' actions, sustain 
     partnerships, and support the rule of law in cyberspace''.
       (2) In its June 24, 2013, report, the Group of Governmental 
     Experts on Developments in the Field of Information and 
     Telecommunications in the Context of International Security 
     (referred to in this section as ``GGE''), established by the 
     United Nations General Assembly, concluded that ``State 
     sovereignty and the international norms and principles that 
     flow from it apply to States' conduct of ICT-related 
     activities and to their jurisdiction over ICT infrastructure 
     with their territory''.
       (3) In January 2015, China, Kazakhstan, Kyrgyzstan, Russia, 
     Tajikistan, and Uzbekistan proposed a troubling international 
     code of conduct for information security, which could be used 
     as a pretext for restricting political dissent, and includes 
     ``curbing the dissemination of information that incites 
     terrorism, separatism or extremism or that inflames hatred on 
     ethnic, racial or religious grounds''.
       (4) In its July 22, 2015, consensus report, GGE found that 
     ``norms of responsible State behavior can reduce risks to 
     international peace, security and stability''.
       (5) On September 25, 2015, the United States and China 
     announced a commitment that neither country's government 
     ``will conduct or knowingly support cyber-enabled theft of 
     intellectual property, including trade secrets or other 
     confidential business information, with the intent of 
     providing competitive advantages to companies or commercial 
     sectors''.
       (6) At the Antalya Summit on November 15 and 16, 2015, the 
     Group of 20 Leaders' communique--
       (A) affirmed the applicability of international law to 
     state behavior in cyberspace;
       (B) called on states to refrain from cyber-enabled theft of 
     intellectual property for commercial gain; and
       (C) endorsed the view that all states should abide by norms 
     of responsible behavior.
       (7) The March 2016 Department of State International 
     Cyberspace Policy Strategy noted that ``the Department of 
     State anticipates a continued increase and expansion of our 
     cyber-focused diplomatic efforts for the foreseeable 
     future''.
       (8) On December 1, 2016, the Commission on Enhancing 
     National Cybersecurity, which was established within the 
     Department of Commerce by Executive Order No. 13718 (81 Fed. 
     Reg. 7441), recommended that ``the President should appoint 
     an Ambassador for Cybersecurity to lead U.S. engagement with 
     the international community on cybersecurity strategies, 
     standards, and practices''.
       (9) On April 11, 2017, the 2017 Group of 7 Declaration on 
     Responsible States Behavior in Cyberspace--
       (A) recognized ``the urgent necessity of increased 
     international cooperation to promote security and stability 
     in cyberspace'';
       (B) expressed commitment to ``promoting a strategic 
     framework for conflict prevention, cooperation and stability 
     in cyberspace, consisting of the recognition of the 
     applicability of existing international law to State behavior 
     in cyberspace, the promotion of voluntary, non-binding norms 
     of responsible State behavior during peacetime, and the 
     development and the implementation of practical cyber 
     confidence building measures (CBMs) between States''; and
       (C) reaffirmed that ``the same rights that people have 
     offline must also be protected online''.
       (10) In testimony before the Select Committee on 
     Intelligence of the Senate on May 11, 2017, Director of 
     National Intelligence Daniel R. Coats identified 6 cyber 
     threat actors, including--
       (A) Russia, for ``efforts to influence the 2016 U.S. 
     election'';
       (B) China, for ``actively targeting the U.S. Government, 
     its allies, and U.S. companies for cyber espionage'';
       (C) Iran, for ``leverag[ing] cyber espionage, propaganda, 
     and attacks to support its security priorities, influence 
     events and foreign perceptions, and counter threats'';
       (D) North Korea, for ``previously conduct[ing] cyber-
     attacks against U.S. commercial entities--specifically, Sony 
     Pictures Entertainment in 2014'';
       (E) terrorists, who ``use the Internet to organize, 
     recruit, spread propaganda, raise funds, collect 
     intelligence, inspire action by followers, and coordinate 
     operations''; and
       (F) criminals, who ``are also developing and using 
     sophisticated cyber tools for a variety of purposes including 
     theft, extortion, and facilitation of other criminal 
     activities''.
       (11) Information and communication technologies are among a 
     broader set of critical and emerging technologies that 
     underpin United States national security and economic 
     prosperity. The 2017 National Security Strategy noted the 
     central importance of ``emerging technologies . . . such as 
     data science, encryption, autonomous technologies, gene 
     editing, new materials, nanotechnology, advanced computing 
     technologies, and artificial intelligence.''.
       (12) The 21st century will increasingly be defined by 
     economic and military competition rooted in technological 
     advances. Leaders in adopting critical and emerging 
     technologies, and those who shape the use of such 
     technologies, will garner economic, military, and political 
     strength for decades.

[[Page S3443]]

  


     SEC. 4273. DEFINITIONS.

       In this subtitle:
       (1) Appropriate congressional committees.--The term 
     ``appropriate congressional committees'' means the Committee 
     on Foreign Relations of the Senate and the Committee on 
     Foreign Affairs of the House of Representatives.
       (2) Executive agency.--The term ``Executive agency'' has 
     the meaning given such term in section 105 of title 5, United 
     States Code.
       (3) Information and communications technology; ict.--The 
     terms ``information and communications technology'' and 
     ``ICT'' include hardware, software, and other products or 
     services primarily intended to fulfill or enable the function 
     of information processing and communication by electronic 
     means, including transmission and display, including via the 
     Internet.

     SEC. 4274. UNITED STATES INTERNATIONAL CYBERSPACE POLICY.

       (a) In General.--It shall be the policy of the United 
     States to work internationally to promote an open, 
     interoperable, reliable, unfettered, and secure Internet 
     governed by the multi-stakeholder model, which--
       (1) promotes human rights, democracy, and rule of law, 
     including freedom of expression, innovation, communication, 
     and economic prosperity; and
       (2) respects privacy and guards against deception, fraud, 
     and theft.
       (b) Implementation.--In implementing the policy described 
     in subsection (a), the President, in consultation with 
     outside actors, including private sector companies, 
     nongovernmental organizations, security researchers, and 
     other relevant stakeholders, in the conduct of bilateral and 
     multilateral relations, shall pursue the following 
     objectives:
       (1) Clarifying the applicability of international laws and 
     norms to the use of ICT.
       (2) Reducing and limiting the risk of escalation and 
     retaliation in cyberspace, damage to critical infrastructure, 
     and other malicious cyber activity that impairs the use and 
     operation of critical infrastructure that provides services 
     to the public.
       (3) Cooperating with like-minded democratic countries that 
     share common values and cyberspace policies with the United 
     States, including respect for human rights, democracy, and 
     the rule of law, to advance such values and policies 
     internationally.
       (4) Encouraging the responsible development of new, 
     innovative technologies and ICT products that strengthen a 
     secure Internet architecture that is accessible to all.
       (5) Securing and implementing commitments on responsible 
     country behavior in cyberspace based upon accepted norms, 
     including the following:
       (A) Countries should not conduct, or knowingly support, 
     cyber-enabled theft of intellectual property, including trade 
     secrets or other confidential business information, with the 
     intent of providing competitive advantages to companies or 
     commercial sectors.
       (B) Countries should take all appropriate and reasonable 
     efforts to keep their territories clear of intentionally 
     wrongful acts using ICTs in violation of international 
     commitments.
       (C) Countries should not conduct or knowingly support ICT 
     activity that, contrary to international law, intentionally 
     damages or otherwise impairs the use and operation of 
     critical infrastructure providing services to the public, and 
     should take appropriate measures to protect their critical 
     infrastructure from ICT threats.
       (D) Countries should not conduct or knowingly support 
     malicious international activity that, contrary to 
     international law, harms the information systems of 
     authorized emergency response teams (also known as ``computer 
     emergency response teams'' or ``cybersecurity incident 
     response teams'') of another country or authorize emergency 
     response teams to engage in malicious international activity.
       (E) Countries should respond to appropriate requests for 
     assistance to mitigate malicious ICT activity emanating from 
     their territory and aimed at the critical infrastructure of 
     another country.
       (F) Countries should not restrict cross-border data flows 
     or require local storage or processing of data.
       (G) Countries should protect the exercise of human rights 
     and fundamental freedoms on the Internet and commit to the 
     principle that the human rights that people have offline 
     should also be protected online.
       (6) Advancing, encouraging, and supporting the development 
     and adoption of internationally recognized technical 
     standards and best practices.

     SEC. 4275. DEPARTMENT OF STATE RESPONSIBILITIES.

       (a) In General.--Section 1 of the State Department Basic 
     Authorities Act of 1956 (22 U.S.C. 2651a) is amended--
       (1) by redesignating subsections (g) and (h) as subsections 
     (h) and (i), respectively; and
       (2) by inserting after subsection (f) the following:
       ``(g) Bureau of International Cyberspace Policy.--
       ``(1) In general.--The Secretary of State shall establish, 
     within the Department of State, the Bureau of International 
     Cyberspace Policy (referred to in this subsection as the 
     `Bureau'). The head of the Bureau shall have the rank and 
     status of ambassador and shall be appointed by the President, 
     by and with the advice and consent of the Senate.
       ``(2) Duties.--
       ``(A) In general.--The head of the Bureau shall perform 
     such duties and exercise such powers as the Secretary of 
     State shall prescribe, including implementing the policy of 
     the United States described in section 4274 of the Cyber 
     Diplomacy Act of 2021.
       ``(B) Duties described.--The principal duties and 
     responsibilities of the head of the Bureau shall be--
       ``(i) to serve as the principal cyberspace policy official 
     within the senior management of the Department of State and 
     as the advisor to the Secretary of State for cyberspace 
     issues;
       ``(ii) to lead the Department of State's diplomatic 
     cyberspace efforts, including efforts relating to 
     international cybersecurity, Internet access, Internet 
     governance and online freedom, relevant elements of the 
     digital economy, cybercrime, deterrence and international 
     responses to cyber threats, and other issues that the 
     Secretary assigns to the Bureau;
       ``(iii) to coordinate cyberspace policy and other relevant 
     functions within the Department of State and with other 
     components of the United States Government, including--

       ``(I) through the Cyberspace Policy Coordinating Committee 
     described in paragraph (6); and
       ``(II) by convening other coordinating meetings with 
     appropriate officials from the Department and other 
     components of the United States Government on a regular 
     basis;

       ``(iv) to promote an open, interoperable, reliable, and 
     secure information and communications technology 
     infrastructure globally;
       ``(v) to represent the Secretary of State in interagency 
     efforts to develop and advance the policy described in 
     section 4274 of the Cyber Diplomacy Act of 2021;
       ``(vi) to act as a liaison to civil society, the private 
     sector, academia, and other public and private entities on 
     relevant international cyberspace issues;
       ``(vii) to lead United States Government efforts to 
     establish a global deterrence framework for malicious cyber 
     activity;
       ``(viii) to develop and execute adversary-specific 
     strategies to influence adversary decisionmaking through the 
     imposition of costs and deterrence strategies, in 
     coordination with other relevant Executive agencies;
       ``(ix) to advise the Secretary and coordinate with foreign 
     governments on external responses to national security-level 
     cyber incidents, including coordination on diplomatic 
     response efforts to support allies threatened by malicious 
     cyber activity, in conjunction with members of the North 
     Atlantic Treaty Organization and other like-minded countries;
       ``(x) to promote the adoption of national processes and 
     programs that enable threat detection, prevention, and 
     response to malicious cyber activity emanating from the 
     territory of a foreign country, including as such activity 
     relates to the United States' European allies, as 
     appropriate;
       ``(xi) to promote the building of foreign capacity relating 
     to cyberspace policy priorities;
       ``(xii) to promote the maintenance of an open and 
     interoperable Internet governed by the multistakeholder 
     model, instead of by centralized government control;
       ``(xiii) to promote an international regulatory environment 
     for technology investments and the Internet that benefits 
     United States economic and national security interests;
       ``(xiv) to promote cross-border flow of data and combat 
     international initiatives seeking to impose unreasonable 
     requirements on United States businesses;
       ``(xv) to promote international policies to protect the 
     integrity of United States and international 
     telecommunications infrastructure from foreign-based, cyber-
     enabled threats;
       ``(xvi) to lead engagement, in coordination with relevant 
     Executive agencies, with foreign governments on relevant 
     international cyberspace and digital economy issues described 
     in the Cyber Diplomacy Act of 2021;
       ``(xvii) to promote international policies to secure radio 
     frequency spectrum for United States businesses and national 
     security needs;
       ``(xviii) to promote and protect the exercise of human 
     rights, including freedom of speech and religion, through the 
     Internet;
       ``(xix) to promote international initiatives to strengthen 
     civilian and private sector resiliency to threats in 
     cyberspace;
       ``(xx) to build capacity of United States diplomatic 
     officials to engage on cyberspace issues;
       ``(xxi) to encourage the development and adoption by 
     foreign countries of internationally recognized cyber 
     standards, policies, and best practices;
       ``(xxii) to consult, as appropriate, with other Executive 
     agencies with related functions vested in such Executive 
     agencies by law; and
       ``(xxiii) to conduct such other matters as the Secretary of 
     State may assign.
       ``(3) Qualifications.--The head of the Bureau should be an 
     individual of demonstrated competency in the fields of--
       ``(A) cybersecurity and other relevant cyberspace issues; 
     and
       ``(B) international diplomacy.
       ``(4) Organizational placement.--During the 1-year period 
     beginning on the date of the enactment of the Cyber Diplomacy 
     Act of 2021, the head of the Bureau shall report to the Under 
     Secretary for Political Affairs or

[[Page S3444]]

     to an official holding a higher position in the Department of 
     State than the Under Secretary for Political Affairs. After 
     the conclusion of such period, the head of the Bureau may 
     report to a different Under Secretary or to an official 
     holding a higher position than Under Secretary if, not less 
     than 15 days before any change in such reporting structure, 
     the Secretary of State consults with and provides to the 
     Committee on Foreign Relations of the Senate and the 
     Committee on Foreign Affairs of the House of 
     Representatives--
       ``(A) a notification that the Secretary has, with respect 
     to the reporting structure of the Bureau, consulted with and 
     solicited feedback from--
       ``(i) other relevant Federal entities with a role in 
     international aspects of cyber policy; and
       ``(ii) the elements of the Department of State with 
     responsibility over aspects of cyber policy, including the 
     elements reporting to--

       ``(I) the Under Secretary for Political Affairs;
       ``(II) the Under Secretary for Civilian Security, 
     Democracy, and Human Rights;
       ``(III) the Under Secretary for Economic Growth, Energy, 
     and the Environment;
       ``(IV) the Under Secretary for Arms Control and 
     International Security Affairs; and
       ``(V) the Under Secretary for Management;

       ``(B) a description of--
       ``(i) the new reporting structure for the head of the 
     Bureau; and
       ``(ii) the data and evidence used to justify such new 
     structure; and
       ``(C) a plan describing how the new reporting structure 
     will better enable the head of the Bureau to carry out the 
     responsibilities specified in paragraph (2), including the 
     security, economic, and human rights aspects of cyber 
     diplomacy.
       ``(5) Rule of construction.--Nothing in this subsection may 
     be construed to preclude the head of the Bureau from being 
     designated as an Assistant Secretary, if such an Assistant 
     Secretary position does not increase the number of Assistant 
     Secretary positions at the Department above the number 
     authorized under subsection (c)(1).
       ``(6) Coordination.--
       ``(A) Cyberspace policy coordinating committee.--There is 
     established a senior-level Cyberspace Policy Coordinating 
     Committee to ensure that cyberspace issues receive broad 
     senior level-attention and coordination across the Department 
     of State and provide ongoing oversight of such issues. The 
     Cyberspace Policy Coordinating Committee shall be chaired by 
     the head of the Bureau or an official of the Department of 
     State holding a higher position, and operate on an ongoing 
     basis, meeting not less frequently than quarterly. Committee 
     members shall include appropriate officials at the Assistant 
     Secretary level or higher from--
       ``(i) the Under Secretariat for Political Affairs;
       ``(ii) the Under Secretariat for Civilian Security, 
     Democracy, and Human Rights;
       ``(iii) the Under Secretariat for Economic Growth, Energy 
     and the Environment;
       ``(iv) the Under Secretariat for Arms Control and 
     International Security;
       ``(v) the Under Secretariat for Management; and
       ``(vi) other senior level Department participants, as 
     appropriate.
       ``(B) Other meetings.--The head of the Bureau shall convene 
     other coordinating meetings with appropriate officials from 
     the Department of State and other components of the United 
     States Government to ensure regular coordination and 
     collaboration on crosscutting cyber policy issues.''.
       (b) Sense of Congress.--It is the sense of Congress that 
     the Bureau of International Cyberspace Policy established 
     under section 1(g) of the State Department Basic Authorities 
     Act of 1956, as added by subsection (a), should have a 
     diverse workforce composed of qualified individuals, 
     including such individuals from traditionally under-
     represented groups.
       (c) United Nations.--The Permanent Representative of the 
     United States to the United Nations should use the voice, 
     vote, and influence of the United States to oppose any 
     measure that is inconsistent with the policy described in 
     section 4274.
       (d) Special Hiring Authorities.--The Secretary of State 
     may--
       (1) appoint employees without regard to the provisions of 
     title 5, United States Code, regarding appointments in the 
     competitive service; and
       (2) fix the basic compensation of such employees without 
     regard to chapter 51 and subchapter III of chapter 53 of such 
     title regarding classification and General Schedule pay 
     rates.

     SEC. 4276. BRIEFINGS ON INTERNATIONAL EXECUTIVE ARRANGEMENTS.

       (a) Existing Executive Arrangements.--Not later than 180 
     days after the date of the enactment of this Act, the 
     Secretary of State shall brief the appropriate congressional 
     committees regarding any executive bilateral or multilateral 
     cyberspace arrangement in effect before such date of 
     enactment, including--
       (1) the arrangement announced between the United States and 
     Japan on April 25, 2014;
       (2) the arrangement announced between the United States and 
     the United Kingdom on January 16, 2015;
       (3) the arrangement announced between the United States and 
     China on September 25, 2015;
       (4) the arrangement announced between the United States and 
     Korea on October 16, 2015;
       (5) the arrangement announced between the United States and 
     Australia on January 19, 2016;
       (6) the arrangement announced between the United States and 
     India on June 7, 2016;
       (7) the arrangement announced between the United States and 
     Argentina on April 27, 2017;
       (8) the arrangement announced between the United States and 
     Kenya on June 22, 2017;
       (9) the arrangement announced between the United States and 
     Israel on June 26, 2017;
       (10) the arrangement announced between the United States 
     and France on February 9, 2018;
       (11) the arrangement announced between the United States 
     and Brazil on May 14, 2018; and
       (12) any other similar bilateral or multilateral 
     arrangement announced before such date of enactment.

     SEC. 4277. INTERNATIONAL STRATEGY FOR CYBERSPACE.

       (a) Strategy Required.--Not later than 1 year after the 
     date of the enactment of this Act, the President, acting 
     through the Secretary of State, and in coordination with the 
     heads of other relevant Federal departments and agencies, 
     shall develop a strategy relating to United States engagement 
     with foreign governments on international norms with respect 
     to responsible state behavior in cyberspace.
       (b) Elements.--The strategy required under subsection (a) 
     shall include--
       (1) a review of actions and activities undertaken to 
     support the policy described in section 4274;
       (2) a plan of action to guide the diplomacy of the 
     Department of State with regard to foreign countries, 
     including--
       (A) conducting bilateral and multilateral activities to--
       (i) develop norms of responsible country behavior in 
     cyberspace consistent with the objectives specified in 
     section 4274(b)(5); and
       (ii) share best practices and advance proposals to 
     strengthen civilian and private sector resiliency to threats 
     and access to opportunities in cyberspace; and
       (B) reviewing the status of existing efforts in relevant 
     multilateral fora, as appropriate, to obtain commitments on 
     international norms in cyberspace;
       (3) a review of alternative concepts with regard to 
     international norms in cyberspace offered by foreign 
     countries;
       (4) a detailed description of new and evolving threats in 
     cyberspace from foreign adversaries, state-sponsored actors, 
     and private actors to--
       (A) United States national security;
       (B) Federal and private sector cyberspace infrastructure of 
     the United States;
       (C) intellectual property in the United States; and
       (D) the privacy and security of citizens of the United 
     States;
       (5) a review of policy tools available to the President to 
     deter and de-escalate tensions with foreign countries, state-
     sponsored actors, and private actors regarding threats in 
     cyberspace, the degree to which such tools have been used, 
     and whether such tools have been effective deterrents;
       (6) a review of resources required to conduct activities to 
     build responsible norms of international cyber behavior; and
       (7) a plan of action, developed in consultation with 
     relevant Federal departments and agencies as the President 
     may direct, to guide the diplomacy of the Department of State 
     with regard to inclusion of cyber issues in mutual defense 
     agreements.
       (c) Form of Strategy.--
       (1) Public availability.--The strategy required under 
     subsection (a) shall be available to the public in 
     unclassified form, including through publication in the 
     Federal Register.
       (2) Classified annex.--The strategy required under 
     subsection (a) may include a classified annex, consistent 
     with United States national security interests, if the 
     Secretary of State determines that such annex is appropriate.
       (d) Briefing.--Not later than 30 days after the completion 
     of the strategy required under subsection (a), the Secretary 
     of State shall brief the appropriate congressional committees 
     regarding the strategy, including any material contained in a 
     classified annex.
       (e) Updates.--The strategy required under subsection (a) 
     shall be updated--
       (1) not later than 90 days after any material change to 
     United States policy described in such strategy; and
       (2) not later than 1 year after the inauguration of each 
     new President.

     SEC. 4278. ANNUAL COUNTRY REPORTS ON HUMAN RIGHTS PRACTICES.

       The Foreign Assistance Act of 1961 (22 U.S.C. 2151 et seq.) 
     is amended--
       (1) in section 116 (22 U.S.C. 2151n), by adding at the end 
     the following:
       ``(h) Freedom of Expression Assessment.--
       ``(1) In general.--The report required under subsection (d) 
     shall include an assessment of freedom of expression with 
     respect to electronic information in each foreign country, 
     which shall include--
       ``(A)(i) an assessment of the extent to which government 
     authorities in the country inappropriately attempt to filter, 
     censor, or otherwise block or remove nonviolent expression of 
     political or religious opinion or belief through the 
     Internet, including electronic mail; and

[[Page S3445]]

       ``(ii) a description of the means by which such authorities 
     attempt to inappropriately block or remove such expression;
       ``(B) an assessment of the extent to which government 
     authorities in the country have persecuted or otherwise 
     punished, arbitrarily and without due process, an individual 
     or group for the nonviolent expression of political, 
     religious, or ideological opinion or belief through the 
     Internet, including electronic mail;
       ``(C) an assessment of the extent to which government 
     authorities in the country have sought, inappropriately and 
     with malicious intent, to collect, request, obtain, or 
     disclose without due process personally identifiable 
     information of a person in connection with that person's 
     nonviolent expression of political, religious, or ideological 
     opinion or belief, including expression that would be 
     protected by the International Covenant on Civil and 
     Political Rights, adopted at New York December 16, 1966, and 
     entered into force March 23, 1976, as interpreted by the 
     United States; and
       ``(D) an assessment of the extent to which wire 
     communications and electronic communications are monitored 
     without due process and in contravention to United States 
     policy with respect to the principles of privacy, human 
     rights, democracy, and rule of law.
       ``(2) Consultation.--In compiling data and making 
     assessments under paragraph (1), United States diplomatic 
     personnel should consult with relevant entities, including 
     human rights organizations, the private sector, the 
     governments of like-minded countries, technology and Internet 
     companies, and other appropriate nongovernmental 
     organizations or entities.
       ``(3) Definitions.--In this subsection--
       ``(A) the term `electronic communication' has the meaning 
     given such term in section 2510 of title 18, United States 
     Code;
       ``(B) the term `Internet' has the meaning given such term 
     in section 231(e)(3) of the Communications Act of 1934 (47 
     U.S.C. 231(e)(3));
       ``(C) the term `personally identifiable information' means 
     data in a form that identifies a particular person; and
       ``(D) the term `wire communication' has the meaning given 
     such term in section 2510 of title 18, United States Code.''; 
     and
       (2) in section 502B (22 U.S.C. 2304)--
       (A) by redesignating the second subsection (i) (relating to 
     child marriage) as subjection (j); and
       (B) by adding at the end the following:
       ``(k) Freedom of Expression Assessment.--
       ``(1) In general.--The report required under subsection (b) 
     shall include an assessment of freedom of expression with 
     respect to electronic information in each foreign country, 
     which shall include--
       ``(A)(i) an assessment of the extent to which government 
     authorities in the country inappropriately attempt to filter, 
     censor, or otherwise block or remove nonviolent expression of 
     political or religious opinion or belief through the 
     Internet, including electronic mail; and
       ``(ii) a description of the means by which such authorities 
     attempt to inappropriately block or remove such expression;
       ``(B) an assessment of the extent to which government 
     authorities in the country have persecuted or otherwise 
     punished, arbitrarily and without due process, an individual 
     or group for the nonviolent expression of political, 
     religious, or ideological opinion or belief through the 
     Internet, including electronic mail;
       ``(C) an assessment of the extent to which government 
     authorities in the country have sought, inappropriately and 
     with malicious intent, to collect, request, obtain, or 
     disclose without due process personally identifiable 
     information of a person in connection with that person's 
     nonviolent expression of political, religious, or ideological 
     opinion or belief, including expression that would be 
     protected by the International Covenant on Civil and 
     Political Rights, adopted at New York December 16, 1966, and 
     entered into force March 23, 1976, as interpreted by the 
     United States; and
       ``(D) an assessment of the extent to which wire 
     communications and electronic communications are monitored 
     without due process and in contravention to United States 
     policy with respect to the principles of privacy, human 
     rights, democracy, and rule of law.
       ``(2) Consultation.--In compiling data and making 
     assessments under paragraph (1), United States diplomatic 
     personnel should consult with relevant entities, including 
     human rights organizations, the private sector, the 
     governments of like-minded countries, technology and Internet 
     companies, and other appropriate nongovernmental 
     organizations or entities.
       ``(3) Definitions.--In this subsection--
       ``(A) the term `electronic communication' has the meaning 
     given the term in section 2510 of title 18, United States 
     Code;
       ``(B) the term `Internet' has the meaning given the term in 
     section 231(e)(3) of the Communications Act of 1934 (47 
     U.S.C. 231(e)(3));
       ``(C) the term `personally identifiable information' means 
     data in a form that identifies a particular person; and
       ``(D) the term `wire communication' has the meaning given 
     the term in section 2510 of title 18, United States Code.''.

     SEC. 4279. GAO REPORT ON CYBER AND TECHNOLOGY DIPLOMACY.

       Not later than 1 year after the date of the enactment of 
     this Act, the Comptroller General of the United States shall 
     submit a report and provide a briefing to the appropriate 
     congressional committees that includes--
       (1) an assessment of the extent to which United States 
     diplomatic processes and other efforts with foreign 
     countries, including through multilateral fora, bilateral 
     engagements, and negotiated cyberspace agreements, advance 
     the full range of United States interests in cyberspace, 
     including the policy described in section 4274;
       (2) an assessment of the extent to which United States 
     diplomatic processes and other efforts with foreign 
     countries, including through multilateral fora, bilateral 
     engagements, and negotiated agreements, advance the full 
     range of United States interests with respect to critical and 
     emerging technologies;
       (3) an assessment of the Department of State's 
     organizational structure and its approach to managing its 
     diplomatic efforts to advance the full range of United States 
     interests in cyberspace and with respect to critical and 
     emerging technologies, including a review of--
       (A) the establishment of a bureau in the Department of 
     State to lead the Department's international cyber mission;
       (B) the current or proposed diplomatic mission, structure, 
     staffing, funding, and activities of such bureau;
       (C) how the establishment of such bureau has impacted or is 
     likely to impact the structure and organization of the 
     Department of State;
       (D) what challenges, if any, the Department of State has 
     faced or will face in establishing such bureau;
       (E) the current and proposed diplomatic mission, structure, 
     staffing, funding, and activities related to critical and 
     emerging technologies; and
       (F) how the Department of State is integrating the critical 
     and emerging technologies mission with the cyber mission; and
       (4) any other matters that the Comptroller General 
     determines to be relevant.

     SEC. 4280. STRATEGY FOR CRITICAL AND EMERGING TECHNOLOGIES.

       Not later than 180 days after the date of enactment of this 
     Act, the Secretary of State shall submit to the appropriate 
     congressional committees a strategy for critical and emerging 
     technologies that--
       (1) identifies key international and diplomatic issues 
     related to critical and emerging technologies;
       (2) identifies the specific components of the Department of 
     State accountable for the issues identified in paragraph (1);
       (3) defines the processes by which the Department of State 
     will identify, understand, and allocate responsibilities for 
     novel technologies;
       (4) defines the processes for reporting and information 
     sharing within the Department of State;
       (5) defines the processes for interagency consultation and 
     collaboration;
       (6) identifies how existing processes at the Department of 
     State will be integrated into new efforts by the Department 
     of State on critical and emerging technologies; and
       (7) defines a strategy for recruiting training, and 
     retaining additional personnel needed to implement the 
     strategy, including individuals with significant expertise 
     and training in science, technology, engineering, and 
     mathematics.
                                 ______