§ 2258A. Reporting requirements of electronic communication service providers and remote computing service providers
(a)
Duty To Report.—
(1)
In general.—
Whoever, while engaged in providing an electronic communication service or a remote computing service to the public through a facility or means of interstate or foreign commerce, obtains actual knowledge of any facts or circumstances described in paragraph (2) shall, as soon as reasonably possible—
(A)
provide to the CyberTipline of the National Center for Missing and Exploited Children, or any successor to the CyberTipline operated by such center, the mailing address, telephone number, facsimile number, electronic mail address of, and individual point of contact for, such electronic communication service provider or remote computing service provider; and
(b)
Contents of Report.—
To the extent the information is within the custody or control of an electronic communication service provider or a remote computing service provider, the facts and circumstances included in each report under subsection (a)(1) may include the following information:
(1)
Information about the involved individual.—
Information relating to the identity of any individual who appears to have violated a Federal law described in subsection (a)(2), which may, to the extent reasonably practicable, include the electronic mail address, Internet Protocol address, uniform resource locator, or any other identifying information, including self-reported identifying information.
(2)
Historical reference.—
Information relating to when and how a customer or subscriber of an electronic communication service or a remote computing service uploaded, transmitted, or received apparent child pornography or when and how apparent child pornography was reported to, or discovered by the electronic communication service provider or remote computing service provider, including a date and time stamp and time zone.
(3)
Geographic location information.—
(A)
In general.—
Information relating to the geographic location of the involved individual or website, which may include the Internet Protocol address or verified billing address, or, if not reasonably available, at least 1 form of geographic identifying information, including area code or zip code.
(c)
Forwarding of Report to Law Enforcement.—
(1)
In general.—
The National Center for Missing and Exploited Children shall forward each report made under subsection (a)(1) to any appropriate law enforcement agency designated by the Attorney General under subsection (d)(2).
(2)
State and local law enforcement.—
The National Center for Missing and Exploited Children may forward any report made under subsection (a)(1) to an appropriate law enforcement official of a State or political subdivision of a State for the purpose of enforcing State criminal law.
(3)
Foreign law enforcement.—
(A)
In general.—
The National Center for Missing and Exploited Children may forward any report made under subsection (a)(1) to any appropriate foreign law enforcement agency designated by the Attorney General under subsection (d)(3), subject to the conditions established by the Attorney General under subsection (d)(3).
(B)
Transmittal to designated federal agencies.—
If the National Center for Missing and Exploited Children forwards a report to a foreign law enforcement agency under subparagraph (A), the National Center for Missing and Exploited Children shall concurrently provide a copy of the report and the identity of the foreign law enforcement agency to—
(d)
Attorney General Responsibilities.—
(2)
Designation of federal agencies.—
The Attorney General shall designate promptly the Federal law enforcement agency or agencies to which a report shall be forwarded under subsection (c)(1).
(3)
Designation of foreign agencies.—
The Attorney General shall promptly—
(4)
Reporting designated foreign agencies.—
The Attorney General shall maintain and make available to the Department of State, the National Center for Missing and Exploited Children, electronic communication service providers, remote computing service providers, the Committee on the Judiciary of the Senate, and the Committee on the Judiciary of the House of Representatives a list of the foreign law enforcement agencies designated under paragraph (3).
(5)
Sense of congress regarding designation of foreign agencies.—
It is the sense of Congress that—
(6)
Notification to providers.—
If an electronic communication service provider or remote computing service provider notifies the National Center for Missing and Exploited Children that the electronic communication service provider or remote computing service provider is making a report under this section as the result of a request by a foreign law enforcement agency, the National Center for Missing and Exploited Children shall—
(A)
if the Center forwards the report to the requesting foreign law enforcement agency or another agency in the same country designated by the Attorney General under paragraph (3), notify the electronic communication service provider or remote computing service provider of—
(B)
notify the electronic communication service provider or remote computing service provider if the Center declines to forward the report because the Center, in consultation with the Attorney General, determines that no law enforcement agency in the foreign country has been designated by the Attorney General under paragraph (3).
(e)
Failure To Report.—
An electronic communication service provider or remote computing service provider that knowingly and willfully fails to make a report required under subsection (a)(1) shall be fined—
(f)
Protection of Privacy.—
Nothing in this section shall be construed to require an electronic communication service provider or a remote computing service provider to—
(g)
Conditions of Disclosure Information Contained Within Report.—
(1)
In general.—
Except as provided in paragraph (2), a law enforcement agency that receives a report under subsection (c) shall not disclose any information contained in that report.
(2)
Permitted disclosures by law enforcement.—
(A)
In general.—
A law enforcement agency may disclose information in a report received under subsection (c)—
(i)
to an attorney for the government for use in the performance of the official duties of that attorney;
(ii)
to such officers and employees of that law enforcement agency, as may be necessary in the performance of their investigative and recordkeeping functions;
(iii)
to such other government personnel (including personnel of a State or subdivision of a State) as are determined to be necessary by an attorney for the government to assist the attorney in the performance of the official duties of the attorney in enforcing Federal criminal law;
(iv)
if the report discloses a violation of State criminal law, to an appropriate official of a State or subdivision of a State for the purpose of enforcing such State law;
(v)
to a defendant in a criminal case or the attorney for that defendant, subject to the terms and limitations under section
3509
(m) or a similar State law, to the extent the information relates to a criminal charge pending against that defendant;
(B)
Limitations.—
(3)
Permitted disclosures by the national center for missing and exploited children.—
The National Center for Missing and Exploited Children may disclose information received in a report under subsection (a) only—
(A)
to any Federal law enforcement agency designated by the Attorney General under subsection (d)(2);
(B)
to any State, local, or tribal law enforcement agency involved in the investigation of child pornography, child exploitation, kidnapping, or enticement crimes;
(C)
to any foreign law enforcement agency designated by the Attorney General under subsection (d)(3); and
(D)
to an electronic communication service provider or remote computing service provider as described in section
2258C.
(h)
Preservation.—
(1)
In general.—
For the purposes of this section, the notification to an electronic communication service provider or a remote computing service provider by the CyberTipline of receipt of a report under subsection (a)(1) shall be treated as a request to preserve, as if such request was made pursuant to section
2703
(f).
(2)
Preservation of report.—
Pursuant to paragraph (1), an electronic communication service provider or a remote computing service shall preserve the contents of the report provided pursuant to subsection (b) for 90 days after such notification by the CyberTipline.
(3)
Preservation of commingled images.—
Pursuant to paragraph (1), an electronic communication service provider or a remote computing service shall preserve any images, data, or other digital files that are commingled or interspersed among the images of apparent child pornography within a particular communication or user-created folder or directory.
(4)
Protection of preserved materials.—
An electronic communications service or remote computing service preserving materials under this section shall maintain the materials in a secure location and take appropriate steps to limit access by agents or employees of the service to the materials to that access necessary to comply with the requirements of this subsection.
(5)
Authorities and duties not affected.—
Nothing in this section shall be construed as replacing, amending, or otherwise interfering with the authorities and duties under section
2703.