SAFE Act

The Securing Adolescents from Exploitation-Online Act of 2007

ISPs already have a duty to notify authorities if they stumble across anything that appears to be child pornography or molestation evidence. The new bill ups the penalties for not reporting this information; ISPs now face up to $150,000 for a first violation and up to $300,000 for subsequent violations. The bill also requires ISPs to retain copies of all information filed in these reports, and to do so for 180 days in case they are needed for use as evidence in court.  Now, what does the bill not do? It explicitly tells ISPs that they do not need to “monitor any user, subscriber, or customer,” they do not need to “monitor the content of any indication,” or even “affirmatively seek facts or circumstances.” In other words, if you see it, you are legally obligated to report it, but ISPs do not need to become child porn detectives.
110th CONGRESS
1st Session
H. R. 3791
AN ACT

To modernize and expand the reporting requirements relating to child pornography, to expand cooperation in combating child pornography, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

This Act may be cited as the “Securing Adolescents From Exploitation-Online Act of 2007” or the “SAFE Act of 2007”.

SEC. 2. REPORTING REQUIREMENTS OF ELECTRONIC COMMUNICATION SERVICE PROVIDERS AND REMOTE COMPUTING SERVICE PROVIDERS.

(a) In General.—Chapter 110 of title 18, United States Code, is amended by inserting after section 2258 the following:

“SEC. 2258A. REPORTING REQUIREMENTS OF ELECTRONIC COMMUNICATION SERVICE PROVIDERS AND REMOTE COMPUTING SERVICE PROVIDERS.

“(a) Duty To Report.—

“(1) IN GENERAL.—Whoever, while engaged in providing an electronic communication service or a remote computing service to the public through a facility or means of interstate or foreign commerce, obtains actual knowledge of any facts or circumstances described in paragraph (2) shall, as soon as reasonably possible—

“(A) complete and maintain with current information a registration with the CyberTipline of the National Center for Missing and Exploited Children, or any successor to the CyberTipline operated by such center, by providing the mailing address, telephone number, facsimile number, electronic mail address of, and individual point of contact for, such electronic communication service provider or remote computing service provider; and

“(B) make a report of such facts or circumstances to the CyberTipline, or any successor to the CyberTipline operated by such center.

“(2) FACTS OR CIRCUMSTANCES.—The facts or circumstances described in this paragraph are any facts or circumstances that appear to indicate a violation of—

“(A) section 2251, 2251A, 2252, 2252A, 2252B, or 2260 that involves child pornography; or

“(B) section 1466A.

“(b) Contents Of Report.—To the extent available to an electronic communication service provider or a remote computing service provider, each report under subsection (a)(1) shall include the following information:

“(1) INFORMATION ABOUT THE INVOLVED INDIVIDUAL.—Information relating to the Internet identity of any individual who appears to have violated a Federal law in the manner described in subsection (a)(2), which shall, to the extent reasonably practicable, include the electronic mail address, website address, uniform resource locator, or any other identifying information, including self-reported identifying information.

“(2) HISTORICAL REFERENCE.—Information relating to when any apparent child pornography was uploaded, transmitted, reported to, or discovered by the electronic communication service provider or remote computing service provider, as the case may be, including a date and time stamp and time zone.

“(3) GEOGRAPHIC LOCATION INFORMATION.—Information relating to the geographic location of the involved individual, hosting website, or uniform resource locator, which shall include the Internet Protocol Address or verified billing address, or, if not reasonably available, at least one form of geographic identifying information, including area code or zip code. The information shall also include any self-reported geographic information.

“(4) IMAGES OF APPARENT CHILD PORNOGRAPHY.—Any image of any apparent child pornography relating to the incident such report is regarding.

“(5) COMMINGLED IMAGES.—Any images, data, or other digital files (collectively referred to as ‘digital files’) which are commingled or interspersed among the images of apparent child pornography. If it would impose an undue hardship to provide these commingled digital files as part of the report, because of the volume of the digital files or for other reasons, the reporting company shall, in lieu of providing those digital files, inform the CyberTipline of the existence of such digital files, and retain those digital files as if they were part of the report as required pursuant to subsection (h).

“(c) Forwarding Of Report To Law Enforcement.—

“(1) IN GENERAL.—The National Center for Missing and Exploited Children shall forward each report made under subsection (a)(1) to any appropriate law enforcement agency designated by the Attorney General under subsection (d)(2).

“(2) STATE AND LOCAL LAW ENFORCEMENT.—The National Center for Missing and Exploited Children may forward any report made under subsection (a)(1) to an appropriate official of a State or political subdivision of a State for the purpose of enforcing State criminal law.

“(3) FOREIGN LAW ENFORCEMENT.—The National Center for Missing and Exploited Children may forward any report made under subsection (a)(1) to any appropriate foreign law enforcement agency designated by the Attorney General under subsection (d)(3), subject to the conditions established by the Attorney General under subsection (d)(3).

“(d) Attorney General Responsibilities.—

“(1) IN GENERAL.—The Attorney General shall enforce this section.

“(2) DESIGNATION OF FEDERAL AGENCIES.—The Attorney General shall designate promptly the Federal law enforcement agency or agencies to which a report shall be forwarded under subsection (c)(1).

“(3) DESIGNATION OF FOREIGN AGENCIES.—The Attorney General shall promptly—

“(A) designate the foreign law enforcement agencies to which a report may be forwarded under subsection (c)(3);

“(B) establish the conditions under which such a report may be forwarded to such agencies; and

“(C) develop a process for foreign law enforcement agencies to request assistance from Federal law enforcement agencies in obtaining evidence related to a report referred under subsection (c)(3).

“(e) Failure To Report.—An electronic communication service provider or remote computing service provider that knowingly and willfully fails to make a report required under subsection (a)(1) shall be fined—

“(1) in the case of an initial knowing and willful failure to make a report, not more than $150,000; and

“(2) in the case of any second or subsequent knowing and willful failure to make a report, not more than $300,000.

“(f) Protection Of Privacy.—Nothing in this section shall be construed to require an electronic communication service provider or a remote computing service provider to—

“(1) monitor any user, subscriber, or customer of that provider;

“(2) monitor the content of any communication of any person described in paragraph (1); or

“(3) affirmatively seek facts or circumstances described in subsection (a)(2).

“(g) Conditions Of Disclosure Information Contained Within Report.—

“(1) IN GENERAL.—Except as provided in paragraph (2), a law enforcement agency that receives a report under subsection (c) shall not disclose any information contained in that report.

“(2) PERMITTED DISCLOSURES.—A law enforcement agency may disclose information in a report received under subsection (c)—

“(A) to an attorney for the government for use in the performance of the official duties of that attorney;

“(B) to such officers and employees of that law enforcement agency, as may be necessary in the performance of their investigative and recordkeeping functions;

“(C) to such other government personnel (including personnel of a State or subdivision of a State) as are determined to be necessary by an attorney for the government to assist the attorney in the performance of the official duties of the attorney in enforcing Federal criminal law;

“(D) if the report discloses a violation of State criminal law, to an appropriate official of a State or subdivision of a State for the purpose of enforcing such State law;

“(E) to a defendant in a criminal case or the attorney for that defendant, to the extent the information relates to a criminal charge pending against that defendant;

“(F) to an electronic communication service provider or remote computing provider if necessary to facilitate response to legal process issued in connection to that report. The electronic communication service provider or remote computing service provider shall be prohibited from disclosing the contents of that report to any person, except as necessary to respond to the legal process; and

“(G) as ordered by a court upon a showing of good cause and pursuant to any protective orders or other conditions that the court may impose.

“(h) Evidence Preservation.—

“(1) IN GENERAL.—For the purposes of this section, the notification to an electronic communication service provider or a remote computing service provider by the CyberTipline of receipt of a report under subsection (a)(1) shall be treated as notice to preserve, as if such notice was made pursuant to section 2703(f).

“(2) PRESERVATION OF REPORT.—Pursuant to subsection (h)(1), an electronic communication service provider or a remote computing service shall preserve the contents of the report provided pursuant to subsection (b) as well as the information in subsection (c)(2) of section 2703 pertaining to the involved individual for not less than 180 days after such notification by the CyberTipline.

“(3) AUTHORITIES AND DUTIES NOT AFFECTED.—Nothing in this section shall be construed as replacing, amending, or otherwise interfering with the authorities and duties under section 2703.

“SEC. 2258B. LIMITED LIABILITY FOR ELECTRONIC COMMUNICATION SERVICE PROVIDERS, REMOTE COMPUTING SERVICE PROVIDERS, OR DOMAIN NAME REGISTRAR.

“(a) In General.—Except as provided in subsections (b) and (c), a civil claim or criminal charge against an electronic communication service provider, a remote computing service provider, or domain name registrar, including any director, officer, employee, or agent of such electronic communication service provider, remote computing service provider, or domain name registrar arising from the performance of the reporting responsibilities of such electronic communication service provider, remote computing service provider, or domain name registrar under this section, section 2258A, or section 2258C may not be brought in any Federal or State court.

“(b) Intentional, Reckless, Or Other Misconduct.—Subsection (a) shall not apply to a claim if the electronic communication service provider, remote computing service provider, or domain name registrar, or a director, officer, employee, or agent of that electronic communication service provider, remote computing service provider, or domain name registrar—

“(1) engaged in intentional misconduct; or

“(2) acted, or failed to act—

“(A) with actual malice;

“(B) with reckless disregard to a substantial risk of causing injury without legal justification; or

“(C) for a purpose unrelated to the performance of any responsibility or function under this section, section 2258A, or section 2258C.

“(c) Ordinary Business Activities.—Subsection (a) shall not apply to an act or omission relating to an ordinary business activity of an electronic communication service provider, a remote computing service provider, or domain name registrar, including general administration or operations, the use of motor vehicles, or personnel management.

“(d) Minimizing Access.—An electronic communication service provider, a remote computing service provider, and domain name registrar shall—

“(1) minimize the number of employees that are provided access to any image provided under section 2258A or 2258C; and

“(2) ensure that any such image is permanently destroyed, upon notification from a law enforcement agency.

“SEC. 2258C. USE OF IMAGES FROM THE CYBERTIPLINE TO COMBAT CHILD PORNOGRAPHY.

“(a) In General.—The National Center for Missing and Exploited Children is authorized to provide elements relating to any image reported to its CyberTipline to an electronic communication service provider or a remote computing service provider for the sole and exclusive purpose of permitting that electronic communication service provider or remote computing service provider to stop the further transmission of images. Such elements may include unique identifiers associated with a specific image, Internet location of images, and other technological elements that can be used to identify and stop the transmission of child pornography.

“(b) Use By Electronic Communication Service Providers And Remote Computing Service Providers.—Any electronic communication service provider or remote computing service provider that receives elements relating to an image from the National Center for Missing and Exploited Children under this section may use such information only for the purposes described in this section, provided that such use shall not relieve that electronic communication service provider or remote computing service provider from its reporting obligations under section 2258A.

“SEC. 2258D. LIMITED LIABILITY FOR THE NATIONAL CENTER FOR MISSING AND EXPLOITED CHILDREN.

“(a) In General.—Except as provided in subsections (b) and (c), a civil claim or criminal charge against the National Center for Missing and Exploited Children, including any director, officer, employee, or agent of such center, arising from the performance of the CyberTipline responsibilities or functions of such center, as described in this section, section 2258A or 2258C of this title, or section 404 of the Missing Children’s Assistance Act (42 U.S.C. 5773), or from the effort of such center to identify child victims may not be brought in any Federal or State court.

“(b) Intentional, Reckless, Or Other Misconduct.—Subsection (a) shall not apply to a claim or charge if the National Center for Missing and Exploited Children, or a director, officer, employee, or agent of such center—

“(1) engaged in intentional misconduct; or

“(2) acted, or failed to act—

“(A) with actual malice;

“(B) with reckless disregard to a substantial risk of causing injury without legal justification; or

“(C) for a purpose unrelated to the performance of any responsibility or function under this section, section 2258A or 2258C of this title, or section 404 of the Missing Children’s Assistance Act (42 U.S.C. 5773).

“(c) Ordinary Business Activities.—Subsection (a) shall not apply to an act or omission relating to an ordinary business activity, including general administration or operations, the use of motor vehicles, or personnel management.

“(d) Minimizing Access.—The National Center for Missing and Exploited Children shall—

“(1) minimize the number of employees that are provided access to any image provided under section 2258A; and

“(2) ensure that any such image is permanently destroyed upon notification from a law enforcement agency.

“SEC. 2258E. DEFINITIONS.

“In sections 2258A through 2258D—

“(1) the terms ‘attorney for the government’ and ‘State’ have the meanings given those terms in rule 1 of the Federal Rules of Criminal Procedure;

“(2) the term ‘electronic communication service’ has the meaning given that term in section 2510;

“(3) the term ‘electronic mail address’ has the meaning given that term in section 3 of the CAN–SPAM Act of 2003 (15 U.S.C. 7702);

“(4) the term ‘Internet’ has the meaning given that term in section 1101 of the Internet Tax Freedom Act (47 U.S.C. 151 note);

“(5) the term ‘remote computing service’ has the meaning given that term in section 2711; and

“(6) the term ‘website’ means any collection of material placed in a computer server-based file archive so that it is publicly accessible, over the Internet, using hypertext transfer protocol or any successor protocol.”.

(b) Conforming Amendments.—

(1) REPEAL OF SUPERCEDED PROVISION.—Section 227 of the Crime Control Act of 1990 (42 U.S.C. 13032) is repealed.

(2) TABLE OF SECTIONS.—The table of sections for chapter 110 of title 18, United States Code, is amended by inserting after the item relating to section 2258 the following:

“2258A. Reporting requirements of electronic communication service providers and remote computing service providers.
“2258B. Limited liability for electronic communication service providers and remote computing service providers.
“2258C. Use of images from the CyberTipline to combat child pornography.
“2258D. Limited liability for the National Center for Missing and Exploited Children.
“2258E. Definitions.”.

Passed the House of Representatives December 5, 2007.
Attest: