American Digital Security and Commerce Act of 2014 - Requires the Director of the Office of Management and Budget (OMB), in coordinating standards and guidelines under the National Institute of Standards and Technology Act with agencies and offices operating or exercising control of national security systems (including the National Security Agency [NSA]), to assure that such agencies or offices do not intentionally weaken, circumvent, undermine, or create any mechanism through which a federal agency may bypass the privacy, security, or encryption protections included in any standard or guideline.
Prohibits agencies and offices that consult with the National Institute of Standards and Technology (NIST) on information security policies from undermining such protective mechanisms.
Prohibits federal agencies from intercepting shipments of computer or electronic products for the purpose of intentionally introducing into the products a mechanism or device that would allow a federal agency to circumvent a product's privacy, security, or encryption protections.
Bars elements of the intelligence community from requiring, or contracting with, a manufacturer or developer of such products to place such a mechanism or device into its products.
Exempts from such mechanism placement prohibitions certain lawful surveillance activities pursuant to a court order under specified provisions of the federal criminal code or the Foreign Intelligence Surveillance Act of 1978 (except with respect to procedures for targeting persons outside the United States other than U.S. persons).
Permits persons (including certain associations and corporations, but excluding foreign powers) who suffer an injury relating to a mechanism placed into product to bring a civil action against the United States to recover money damages.
[Congressional Bills 113th Congress]
[From the U.S. Government Publishing Office]
[S. 2500 Introduced in Senate (IS)]
113th CONGRESS
2d Session
S. 2500
To restrict the ability of the Federal Government to undermine privacy
and encryption technology in commercial products and in NIST computer
security and encryption standards.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
June 19, 2014
Mr. Walsh introduced the following bill; which was read twice and
referred to the Committee on Commerce, Science, and Transportation
_______________________________________________________________________
A BILL
To restrict the ability of the Federal Government to undermine privacy
and encryption technology in commercial products and in NIST computer
security and encryption standards.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``American Digital Security and
Commerce Act of 2014''.
SEC. 2. FINDINGS.
Congress makes the following findings:
(1) The United States is the world leader in technology,
encryption, and computer security.
(2) The United States Government, through the expert work
of the National Institute of Standards and Technology (referred
to in this section as ``NIST'') and the Information Assurance
Directorate of the National Security Agency, plays a vital role
in developing the tools that keep global electronic
communications secure.
(3) The United States Government should actively promote
privacy and computer security. Allegations that entities within
the United States Government seek to undermine the security of
encryption standards or commercial products weaken privacy and
erode trust in the United States Government and in products
from the United States.
(4) The actions described in paragraph (3) may take a
serious toll on the United States economy. The Information
Technology and Innovation Foundation has predicted that United
States companies may lose 10 percent of the cloud computing
market to overseas competitors due to surveillance and security
concerns, a loss that could amount to not less than
$35,000,000,000 in lost sales by 2016.
(5) The cryptographic expertise of NIST is recognized
around the world, but widespread adoption of the robust
encryption standards that NIST develops depends on trust.
(6) To promote privacy protection and restore trust in the
encryption standards of the United States and hardware and
software from the United States, the United States Government
should be prohibited from undermining the security of the
United States technologies on which global commerce relies.
SEC. 3. FEDERAL INFORMATION SECURITY MANAGEMENT.
(a) Director of OMB Requirement.--Section 3543(a)(3) of title 44,
United States Code, is amended--
(1) by striking ``assure, to the maximum extent feasible''
and inserting the following: ``assure--
``(A) to the maximum extent feasible,'';
(2) by inserting ``and'' after the semicolon; and
(3) by adding at the end the following:
``(B) that any agency or office described in
subparagraph (A) does not intentionally weaken,
circumvent, undermine, or create any mechanism through
which any agency or office of the Federal Government
may bypass, the privacy, security, or encryption
protections included in any standard or guideline;''.
(b) Requirement for NIST Consultees.--
(1) In general.--Section 20 of the National Institute of
Standards and Technology Act (15 U.S.C. 278g-3) is amended--
(A) by redesignating subsection (e) as subsection
(f); and
(B) by inserting after subsection (d) the
following:
``(e) Each agency or office that the Institute consults with under
subsection (c)(1) may not intentionally weaken, circumvent, undermine,
or create any mechanism through which any agency or office of the
Federal Government may bypass, the privacy, security, or encryption
protections included in any standard or guideline required under
subsection (a) or (b).''.
(2) Technical and conforming amendments.--Section 22 of the
National Institute of Standards and Technology Act (15 U.S.C.
278h) is amended--
(A) in subsection (a)(2), by striking ``Computer
System Security and Privacy Advisory Board under
section 20(f)'' and inserting ``Information Security
and Privacy Advisory Board under section 21''; and
(B) in subsection (e)(1), by striking ``Computer
System Security and Privacy Advisory Board'' and
inserting ``Information Security and Privacy Advisory
Board under section 21''.
SEC. 4. SECURITY OF COMPUTER HARDWARE, COMPUTER SOFTWARE, AND
ELECTRONIC DEVICES.
(a) Definitions.--In this section--
(1) the terms ``agent of a foreign power'' and ``foreign
power'' have the meaning given those terms in section 101(a) of
the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C.
1801);
(2) the term ``covered person''--
(A) means an individual, partnership, association,
joint stock company, trust, or corporation; and
(B) does not include a foreign power or an agent of
a foreign power;
(3) the term ``covered product'' means any computer
hardware, computer software, or electronic device that is made
available to the general public; and
(4) the term ``element of the intelligence community''
means an element of the intelligence community specified in or
designated under section 3(4) of the National Security Act of
1947 (50 U.S.C. 3003(4)).
(b) Security of Covered Products.--
(1) Prohibitions.--
(A) Prohibition on interception.--Except as
provided in paragraph (2), an agency or department of
the Federal Government may not intercept any shipment
of covered products for the purpose of intentionally
introducing into the covered products a mechanism or
device that would allow an agency or department of the
Federal Government to circumvent the privacy, security,
or encryption protections of the covered products.
(B) Prohibition on requiring or contracting for
installation of devices.--Except as provided in
paragraph (2), an element of the intelligence community
may not require, or contract with, a manufacturer or
developer of covered products to place a mechanism or
device into a covered product that would allow any
agency or department of the Federal Government to
circumvent any privacy, security, or encryption
protections of the covered product.
(2) Exception for lawful surveillance activities under
court order.--The prohibitions under paragraph (1) shall not
apply to a lawful surveillance activity conducted pursuant to a
court order issued under--
(A) chapter 119, 121, or 206 of title 18, United
States Code; or
(B) the Foreign Intelligence Surveillance Act of
1978 (50 U.S.C. 1801 et seq.), except section 702 of
that Act (50 U.S.C. 1881a).
(c) Enforcement.--
(1) Authorization of civil action.--A covered person that
suffers an injury proximately caused by a violation of
subsection (b) may bring a civil action against the United
States in a district court of the United States to recover
money damages in accordance with paragraph (2) of this
subsection.
(2) Amount of damages.--A court, in awarding money damages
to a covered person in a civil action brought under this
subsection, shall award--
(A) an amount that is the greater of--
(i) the amount of actual damages; or
(ii) $10,000; and
(B) reasonable costs, including reasonable
attorney's fees.
(3) Exclusive remedy.--A civil action against the United
States under this subsection shall be the exclusive remedy
against the United States for a violation of subsection (b).
(4) Reimbursement of award.--An agency or department of the
United States, including an element of the intelligence
community, shall deposit into the general fund of the Treasury
of the United States an amount equal to any amount awarded
under paragraph (2), for a violation of subsection (b) by the
agency or department, out of any appropriation, fund, or other
account (excluding any part of such appropriation, fund, or
account that is available for the enforcement of any Federal
law) that is available for the operating expenses of the agency
or department.
(5) Defense of good faith reliance.--The United States
shall not be liable to a covered person in a civil action
brought under this subsection based on any action taken by an
individual acting on behalf of an agency or department of the
United States, including an element of the intelligence
community, if the individual acted in a good faith reliance on
a court order, a grand jury subpoena, or a legislative
authorization under--
(A) chapter 119, 121, or 206 of title 18, United
States Code; or
(B) the Foreign Intelligence Surveillance Act of
1978 (50 U.S.C. 1801 et seq.), except section 702 of
that Act (50 U.S.C. 1881a).
<all>
Introduced in Senate
Read twice and referred to the Committee on Commerce, Science, and Transportation.
Llama 3.2 · runs locally in your browser
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line