BILL ANALYSIS                                                                                                                                                                                                    Ó



          SENATE COMMITTEE ON APPROPRIATIONS
                             Senator Ricardo Lara, Chair
                                2015 - 2016  Regular 

          SB 178 (Leno) - Privacy: electronic communications: search  
          warrants
          
           ----------------------------------------------------------------- 
          |                                                                 |
          |                                                                 |
          |                                                                 |
           ----------------------------------------------------------------- 
          |--------------------------------+--------------------------------|
          |                                |                                |
          |Version: April 22, 2015         |Policy Vote: PUB. S. 6 - 1      |
          |                                |                                |
          |--------------------------------+--------------------------------|
          |                                |                                |
          |Urgency: No                     |Mandate: Yes                    |
          |                                |                                |
          |--------------------------------+--------------------------------|
          |                                |                                |
          |Hearing Date: May 28, 2015      |Consultant: Jolie Onodera       |
          |                                |                                |
           ----------------------------------------------------------------- 

          SUSPENSE FILE. AS AMENDED.


          Bill  
          Summary:  SB 178 would create the Electronic Communications  
          Privacy Act, which would require a search warrant or wiretap  
          order for access to all aspects of electronic communications,  
          with specified exceptions, and would specify noticing and  
          information deletion requirements. This bill would require a  
          government entity, as defined, that obtains information pursuant  
          to the Act to annually report specified data to the Attorney  
          General, and would require the Department of Justice (DOJ) to  
          aggregate and publish the information on its website by April 1,  
          2017, and annually thereafter.


          Fiscal Impact (as approved May 28,  
          2015):  
            Noticing requirements  :  Ongoing potentially significant costs  
            to state and local law enforcement agencies for those noticing  
            provisions in the bill that exceed requirements under federal  
            law. To the extent local agency expenditures qualify as a  
            reimbursable state mandate, agencies could claim reimbursement  







          SB 178 (Leno)                                          Page 1 of  
          ?
          
          
            of those costs (General Fund). Costs would be dependent on  
            various factors including but not limited to the number of  
            persons requiring notice, both contemporaneously and under the  
            delayed noticing provisions, time/workload required per  
            notice, and the method of noticing used. 
            Information deletion  :  Unknown, but potentially significant  
            costs to government entities for the required deletion of  
            information within the specified time period. To the extent  
            local agency expenditures qualify as a reimbursable state  
            mandate, agencies could claim reimbursement of those costs  
            (General Fund).    
            DOJ impact  :  Significant ongoing costs potentially in excess  
            of $300,000 (General Fund) for resources to meet the noticing  
            requirements of the bill. Minor, absorbable impact to  
            aggregate and post annual reports received to its website.


        Background:1)  The Fourth Amendment to the U.S. Constitution and Article I,  
          Section 13 of the California Constitution protect the right of  
          the people against unreasonable searches and seizures. In recent  
          cases, the U.S. Supreme Court has affirmed that Fourth Amendment  
          protections extend to electronic information, and that  
          protection must keep pace with advancing technology. 

          Existing federal law under the Electronic Communications Privacy  
          Act provides that a government entity may only access the  
          contents of communications in electronic storage for 180 days or  
          less pursuant to a warrant. If the contents of a wire or  
          electronic communications have been in electronic storage in an  
          electronic communications system for more than 180 days, a  
          government entity may require its disclosure through other means  
          such as a subpoena or a court order with prior notice to the  
          subscriber or customer. However, a government entity may access  
          the contents of a wire or electronic communications that have  
          been in electronic storage for more than 180 days without  
          required notice to the subscriber or customer if the government  
          entity obtains a warrant. 

          Further, under existing federal law, a governmental entity may  
          require a provider of electronic communication service to  
          disclose a record or other information pertaining to a  
          subscriber to or customer of such service under specified  
          circumstances, including pursuant to a warrant or court order. A  
          governmental entity receiving records or information under this  








          SB 178 (Leno)                                          Page 2 of  
          ?
          
          
          provision of federal law is not required to provide notice to a  
          subscriber or customer. (18 USC § 2703.)

          This bill seeks to update existing state law by instituting  
          a clear, uniform warrant process for government access to  
          all aspects of electronic information, including data from  
          personal electronic devices, emails, digital documents,  
          text messages, metadata, and location information. 


          Proposed Law:  
           This bill would enact the Electronic Communications Privacy  
          Act, which would provide that government entities shall not  
          compel the production of or access to electronic information, as  
          defined, without a warrant or wiretap order, with specified  
          exceptions. Additionally, this bill:
                 Provides that a government entity may access electronic  
               device information by means of physical interaction or  
               electronic communication with the device only as follows:
                  1)        In accordance with a wiretap order or search  
                    warrant, as specified. 

                  2)        With the specific consent of the authorized  
                    possessor of the device, including when a government  
                    entity is the intended recipient initiated by the  
                    authorized possessor of the device. 

                  3)        With the specific consent of the owner of the  
                    device, only when the device has been reported as lost  
                    or stolen. 

                  4)        If the government entity, in good faith,  
                    believes that an emergency involving danger of death  
                    or serious physical injury to any person requires  
                    access to the electronic device information. 

                  5)        If the government entity, in good faith,  
                    believes the device to be lost, stolen, or abandoned,  
                    provided that the entity shall only access electronic  
                    device information in order to attempt to identify,  
                    verify, or contact the authorized possessor of the  
                    device.

                 Requires a government entity receiving electronic  








          SB 178 (Leno)                                          Page 3 of  
          ?
          
          
               communication information voluntarily to delete that  
               information within 90 days unless specific consent or a  
               court order has been obtained authorizing retention of the  
               information.

                 Requires a government entity that executes a warrant or  
               wiretap order, or an emergency, as specified, to  
               contemporaneously serve upon, or deliver by registered or  
               first-class mail, electronic mail, or other means, the  
               identified targets of the warrant, order, or request, a  
               notice that informs the recipient that information about  
               the recipient has been compelled or requested, and states  
               the nature of the investigation. The notice is to include a  
               copy of the warrant or order, or a written statement  
               setting forth facts giving rise to the emergency.

                 Requires a government entity to take reasonable steps to  
               provide notice within three days of the execution of the  
               warrant, wiretap, or emergency request or access, to all  
               individuals about whom information was disclosed or  
               obtained if there is no identified target.

                 Authorizes a government entity to submit a request for a  
               court order delaying notification for up to 90 days that  
               prohibits any party from notifying any other party that  
               information has been sought. Extensions for up to 90 days  
               may be granted by the court.

                 Upon expiration of the period of delay, requires  
               government entities to notice every individual whose  
               electronic information was acquired, a document including  
               specified information, a copy of all electronic information  
               obtained or a summary of that information, including, at a  
               minimum, the number and types of records disclosed, the  
               date and time when the earliest and latest records were  
               created, and a statement of the grounds for the court's  
               determination to grant a delay in notification.

                 Specifies a California or foreign corporation, and its  
               officers, employees, and agents, are not subject to any  
               cause of action for providing records, information,  
               facilities, or assistance in accordance with the terms of  
               an order issued pursuant to this chapter.
                 Specifies that except as proof of a violation of this  








          SB 178 (Leno)                                          Page 4 of  
          ?
          
          
               Act, no evidence obtained or retained in violation of this  
               chapter shall be admissible in a criminal, civil, or  
               administrative proceeding, or used in an affidavit in an  
               effort to obtain a search warrant or court order.


                 Requires a government entity that obtains electronic  
               information pursuant to the provisions of this Act to make  
               an annual report to the AG on or before February 1, 2017,  
               and each February 1 thereafter. To the extent it can be  
               reasonably determined, the report is to include all of the  
               following:
                  a.        The number of requests or demands for  
                    electronic information.
                  b.        The number of requests or demands made, and  
                    the number of records received for each of the  
                    following types of records:
                        i.             Electronic communication content.
                        ii.            Location information.
                        iii.           Other electronic information.
                  c.        For each of the types of records in (b), all  
                    of the following:
                        i.             The number of requests or demands  
                         that were each of the following:
                            1.                  Wiretap orders
                            2.                  Search warrants
                            3.                  Emergency requests
                        ii.            The total number of users whose  
                         information was requested or demanded.
                        iii.           The total number of requests or  
                         demands that did not specify a target individual.
                        iv.            The number of requests or demands  
                         complied with in full, partially complied with,  
                         or refused.
                        v.             The number of times the notice to  
                         the affected party was delayed and the average  
                         length of the delay.
                        vi.            The number of times records were  
                         shared with other government entities or any  
                         department or agency of the federal government,  
                         and the agencies with which the records were  
                         shared.
                        vii.           For contents of electronic  
                         communications, the total number of  








          SB 178 (Leno)                                          Page 5 of  
          ?
          
          
                         communications contents received.
                        viii.           For location information, the  
                         average period for which location information was  
                         obtained or received and the total number of  
                         location records received.
                        ix.            For other electronic communication  
                         information, the types of records requested and  
                         the total number of records of each type  
                         received.
                 On or before April 1, 2017, and each April 1 thereafter,  
               requires the DOJ to publish on its internet website both of  
               the following:
                  o         The individual reports from each government  
                    entity that requests or compels the production of  
                    contents or records pertaining to an electronic  
                    communication or location information. 
                  o         A summary aggregating each of the items  
                    required to be reported by government entities.


          Prior  
          Legislation:  SB 467 (Leno) 2013 would have required a search  
          warrant for access to electronic communications, and mandated  
          specified notifications by law enforcement. This bill was vetoed  
          by the Governor with the following message:


          This bill requires law enforcement agencies to obtain a search  
          warrant when seeking access to electronic communications.  
          Federal law currently requires a search warrant, subpoena or  
          court order to access this kind of information and in the vast  
          majority of cases, law enforcement agencies obtain a search  
          warrant. The bill, however, imposes new notice requirements that  
          go beyond those required by federal law and could impede ongoing  
          criminal investigations. I do not think that is wise.
          SB 1434 (Leno) 2012 would have prohibited a government entity  
          from obtaining the location information of an electronic device  
          without a valid search warrant unless certain exceptions apply.  
          This bill was vetoed by the Governor.

          SB 914 (Leno) 2011 would have prohibited the search of  
          information contained in a portable electronic device by a law  
          enforcement officer incident to a lawful custodial arrest except  
          pursuant to a search warrant. This bill was vetoed by the  








          SB 178 (Leno)                                          Page 6 of  
          ?
          
          
          Governor.



          Staff  
          Comments:  The provisions of this bill will significantly  
          increase costs to government entities with regard to the overall  
          process of requesting and obtaining electronic information,  
          while strengthening protections for consumers with respect to  
          electronic privacy law. While some of the provisions of the Act  
          are consistent with existing federal/state and case law, the  
          data collection/reporting, information deletion, and certain  
          noticing provisions mandated by the Act will result in new  
          workload for local agencies.   
           Data collection/reporting to DOJ
           This bill requires government entities that "obtain electronic  
          information pursuant to this chapter" to make an annual report  
          including specified data to the DOJ. As the chapter essentially  
          covers all means by which to obtain electronic information,  
          whether through request or demand, it is estimated that all law  
          enforcement entities, both local and state, would be subject to  
          the data collection and reporting requirements of this bill.  
          There are currently 482 cities and 58 counties in the State.  
          While statewide costs cannot be estimated with certainty, given  
          the large number of local agencies and the numerous types of  
          data required to be collected and reported, these activities  
          could result in major one-time and ongoing costs, potentially in  
          the tens of millions of dollars annually. To the extent local  
          agency expenditures qualify as a reimbursable state mandate,  
          agencies could claim reimbursement of those costs (General  
          Fund). As an example, the Commission on State Mandates'  
          statewide cost estimate for Crime Statistics Reports for the DOJ  
          reflects eligible reimbursement of over $13.6 million per year  
          for slightly over 50 percent of local agencies reporting.  

          The costs to individual agencies would vary widely and depend on  
          various factors, including but not limited to the size of the  
          agency, the volume of requests and demands for electronic  
          information by the agency, the type of electronic data, the  
          number of records for each request/demand, and the workload  
          involved to fulfill each of the data elements required to be  
          reported. For example, while the workload involved to report the  
          number of requests and demands for electronic information may  
          not be substantial, the workload required to collect and track  








          SB 178 (Leno)                                          Page 7 of  
          ?
          
          
          the number of times each notice to an affected party was delayed  
          and the average length of the delay, would be much more onerous.  
          To the extent local agencies additionally require the  
          development of a central database and other system enhancements  
          to collect, track, and report the information, these one-time  
          and ongoing costs for maintenance and operations could also be  
          very significant.

           Noticing requirements
           Certain noticing requirements specified in the bill are  
          consistent with provisions of federal, state, and case law, and  
          are not estimated to result in increased costs to agencies.  
          However, as noted in the Background Section of this analysis,  
          under existing federal law (18 USC § 2703), a governmental  
          entity is not required to provide notice to a subscriber or  
          customer when a warrant is obtained for specified electronic  
          information. And the delayed notification provisions under  
          federal law apply only to use of administrative subpoenas or  
          court orders, which require customer notification. As a result,  
          certain provisions of this bill will result in a higher level of  
          service for agencies, resulting in potentially significant  
          ongoing costs. To the extent local agency expenditures qualify  
          as a reimbursable state mandate, agencies could claim  
          reimbursement of those costs (General Fund). 

          The costs to agencies would be dependent on various factors  
          including but not limited to the number of persons requiring  
          notice, both contemporaneously and under the delayed noticing  
          provisions, time/workload required per notice, and the method of  
          noticing used. For example, a request or order for metadata with  
          no identified target could involve hundreds or more individuals,  
          that would require noticing, as the bill requires all  
          individuals about whom information was disclosed or obtained to  
          be noticed. The requirements under delayed notification  
          additionally require a copy of all information obtained, or a  
          summary of that information including the number and types of  
          records, the date and time when specified records were created,  
          and a statement of the grounds for the court's determination to  
          grant a delay in notification.

           Information deletion
           Government entities could incur new costs for the required  
          deletion of information voluntarily provided within the 90-day  
          time period. Because an agency could avoid this workload through  








          SB 178 (Leno)                                          Page 8 of  
          ?
          
          
          a court order or by obtaining a warrant or order for the  
          information, any new costs to an agency attributable to  
          information deletion would reduce the additional costs noted  
          above that otherwise would be incurred by that agency for  
          noticing and the associated data collection on noticing. To the  
          extent local agency expenditures for information deletion  
          qualify as a reimbursable state mandate, agencies could claim  
          reimbursement of those costs (General Fund).    

           2/3-Vote Requirement
           The California Constitution provides for the Right to Truth in  
          Evidence, which requires a 2/3 -vote of the Legislature to  
          exclude any relevant evidence from any criminal proceeding, as  
          specified. Because this bill would exclude evidence obtained or  
          retained in violation of its provisions in a criminal  
          proceeding, it triggers the 2/3-vote requirement.

          Author amendments (as adopted May 28, 2015):
                 For cases in which there is no identified target of a  
               warrant, wiretap order, or emergency request or access,  
               deletes the requirement that the government entity take  
               reasonable steps to provide notice within three days and  
               instead requires the entity to submit to the Department of  
               Justice (DOJ) within 72 hours a report that states with  
               reasonable specificity  the nature of the government  
               investigation under which the information was sought. 

                 Require DOJ to publish each report received on its  
               website within 90 days of receipt.

                 Add a coauthor.

                 Make other technical changes.

          Committee amendments (as adopted May 28, 2015):  Delete the data  
          collection and reporting requirements of the bill. 



                                      -- END --

          










          SB 178 (Leno)                                          Page 9 of  
          ?