BILL ANALYSIS �Ó
SENATE COMMITTEE ON APPROPRIATIONS
Senator Ricardo Lara, Chair
2015 - 2016 Regular
SB 178 (Leno) - Privacy: electronic communications: search
warrants
-----------------------------------------------------------------
| |
| |
| |
-----------------------------------------------------------------
|--------------------------------+--------------------------------|
| | |
|Version: April 22, 2015 |Policy Vote: PUB. S. 6 - 1 |
| | |
|--------------------------------+--------------------------------|
| | |
|Urgency: No |Mandate: Yes |
| | |
|--------------------------------+--------------------------------|
| | |
|Hearing Date: May 28, 2015 |Consultant: Jolie Onodera |
| | |
-----------------------------------------------------------------
SUSPENSE FILE. AS AMENDED.
Bill
Summary: SB 178 would create the Electronic Communications
Privacy Act, which would require a search warrant or wiretap
order for access to all aspects of electronic communications,
with specified exceptions, and would specify noticing and
information deletion requirements. This bill would require a
government entity, as defined, that obtains information pursuant
to the Act to annually report specified data to the Attorney
General, and would require the Department of Justice (DOJ) to
aggregate and publish the information on its website by April 1,
2017, and annually thereafter.
Fiscal Impact (as approved May 28,
2015):
Noticing requirements : Ongoing potentially significant costs
to state and local law enforcement agencies for those noticing
provisions in the bill that exceed requirements under federal
law. To the extent local agency expenditures qualify as a
reimbursable state mandate, agencies could claim reimbursement
�
SB 178 (Leno) Page 1 of
?
of those costs (General Fund). Costs would be dependent on
various factors including but not limited to the number of
persons requiring notice, both contemporaneously and under the
delayed noticing provisions, time/workload required per
notice, and the method of noticing used.
Information deletion : Unknown, but potentially significant
costs to government entities for the required deletion of
information within the specified time period. To the extent
local agency expenditures qualify as a reimbursable state
mandate, agencies could claim reimbursement of those costs
(General Fund).
DOJ impact : Significant ongoing costs potentially in excess
of $300,000 (General Fund) for resources to meet the noticing
requirements of the bill. Minor, absorbable impact to
aggregate and post annual reports received to its website.
Background:1) The Fourth Amendment to the U.S. Constitution and Article I,
Section 13 of the California Constitution protect the right of
the people against unreasonable searches and seizures. In recent
cases, the U.S. Supreme Court has affirmed that Fourth Amendment
protections extend to electronic information, and that
protection must keep pace with advancing technology.
Existing federal law under the Electronic Communications Privacy
Act provides that a government entity may only access the
contents of communications in electronic storage for 180 days or
less pursuant to a warrant. If the contents of a wire or
electronic communications have been in electronic storage in an
electronic communications system for more than 180 days, a
government entity may require its disclosure through other means
such as a subpoena or a court order with prior notice to the
subscriber or customer. However, a government entity may access
the contents of a wire or electronic communications that have
been in electronic storage for more than 180 days without
required notice to the subscriber or customer if the government
entity obtains a warrant.
Further, under existing federal law, a governmental entity may
require a provider of electronic communication service to
disclose a record or other information pertaining to a
subscriber to or customer of such service under specified
circumstances, including pursuant to a warrant or court order. A
governmental entity receiving records or information under this
�
SB 178 (Leno) Page 2 of
?
provision of federal law is not required to provide notice to a
subscriber or customer. (18 USC § 2703.)
This bill seeks to update existing state law by instituting
a clear, uniform warrant process for government access to
all aspects of electronic information, including data from
personal electronic devices, emails, digital documents,
text messages, metadata, and location information.
Proposed Law:
This bill would enact the Electronic Communications Privacy
Act, which would provide that government entities shall not
compel the production of or access to electronic information, as
defined, without a warrant or wiretap order, with specified
exceptions. Additionally, this bill:
Provides that a government entity may access electronic
device information by means of physical interaction or
electronic communication with the device only as follows:
1) In accordance with a wiretap order or search
warrant, as specified.
2) With the specific consent of the authorized
possessor of the device, including when a government
entity is the intended recipient initiated by the
authorized possessor of the device.
3) With the specific consent of the owner of the
device, only when the device has been reported as lost
or stolen.
4) If the government entity, in good faith,
believes that an emergency involving danger of death
or serious physical injury to any person requires
access to the electronic device information.
5) If the government entity, in good faith,
believes the device to be lost, stolen, or abandoned,
provided that the entity shall only access electronic
device information in order to attempt to identify,
verify, or contact the authorized possessor of the
device.
Requires a government entity receiving electronic
�
SB 178 (Leno) Page 3 of
?
communication information voluntarily to delete that
information within 90 days unless specific consent or a
court order has been obtained authorizing retention of the
information.
Requires a government entity that executes a warrant or
wiretap order, or an emergency, as specified, to
contemporaneously serve upon, or deliver by registered or
first-class mail, electronic mail, or other means, the
identified targets of the warrant, order, or request, a
notice that informs the recipient that information about
the recipient has been compelled or requested, and states
the nature of the investigation. The notice is to include a
copy of the warrant or order, or a written statement
setting forth facts giving rise to the emergency.
Requires a government entity to take reasonable steps to
provide notice within three days of the execution of the
warrant, wiretap, or emergency request or access, to all
individuals about whom information was disclosed or
obtained if there is no identified target.
Authorizes a government entity to submit a request for a
court order delaying notification for up to 90 days that
prohibits any party from notifying any other party that
information has been sought. Extensions for up to 90 days
may be granted by the court.
Upon expiration of the period of delay, requires
government entities to notice every individual whose
electronic information was acquired, a document including
specified information, a copy of all electronic information
obtained or a summary of that information, including, at a
minimum, the number and types of records disclosed, the
date and time when the earliest and latest records were
created, and a statement of the grounds for the court's
determination to grant a delay in notification.
Specifies a California or foreign corporation, and its
officers, employees, and agents, are not subject to any
cause of action for providing records, information,
facilities, or assistance in accordance with the terms of
an order issued pursuant to this chapter.
Specifies that except as proof of a violation of this
�
SB 178 (Leno) Page 4 of
?
Act, no evidence obtained or retained in violation of this
chapter shall be admissible in a criminal, civil, or
administrative proceeding, or used in an affidavit in an
effort to obtain a search warrant or court order.
Requires a government entity that obtains electronic
information pursuant to the provisions of this Act to make
an annual report to the AG on or before February 1, 2017,
and each February 1 thereafter. To the extent it can be
reasonably determined, the report is to include all of the
following:
a. The number of requests or demands for
electronic information.
b. The number of requests or demands made, and
the number of records received for each of the
following types of records:
i. Electronic communication content.
ii. Location information.
iii. Other electronic information.
c. For each of the types of records in (b), all
of the following:
i. The number of requests or demands
that were each of the following:
1. Wiretap orders
2. Search warrants
3. Emergency requests
ii. The total number of users whose
information was requested or demanded.
iii. The total number of requests or
demands that did not specify a target individual.
iv. The number of requests or demands
complied with in full, partially complied with,
or refused.
v. The number of times the notice to
the affected party was delayed and the average
length of the delay.
vi. The number of times records were
shared with other government entities or any
department or agency of the federal government,
and the agencies with which the records were
shared.
vii. For contents of electronic
communications, the total number of
�
SB 178 (Leno) Page 5 of
?
communications contents received.
viii. For location information, the
average period for which location information was
obtained or received and the total number of
location records received.
ix. For other electronic communication
information, the types of records requested and
the total number of records of each type
received.
On or before April 1, 2017, and each April 1 thereafter,
requires the DOJ to publish on its internet website both of
the following:
o The individual reports from each government
entity that requests or compels the production of
contents or records pertaining to an electronic
communication or location information.
o A summary aggregating each of the items
required to be reported by government entities.
Prior
Legislation: SB 467 (Leno) 2013 would have required a search
warrant for access to electronic communications, and mandated
specified notifications by law enforcement. This bill was vetoed
by the Governor with the following message:
This bill requires law enforcement agencies to obtain a search
warrant when seeking access to electronic communications.
Federal law currently requires a search warrant, subpoena or
court order to access this kind of information and in the vast
majority of cases, law enforcement agencies obtain a search
warrant. The bill, however, imposes new notice requirements that
go beyond those required by federal law and could impede ongoing
criminal investigations. I do not think that is wise.
SB 1434 (Leno) 2012 would have prohibited a government entity
from obtaining the location information of an electronic device
without a valid search warrant unless certain exceptions apply.
This bill was vetoed by the Governor.
SB 914 (Leno) 2011 would have prohibited the search of
information contained in a portable electronic device by a law
enforcement officer incident to a lawful custodial arrest except
pursuant to a search warrant. This bill was vetoed by the
�
SB 178 (Leno) Page 6 of
?
Governor.
Staff
Comments: The provisions of this bill will significantly
increase costs to government entities with regard to the overall
process of requesting and obtaining electronic information,
while strengthening protections for consumers with respect to
electronic privacy law. While some of the provisions of the Act
are consistent with existing federal/state and case law, the
data collection/reporting, information deletion, and certain
noticing provisions mandated by the Act will result in new
workload for local agencies.
Data collection/reporting to DOJ
This bill requires government entities that "obtain electronic
information pursuant to this chapter" to make an annual report
including specified data to the DOJ. As the chapter essentially
covers all means by which to obtain electronic information,
whether through request or demand, it is estimated that all law
enforcement entities, both local and state, would be subject to
the data collection and reporting requirements of this bill.
There are currently 482 cities and 58 counties in the State.
While statewide costs cannot be estimated with certainty, given
the large number of local agencies and the numerous types of
data required to be collected and reported, these activities
could result in major one-time and ongoing costs, potentially in
the tens of millions of dollars annually. To the extent local
agency expenditures qualify as a reimbursable state mandate,
agencies could claim reimbursement of those costs (General
Fund). As an example, the Commission on State Mandates'
statewide cost estimate for Crime Statistics Reports for the DOJ
reflects eligible reimbursement of over $13.6 million per year
for slightly over 50 percent of local agencies reporting.
The costs to individual agencies would vary widely and depend on
various factors, including but not limited to the size of the
agency, the volume of requests and demands for electronic
information by the agency, the type of electronic data, the
number of records for each request/demand, and the workload
involved to fulfill each of the data elements required to be
reported. For example, while the workload involved to report the
number of requests and demands for electronic information may
not be substantial, the workload required to collect and track
�
SB 178 (Leno) Page 7 of
?
the number of times each notice to an affected party was delayed
and the average length of the delay, would be much more onerous.
To the extent local agencies additionally require the
development of a central database and other system enhancements
to collect, track, and report the information, these one-time
and ongoing costs for maintenance and operations could also be
very significant.
Noticing requirements
Certain noticing requirements specified in the bill are
consistent with provisions of federal, state, and case law, and
are not estimated to result in increased costs to agencies.
However, as noted in the Background Section of this analysis,
under existing federal law (18 USC § 2703), a governmental
entity is not required to provide notice to a subscriber or
customer when a warrant is obtained for specified electronic
information. And the delayed notification provisions under
federal law apply only to use of administrative subpoenas or
court orders, which require customer notification. As a result,
certain provisions of this bill will result in a higher level of
service for agencies, resulting in potentially significant
ongoing costs. To the extent local agency expenditures qualify
as a reimbursable state mandate, agencies could claim
reimbursement of those costs (General Fund).
The costs to agencies would be dependent on various factors
including but not limited to the number of persons requiring
notice, both contemporaneously and under the delayed noticing
provisions, time/workload required per notice, and the method of
noticing used. For example, a request or order for metadata with
no identified target could involve hundreds or more individuals,
that would require noticing, as the bill requires all
individuals about whom information was disclosed or obtained to
be noticed. The requirements under delayed notification
additionally require a copy of all information obtained, or a
summary of that information including the number and types of
records, the date and time when specified records were created,
and a statement of the grounds for the court's determination to
grant a delay in notification.
Information deletion
Government entities could incur new costs for the required
deletion of information voluntarily provided within the 90-day
time period. Because an agency could avoid this workload through
�
SB 178 (Leno) Page 8 of
?
a court order or by obtaining a warrant or order for the
information, any new costs to an agency attributable to
information deletion would reduce the additional costs noted
above that otherwise would be incurred by that agency for
noticing and the associated data collection on noticing. To the
extent local agency expenditures for information deletion
qualify as a reimbursable state mandate, agencies could claim
reimbursement of those costs (General Fund).
2/3-Vote Requirement
The California Constitution provides for the Right to Truth in
Evidence, which requires a 2/3 -vote of the Legislature to
exclude any relevant evidence from any criminal proceeding, as
specified. Because this bill would exclude evidence obtained or
retained in violation of its provisions in a criminal
proceeding, it triggers the 2/3-vote requirement.
Author amendments (as adopted May 28, 2015):
For cases in which there is no identified target of a
warrant, wiretap order, or emergency request or access,
deletes the requirement that the government entity take
reasonable steps to provide notice within three days and
instead requires the entity to submit to the Department of
Justice (DOJ) within 72 hours a report that states with
reasonable specificity the nature of the government
investigation under which the information was sought.
Require DOJ to publish each report received on its
website within 90 days of receipt.
Add a coauthor.
Make other technical changes.
Committee amendments (as adopted May 28, 2015): Delete the data
collection and reporting requirements of the bill.
-- END --
�
SB 178 (Leno) Page 9 of
?