BILL ANALYSIS �Ó
SENATE COMMITTEE ON PUBLIC SAFETY
Senator Loni Hancock, Chair
2015 - 2016 Regular
Bill No: AB 1993 Hearing Date: June 28, 2016
-----------------------------------------------------------------
|Author: |Irwin |
|-----------+-----------------------------------------------------|
|Version: |June 14, 2016 |
-----------------------------------------------------------------
-----------------------------------------------------------------
|Urgency: |No |Fiscal: |Yes |
-----------------------------------------------------------------
-----------------------------------------------------------------
|Consultant:|JRD |
| | |
-----------------------------------------------------------------
Subject: Corporate Law Enforcement Contacts
HISTORY
Source: Author
Prior Legislation:SB 178 (Leno) - Chapter 651, Statutes of 2015
SB 467 (Leno) - 2013-2014, vetoed
SB 1434 (Leno) - 2011-12, vetoed
SB 914 (Leno) - 2011-2012, vetoed
Support: California District Attorneys Association; California
Police Chiefs Association; California State Sheriffs'
Association; Los Angeles County District Attorney's
Office
Opposition: California Association
of Collectors; California
Bankers Association; California Chamber of Commerce;
California Financial Services Association; CTIA- The
Wireless Association; CompTIA; Internet Association;
Personal Insurance Federation of California
Assembly Floor Vote: 54 - 19
�
AB 1993 (Irwin ) Page
2 of ?
PURPOSE
The purpose of this bill is to mandate that certain technology
companies specify a law enforcement contact process to
coordinate with law enforcement agency investigations.
Existing federal law provides that the right of the people to be
secure in their persons, houses, papers, and effects, against
unreasonable searches and seizures, shall not be violated, and
no warrants shall issue, but upon probable cause, supported by
oath or affirmation, and particularly describing the place to be
searched and the persons or things to be seized. (U.S. Const.,
4th Amend.; Cal. Const., art. I, § 13.)
Existing law establishes rules and regulations for corporations
to appoint agents for service of process. Additionally,
specifies rules for when agents for service of process resign
and the designation of a new agent for service of process.
(Corporations Code §§ 1502, 1503 & 1504.)
Existing law prohibits exclusion of relevant evidence in a
criminal proceeding on the ground that the evidence was obtained
unlawfully, unless the relevant evidence must be excluded
because it was obtained in violation of the federal
Constitution's Fourth Amendment. (Cal. Const., art. I, §
28(f)(2) (Right to Truth-in-Evidence provision).)
Existing law defines a "search warrant" as a written order in
the name of the people, signed by a magistrate and directed to a
peace officer, commanding him or her to search for a person or
persons, a thing or things, or personal property, and in the
case of a thing or things or personal property, bring the same
before the magistrate. (Penal Code § 1523.)
Existing law provides the specific grounds upon which a search
warrant may be issued, including when the property or things to
be seized consist of any item or constitute any evidence that
tends to show a felony has been committed, or tends to show that
�
AB 1993 (Irwin ) Page
3 of ?
a particular person has committed a felony. (Penal Code §
1524.)
Existing law provides that a search warrant cannot be issued but
upon probable cause, supported by affidavit, naming or
describing the person to be searched or searched for, and
particularly describing the property, thing, or things and the
place to be searched. (Penal Code § 1525.)
Existing law requires a magistrate to issue a search warrant if
he or she is satisfied of the existence of the grounds of the
application or that there is probable cause to believe their
existence. (Penal Code § 1528(a).)
Existing law requires a provider of electronic communication
service or remote computing service to disclose to a
governmental prosecuting or investigating agency the name,
address, local and long distance telephone toll billing records,
telephone number or other subscriber number or identity, and
length of service of a subscriber to or customer of that
service, and the types of services the subscriber or customer
utilized, when the governmental entity is granted a search
warrant. (Penal Code § 1524.3(a).)
Existing law states that a governmental entity receiving
subscriber records or information is not required to provide
notice to a subscriber or customer of the warrant. (Penal Code §
§ 1524.3(b).)
Existing law authorizes a court issuing a search warrant, on a
motion made promptly by the service provider, to quash or modify
the warrant if the information or records requested are
unusually voluminous in nature or compliance with the warrant
otherwise would cause an undue burden on the provider. (Penal
Code § 1524.3(c).)
Existing law requires a provider of wire or electronic
communication services or a remote computing service, upon the
request of a peace officer, to take all necessary steps to
preserve records and other evidence in its possession pending
the issuance of a search warrant or a request in writing and an
affidavit declaring an intent to file a warrant to the provider.
�
AB 1993 (Irwin ) Page
4 of ?
Records shall be retained for a period of 90 days, which shall
be extended for an additional 90 day period upon a renewed
request by the peace officer. (Penal Code § 1524.3(d).)
Existing law specifies that no cause of action shall be brought
against any provider, its officers, employees, or agents for
providing information, facilities, or assistance in good faith
compliance with a search warrant. (Penal Code § 1524.3(e).)
Existing law provides for a process for a search warrant for
records that are in the actual or constructive possession of a
foreign corporation that provides electronic communication
services or remote computing services to the general public,
where the records would reveal the identity of the customers
using those services, data stored by, or on behalf of, the
customer, the customer's usage of those services, the recipient
or destination of communications sent or from those customers,
or the content of those communications. (Penal Code § 1524.2.)
Existing law defines a "service provider" as "a person or entity
offering an electronic communication service." (Penal Code §
15469(j).)
This bill mandates that service providers specify a law
enforcement contact process to coordinate with law enforcement
agency investigations.
This bill provides that every specified service provider
corporation shall file a statement with the Attorney General
identifying the corporate law enforcement contact or contacts.
If a corporation designates any new corporate law enforcement
contact or contacts, the corporation shall file a statement with
the Attorney General identifying the new corporate law
enforcement contact or contacts.
�
AB 1993 (Irwin ) Page
5 of ?
The bill requires by July 1, 2017, specified technology
corporations shall, at minimum, provide the following through a
specified law enforcement contact:
A specific contact mechanism for law enforcement
personnel.
A continual availability of the law enforcement contact
process.
A method to provide status updates to a requesting law
enforcement agency on a request for assistance and a direct
means of communicating with the individual or group of
individuals responsible for processing the request.
RECEIVERSHIP/OVERCROWDING CRISIS AGGRAVATION
For the past several years this Committee has scrutinized
legislation referred to its jurisdiction for any potential
impact on prison overcrowding. Mindful of the United States
Supreme Court ruling and federal court orders relating to the
state's ability to provide a constitutional level of health care
to its inmate population and the related issue of prison
overcrowding, this Committee has applied its "ROCA" policy as a
content-neutral, provisional measure necessary to ensure that
the Legislature does not erode progress in reducing prison
overcrowding.
On February 10, 2014, the federal court ordered California to
reduce its in-state adult institution population to 137.5% of
design capacity by February 28, 2016, as follows:
143% of design bed capacity by June 30, 2014;
141.5% of design bed capacity by February 28, 2015; and,
137.5% of design bed capacity by February 28, 2016.
In December of 2015 the administration reported that as "of
December 9, 2015, 112,510 inmates were housed in the State's 34
adult institutions, which amounts to 136.0% of design bed
capacity, and 5,264 inmates were housed in out-of-state
facilities. The current population is 1,212 inmates below the
final court-ordered population benchmark of 137.5% of design bed
capacity, and has been under that benchmark since February
�
AB 1993 (Irwin ) Page
6 of ?
2015." (Defendants' December 2015 Status Report in Response to
February 10, 2014 Order, 2:90-cv-00520 KJM DAD PC, 3-Judge
Court, Coleman v. Brown, Plata v. Brown (fn. omitted).) One
year ago, 115,826 inmates were housed in the State's 34 adult
institutions, which amounted to 140.0% of design bed capacity,
and 8,864 inmates were housed in out-of-state facilities.
(Defendants' December 2014 Status Report in Response to February
10, 2014 Order, 2:90-cv-00520 KJM DAD PC, 3-Judge Court, Coleman
v. Brown, Plata v. Brown (fn. omitted).)
While significant gains have been made in reducing the prison
population, the state must stabilize these advances and
demonstrate to the federal court that California has in place
the "durable solution" to prison overcrowding "consistently
demanded" by the court. (Opinion Re: Order Granting in Part and
Denying in Part Defendants' Request For Extension of December
31, 2013 Deadline, NO. 2:90-cv-0520 LKK DAD (PC), 3-Judge Court,
Coleman v. Brown, Plata v. Brown (2-10-14). The Committee's
consideration of bills that may impact the prison population
therefore will be informed by the following questions:
Whether a proposal erodes a measure which has contributed
to reducing the prison population;
Whether a proposal addresses a major area of public safety
or criminal activity for which there is no other
reasonable, appropriate remedy;
Whether a proposal addresses a crime which is directly
dangerous to the physical safety of others for which there
is no other reasonably appropriate sanction;
Whether a proposal corrects a constitutional problem or
legislative drafting error; and
Whether a proposal proposes penalties which are
proportionate, and cannot be achieved through any other
reasonably appropriate remedy.
COMMENTS
1. Need for This Legislation
According to the author:
�
AB 1993 (Irwin ) Page
7 of ?
Today most large tech companies, including
telecommunications, internet search, and social media
providers, receive hundreds of thousands of law
enforcement requests for data each year nationally.
These results can be broken down into these categories:
subpoenas, orders, warrants, and emergency requests.
These requests are intended to produce evidence or aid in
investigations related to violent crimes, credible
threats, organized crime, terrorist activities, search
and rescue situations- or when law enforcement is trying
to find a missing person, among others.
Technology companies have begun publishing annual
transparency reports about government data requests and
the company's policies for providing notice when the
government requests and accesses their data, and their
process for screening warrants, orders, and emergency
requests before handing over user content. The reports
also provide statistics detailing how many total requests
were received, how many resulted in data disclosure, and
how many were rejected. While there appears to be some
consensus regarding industry best practices balancing
privacy and civil liberties with stewardship of public
safety, the lack of standardization and guidelines for
such requests is apparent.
For example, both AT&T and Verizon reported receiving
nearly 300,000 law enforcement requests each in 2015.
According to Verizon's transparency report, 'We carefully
review each demand we receive and, where appropriate, we
require law enforcement agencies to narrow the scope of
their demands or correct errors in those demands before
we produce some or all of the information sought.' Each
request goes through a screening process that can take
varying amounts of time depending on the company's
internal policies. Industry averages show that roughly
75% of requests result in some data being produced.
Given the increasing volume of these requests, and
varying company guidelines and internal policies, a level
of standardization and expectation needs to be assured.
�
AB 1993 (Irwin ) Page
8 of ?
AB 1993 addresses this issue by requiring companies that
generate large amounts of consumer data to standardize
their process for receiving and responding to law
enforcement requests for data to meet industry best
practices. AB 1993 will ensure a process for submitting
emergency disclosure requests that is continually
available, exclusive to law enforcement personnel for
emergency purposes, that data can be produced regardless
of where it is physically stored, and that the service
provider staff has first-hand decision-making authority
for disclosure of data. AB 1993 will ensure that in
emergency situations the interface between law
enforcement and companies with data relevant to the
situation meets minimum standards of effectiveness.
2. Effect of the Legislation
According to the background submitted by the author, "With the
passage of SB 178 (Leno), also known as CalECPA, privacy rights
were extended to electronic data in a way that federal law does
not: it bars any state law enforcement or investigative entity
from compelling a business to turn over any data or digital
communication-including emails, texts, documents stored in the
cloud-without a warrant. It also requires a warrant to search or
track the location of a business' electronic devices like mobile
phones. Also, no business (or its officers, employees and
agents) may be subject to any cause of action for providing
information or assistance pursuant to a warrant or court order.
CalECPA also permits a service provider to voluntarily disclose
electronic communication information when disclosure is not
otherwise prohibited by law, such as in emergency situations."
This legislation is intended to provide law enforcement with a
process to get this information.
4. Argument in Opposition and Proposed Amendments
According to the Internet Association, who is opposed to this
legislation, states:
�
AB 1993 (Irwin ) Page
9 of ?
Building in a requirement that companies must keep
every single requestor directly in the loop with
immediate access to our processing teams would
dramatically slow down our turnaround times. As
alluded to earlier, the volume of these requests has
steadily grown and can number in the tens of thousands
annually for a single company. If each of potentially
thousands of requestors is given direct access to our
teams who are working tirelessly to receive, analyze,
prioritize, and appropriately resolve these myriad
requests, the company will end up pending exorbitant
amounts of time providing status updates rather than
actually processing requests.
To address this concern members may wish to consider
recommending the following amendment to Penal Code section
1524.4(b)(2)(C):
Creates Includes a method to provide status updates to a
requesting law enforcement agency on a request for
assistance and a direct means of communicating with the
individual or group of individuals responsible for
processing the request.
-- END -