S 318	Computer Trespass Clarification Act of 2005
	Sponsor: Sen. Russ Feingold, D-WI.

By Mr. FEINGOLD:

S. 318. A bill to clarify conditions for the interceptions of

computer trespass communications under the USA-PATRIOT Act; to the

Committee on the Judiciary.

Mr. FEINGOLD. Mr. President, I am pleased to introduce the Computer

Trespass Clarification Act of 2005, which would amend and clarify

section 217 of the USA-PATRIOT Act. This bill is virtually identical to

a bill I introduced in the 108th Congress, S. 2783.

Section 217 of the PATRIOT Act addresses the interception of computer

trespass communications. This bill would modify existing law to more

accurately reflect the intent of the provision, and also protect

against invasions of privacy.

Section 217 was designed to permit law enforcement to assist computer

owners who are subject to denial of service attacks or other episodes

of hacking. The original Department of Justice draft of the bill that

later became the PATRIOT Act included this provision. A section by

section analysis provided by the Department on September 19, 2001,

stated the following: ``Current law may not allow victims of computer

trespassing to request law enforcement assistance in monitoring

unauthorized attacks as they occur. Because service providers often

lack the expertise, equipment, or financial resources required to

monitor attacks themselves as permitted under current law, they often

have no way to exercise their rights to protect themselves from

unauthorized attackers. Moreover, such attackers can target critical

infrastructures and engage in cyberterrorism. To correct this problem,

and help to protect national security, the proposed amendments to the

wiretap statute would allow victims of computer attacks to authorize

persons `acting under color of law' to monitor trespassers on their

computer systems in a narrow class of cases.''

I strongly supported the goal of giving computer system owners the

ability to call in law enforcement to help defend themselves against

hacking. Including such a provision in the PATRIOT Act made a lot of

sense. Unfortunately, the drafters of the provision made it much

broader than necessary, and refused to amend it at the time we debated

the bill in 2001. As a result, the law now gives the government the

authority to intercept communications by people using computers owned

by others as long as they have engaged in some unauthorized activity on

the computer, and the owner gives permission for the computer to be

monitored--all without judicial approval.

Only people who have a ``contractual relationship'' with the owner

allowing the use of a computer are exempt from the definition of a

computer trespasser under section 217 of the PATRIOT Act. Many people--

for example, college students, patrons of libraries, Internet cafes or

airport business lounges, and guests at hotels--use computers owned by

others with permission, but without a contractual relationship. They

could end up being the subject of government snooping if the owner of

the computer gives permission to law enforcement.

My bill would clarify that a computer trespasser is not someone who

has permission to use a computer by the owner or operator of that

computer. It would bring the existing computer trespass provision in

line with the purpose of section 217 as expressed in the Department of

Justice's initial explanation of the provision. Section 217 was

intended to target only a narrow class of people: Unauthorized

cyberhackers. It was not intended to give the government the

opportunity to engage in widespread surveillance of computer users

without a warrant.

I should note that there is no specific evidence that the provision

is being abused. But, of course, unless criminal charges are brought

against someone as a result of such surveillance, there would never be

any notice at all that the surveillance has taken place. The computer

owner authorizes the surveillance, and the FBI carries it out. There is

no warrant, no court proceeding, no opportunity even for the subject of

the surveillance to challenge the assertion of the owner that some

unauthorized use of the computer has occurred.

My bill would modify the computer trespass provision in the following

ways to protect against abuse, while still maintaining its usefulness

in cases of denial of service attacks and other forms of hacking.

First, it would require that the owner or operator of the protected

computer authorizing the interception has been subject to ``an ongoing

pattern of communications activity that threatens the integrity or

operation of such computer.'' In other words, the owner has to be the

target of some kind of hacking.

Second, the bill limits the length of warrantless surveillance to 96

hours. This is twice as long as is allowed for an emergency wiretap.

With four days of surveillance, it should not be difficult for the

government to gather sufficient evidence of wrongdoing to obtain a

warrant if continued surveillance is necessary.

Finally, the bill would require the Attorney General to annually

report on the use of Section 217 to the Senate and House Judiciary

Committees. Section 217 is one of the provisions that is subject to the

sunset provision in the PATRIOT Act and will expire at the end of 2005.

We in the Congress need to do more oversight of the use of this and

other provisions of PATRIOT Act in order to evaluate their

effectiveness.

The computer trespass provision now in the law as a result of section

217 of the PATRIOT Act leaves open the possibility for significant and

unnecessary invasions of privacy. The reasonable and modest changes to

the provision contained in this bill preserve the usefulness of the

provision for investigations of cyberhacking, but reduce the

possibility of government abuse. We must continually seek to balance

the need for effective tools to fight crime and terrorism against the

civil liberties of our citizens. The Computer Trespass Clarification

Act strikes the right balance, and I urge my colleagues to support it.

I ask unanimous consent that the text of the bill be printed in the

Record.

There being no objection, the bill was ordered to be printed in the

Record, as follows:

S. 318

Be it enacted by the Senate and House of Representatives of

the United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

This Act may be cited as the ``Computer Trespass

Clarification Act of 2005''.

SEC. 2. AMENDMENTS TO TITLE 18.

(a) Definitions.--Section 2510(21)(B) of title 18, United

States Code, is amended by--

(1) inserting ``or other'' after ``contractual''; and

(2) striking ``for access'' and inserting ``permitting

access''.

(b) Interception and Disclosure.--Section 2511(2)(i) of

title 18, United States Code, is amended--

(1) in clause (I), by inserting after ``the owner or

operator of the protected computer'' the following: ``is

attempting to respond to communications activity that

threatens the integrity or operation of such computer and

requests assistance to protect rights and property of the

owner or operator, and''; and

(2) in clause (IV), by inserting after ``interception'' the

following: ``ceases as soon as the communications sought are

obtained or after 96 hours, whichever is earlier, unless an

interception order is obtained under this chapter, and''.

enactment and annually thereafter, report to the Committees

on the Judiciary of the Senate and the House of

Representatives on the use during the previous year of

section 2511 of title 18, United States Code, relating to

computer trespass provisions as amended by subsection (b).

______