[Congressional Record Volume 170, Number 46 (Thursday, March 14, 2024)]
[Senate]
[Pages S2403-S2414]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
By Mr. DURBIN (for himself, Mr. Lee, Ms. Hirono, Mr. Daines, Mr.
Wyden, Ms. Lummis, Ms. Baldwin, Mr. Heinrich, Ms. Warren, Mr.
Markey, Mr. Tester, Mr. Sanders, and Mr. Welch):
S. 3961. A bill to amend the Foreign Intelligence Surveillance Act of
1978 to reform certain authorities and to provide greater transparency
and oversight; to the Committee on the Judiciary.
Mr. DURBIN. Madam President, in just a few weeks, an important but
controversial surveillance authority, known as section 702 of the
Foreign Intelligence Surveillance Act, will expire. This extraordinary
authority was initially presented to Congress as a temporary emergency
counterterrorism tool more than 15 years ago. As is often the case with
temporary emergency authorities, section 702 is now used for a wide
range of foreign intelligence purposes, from countering Russia to
stopping the flow of fentanyl into the United States.
Just last month, the Federal Bureau of Investigation revealed that
data collected using section 702 allowed the Agency to foil several
attacks in recent years, including attacks that would have crippled
U.S. critical infrastructure and even threaten the lives of our U.S.
servicemembers. And the authority has helped the U.S. uncover
atrocities committed by Russia during its ongoing assault on Ukraine.
I have had demonstrations of the 702 authority, and there is no doubt
in my mind that it is a valuable tool for collecting foreign
intelligence. But this authority raises serious constitutional
concerns, as it allows access not just to communications by those who
are foreigners but also to the vast databases of Americans'
communications without the customary search warrant required by the
U.S. Constitution.
This powerful tool--this effective tool on foreign surveillance--has
been used, in my mind, improperly to spy on American protesters, from
Black Lives Matter to MAGA loyalists.
The FBI has imposed new limits on the authority of FBI agents to
search the communications of Americans. But even after implementing
these reforms, the FBI still conducted over 200,000 warrantless
searches of Americans in just 1 year--more than 500 searches of
Americans per day.
Democrats and Republicans alike are rightly concerned. Our Founders
understood the danger of unchecked government surveillance and had the
wisdom and foresight to enshrine protections for American citizens in
the Constitution. The Fourth Amendment to our
[[Page S2404]]
Constitution protects Americans from unreasonable search and seizure,
particularly those without a warrant based upon probable cause that had
been approved by a judge.
I have long raised concerns about section 702's lack of sufficient
safeguards to protect these rights, and I have consistently voted
against the extension of section 702 without changes. However, I have
also said that I would support section 702 if it includes sufficient
safeguards to protect Americans from warrantless surveillance.
As chairman of the Senate Judiciary Committee, which has primary
jurisdiction over FISA, I have evaluated proposed reforms and carefully
considered the administration's views. I have also heard from my
colleagues on both sides of the aisle. Existing legislative proposals
of the House and Senate go too far for some and not far enough for
others.
That is why, today, I am introducing what I hope will be a compromise
bill that tries to bridge this divide to protect both our security and
our Constitution and guaranteed freedoms.
The Security and Freedom Enhancement Act, or SAFE Act, would enhance
our national security by reauthorizing section 702 for 4 more years,
while also protecting Americans from warrantless surveillance.
The SAFE Act would require the government to demonstrate to a court
that it has probable cause before reading or listening to the private
communications of Americans that have been swept up by section 702.
Basically, in just a few words to describe the process, if one of our
intelligence or law enforcement Agencies suspects that a foreigner is
engaged in conduct that is threatening the security of the United
States, they call up the records of that foreigner, and if it turns out
that foreigner has communicated with an American citizen, the question
is, What do you do next? Can you, in any way, monitor that conversation
or come up with an investigation of the documents of that American with
or without a warrant? That is the fundamental question we are facing
here. So the search starts in the right direction, to a foreign source,
and ends up dealing with an American--an American, obviously, who has
constitutional rights.
The SAFE Act would require the government to demonstrate to a court
that it has probable cause, before reading or listening to the private
communications of Americans who have been swept up in section 702.
However, this requirement will not prevent government agents from
searching 702 databases to determine if foreign targets are
communicating with Americans, nor will it prevent agents from accessing
the communications of those foreign agents.
But if the government wants to review the contents--the contents--of
Americans' communication, it would first be required to demonstrate to
the Foreign Intelligence Surveillance Court that it has probable cause
to do that.
This would not be overly burdensome because a warrant would only be
required in cases where the government actually reviews the content of
American communications. They estimate that the incidents of American
content are 1.58 percent of all 702 searches of Americans.
The SAFE Act also would not require a warrant in cases involving
exigent circumstances or cyber security attacks to ensure that there
will not be any delay that jeopardizes our national security.
This approach is based on recommendations by the independent Private
and Civil Liberties Oversight Board, which we created after 9/11 to
ensure that our counterterrorism policies do not violate the
constitutional rights of the American people.
The persistent and widespread violation of existing limits on section
702 underscore the importance of court approval, which we will propose.
Better compliance measures within the executive branch are helpful,
but they are no substitute for checks and balances by the judicial
branch, as the Founders intended.
The SAFE Act, which I am introducing, is a sensible, moderate
compromise between more robust reform proposals that address a wide
range of surveillance concerns and bills that reauthorize section 702
without adequately addressing these concerns.
I know that compromise does not come easy when it comes to this
policy, but a reasonable middle ground that protects our national
security and the rights of the American people is possible. The SAFE
Act is my offer in compromise to achieve that goal.
With the April 19 sunset of section 702 fast approaching, I urge my
colleagues on both sides of the aisle to join me in supporting this
compromise for the good of the American people.
Madam President, I ask unanimous consent that the text of the bill be
printed in the Record.
There being no objection, the text of the bill was ordered to be
printed in the Record, as follows:
S. 3961
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
(a) Short Title.--This Act may be cited as the ``Security
And Freedom Enhancement Act of 2024'' or the ``SAFE Act''.
(b) Table of Contents.--The table of contents for this Act
is as follows:
Sec. 1. Short title; table of contents.
TITLE I--PROTECTIONS FOR UNITED STATES PERSONS WHOSE COMMUNICATIONS ARE
COLLECTED UNDER SECTION 702 OF THE FOREIGN INTELLIGENCE SURVEILLANCE
ACT OF 1978
Sec. 101. Query procedure reform.
Sec. 102. Quarterly reports.
Sec. 103. Accountability procedures for incidents relating to queries
conducted by the Federal Bureau of Investigation.
Sec. 104. Prohibition on reverse targeting of United States persons and
persons located in the United States.
Sec. 105. FISA court review of targeting decisions.
Sec. 106. Repeal of authority for the resumption of abouts collection.
Sec. 107. Extension of title VII of FISA; expiration of FISA
authorities; effective dates.
TITLE II--ADDITIONAL REFORMS RELATING TO ACTIVITIES UNDER THE FOREIGN
INTELLIGENCE SURVEILLANCE ACT OF 1978
Sec. 201. Application for an order under the Foreign Intelligence
Surveillance Act of 1978.
Sec. 202. Criminal penalties for violations of FISA.
Sec. 203. Increased penalties for civil actions.
Sec. 204. Agency procedures to ensure compliance.
Sec. 205. Limit on civil immunity for providing information,
facilities, or technical assistance to the Government
absent a court order.
TITLE III--REFORMS RELATING TO PROCEEDINGS BEFORE THE FOREIGN
INTELLIGENCE SURVEILLANCE COURT AND OTHER COURTS
Sec. 301. Foreign Intelligence Surveillance Court reform.
Sec. 302. Public disclosure and declassification of certain documents.
Sec. 303. Submission of court transcripts to Congress.
Sec. 304. Contempt power of FISC and FISCR.
TITLE IV--INDEPENDENT EXECUTIVE BRANCH OVERSIGHT
Sec. 401. Periodic audit of FISA compliance by Inspector General.
Sec. 402. Intelligence community parity and communications with Privacy
and Civil Liberties Oversight Board.
TITLE V--PROTECTIONS FOR UNITED STATES PERSONS WHOSE SENSITIVE
INFORMATION IS PURCHASED BY INTELLIGENCE AND LAW ENFORCEMENT AGENCIES
Sec. 501. Limitation on intelligence acquisition of United States
person data.
Sec. 502. Limitation on law enforcement purchase of personal data from
data brokers.
Sec. 503. Consistent protections for demands for data held by
interactive computing services.
Sec. 504. Consistent privacy protections for data held by data brokers.
Sec. 505. Protection of data entrusted to intermediary or ancillary
service providers.
TITLE VI--TRANSPARENCY
Sec. 601. Enhanced reports by Director of National Intelligence.
TITLE VII--LIMITED DELAYS IN IMPLEMENTATION
Sec. 701. Limited delays in implementation.
TITLE I--PROTECTIONS FOR UNITED STATES PERSONS WHOSE COMMUNICATIONS ARE
COLLECTED UNDER SECTION 702 OF THE FOREIGN INTELLIGENCE SURVEILLANCE
ACT OF 1978
SEC. 101. QUERY PROCEDURE REFORM.
(a) Mandatory Audits of United States Person Queries
Conducted by Federal Bureau of Investigation.--
(1) In general.--The Department of Justice shall conduct an
audit of a significant
[[Page S2405]]
representative sample of covered queries, as defined in
paragraph (6) of section 702(f) of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1881a(f)), as
redesignated and amended by subsection (b) of this section,
conducted during the 180-day period beginning on the date of
enactment of this Act, and during each 180-day period
thereafter.
(2) Completion of audit.--Not later than 90 days after the
end of each 180-day period described in paragraph (1), the
Department of Justice shall complete the audit described in
such paragraph with respect to such 180-day period.
(b) Restrictions Relating to Conduct of Certain Queries by
Federal Bureau of Investigation.--Section 702(f) of the
Foreign Intelligence Surveillance Act of 1978 (50 U.S.C.
1881a(f)) is amended--
(1) by redesignating paragraph (3) as paragraph (6);
(2) by inserting before paragraph (6) the following:
``(5) Querying procedures applicable to federal bureau of
investigation.--For any procedures adopted under paragraph
(1) applicable to the Federal Bureau of Investigation, the
Attorney General, in consultation with the Director of
National Intelligence, shall include the following
requirements:
``(A) Training.--A requirement that, prior to conducting
any query, and on an annual basis thereafter as a
prerequisite for continuing to conduct queries, personnel of
the Federal Bureau of Investigation successfully complete
training on the querying procedures.
``(B) Additional prior approvals for sensitive queries.--A
requirement that, absent exigent circumstances, prior to
conducting certain queries, personnel of the Federal Bureau
of Investigation receive approval, at minimum, as follows:
``(i) Approval from the Deputy Director of the Federal
Bureau of Investigation if the query uses a query term
reasonably believed to identify a United States elected
official, an appointee of the President or the governor of a
State, a United States political candidate, a United States
political organization or a United States person prominent in
such organization, or a United States media organization or a
United States person who is a member of such organization.
``(ii) Approval from an attorney of the Federal Bureau of
Investigation if the query uses a query term reasonably
believed to identify a United States religious organization
or a United States person who is prominent in such
organization.
``(iii) Approval from an attorney of the Federal Bureau of
Investigation for 2 or more queries conducted together as a
batch job.
``(C) Prior written justification.--A requirement that--
``(i) prior to conducting a covered query, personnel of the
Federal Bureau of Investigation generate a written statement
of the specific factual basis to support the reasonable
belief that such query meets the standards required by the
procedures adopted under paragraph (1); and
``(ii) for each covered query, the Federal Bureau of
Investigation shall keep a record of the query term, the date
of the conduct of the query, the identifier of the personnel
conducting the query, and such written statement.
``(D) Affirmative election to include section 702
information in queries.--Any system of the Federal Bureau of
Investigation that stores unminimized contents or noncontents
obtained through acquisitions authorized under subsection (a)
together with contents or noncontents obtained through other
lawful means shall be configured in a manner that--
``(i) requires personnel of the Federal Bureau of
Investigation to affirmatively elect to include such
unminimized contents or noncontents obtained through
acquisitions authorized under subsection (a) when running a
query; or
``(ii) includes other controls reasonably expected to
prevent inadvertent queries of such unminimized contents or
noncontents.''; and
(3) in paragraph (6), as so redesignated--
(A) by redesignating subparagraph (B) as subparagraph (C);
and
(B) by inserting after subparagraph (A) the following:
``(B) The term `covered query' means a query conducted--
``(i) using a term associated with a United States person
or a person reasonably believed to be located in the United
States at the time of the query or the time of the
communication or creation of the information; or
``(ii) for the purpose of finding the information of a
United States person or a person reasonably believed to be
located in the United States at the time of the query or the
time of the communication or creation of the information.''.
(c) Prohibition on Warrantless Access to the Communications
and Other Information of United States Persons and Persons
Located in the United States.--Section 702(f) of the Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1881a(f)) is
amended--
(1) in paragraph (1)(A) by inserting ``and the limitations
and requirements in paragraph (2)'' after ``Constitution of
the United States'';
(2) by striking paragraph (2) and inserting the following:
``(2) Prohibition on warrantless access to the
communications and other information of united states persons
and persons located in the united states.--
``(A) In general.--Except as provided in subparagraphs (B)
and (C), no officer or employee of the United States may
access communications content, or information the compelled
disclosure of which would require a probable cause warrant if
sought for law enforcement purposes inside the United States,
acquired under subsection (a) and returned in response to a
covered query.
``(B) Exceptions for concurrent authorization, consent,
emergency situations, and certain defensive cybersecurity
queries.--
``(i) In general.--Subparagraph (A) shall not apply if--
``(I) the person to whom the query relates is the subject
of an order or emergency authorization authorizing electronic
surveillance, a physical search, or an acquisition under this
section or section 105, section 304, section 703, or section
704 of this Act or a warrant issued pursuant to the Federal
Rules of Criminal Procedure by a court of competent
jurisdiction;
``(II)(aa) the officer or employee accessing the
communications content or information has a reasonable belief
that--
``(AA) an emergency exists involving an imminent threat of
death or serious bodily harm; and
``(BB) in order to prevent or mitigate the threat described
in subitem (AA), the communications content or information
must be accessed before authorization described in subclause
(I) can, with due diligence, be obtained; and
``(bb) not later than 14 days after the communications
content or information is accessed, a description of the
circumstances justifying the accessing of the query results
is provided to the Foreign Intelligence Surveillance Court,
the congressional intelligence committees, the Committee on
the Judiciary of the House of Representatives, and the
Committee on the Judiciary of the Senate;
``(III) such person or, if such person is incapable of
providing consent, a third party legally authorized to
consent on behalf of such person, has provided consent for
the access on a case-by-case basis; or
``(IV)(aa) the communications content or information is
accessed and used for the sole purpose of identifying
targeted recipients of malicious software and preventing or
mitigating harm from such malicious software;
``(bb) other than malicious software and cybersecurity
threat signatures, no communications content or other
information are accessed or reviewed; and
``(cc) the accessing of query results is reported to the
Foreign Intelligence Surveillance Court.
``(ii) Limitations.--
``(I) Use in subsequent proceedings.--No communications
content or information accessed under clause (i)(II) or
information derived from such access may be used, received in
evidence, or otherwise disseminated in any trial, hearing, or
other proceeding in or before any court, grand jury,
department, office, agency, regulatory body, legislative
committee, or other authority of the United States, a State,
or political subdivision thereof, except in a proceeding that
arises from the threat that prompted the query.
``(II) Assessment of compliance.--Not less frequently than
annually, the Attorney General shall assess compliance with
the requirements under subclause (I).
``(C) Matters relating to emergency queries.--
``(i) Treatment of denials.--In the event that
communications content or information returned in response to
a covered query are accessed pursuant to an emergency
authorization described in subparagraph (B)(i)(I) and the
subsequent application to authorize electronic surveillance,
a physical search, or an acquisition pursuant to section
105(e), section 304(e), section 703(d), or section 704(d) of
this Act is denied, or in any other case in which
communications content or information returned in response to
a covered query are accessed in violation of this paragraph--
``(I) no communications content or information acquired or
evidence derived from such access may be used, received in
evidence, or otherwise disseminated in any investigation by
or in any trial, hearing, or other proceeding in or before
any court, grand jury, department, office, agency, regulatory
body, legislative committee, or other authority of the United
States, a State, or political subdivision thereof; and
``(II) no communications content or information acquired or
derived from such access may subsequently be used or
disclosed in any other manner without the consent of the
person to whom the covered query relates, except in the case
that the Attorney General approves the use or disclosure of
such information in order to prevent the death of or serious
bodily harm to any person.
``(ii) Assessment of compliance.--Not less frequently than
annually, the Attorney General shall assess compliance with
the requirements under clause (i).
``(D) Foreign intelligence purpose.--
``(i) In general.--Except as provided in clause (ii) of
this subparagraph, no officer or employee of the United
States may conduct a covered query of information acquired
under subsection (a) unless the query is reasonably likely to
retrieve foreign intelligence information.
``(ii) Exceptions.--An officer or employee of the United
States may conduct a covered query of information acquired
under this section if--
[[Page S2406]]
``(I)(aa) the officer or employee conducting the query has
a reasonable belief that an emergency exists involving an
imminent threat of death or serious bodily harm; and
``(bb) not later than 14 days after the query is conducted,
a description of the query is provided to the Foreign
Intelligence Surveillance Court, the congressional
intelligence committees, the Committee on the Judiciary of
the House of Representatives, and the Committee on the
Judiciary of the Senate;
``(II) the person to whom the query relates or, if such
person is incapable of providing consent, a third party
legally authorized to consent on behalf of such person, has
provided consent for the query on a case-by-case basis;
``(III)(aa) the query is conducted, and the results of the
query are used, for the sole purpose of identifying targeted
recipients of malicious software and preventing or mitigating
harm from such malicious software;
``(bb) other than malicious software and cybersecurity
threat signatures, no additional contents of communications
acquired as a result of the query are accessed or reviewed;
and
``(cc) the query is reported to the Foreign Intelligence
Surveillance Court; or
``(IV) the query is necessary to identify information that
must be produced or preserved in connection with a litigation
matter or to fulfill discovery obligations in a criminal
matter under the laws of the United States or any State
thereof.
``(3) Documentation.--No officer or employee of the United
States may access communications content, or information the
compelled disclosure of which would require a probable cause
warrant if sought for law enforcement purposes inside the
United States, returned in response to a covered query unless
an electronic record is created that includes a statement of
facts showing that the access is authorized pursuant to an
exception specified in paragraph (2)(B)(i).
``(4) Query record system.--The head of each agency that
conducts queries shall ensure that a system, mechanism, or
business practice is in place to maintain the record
described in paragraph (3). Not later than 90 days after the
date of enactment of the SAFE Act, the head of each agency
that conducts queries shall report to Congress on its
compliance with this procedure.''.
(d) Conforming Amendments.--
(1) Section 603(b)(2) of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1873(b)(2)) is amended,
in the matter preceding subparagraph (A), by striking ``,
including pursuant to subsection (f)(2) of such section,''.
(2) Section 706(a)(2)(A)(i) of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1881e(a)(2)(A))i)) is
amended by striking ``obtained an order of the Foreign
Intelligence Surveillance Court to access such information
pursuant to section 702(f)(2)'' and inserting ``accessed such
information in accordance with section 702(b)(2)''.
SEC. 102. QUARTERLY REPORTS.
Section 707 of the Foreign Intelligence Surveillance Act of
1978 (50 U.S.C. 1881f) is amended by adding at the end the
following:
``(c) Quarterly Reports.--The Attorney General, in
consultation with the Director of National Intelligence,
shall submit to the congressional intelligence committees,
the Committee on the Judiciary of the Senate, and the
Committee on the Judiciary of the House of Representatives a
quarterly report, which shall include, for that quarter,
disaggregated by each agency that conducts queries of
information acquired under section 702, the following
information:
``(1) The total number of covered queries (as defined in
section 702(f)(6)) conducted of information acquired under
section 702.
``(2) The number of times an officer or employee of the
United States accessed communications contents (as defined in
section 2510(8) of title 18, United States Code) or
information the compelled disclosure of which would require a
probable cause warrant if sought for law enforcement purposes
in the United States, returned in response to such queries.
``(3) The number of applications for orders relating to an
emergency authorization described in subclause (I) of section
702(f)(2)(B)(i) with respect to a person for which
communications contents or information relating to such
person were accessed under such subclause and the number of
such orders granted.
``(4) The number of times an exception subclause (II),
(III), or (IV) of section 702(f)(2)(B)(i) was asserted,
disaggregated by the subclause under which an exception was
asserted.''.
SEC. 103. ACCOUNTABILITY PROCEDURES FOR INCIDENTS RELATING TO
QUERIES CONDUCTED BY THE FEDERAL BUREAU OF
INVESTIGATION.
(a) In General.--Title VII of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1881 et seq.) is amended
by adding at the end the following:
``SEC. 709. ACCOUNTABILITY PROCEDURES FOR INCIDENTS RELATING
TO QUERIES CONDUCTED BY THE FEDERAL BUREAU OF
INVESTIGATION.
``(a) In General.--The Director of the Federal Bureau of
Investigation shall establish procedures to hold employees of
the Federal Bureau of Investigation accountable for
violations of law, guidance, and procedure governing queries
of information acquired pursuant to section 702.
``(b) Elements.--The procedures established under
subsection (a) shall include the following:
``(1) Centralized tracking of individual employee
performance incidents involving negligent violations of law,
guidance, and procedure described in subsection (a), over
time.
``(2) Escalating consequences for such incidents,
including--
``(A) consequences for initial incidents, including, at a
minimum--
``(i) suspension of access to information acquired under
this Act; and
``(ii) documentation of the incident in the personnel file
of each employee responsible for the violation; and
``(B) consequences for subsequent incidents, including, at
a minimum--
``(i) possible indefinite suspension of access to
information acquired under this Act;
``(ii) reassignment of each employee responsible for the
violation; and
``(iii) referral of the incident to the Inspection Division
of the Federal Bureau of Investigation for review of
potentially reckless conduct.
``(3) Clarification of requirements for referring
intentional misconduct and reckless conduct to the Inspection
Division of the Federal Bureau of Investigation for
investigation and disciplinary action by the Office of
Professional Responsibility of the Federal Bureau of
Investigation.''.
(b) Clerical Amendment.--The table of contents for the
Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801
et seq.) is amended by inserting after the item relating to
section 708 the following:
``Sec. 709. Accountability procedures for incidents relating to queries
conducted by the Federal Bureau of Investigation.''.
(c) Report Required.--
(1) Initial report.--Not later than 180 days after the date
of enactment of this Act, the Director of the Federal Bureau
of Investigation shall submit to the Committee on the
Judiciary of the House of Representatives, the Committee on
the Judiciary of the Senate, and the congressional
intelligence committees (as such term is defined in section
801 of the Foreign Intelligence Surveillance Act of 1978 (50
U.S.C. 1885)) a report detailing the procedures established
under section 709 of the Foreign Intelligence Surveillance
Act of 1978, as added by subsection (a).
(2) Annual report.--Not later than 1 year after the date of
enactment of this Act, and annually thereafter, the Federal
Bureau of Investigation shall submit to the Committee on the
Judiciary of the House of Representatives, the Committee on
the Judiciary of the Senate, and the congressional
intelligence committees (as such term is defined in section
801 of the Foreign Intelligence Surveillance Act of 1978 (50
U.S.C. 1885)) a report on any disciplinary actions taken
pursuant to the procedures established under section 709 of
the Foreign Intelligence Surveillance Act of 1978, as added
by subsection (a), including a description of the
circumstances surrounding each such disciplinary action, and
the results of each such disciplinary action.
(3) Form.--The reports required under paragraphs (1) and
(2) shall be submitted in unclassified form, but may include
a classified annex to the extent necessary to protect sources
and methods.
SEC. 104. PROHIBITION ON REVERSE TARGETING OF UNITED STATES
PERSONS AND PERSONS LOCATED IN THE UNITED
STATES.
Section 702 of the Foreign Intelligence Surveillance Act of
1978 (50 U.S.C. 1881a) is amended--
(1) in subsection (b)(2)--
(A) by striking ``may not intentionally'' and inserting the
following: ``may not--
``(A) intentionally''; and
(B) in subparagraph (A), as designated by subparagraph (A)
of this paragraph, by striking ``if the purpose of such
acquisition is to target a particular, known person
reasonably believed to be in the United States;'' and
inserting the following: ``if a significant purpose of such
acquisition is to target 1 or more United States persons or
persons reasonably believed to be located in the United
States at the time of acquisition or communication, unless--
``(i)(I) there is a reasonable belief that an emergency
exists involving an imminent threat of death or serious
bodily harm;
``(II) the information is necessary to mitigate that
threat;
``(III) a description of the targeting is provided to the
Foreign Intelligence Surveillance Court, the congressional
intelligence committees, the Committee on the Judiciary of
the Senate, and the Committee on the Judiciary of the House
of Representatives in a timely manner; and
``(IV) any information acquired from such targeting is
used, received in evidence, or otherwise disseminated solely
in an investigation by or in a trial, hearing, or other
proceeding in or before a court, grand jury, department,
office, agency, regulatory body, legislative committee, or
other authority of the United States, a State, or political
subdivision thereof, that arises from the threat that
prompted the targeting; or
``(ii) the United States person or persons reasonably
believed to be located in the United States at the time of
acquisition or communication has provided consent to the
targeting, or if such person is incapable of providing
consent, a third party legally authorized to consent on
behalf of such person has provided consent;'';
(2) in subsection (d)(1), by amending subparagraph (A) to
read as follows:
``(A) ensure that--
``(i) any acquisition authorized under subsection (a) is
limited to targeting persons
[[Page S2407]]
reasonably believed to be non-United States persons located
outside the United States; and
``(ii) except as provided in subsection (b)(2), targeting 1
or more United States persons or persons reasonably believed
to be in the United States at the time of acquisition or
communication is not a significant purpose of an acquisition;
and'';
(3) in subsection (h)(2)(A)(i), by amending subclause (I)
to read as follows:
``(I) ensure that--
``(aa) an acquisition authorized under subsection (a) is
limited to targeting persons reasonably believed to be non-
United States persons located outside the United States; and
``(bb) except as provided in subsection (b)(2), a
significant purpose of an acquisition is not to target 1 or
more United States persons or persons reasonably believed to
be in the United States at the time of acquisition or
communication; and''; and
(4) in subsection (j)(2)(B), by amending clause (i) to read
as follows:
``(i) ensure that--
``(I) an acquisition authorized under subsection (a) is
limited to targeting persons reasonably believed to be non-
United States persons located outside the United States; and
``(II) except as provided in subsection (b)(2), a
significant purpose of an acquisition is not to target 1 or
more United States persons or persons reasonably believed to
be in the United States at the time of acquisition or
communication; and''.
SEC. 105. FISA COURT REVIEW OF TARGETING DECISIONS.
Section 702 of the Foreign Intelligence Surveillance Act of
1978 (50 U.S.C. 1881a) is amended--
(1) in subsection (h)(2)--
(A) in subparagraph (D)(ii), by striking ``and'' at the
end;
(B) in subparagraph (E), by striking the period at the end
and inserting ``; and''; and
(C) by adding at the end the following:
``(F) include a random sample of targeting decisions and
supporting written justifications from the prior year, using
a sample size and methodology that has been approved by the
Foreign Intelligence Surveillance Court.''; and
(2) in subsection (j)(1)--
(A) by striking ``subsection (g)'' each place it appears
and inserting ``subsection (h)''; and
(B) in subparagraph (A), as amended by subparagraph (A) of
this paragraph, by inserting ``, including reviewing the
random sample of targeting decisions and written
justifications submitted under subsection (h)(2)(F),'' after
``subsection (h)''.
SEC. 106. REPEAL OF AUTHORITY FOR THE RESUMPTION OF ABOUTS
COLLECTION.
(a) In General.--Section 702(b)(5) of the Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1881a(b)(5))
is amended by striking ``, except as provided under section
103(b) of the FISA Amendments Reauthorization Act of 2017''.
(b) Conforming Amendments.--
(1) Foreign intelligence surveillance act of 1978.--Section
702(m) of the Foreign Intelligence Surveillance Act of 1978
(50 U.S.C. 1881a(m)) is amended--
(A) in the subsection heading, by striking ``Reviews, and
Reporting'' and inserting ``and Reviews''; and
(B) by striking paragraph (4).
(2) FISA amendments reauthorization act of 2017.--Section
103 of the FISA Amendments Reauthorization Act of 2017
(Public Law 115-118; 132 Stat. 10) is amended--
(A) by striking subsection (b) (50 U.S.C. 1881a note); and
(B) by striking ``(a) In General.--''.
SEC. 107. EXTENSION OF TITLE VII OF FISA; EXPIRATION OF FISA
AUTHORITIES; EFFECTIVE DATES.
(a) Effective Dates.--Section 403(b) of the FISA Amendments
Act of 2008 (Public Law 110-261; 122 Stat. 2474) is amended--
(1) in paragraph (1) (50 U.S.C. 1881 note)--
(A) by striking ``April 19, 2024'' and inserting ``December
31, 2027''; and
(B) by striking ``, as amended by section 101(a) and by the
FISA Amendments Reauthorization Act of 2017,'' and inserting
``, as most recently amended,''; and
(2) in paragraph (2) (18 U.S.C. 2511 note), in the matter
preceding subparagraph (A), by striking ``April 19, 2024''
and inserting ``December 31, 2027''.
(b) Conforming Amendments.--Section 404(b) of the FISA
Amendments Act of 2008 (Public Law 110-261; 122 Stat. 2476),
is amended--
(1) in paragraph (1)--
(A) in the heading, by striking ``April 19, 2024'' and
inserting ``December 31, 2027''; and
(B) by striking ``, as amended by section 101(a) and by the
FISA Amendments Reauthorization Act of 2017,'' and inserting
``, as most recently amended,'';
(2) in paragraph (2), by striking ``, as amended by section
101(a) and by the FISA Amendments Reauthorization Act of
2017,'' and inserting ``, as most recently amended,''; and
(3) in paragraph (4)--
(A) by striking ``, as added by section 101(a) and amended
by the FISA Amendments Reauthorization Act of 2017,'' both
places it appears and inserting ``, as added by section
101(a) and as most recently amended,''; and
(B) by striking ``, as amended by section 101(a) and by the
FISA Amendments Reauthorization Act of 2017,'' both places it
appears and inserting ``, as most recently amended,''.
TITLE II--ADDITIONAL REFORMS RELATING TO ACTIVITIES UNDER THE FOREIGN
INTELLIGENCE SURVEILLANCE ACT OF 1978
SEC. 201. APPLICATION FOR AN ORDER UNDER THE FOREIGN
INTELLIGENCE SURVEILLANCE ACT OF 1978.
(a) Requirement for Sworn Statements for Factual
Assertions.--
(1) Title i.--Subsection (a)(3) of section 104 of the
Foreign Intelligence Surveillance Act of 1978 (50 U.S.C.
1804) is amended by striking ``a statement of'' and inserting
``a sworn statement of''.
(2) Title iii.--Subsection (a)(3) of section 303 of the
Foreign Intelligence Surveillance Act of 1978 (50 U.S.C.
1823) is amended by striking ``a statement of'' and inserting
``a sworn statement of''.
(3) Section 703.--Subsection (b)(1)(C) of section 703 of
the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C.
1881b) is amended by striking ``a statement of'' and
inserting ``a sworn statement of''.
(4) Section 704.--Subsection (b)(3) of section 704 of the
Foreign Intelligence Surveillance Act of 1978 (50 U.S.C.
1881c) is amended by striking ``a statement of'' and
inserting ``a sworn statement of''.
(5) Applicability.--The amendments made by this subsection
shall apply with respect to applications made on or after the
date that is 120 days after the date of enactment of this
Act.
(b) Description of Techniques Carried Out Before
Application.--
(1) Title i.--Subsection (a) of section 104 of the Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1804) is
amended--
(A) in paragraph (8), by striking ``; and'' and inserting a
semicolon;
(B) in paragraph (9), by striking the period at the end and
inserting a semicolon; and
(C) by adding at the end the following:
``(10) with respect to a target who is a United States
person, a statement summarizing the investigative techniques
carried out before making the application;''.
(2) Applicability.--The amendments made by this subsection
shall apply with respect to applications made on or after the
date that is 120 days after the date of enactment of this
Act.
(c) Requirement for Certain Justification Prior to
Extension of Orders.--
(1) Applications for extension of orders under title i.--
Subsection (a) of section 104 of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1804), as amended by this
Act, is further amended by adding at the end the following:
``(11) in the case of an application for an extension of an
order under this title for a surveillance targeted against a
United States person, a summary statement of the foreign
intelligence information obtained pursuant to the original
order (and any preceding extension thereof) as of the date of
the application for the extension, or a reasonable
explanation of the failure to obtain such information;''.
(2) Applications for extension of orders under title iii.--
Subsection (a) of section 303 of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1823) is amended--
(A) in paragraph (7), by striking ``; and'' and inserting a
semicolon;
(B) in paragraph (8), by striking the period at the end and
inserting a semicolon; and
(C) by adding at the end the following:
``(9) in the case of an application for an extension of an
order under this title in which the target of the physical
search is a United States person, a summary statement of the
foreign intelligence information obtained pursuant to the
original order (and any preceding extension thereof) as of
the date of the application for the extension, or a
reasonable explanation of the failure to obtain such
information;''.
(3) Applicability.--The amendments made by this subsection
shall apply with respect to applications made on or after the
date that is 120 days after the date of enactment of this
Act.
(d) Requirement for Justification of Underlying Criminal
Offense in Certain Applications.--
(1) Title i.--Subsection (a)(3)(A) of section 104 of the
Foreign Intelligence Surveillance Act of 1978 (50 U.S.C.
1804) is amended by inserting before the semicolon at the end
the following: ``, and, in the case of a target that is a
United States person alleged to be acting as an agent of a
foreign power (as described in section 101(b)(2)(B)), that a
violation of the criminal statutes of the United States as
referred to in section 101(b)(2)(B) has occurred or will
occur''.
(2) Title iii.--Subsection (a)(3)(A) of section 303 of the
Foreign Intelligence Surveillance Act of 1978 (50 U.S.C.
1823) is amended by inserting before the semicolon at the end
the following: ``, and, in the case of a target that is a
United States person alleged to be acting as an agent of a
foreign power (as described in section 101(b)(2)(B)), that a
violation of the criminal statutes of the United States as
referred to in section 101(b)(2)(B) has occurred or will
occur''.
(3) Applicability.--The amendments made by this subsection
shall apply with respect to applications made on or after the
date that is 120 days after the date of enactment of this
Act.
(e) Required Disclosure of Relevant Information in Foreign
Intelligence Surveillance Act of 1978 Applications.--
(1) In general.--The Foreign Intelligence Surveillance Act
of 1978 (50 U.S.C. 1801 et
[[Page S2408]]
seq.) is amended by adding at the end the following:
``TITLE IX--REQUIRED DISCLOSURE OF RELEVANT INFORMATION
``SEC. 901. DISCLOSURE OF RELEVANT INFORMATION.
``The Attorney General or any other Federal officer or
employee making an application for a court order under this
Act shall provide the court with--
``(1) all information in the possession of the Government
that is material to determining whether the application
satisfies the applicable requirements under this Act,
including any exculpatory information; and
``(2) all information in the possession of the Government
that might reasonably--
``(A) call into question the accuracy of the application or
the reasonableness of any assessment in the application
conducted by the department or agency on whose behalf the
application is made; or
``(B) otherwise raise doubts with respect to the findings
that are required to be made under the applicable provision
of this Act in order for the court order to be issued.''.
(2) Clerical amendment.--The table of contents for the
Foreign Intelligence Surveillance Act of 1978 is amended by
adding at the end the following:
``TITLE IX--REQUIRED DISCLOSURE OF RELEVANT INFORMATION
``Sec. 901. Disclosure of relevant information.''.
(f) Certification Regarding Accuracy Procedures.--
(1) Certification regarding accuracy procedures.--Title IX
of the Foreign Intelligence Surveillance Act of 1978, as
added by subsection (e) of this section, is amended by adding
at the end the following:
``SEC. 902. CERTIFICATION REGARDING ACCURACY PROCEDURES.
``(a) Definition of Accuracy Procedures.--In this section,
the term `accuracy procedures' means specific procedures,
adopted by the Attorney General, to ensure that an
application for a court order under this Act, including any
application for renewal of an existing order, is accurate and
complete, including procedures that ensure, at a minimum,
that--
``(1) the application reflects all information that might
reasonably call into question the accuracy of the information
or the reasonableness of any assessment in the application,
or otherwise raises doubts about the requested findings;
``(2) the application reflects all material information
that might reasonably call into question the reliability and
reporting of any information from a confidential human source
that is used in the application;
``(3) a complete file documenting each factual assertion in
an application is maintained;
``(4) the applicant coordinates with the appropriate
elements of the intelligence community (as defined in section
3 of the National Security Act of 1947 (50 U.S.C. 3003)),
concerning any prior or existing relationship with the target
of any surveillance, search, or other means of investigation,
and discloses any such relationship in the application;
``(5) before any application targeting a United States
person (as defined in section 101) is made, the applicant
Federal officer shall document that the officer has collected
and reviewed for accuracy and completeness supporting
documentation for each factual assertion in the application;
and
``(6) the applicant Federal agency establish compliance and
auditing mechanisms to address, on an annual basis, the
efficacy of the accuracy procedures that have been adopted
and report such findings to the Attorney General.
``(b) Statement and Certification of Accuracy Procedures.--
Any Federal officer making an application for a court order
under this Act shall include with the application--
``(1) a description of the accuracy procedures employed by
the officer or the officer's designee; and
``(2) a certification that the officer or the officer's
designee has collected and reviewed for accuracy and
completeness--
``(A) supporting documentation for each factual assertion
contained in the application;
``(B) all information that might reasonably call into
question the accuracy of the information or the
reasonableness of any assessment in the application, or
otherwise raises doubts about the requested findings; and
``(C) all material information that might reasonably call
into question the reliability and reporting of any
information from any confidential human source that is used
in the application.
``(c) Necessary Finding for Court Orders.--A judge may not
enter an order under this Act unless the judge finds, in
addition to any other findings required under this Act, that
the accuracy procedures described in the application for the
order, as required under subsection (b)(1), are actually
accuracy procedures as defined in this section.''.
(2) Technical amendment.--The table of contents for the
Foreign Intelligence Surveillance Act of 1978, as amended by
subsection (e) of this section, is amended by adding at the
end the following:
``Sec. 902. Certification regarding accuracy procedures.''.
(g) Prohibition on Use of Certain Information.--Section 104
of the Foreign Intelligence Surveillance Act of 1978 (50
U.S.C. 1804) is amended by adding at the end the following:
``(e) The statement of facts and circumstances under
subsection (a)(3) may only include information obtained from
the content of a media source or information gathered by a
political campaign if--
``(1) such information is disclosed in the application as
having been so obtained or gathered;
``(2) with regard to information gathered from the content
of a media source, the application includes an explanation of
the investigative techniques used to corroborate the
information; and
``(3) with regard to information gathered by a political
campaign, such information is not the sole source of the
information used to justify the applicant's belief described
in subsection (a)(3).''.
(h) Limitation on Issuance of Order.--Section 105(a) of the
Foreign Intelligence Surveillance Act of 1978 (50 U.S.C.
1805(a)) is amended--
(1) in paragraph (3), by striking ``; and'' and inserting a
semicolon;
(2) in paragraph (4), by striking the period and inserting
``; and''; and
(3) by adding at the end the following:
``(5) for an application that is based, in whole or in
part, on information obtained from the content of a media
source or information gathered by a political campaign--
``(A) such information is disclosed in the application as
having been so obtained or gathered;
``(B) with regard to information gathered from the content
of a media source, the application includes an explanation of
the investigative techniques used to corroborate the
information; and
``(C) with regard to information gathered by a political
campaign, such information is not the sole source of the
information used to justify the applicant's belief described
in section 104(a)(3).''.
SEC. 202. CRIMINAL PENALTIES FOR VIOLATIONS OF FISA.
(a) In General.--Section 109 of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1809) is amended--
(1) in subsection (a)--
(A) in the matter preceding paragraph (1), by striking
``intentionally'';
(B) in paragraph (1)--
(i) by inserting ``intentionally'' before ``engages''; and
(ii) by striking ``or'' at the end;
(C) in paragraph (2)--
(i) by inserting ``intentionally'' before ``disclose''; and
(ii) by striking the period at the end and inserting a
semicolon; and
(D) by adding at the end the following:
``(3) knowingly submits any document to or makes any false
statement before the court established under section 103(a)
or the court established under section 103(b), knowing such
document or statement to contain--
``(A) a false material declaration; or
``(B) a material omission; or
``(4) knowingly discloses the existence of an application
for an order authorizing surveillance under this title, or
any information contained therein, to any person not
authorized to receive such information, except insofar as
such disclosure is authorized by statute or executive order
setting forth permissible disclosures by whistleblowers.'';
and
(2) in subsection (c), by striking ``five'' and inserting
``8''.
(b) Rule of Construction.--This section and the amendments
made by this section may not be construed to interfere with
the enforcement of section 798 of title 18, United States
Code, or any other provision of law regarding the unlawful
disclosure of classified information.
SEC. 203. INCREASED PENALTIES FOR CIVIL ACTIONS.
(a) Increased Penalties.--Section 110 of the Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1810) is
amended by striking subsection (a) and inserting the
following:
``(a) actual damages, but not less than liquidated damages
equal to the greater of--
``(1) if the aggrieved person is a United States person,
$10,000 or $1,000 per day for each day of violation; or
``(2) for any other aggrieved person, $1,000 or $100 per
day for each day of violation;''.
(b) Reporting Requirement.--Title I of the Foreign
Intelligence Surveillance Act of 1978 is amended by inserting
after section 110 the following:
``SEC. 110A. REPORTING REQUIREMENTS FOR CIVIL ACTIONS.
``(a) Report to Congress.--If a court finds that a person
has violated this Act in a civil action under section 110,
the head of the agency that employs that person shall report
to Congress on the administrative action taken against that
person pursuant to section 607 or any other provision of law.
``(b) FISC.--If a court finds that a person has violated
this Act in a civil action under section 110, the head of the
agency that employs that person shall report the name of such
person to the court established under section 103(a). Such
court shall maintain a list of each person about whom it
received a report under this subsection.''.
SEC. 204. AGENCY PROCEDURES TO ENSURE COMPLIANCE.
(a) Agency Procedures to Ensure Compliance.--Title VI of
the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C.
1871 et seq.) is amended by adding at the end the following:
``SEC. 605. AGENCY PROCEDURES TO ENSURE COMPLIANCE.
``The head of each Federal department or agency authorized
to acquire foreign intelligence information under this Act
shall establish procedures--
[[Page S2409]]
``(1) setting forth clear rules on what constitutes a
violation of this Act by an officer or employee of that
department or agency; and
``(2) for taking appropriate adverse personnel action
against any officer or employee of the department or agency
who engages in a violation described in paragraph (1),
including more severe adverse personnel actions for any
subsequent violation by such officer or employee.''.
(b) Clerical Amendment.--The table of contents for the
Foreign Intelligence Surveillance Act of 1978 is amended by
inserting after the item relating to section 604 the
following:
``Sec. 605. Agency procedures to ensure compliance.''.
(c) Report.--Not later than 90 days after the date of
enactment of this Act, the head of each Federal department or
agency that is required to establish procedures under section
605 of the Foreign Intelligence Surveillance Act of 1978, as
added by subsection (a) of this section, shall report to
Congress on the implementation of such procedures.
SEC. 205. LIMIT ON CIVIL IMMUNITY FOR PROVIDING INFORMATION,
FACILITIES, OR TECHNICAL ASSISTANCE TO THE
GOVERNMENT ABSENT A COURT ORDER.
Section 2511(2)(a) of title 18, United States Code, is
amended--
(1) in subparagraph (ii), by striking clause (B) and
inserting the following:
``(B) a certification in writing--
``
``(I) by a person specified in section 2518(7) or the
Attorney General of the United States;
``(II) that the requirements for an emergency authorization
to intercept a wire, oral, or electronic communication under
section 2518(7) have been met; and
``(III) that the specified assistance is required,''; and
(2) by striking subparagraph (iii) and inserting the
following:
``(iii) For assistance provided pursuant to a certification
under subparagraph (ii)(B), the limitation on causes of
action under the last sentence of the matter following that
subparagraph shall only apply to the extent that the
assistance ceased at the earliest of the time the application
for a court order was denied, the time the communication
sought was obtained, or 48 hours after the interception
began.''.
TITLE III--REFORMS RELATING TO PROCEEDINGS BEFORE THE FOREIGN
INTELLIGENCE SURVEILLANCE COURT AND OTHER COURTS
SEC. 301. FOREIGN INTELLIGENCE SURVEILLANCE COURT REFORM.
(a) Requirement for Same Judge to Hear Renewal
Applications.--Section 103(a)(1) of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1803(a)(1)) is amended by
adding at the end the following: ``To the extent practicable,
no judge designated under this subsection shall hear a
renewal application for electronic surveillance under this
Act, which application was previously granted by another
judge designated under this subsection, unless the term of
the judge who granted the application has expired, or that
judge is otherwise no longer serving on the court.''.
(b) Use of Amici Curiae in Foreign Intelligence
Surveillance Court Proceedings.--
(1) Expansion of appointment authority.--
(A) In general.--Section 103(i)(2) of the Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1803(i)(2))
is amended--
(i) by striking subparagraph (A) and inserting the
following:
``(A) shall, unless the court issues a finding that
appointment is not appropriate, appoint 1 or more individuals
who have been designated under paragraph (1), not fewer than
1 of whom possesses privacy and civil liberties expertise,
unless the court finds that such a qualification is
inappropriate, to serve as amicus curiae to assist the court
in the consideration of any application or motion for an
order or review that, in the opinion of the court--
``(i) presents a novel or significant interpretation of the
law;
``(ii) presents significant concerns with respect to the
activities of a United States person that are protected by
the first amendment to the Constitution of the United States;
``(iii) presents or involves a sensitive investigative
matter;
``(iv) presents a request for approval of a new program, a
new technology, or a new use of existing technology;
``(v) presents a request for reauthorization of
programmatic surveillance; or
``(vi) otherwise presents novel or significant civil
liberties issues; and''; and
(ii) in subparagraph (B), by striking ``an individual or
organization'' each place the term appears and inserting ``1
or more individuals or organizations''.
(B) Definition of sensitive investigative matter.--Section
103(i) of the Foreign Intelligence Surveillance Act of 1978
(50 U.S.C. 1803(i)) is amended by adding at the end the
following:
``(12) Definition.--In this subsection, the term `sensitive
investigative matter' means--
``(A) an investigative matter involving the activities of--
``(i) a domestic public official or political candidate, or
an individual serving on the staff of such an official or
candidate;
``(ii) a domestic religious or political organization, or a
known or suspected United States person prominent in such an
organization; or
``(iii) the domestic news media; or
``(B) any other investigative matter involving a domestic
entity or a known or suspected United States person that, in
the judgment of the applicable court established under
subsection (a) or (b), is as sensitive as an investigative
matter described in subparagraph (A).''.
(2) Authority to seek review.--Section 103(i) of the
Foreign Intelligence Surveillance Act of 1978 (50 U.S.C.
1803(i)), as amended by paragraph (1) of this subsection, is
amended--
(A) in paragraph (4)--
(i) in the paragraph heading, by inserting ``; authority''
after ``Duties'';
(ii) by redesignating subparagraphs (A), (B), and (C) as
clauses (i), (ii), and (iii), respectively, and adjusting the
margins accordingly;
(iii) in the matter preceding clause (i), as so
redesignated, by striking ``the amicus curiae shall'' and
inserting the following: ``the amicus curiae--
``(A) shall'';
(iv) in subparagraph (A)(i), as so redesignated, by
inserting before the semicolon at the end the following: ``,
including legal arguments regarding any privacy or civil
liberties interest of any United States person that would be
significantly impacted by the application or motion''; and
(v) by striking the period at the end and inserting the
following: ``; and
``(B) may seek leave to raise any novel or significant
privacy or civil liberties issue relevant to the application
or motion or other issue directly impacting the legality of
the proposed electronic surveillance with the court,
regardless of whether the court has requested assistance on
that issue.'';
(B) by redesignating paragraphs (7) through (12) as
paragraphs (8) through (13), respectively; and
(C) by inserting after paragraph (6) the following:
``(7) Authority to seek review of decisions.--
``(A) FISA court decisions.--
``(i) Petition.--Following issuance of an order under this
Act by the court established under subsection (a), an amicus
curiae appointed under paragraph (2) may petition the court
to certify for review to the court established under
subsection (b) a question of law pursuant to subsection (j).
``(ii) Written statement of reasons.--If the court
established under subsection (a) denies a petition under this
subparagraph, the court shall provide for the record a
written statement of the reasons for the denial.
``(iii) Appointment.--Upon certification of any question of
law pursuant to this subparagraph, the court established
under subsection (b) shall appoint the amicus curiae to
assist the court in its consideration of the certified
question, unless the court issues a finding that such
appointment is not appropriate.
``(B) FISA court of review decisions.--An amicus curiae
appointed under paragraph (2) may petition the court
established under subsection (b) to certify for review to the
Supreme Court of the United States any question of law
pursuant to section 1254(2) of title 28, United States Code.
``(C) Declassification of referrals.--For purposes of
section 602, a petition filed under subparagraph (A) or (B)
of this paragraph and all of its content shall be considered
a decision, order, or opinion issued by the Foreign
Intelligence Surveillance Court or the Foreign Intelligence
Surveillance Court of Review described in section 602(a).''.
(3) Access to information.--
(A) Application and materials.--Section 103(i)(6) of the
Foreign Intelligence Surveillance Act of 1978 (50 U.S.C.
1803(i)(6)) is amended by striking subparagraph (A) and
inserting the following:
``(A) In general.--
``(i) Right of amicus.--If a court established under
subsection (a) or (b) appoints an amicus curiae under
paragraph (2), the amicus curiae--
``(I) shall have access, to the extent such information is
available to the Government, to--
``(aa) the application, certification, petition, motion,
and other information and supporting materials, including any
information described in section 901, submitted to the court
established under subsection (a) in connection with the
matter in which the amicus curiae has been appointed,
including access to any relevant legal precedent (including
any such precedent that is cited by the Government, including
in such an application);
``(bb) an unredacted copy of each relevant decision made by
the court established under subsection (a) or the court
established under subsection (b) in which the court decides a
question of law, without regard to whether the decision is
classified; and
``(cc) any other information or materials that the court
determines are relevant to the duties of the amicus curiae;
and
``(II) may make a submission to the court requesting access
to any other particular materials or information (or category
of materials or information) that the amicus curiae believes
to be relevant to the duties of the amicus curiae.
``(ii) Supporting documentation regarding accuracy.--The
court established under subsection (a), upon the motion of an
amicus
[[Page S2410]]
curiae appointed under paragraph (2) or upon its own motion,
may require the Government to make available the supporting
documentation described in section 902.''.
(B) Clarification of access to certain information.--
Section 103(i)(6) of the Foreign Intelligence Surveillance
Act of 1978 (50 U.S.C. 1803(i)(6)) is amended--
(i) in subparagraph (B), by striking ``may'' and inserting
``shall''; and
(ii) by striking subparagraph (C) and inserting the
following:
``(C) Classified information.--An amicus curiae designated
or appointed by the court shall have access, to the extent
such information is available to the Government, to
unredacted copies of each opinion, order, transcript,
pleading, or other document of the court established under
subsection (a) and the court established under subsection
(b), including, if the individual is eligible for access to
classified information, any classified documents,
information, and other materials or proceedings.''.
(C) Consultation among amici curiae.--Section 103(i)(6) of
the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C.
1803(i)(6)) is amended--
(i) by redesignating subparagraph (D) as subparagraph (E);
and
(ii) by inserting after subparagraph (C) the following:
``(D) Consultation among amici curiae.--An amicus curiae
appointed under paragraph (2) by the court established under
subsection (a) or the court established under subsection (b)
may consult with 1 or more of the other individuals
designated by the court to serve as amicus curiae pursuant to
paragraph (1) of this subsection regarding any of the
information relevant to any assigned proceeding.''.
(4) Effective date.--The amendments made by this subsection
shall take effect on the date of enactment of this Act and
shall apply with respect to proceedings under the Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et
seq.) that take place on or after, or are pending on, that
date.
SEC. 302. PUBLIC DISCLOSURE AND DECLASSIFICATION OF CERTAIN
DOCUMENTS.
(a) Submission to Congress.--Section 601(c)(1) of the
Foreign Intelligence Surveillance Act of 1978 (50 U.S.C.
1871(c)) is amended by inserting ``, including declassified
copies that have undergone review under section 602'' before
``; and''.
(b) Timeline for Declassification Review.--Section 602(a)
of the Foreign Intelligence Surveillance Act of 1978 (50
U.S.C. 1872(a)) is amended--
(1) by inserting ``, to be concluded not later than 180
days after the issuance of such decision, order, or
opinion,'' after ``(as defined in section 601(e))''; and
(2) by inserting ``or results in a change of application of
any provision of this Act or a novel application of any
provision of this Act'' after ``law''.
SEC. 303. SUBMISSION OF COURT TRANSCRIPTS TO CONGRESS.
Section 601(c) of the Foreign Intelligence Surveillance Act
of 1978 (50 U.S.C. 1871(c)), as amended by section 302 of
this Act, is amended--
(1) in paragraph (1), by striking ``; and'' and inserting a
semicolon;
(2) in paragraph (2), by striking the period at the end and
inserting ``; and''; and
(3) by adding at the end the following:
``(3) for any matter at which a court reporter is present
and creates a transcript of a hearing or oral argument before
the Foreign Intelligence Surveillance Court or the Foreign
Intelligence Surveillance Court of Review, a copy of each
such transcript not later than 45 days after the government's
receipt of the transcript or the date on which the matter
concerning such hearing or oral argument is resolved,
whichever is later.''.
SEC. 304. CONTEMPT POWER OF FISC AND FISCR.
(a) In General.--Chapter 21 of title 18, United States
Code, is amended--
(1) in section 402, by inserting after ``any district court
of the United States'' the following: ``, the Foreign
Intelligence Surveillance Court, the Foreign Intelligence
Surveillance Court of Review,''; and
(2) by adding at the end the following:
``Sec. 404. Definitions
``For purposes of this chapter--
``(1) the term `court of the United States' includes the
Foreign Intelligence Surveillance Court or the Foreign
Intelligence Surveillance Court of Review; and
``(2) the terms `Foreign Intelligence Surveillance Court'
and `Foreign Intelligence Surveillance Court of Review' have
the meanings given those terms in section 601(e) of the
Foreign Intelligence Surveillance Act of 1978 (50 U.S.C.
1871(e)).''.
(b) Clerical Amendment.--The table of sections for chapter
21 of title 18, United States Code, is amended by adding at
the end the following:
``404. Definitions.''.
(c) Report.--Not later than 1 year after the date of
enactment of this Act, and annually thereafter, the Foreign
Intelligence Surveillance Court and the Foreign Intelligence
Surveillance Court of Review (as those terms are defined in
section 601(e) of the Foreign Intelligence Surveillance Act
of 1978 (50 U.S.C. 1871(e))) shall jointly submit to Congress
a report on the exercise of authority under chapter 21 of
title 18, United States Code, by those courts during the 1-
year period ending on the date that is 60 days before the
date of submission of the report.
TITLE IV--INDEPENDENT EXECUTIVE BRANCH OVERSIGHT
SEC. 401. PERIODIC AUDIT OF FISA COMPLIANCE BY INSPECTOR
GENERAL.
(a) Report Required.--Title VI of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1871 et seq.), as amended
by section 204 of this Act, is amended by adding at the end
the following:
``SEC. 606. PERIODIC AUDIT OF FISA COMPLIANCE BY INSPECTOR
GENERAL.
``Not later than June 30 of the first calendar year that
begins after the date of enactment of this section, and every
5 years thereafter, the Inspector General of the Department
of Justice shall--
``(1) conduct an audit of alleged or potential violations
and failures to comply with the requirements of this Act, and
any procedures established pursuant to this Act, which shall
include an analysis of the accuracy and completeness of
applications and certifications for orders submitted under
each of sections 105, 303, 402, 502, 702, 703, and 704; and
``(2) submit to the Select Committee on Intelligence of the
Senate, the Committee on the Judiciary of the Senate, the
Permanent Select Committee on Intelligence of the House of
Representatives, and the Committee on the Judiciary of the
House of Representatives a report on the audit required under
paragraph (1).''.
(b) Clerical Amendment.--The table of contents for the
Foreign Intelligence Surveillance Act of 1978, as amended by
section 204 of this Act, is amended by inserting after the
item relating to section 605 the following:
``Sec. 606. Periodic audit of FISA compliance by Inspector General.''.
SEC. 402. INTELLIGENCE COMMUNITY PARITY AND COMMUNICATIONS
WITH PRIVACY AND CIVIL LIBERTIES OVERSIGHT
BOARD.
(a) Whistleblower Protections for Members of Intelligence
Community for Communications With Privacy and Civil Liberties
Oversight Board.--Section 1104 of the National Security Act
of 1947 (50 U.S.C. 3234) is amended--
(1) in subsection (b)(1), in the matter before subparagraph
(A), by inserting ``the Privacy and Civil Liberties Oversight
Board,'' after ``Inspector General of the Intelligence
Community,''; and
(2) in subsection (c)(1)(A), in the matter before clause
(i), by inserting ``the Privacy and Civil Liberties Oversight
Board,'' after ``Inspector General of the Intelligence
Community,''.
(b) Parity in Pay for Privacy and Civil Liberties Oversight
Board Staff and the Intelligence Community.--Section
1061(j)(1) of the Intelligence Reform and Terrorism
Prevention Act of 2004 (42 U.S.C. 2000ee(j)(1)) is amended by
striking ``except that'' and all that follows through the
period at the end and inserting ``except that no rate of pay
fixed under this subsection may exceed the highest amount
paid by any element of the intelligence community for a
comparable position, based on salary information provided to
the chairman of the Board by the Director of National
Intelligence.''.
TITLE V--PROTECTIONS FOR UNITED STATES PERSONS WHOSE SENSITIVE
INFORMATION IS PURCHASED BY INTELLIGENCE AND LAW ENFORCEMENT AGENCIES
SEC. 501. LIMITATION ON INTELLIGENCE ACQUISITION OF UNITED
STATES PERSON DATA.
(a) Definitions.--In this section:
(1) Appropriate committees of congress.--The term
``appropriate committees of Congress'' means--
(A) the congressional intelligence committees (as defined
in section 3 of the National Security Act of 1947 (50 U.S.C.
3003));
(B) the Committee on the Judiciary of the Senate; and
(C) the Committee on the Judiciary of the House of
Representatives.
(2) Covered data.--The term ``covered data'' means data,
derived data, or any unique identifier that--
(A) is linked to or is reasonably linkable to a covered
person; and
(B) does not include data that--
(i) is lawfully available to the public through Federal,
State, or local government records or through widely
distributed media;
(ii) is reasonably believed to have been voluntarily made
available to the general public by the covered person; or
(iii) is a specific communication or transaction with a
targeted individual who is not a covered person.
(3) Covered person.--The term ``covered person'' means an
individual who--
(A) is reasonably believed to be located in the United
States at the time of the creation or acquisition of the
covered data; or
(B) is a United States person.
(4) Intelligence community.--The term ``intelligence
community'' has the meaning given such term in section 3 of
the National Security Act of 1947 (50 U.S.C. 3003).
(5) State, united states, united states person.--The terms
``State'', ``United States'', and ``United States person''
have the meanings given such terms in section 101 of the
Foreign Intelligence Surveillance Act of 1978 (50 U.S.C.
1801).
(b) Limitation.--
(1) In general.--Subject to paragraphs (2) through (7), an
element of the intelligence community may not acquire a
dataset that includes covered data.
(2) Authorization pursuant to court order.--An element of
the intelligence community may acquire covered data if the
collection has been authorized by an order or
[[Page S2411]]
emergency authorization issued pursuant to the Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et
seq.) or title 18, United States Code, by a court of
competent jurisdiction covering the period of the
acquisition, subject to the use, dissemination, querying,
retention, and other minimization limitations required by
such authorization.
(3) Authorization for employment-related use.--An element
of the intelligence community may acquire covered data about
an employee of, or applicant for employment by, an element of
the intelligence community for employment-related purposes,
provided that--
(A) access to and use of the covered data is limited to
such purposes; and
(B) the covered data is destroyed at such time as it is no
longer necessary for such purposes.
(4) Exception for compliance purposes.--An element of the
intelligence community may acquire covered data for the
purpose of supporting compliance with collection limitations
and minimization requirements imposed by statute, guidelines,
procedures, or the Constitution of the United States,
provided that--
(A) access to and use of the covered data is limited to
such purpose; and
(B) the covered data is destroyed at such time as it is no
longer necessary for such purpose.
(5) Exception for life or safety.--An element of the
intelligence community may acquire covered data if there is a
reasonable belief than an emergency exists involving an
imminent threat of death or serious bodily harm and the
covered data is necessary to mitigate that threat, provided
that--
(A) access to and use of the covered data is limited to
addressing the threat; and
(B) the covered data is destroyed at such time as it is no
longer necessary for such purpose.
(6) Exception for consent.--An element of the intelligence
community may acquire covered data if--
(A) each covered person linked or reasonably linkable to
the covered data, or, if such person is incapable of
providing consent, a third party legally authorized to
consent on behalf of the person, has provided consent to the
acquisition and use of the data on a case-by-case basis;
(B) access to and use of the covered data is limited to the
purposes for which the consent was provided; and
(C) the covered data is destroyed at such time as it is no
longer necessary for such purposes.
(7) Exception for nonsegregable data.--An element of the
intelligence community may acquire a dataset that includes
covered data if the covered data is not reasonably segregable
prior to acquisition, provided that the element of the
intelligence community complies with the minimization
procedures in subsection (c).
(c) Minimization Procedures.--
(1) In general.--The Attorney General shall adopt specific
procedures that are reasonably designed to minimize the
acquisition and retention, and to restrict the querying, of
covered data that is not subject to 1 or more of the
exceptions set forth in subsection (b).
(2) Acquisition and retention.--The procedures adopted
under paragraph (1) shall require elements of the
intelligence community to exhaust all reasonable means--
(A) to exclude covered data not subject to 1 or more
exceptions set forth in subsection (b) from datasets prior to
acquisition; and
(B) to remove and delete covered data not subject to 1 or
more exceptions set forth in subsection (b) prior to the
operational use of the acquired dataset or the inclusion of
the dataset in a database intended for operational use.
(3) Destruction.--The procedures adopted under paragraph
(1) shall require that if an element of the intelligence
community identifies covered data not subject to 1 or more
exceptions set forth in paragraphs (2) through (6) of
subsection (b), such covered data shall be promptly
destroyed.
(4) Querying.--
(A) In general.--Except as provided in subparagraphs (B)
and (C), no officer or employee of an element of the
intelligence community may conduct a query of covered data,
including covered data already subjected to minimization, in
an effort to find records of or about a particular covered
person.
(B) Exceptions.--Subparagraph (A) shall not apply to a
query related to a particular covered person if--
(i) such covered person is the subject of a court order or
emergency authorization issued under the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1801 et seq.) or title
18, United States Code, that would authorize the element of
the intelligence community to compel the production of the
covered data, during the effective period of that order;
(ii) the purpose of the query is to retrieve information
about an employee of, or applicant for employment by, an
element of the intelligence community, provided that any
covered data accessed through such query is used only for
such purpose;
(iii) the query is conducted for the purpose of supporting
compliance with collection limitations and minimization
requirements imposed by statute, guidelines, procedures, or
the Constitution of the United States, provided that any
covered data accessed through such query is used only for
such purpose;
(iv) the officer or employee of an element of the
intelligence community carrying out the query has a
reasonable belief that an emergency exists involving an
imminent threat of death or serious bodily harm, and that in
order to prevent or mitigate such threat, the query must be
conducted before a court order can, with due diligence, be
obtained, provided that any covered data accessed through
such query is used only for such purpose; or
(v) such covered person or, if such person is incapable of
providing consent, a third party legally authorized to
consent on behalf of the person has consented to the query,
provided that any use of covered data accessed through such
query is limited to the purposes for which the consent was
provided.
(C) Special rule for nonsegregable datasets.--For a query
of a dataset acquired under subsection (b)(7)--
(i) each query shall be reasonably designed to exclude
personal data of covered persons, unless the query is subject
to an exception set forth in paragraph (4); and
(ii) any personal data of covered persons returned pursuant
to a query that is not subject to an exception set forth in
paragraphs (2) through (7) of subsection (b) shall not be
reviewed and shall immediately be destroyed.
(d) Prohibition on Use of Data Obtained in Violation of
This Section.--Covered data acquired by an element of the
intelligence community in violation of subsection (b), and
any evidence derived therefrom, may not be used, received in
evidence, or otherwise disseminated in any investigation by
or in any trial, hearing, or other proceeding in or before
any court, grand jury, department, office, agency, regulatory
body, legislative committee, or other authority of the United
States, a State, or political subdivision thereof.
(e) Reporting Requirement.--
(1) In general.--Not later than 180 days after the date of
the enactment of this Act, the Director of National
Intelligence shall submit to the appropriate committees of
Congress and the Privacy and Civil Liberties Oversight Board
a report on the acquisition of datasets that the Director
anticipates will contain information of covered persons that
is significant in volume, proportion, or sensitivity.
(2) Contents.--The report submitted pursuant to paragraph
(1) shall include the following:
(A) A description of the covered person information in each
dataset.
(B) An estimate of the amount of covered person information
in each dataset.
(3) Notifications.--After submitting the report required by
paragraph (1), the Director shall, in coordination with the
Under Secretary of Defense for Intelligence and Security,
notify the appropriate committees of Congress of any changes
to the information contained in such report.
(4) Availability to the public.--The Director shall make
available to the public on the website of the Director--
(A) the unclassified portion of the report submitted
pursuant to paragraph (1); and
(B) any notifications submitted pursuant to paragraph (3).
(f) Rule of Construction.--Nothing in this section shall
authorize an acquisition otherwise prohibited by the Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et
seq.) or title 18, United States Code.
SEC. 502. LIMITATION ON LAW ENFORCEMENT PURCHASE OF PERSONAL
DATA FROM DATA BROKERS.
Section 2702 of title 18, United States Code, is amended by
adding at the end the following:
``(e) Prohibition on Obtaining in Exchange for Anything of
Value Personal Data by Law Enforcement Agencies.--
``(1) Definitions.--In this subsection and subsection (f)--
``(A) the term `covered governmental entity' means a law
enforcement agency of a governmental entity;
``(B) the term `covered organization' means a person who--
``(i) is not a governmental entity; and
``(ii) is not an individual;
``(C) the term `covered person' means an individual who--
``(i) is reasonably believed to be located inside the
United States at the time of the creation of the covered
personal data; or
``(ii) is a United States person, as defined in section 101
of the Foreign Intelligence Surveillance Act of 1978 (50
U.S.C. 1801);
``(D) the term `covered personal data' means personal data
relating to a covered person;
``(E) the term `electronic device' has the meaning given
the term `computer' in section 1030(e);
``(F) the term `lawfully obtained public data' means
personal data obtained by a particular covered organization
that the covered organization--
``(i) reasonably understood to have been voluntarily made
available to the general public by the covered person; and
``(ii) obtained in compliance with all applicable laws,
regulations, contracts, privacy policies, and terms of
service;
``(G) the term `obtain in exchange for anything of value'
means to obtain by purchasing, to receive in connection with
services being provided for monetary or nonmonetary
consideration, or to otherwise obtain in exchange for
consideration, including an access fee, service fee,
maintenance fee, or licensing fee; and
``(H) the term `personal data'--
[[Page S2412]]
``(i) means data, derived data, or any unique identifier
that is linked to, or is reasonably linkable to, an
individual or to an electronic device that is linked to, or
is reasonably linkable to, 1 or more individuals in a
household;
``(ii) includes anonymized data that, if combined with
other data, can be linked to, or is reasonably linkable to,
an individual or to an electronic device that identifies, is
linked to, or is reasonably linkable to 1 or more individuals
in a household; and
``(iii) does not include--
``(I) data that is lawfully available through Federal,
State, or local government records or through widely
distributed media; or
``(II) a specific communication or transaction with a
targeted individual who is not a covered person.
``(2) Limitation.--
``(A) In general.--
``(i) Prohibition.--Subject to clauses (ii) through (x), a
covered governmental entity may not obtain in exchange for
anything of value covered personal data if--
``(I) the covered personal data is directly or indirectly
obtained from a covered organization; or
``(II) the covered personal data is derived from covered
personal data that was directly or indirectly obtained from a
covered organization.
``(ii) Exception for certain compilations of data.--A
covered governmental entity may obtain in exchange for
something of value covered personal data as part of a larger
compilation of data which includes personal data about
persons who are not covered persons, if--
``(I) the covered governmental entity is unable through
reasonable means to exclude covered personal data from the
larger compilation obtained; and
``(II) the covered governmental entity minimizes any
covered personal data from the larger compilation, in
accordance with subsection (f).
``(iii) Exception for whistleblower disclosures to law
enforcement.--Clause (i) shall not apply to covered personal
data that is obtained by a covered governmental entity under
a program established by an Act of Congress under which a
portion of a penalty or a similar payment or bounty is paid
to an individual who discloses information about an unlawful
activity to the Government, such as the program authorized
under section 7623 of the Internal Revenue Code of 1986
(relating to awards to whistleblowers in cases of
underpayments or fraud).
``(iv) Exception for cost reimbursement under compulsory
legal process.--Clause (i) shall not apply to covered
personal data that is obtained by a covered governmental
entity from a covered organization in accordance with
compulsory legal process that--
``(I) is established by a Federal or State statute; and
``(II) provides for the reimbursement of costs of the
covered organization that are incurred in connection with
providing the record or information to the covered
governmental entity, such as the reimbursement of costs under
section 2706.
``(v) Exception for employment-related use.--Clause (i)
shall not apply to covered personal data about an employee
of, or applicant for employment by, a covered governmental
entity that is--
``(I) obtained by the covered governmental entity for
employment-related purposes;
``(II) accessed and used by the covered governmental entity
only for employment-related purposes; and
``(III) destroyed at such time as the covered personal data
is no longer needed for employment-related purposes.
``(vi) Exception for use in background checks.--Clause (i)
shall not apply to covered personal data about a covered
person that is--
``(I) obtained by a covered governmental entity for
purposes of conducting a background check of the covered
person with the written consent of the covered person;
``(II) accessed and used by the covered governmental entity
only for background check-related purposes; and
``(III) destroyed at such time as the covered personal data
is no longer needed for background check-related purposes.
``(vii) Exception for lawfully obtained public data.--
Clause (i) shall not apply to covered personal data that is
obtained by a covered governmental entity if--
``(I) the covered personal data is lawfully obtained public
data; or
``(II) the covered personal data is derived from covered
personal data that solely consists of lawfully obtained
public data.
``(viii) Exception for life or safety.--Clause (i) shall
not apply to covered personal data that is obtained by a
covered governmental entity if there is a reasonable belief
than an emergency exists involving an imminent threat of
death or serious bodily harm to a covered person and the
covered data is necessary to mitigate that threat, provided
that--
``(I) access to and use of the covered personal data is
limited to addressing the threat; and
``(II) the covered personal data is destroyed at such time
as it is no longer necessary for such purpose.
``(ix) Exception for compliance purposes.--Clause (i) shall
not apply to covered personal data that is obtained by a
covered governmental entity for the purpose of supporting
compliance with collection limitations and minimization
requirements imposed by statute, guidelines, procedures, or
the Constitution of the United States, provided that--
``(I) access to and use of the covered personal data is
limited to such purpose; and
``(II) the covered personal data is destroyed at such time
as it is no longer necessary for such purpose.
``(x) Exception for consent.--Clause (i) shall not apply to
covered personal data that is obtained by a covered
governmental entity if--
``(I) each covered person linked or reasonably linkable to
the covered personal data, or, if such covered person is
incapable of providing consent, a third party legally
authorized to consent on behalf of the covered person, has
provided consent to the acquisition and use of the data on a
case-by-case basis;
``(II) access to and use of the covered personal data is
limited to the purposes for which the consent was provided;
and
``(III) the covered personal data is destroyed at such time
as it is no longer necessary for such purposes.
``(B) Indirectly acquired records and information.--The
limitation under subparagraph (A) shall apply without regard
to whether the covered organization possessing the covered
personal data is the covered organization that initially
obtained or collected, or is the covered organization that
initially received the disclosure of, the covered personal
data.
``(3) Limit on sharing between agencies.--An agency of a
governmental entity that is not a covered governmental entity
may not provide to a covered governmental entity covered
personal data that was obtained in a manner that would
violate paragraph (2) if the agency of a governmental entity
were a covered governmental entity, unless the covered
governmental entity would have been permitted to obtain the
covered personal data under an exception set forth in
paragraph (2)(A).
``(4) Prohibition on use of data obtained in violation of
this section.--
``(A) In general.--Covered personal data obtained by or
provided to a covered governmental entity in violation of
paragraph (2) or (3), and any evidence derived therefrom, may
not be used, received in evidence, or otherwise disseminated
by, on behalf of, or upon a motion or other action by a
covered governmental entity in any investigation by or in any
trial, hearing, or other proceeding in or before any court,
grand jury, department, officer, agency, regulatory body,
legislative committee, or other authority of the United
States, a State, or a political subdivision thereof.
``(B) Use by aggrieved parties.--Nothing in subparagraph
(A) shall be construed to limit the use of covered personal
data by a covered person aggrieved of a violation of
paragraph (2) or (3) in connection with any action relating
to such a violation.
``(f) Minimization Procedures.--
``(1) In general.--The Attorney General shall adopt
specific procedures that are reasonably designed to minimize
the acquisition and retention, and to restrict the querying,
of covered personal data, and prohibit the dissemination of
information derived from covered personal data.
``(2) Acquisition and retention.--The procedures adopted
under paragraph (1) shall require covered governmental
entities to exhaust all reasonable means--
``(A) to exclude covered personal data that is not subject
to 1 or more of the exceptions set forth in clauses (iii)
through (x) of subsection (e)(2)(A) from the data obtained;
and
``(B) to remove and delete covered personal data described
in subparagraph (A) not subject to 1 or more exceptions set
forth in clauses (iii) through (x) of subsection (e)(2)(A)
after a compilation is obtained and before operational use of
the compilation or inclusion of the compilation in a dataset
intended for operational use.
``(3) Destruction.--The procedures adopted under paragraph
(1) shall require that, if a covered governmental entity
identifies covered personal data in a compilation described
in clause (ii) of subsection (e)(2)(A) not subject to 1 or
more exceptions set forth in clauses (iii) through (x) of
such subsection, the covered governmental entity shall
promptly destroy the covered personal data and any
dissemination of information derived from the covered
personal data shall be prohibited.
``(4) Querying.--
``(A) In general.--Except as provided in subparagraphs (B)
and (C), no officer or employee of a covered governmental
entity may conduct a query of personal data, including
personal data already subjected to minimization, in an effort
to find records of or about a particular covered person.
``(B) Exceptions.--Subparagraph (A) shall not apply to a
query related to a particular covered person if--
``(i) such covered person is the subject of a court order
or emergency authorization issued under this title that would
authorize the covered governmental entity to compel the
production of the covered personal data, during the effective
period of that order;
``(ii) the purpose of the query is to retrieve information
obtained by a covered governmental entity under a program
established by an Act of Congress under which a portion of a
penalty or a similar payment or bounty is paid to an
individual who discloses information about an unlawful
activity to the Government, such as the program authorized
under section 7623 of the Internal Revenue Code of 1986
(relating to awards to whistleblowers in cases of
underpayments or fraud),
[[Page S2413]]
provided that any covered personal data accessed through such
query is used only for such purpose;
``(iii) the purpose of the query is to retrieve information
about an employee of, or applicant for employment by, a
covered governmental entity that has been obtained by the
covered governmental entity for employment-related purposes,
provided that any covered personal data accessed through such
query is used only for such purposes;
``(iv) the purpose of the query is to retrieve information
obtained by a covered governmental entity for purposes of
conducting a background check of the covered person with the
written consent of the covered person, provided that any
covered personal data accessed through such query is used
only for such purposes;
``(v) the purpose of the query is to retrieve, and the
query is reasonably designed to retrieve, only lawfully
obtained public data, and only lawfully obtained public data
is accessed and used as a result of the query;
``(vi) the officer or employee of a covered governmental
entity carrying out the query has a reasonable belief that an
emergency exists involving an imminent threat of death or
serious bodily harm, and in order to prevent or mitigate that
threat, the query must be conducted before a court order can,
with due diligence, be obtained, provided that any covered
personal data accessed through such query is used only for
such purpose;
``(vii) the query is conducted for the purpose of
supporting compliance with collection limitations and
minimization requirements imposed by statute, guidelines,
procedures, or the Constitution of the United States,
provided that any covered personal data accessed through such
query is used only for such purpose; or
``(viii) such covered person or, if such covered person is
incapable of providing consent, a third party legally
authorized to consent on behalf of the covered person has
consented to the query, provided that any use of covered
personal data accessed through such query is limited to the
purposes for which the consent was provided.
``(C) Special rule for compilations of data.--For a query
of a compilation of data obtained under subsection
(e)(2)(A)(ii)--
``(i) each query shall be reasonably designed to exclude
personal data of covered persons, unless the query is subject
to an exception set forth in subparagraph (B); and
``(ii) any personal data of covered persons returned
pursuant to a query that is not subject to an exception set
forth in clauses (ii) through (iii) of subsection (e)(2)(A)
shall not be reviewed and shall immediately be destroyed.''.
SEC. 503. CONSISTENT PROTECTIONS FOR DEMANDS FOR DATA HELD BY
INTERACTIVE COMPUTING SERVICES.
(a) Definition.--Section 2711 of title 18, United States
Code, is amended--
(1) in paragraph (3)(C), by striking ``and'' at the end;
(2) in paragraph (4), by striking the period at the end and
inserting a semicolon; and
(3) by adding at the end the following:
``(5) the term `online service provider' means a provider
of electronic communication service, a provider of remote
computing service, any information service, system, or access
software provider that provides or enables computer access by
multiple users to a computer server, including specifically a
service or system that provides access to the Internet and
such systems operated or services offered by libraries or
educational institutions; and''.
(b) Required Disclosure.--Section 2703 of title 18, United
States Code, is amended--
(1) in subsection (a), in the first sentence, by striking
``a provider of electronic communication service'' and
inserting ``an online service provider'';
(2) in subsection (c)--
(A) in paragraph (1), in the matter preceding subparagraph
(A), by striking ``a provider of electronic communication
service or remote computing service'' and inserting ``an
online service provider''; and
(B) in paragraph (2), in the matter preceding subparagraph
(A), by striking ``A provider of electronic communication
service or remote computing service'' and inserting ``An
online service provider''; and
(3) in subsection (g), by striking ``a provider of
electronic communications service or remote computing
service'' and inserting ``an online service provider''.
(c) Limitation on Voluntary Disclosure.--Section 2702(a) of
title 18, United States Code, is amended--
(1) in paragraph (1), by striking ``a person or entity
providing an electronic communication service to the public''
and inserting ``an online service provider'';
(2) in paragraph (2), by striking ``a person or entity
providing remote computing service to the public'' and
inserting ``an online service provider''; and
(3) in paragraph (3), by striking ``a provider of remote
computing service or electronic communication service to the
public'' and inserting ``an online service provider''.
SEC. 504. CONSISTENT PRIVACY PROTECTIONS FOR DATA HELD BY
DATA BROKERS.
Section 2703 of title 18, United States Code is amended by
adding at the end the following:
``(i) Covered Personal Data.--
``(1) Definitions.--In this subsection, the terms `covered
personal data' and `covered organization' have the meanings
given such terms in section 2702(e).
``(2) Limitation.--Unless a governmental entity obtains an
order in accordance with paragraph (3), the governmental
entity may not require a covered organization that is not an
online service provider to disclose covered personal data if
a court order would be required for the governmental entity
to require an online service provider to disclose such
covered personal data that is a record of a customer or
subscriber of the online service provider.
``(3) Orders.--
``(A) In general.--A court may only issue an order
requiring a covered organization that is not an online
service provider to disclose covered personal data on the
same basis and subject to the same limitations as would apply
to a court order to require disclosure by an online service
provider.
``(B) Standard.--For purposes of subparagraph (A), a court
shall apply the most stringent standard under Federal statute
or the Constitution of the United States that would be
applicable to a request for a court order to require a
comparable disclosure by an online service provider of a
customer or subscriber of the online service provider.''.
SEC. 505. PROTECTION OF DATA ENTRUSTED TO INTERMEDIARY OR
ANCILLARY SERVICE PROVIDERS.
(a) Definition.--Section 2711 of title 18, United States
Code, as amended by section 503 of this Act, is amended by
adding at the end the following:
``(6) the term `intermediary or ancillary service provider'
means an entity or facilities owner or operator that directly
or indirectly delivers, transmits, stores, or processes
communications or any other covered personal data (as defined
in section 2702(e) of this title) for, or on behalf of, an
online service provider.''.
(b) Prohibition.--Section 2702(a) of title 18, United
States Code, is amended--
(1) in paragraph (1), by striking ``and'' at the end;
(2) in paragraph (2)(B), by striking ``and'' at the end;
(3) in paragraph (3), by striking the period at the end and
inserting ``; and''; and
(4) by adding at the end the following:
``(4) an intermediary or ancillary service provider may not
knowingly disclose--
``(A) to any person or entity the contents of a
communication while in electronic storage by that
intermediary or ancillary service provider; or
``(B) to any governmental entity a record or other
information pertaining to a subscriber to or customer of, a
recipient of a communication from a subscriber to or customer
of, or the sender of a communication to a subscriber to or
customer of, the online service provider for, or on behalf
of, which the intermediary or ancillary service provider
directly or indirectly delivers, transmits, stores, or
processes communications or any other covered personal data
(as defined in subsection (e)).''.
TITLE VI--TRANSPARENCY
SEC. 601. ENHANCED REPORTS BY DIRECTOR OF NATIONAL
INTELLIGENCE.
(a) In General.--Section 603(b) of the Foreign Intelligence
Surveillance Act of 1978 (50 U.S.C. 1873(b)) is amended--
(1) in paragraph (2)(C), by striking the semicolon and
inserting ``; and'';
(2) by redesignating paragraphs (3) through (7) as
paragraphs (6) through (10), respectively;
(3) by inserting after paragraph (2) the following:
``(3) a description of the subject matter of each of the
certifications provided under section 702(h);
``(4) statistics revealing the number of persons targeted
and the number of selectors used under section 702(a),
disaggregated by the certification under which the person was
targeted;
``(5) the total number of directives issued pursuant to
section 702(i)(1), disaggregated by each type of electronic
communication service provider described in section
701(b)(4);'';
(4) in paragraph (9), as so redesignated, by striking
``and'' at the end;
(5) in paragraph (10), as so redesignated, by striking the
period at the end and inserting a semicolon; and
(6) by adding at the end the following:
``(11)(A) the total number of disseminated intelligence
reports derived from collection pursuant to section 702
containing the identities of United States persons,
regardless of whether the identities of the United States
persons were openly included or masked;
``(B) the total number of disseminated intelligence reports
derived from collection not authorized by this Act and
conducted under procedures approved by the Attorney General
containing the identities of United States persons,
regardless of whether the identities of the United States
persons were openly included or masked;
``(C) the total number of disseminated intelligence reports
derived from collection pursuant to section 702 containing
the identities of United States persons in which the
identities of the United States persons were masked;
``(D) the total number of disseminated intelligence reports
derived from collection not authorized by this Act and
conducted under procedures approved by the Attorney General
containing the identities of United States persons in which
the identities of the United States persons were masked;
``(E) the total number of disseminated intelligence reports
derived from collection pursuant to section 702 containing
the identities of United States persons in which the
identities of the United States persons were openly included;
and
[[Page S2414]]
``(F) the total number of disseminated intelligence reports
derived from collection not authorized by this Act and
conducted under procedures approved by the Attorney General
containing the identities of United States persons in which
the identities of the United States persons were openly
included;
``(12) the number of queries conducted in an effort to find
communications or information of or about 1 or more United
States persons or persons reasonably believed to be located
in the United States at the time of the query or the time of
the communication or creation of the information, where such
communications or information were obtained under procedures
approved by the Attorney General and without a court order,
subpoena, or other legal process established by statute;
``(13) the number of criminal proceedings in which the
Federal Government or a government of a State or political
subdivision thereof entered into evidence or otherwise used
or disclosed in a criminal proceeding any information
obtained or derived from an acquisition conducted under
procedures approved by the Attorney General and without a
court order, subpoena, or other legal process established by
statute; and
``(14) a good faith estimate of what percentage of the
communications that are subject to the procedures described
in section 309(b)(3) of the Intelligence Authorization Act
for Fiscal Year 2015 (50 U.S.C. 1813(b)(3))--
``(A) are retained for more than 5 years; and
``(B) are retained for more than 5 years because, in whole
or in part, the communications are encrypted.''.
(b) Repeal of Nonapplicability to Federal Bureau of
Investigation of Certain Requirements.--Section 603(d) of the
Foreign Intelligence Surveillance Act of 1978 (50 U.S.C.
1873(d)) is amended--
(1) by striking paragraph (2); and
(2) by redesignating paragraph (3) as paragraph (2).
(c) Conforming Amendment.--Section 603(d)(1) of the Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1873(d)(1))
is amended by striking ``paragraphs (3), (5), or (6)'' and
inserting ``paragraph (6), (8), or (9)''.
TITLE VII--LIMITED DELAYS IN IMPLEMENTATION
SEC. 701. LIMITED DELAYS IN IMPLEMENTATION.
(a) Definition.--In this section, the term ``appropriate
committees of Congress'' means--
(1) the congressional intelligence committees (as defined
in section 3 of the National Security Act of 1947 (50 U.S.C.
3003));
(2) the Committee on the Judiciary of the Senate; and
(3) the Committee on the Judiciary of the House of
Representatives.
(b) Authority.--The Attorney General may, in coordination
with the Director of National Intelligence as may be
appropriate, delay implementation of a provision of this Act
or an amendment made by this Act for a period of not more
than 1 year upon a showing to the appropriate committees of
Congress that the delay is necessary--
(1) to develop and implement technical systems needed to
comply with the provision or amendment; or
(2) to hire or train personnel needed to comply with the
provision or amendment.
______