BILL ANALYSIS                                                                                                                                                                                                    Ó



                                                                     SB 178


                                                                    Page  1





          SENATE THIRD READING


          SB  
          178 (Leno and Anderson)


          As Amended  September 4, 2015


          2/3 vote


          SENATE VOTE:  39-0


           -------------------------------------------------------------------- 
          |Committee       |Votes|Ayes                   |Noes                 |
          |                |     |                       |                     |
          |                |     |                       |                     |
          |                |     |                       |                     |
          |----------------+-----+-----------------------+---------------------|
          |Privacy         |9-0  |Gatto, Calderon,       |                     |
          |                |     |Chang, Chau, Cooper,   |                     |
          |                |     |Dababneh, Dahle,       |                     |
          |                |     |Gordon, Low            |                     |
          |                |     |                       |                     |
          |----------------+-----+-----------------------+---------------------|
          |Public Safety   |5-0  |Quirk, Jones-Sawyer,   |                     |
          |                |     |Lopez, Low, Santiago   |                     |
          |                |     |                       |                     |
          |----------------+-----+-----------------------+---------------------|
          |Appropriations  |15-0 |Gomez, Bigelow, Bloom, |                     |
          |                |     |Bonta, Calderon,       |                     |
          |                |     |Nazarian, Eggman,      |                     |
          |                |     |Gallagher, Eduardo     |                     |
          |                |     |Garcia, Holden, Jones, |                     |
          |                |     |Quirk, Rendon, Weber,  |                     |
          |                |     |Wood                   |                     |








                                                                     SB 178


                                                                    Page  2





          |                |     |                       |                     |
          |                |     |                       |                     |
           -------------------------------------------------------------------- 


          SUMMARY:  Creates the California Electronic Communications  
          Privacy Act (CalECPA), which generally requires law enforcement  
          entities to obtain a search warrant before accessing data on an  
          electronic device or from an online service provider.   
          Specifically, this bill:  


          1)Prohibits a government entity from:


             a)   Compelling the production of or access to electronic  
               communication information from a service provider;


             b)   Compelling the production of or access to electronic  
               device information from any person or entity other than the  
               authorized possessor of the device; and


             c)   Accessing electronic device information by means of  
               physical interaction or electronic communication with the  
               device, although voluntary disclosure to a government  
               entity is permitted. 


          2)Permits a government entity to compel the production of or  
            access to electronic communication information subject from a  
            service provider, or compel the production of or access to  
            electronic device information from any person or entity other  
            than the authorized possessor of the device pursuant to a  
            warrant, wiretap order, order for electronic reader records,  
            or subpoena issued pursuant to existing state law, as  
            specified. 









                                                                     SB 178


                                                                    Page  3






          3)Permits a government entity to access electronic device  
            information by means of physical interaction or electronic  
            communication with the device only as follows:


             a)   Pursuant to a warrant;


             b)   Pursuant to a wiretap order;  


             c)   With the specific consent of the authorized possessor of  
               the device;


             d)   With the specific consent of the owner of the device,  
               only when the device has been reported as lost or stolen;


             e)   If the government entity, in good faith, believes that  
               an emergency involving danger of death or serious physical  
               injury to any person requires access to the electronic  
               device information; and


             f)   If the government entity, in good faith, believes the  
               device to be lost, stolen, or abandoned, provided that the  
               entity shall only access electronic device information in  
               order to attempt to identify, verify, or contact the owner  
               or authorized possessor of the device.


             g)   If the device is seized from an inmate's possession or  
               found in an area of a correctional facility where inmates  
               have access and the device is not in the possession of an  
               individual and the device is not known or believed to be  
               the possession of an authorized visitor, except as  
               otherwise provided by state or federal law.   








                                                                     SB 178


                                                                    Page  4







          4)Requires any warrant for electronic information to comply with  
            the following:


             a)   The warrant shall describe with particularity the  
               information to be seized, including by specifying the time  
               periods covered, and as appropriate and reasonable, the  
               target individuals or accounts, the applications or  
               services covered, and the types of information sought. 


             b)   The warrant shall require that any obtained information  
               unrelated to the objective of the warrant shall be sealed  
               and not subject to further review, use, or disclosure  
               unless a court issues an order that there is probable cause  
               to believe that the information is relevant to an active  
               investigation, or is otherwise required by state or federal  
               law. 


             c)   The warrant or order shall comply with all other  
               provisions of California and federal law, including any  
               provisions prohibiting, limiting, or imposing additional  
               requirements on the use of search warrants.  Warrants  
               directed to a service provider must be accompanied by an  
               order to verify the authenticity of the electronic  
               information produced, as specified. 


          5)When issuing any warrant for electronic information, or upon  
            the petition from the target or recipient of the warrant, a  
            court may, at its discretion, do any or all of the following:


             a)   Appoint a special master, who is charged with ensuring  
               that only information necessary to achieve the objective of  
               the warrant or order is produced or accessed. 








                                                                     SB 178


                                                                    Page  5







             b)   Require that any information obtained through the  
               execution of the warrant or order that is unrelated to the  
               objective of the warrant be destroyed as soon as feasible  
               after termination of current or related investigations.


          6)Authorizes a service provider to voluntarily disclose  
            electronic communication information or subscriber information  
            when that disclosure is not otherwise prohibited by state or  
            federal law.


          7)Requires a government entity that receives electronic  
            communication information voluntarily provided by a service  
            provider to destroy that information within 90 days unless the  
            entity has or obtains the specific consent of the sender or  
            recipient, obtains a court order, or the information is  
            retained for the investigation of child pornography and  
            related crimes, as specified. 


          8)Requires a government entity that obtains electronic  
            information pursuant to an emergency to seek an authorizing  
            warrant or order, or an approval motion, within three days  
            after obtaining the electronic information, from the  
            appropriate court, as specified.   


          9)Declares that certain of these provisions (#1 through #8) do  
            not limit the authority of a government entity to use an  
            administrative, grand jury, trial, or civil discovery subpoena  
            to do either of the following:


             a)   Require an originator, addressee, or intended recipient  
               of an electronic communication to disclose any electronic  
               communication information associated with that  








                                                                     SB 178


                                                                    Page  6





               communication; 


             b)   Require an entity that provides electronic  
               communications services to its officers, directors,  
               employees, or agents for the purpose of carrying out their  
               duties, to disclose electronic communication information  
               associated with an electronic communication to or from an  
               officer, director, employee, or agent of the entity; or, 


             c)   Require a service provider to provide subscriber  
               information.


          10)Requires a government entity that executes a warrant or  
            obtains electronic information in an emergency pursuant to  
            these provisions to serve or deliver a notice, as specified,  
            to the identified targets stating that information about the  
            target has been compelled or requested, and states with  
            reasonable specificity the nature of the government  
            investigation under which the information is sought, including  
            a copy of the warrant, or a written statement setting forth  
            facts giving rise to the emergency.


          11)Authorizes the government entity, when a search warrant is  
            sought or electronic information obtained under emergency  
            circumstances, to submit a request supported by a sworn  
            affidavit for an order delaying notification and prohibiting  
            any party providing information from notifying any other party  
            that information has been sought.  Further requires the court  
            to issue the order if the court determines that there is  
            reason to believe that notification may have an adverse  
            result, not to exceed 90 days, and the court may grant  
            extensions of the delay of up to 90 days each, as specified.  


          12)Requires, upon expiration of the period of delay of the  








                                                                     SB 178


                                                                    Page  7





            notification, the government entity to serve or deliver to the  
            identified targets of the warrant a document that includes the  
            information required in 10 above, as well as a copy of all  
            electronic information obtained or a summary of that  
            information, and a statement of the grounds for the court's  
            determination to grant a delay in notifying the target, as  
            specified.


          13)Provides that if there is no identified target of a warrant  
            or emergency request at the time of issuance, the government  
            entity shall submit to the Department of Justice (Department)  
            within three days of the execution of the warrant or issuance  
            of the request all of the information required in 10 above.   
            If an order delaying notice is obtained, the government entity  
            shall submit to the Department upon the expiration of the  
            period of delay of the notification the information required  
            in 12 above. The Department shall publish those reports on its  
            web site within 90 days of receipt, and may redact names or  
            other personal identifying information from the reports. 


          14)Declares that nothing in these provisions shall prohibit or  
            limit a service provider or any other party from disclosing  
            information about any request or demand for electronic  
            information, except as provided.


          15)Permits any person in a trial, hearing, or proceeding to move  
            to suppress any electronic information obtained or retained in  
            violation of the Fourth Amendment to the United States  
            Constitution or of this chapter, as specified.  


          16)Authorizes the Attorney General to commence a civil action to  
            compel any government entity to comply with these provisions.


          17)Authorizes an individual whose information is targeted by a  








                                                                     SB 178


                                                                    Page  8





            warrant, order, or other legal process that is inconsistent  
            with these provisions, or the California Constitution or the  
            United States Constitution, or a service provider or any other  
            recipient of the warrant, order, or other legal process, to  
            petition the issuing court to void or modify the warrant,  
            order, or process, or to order the destruction of any  
            information obtained in violation of this chapter, the  
            California Constitution, or the United States Constitution.


          18)Declares that a California or foreign corporation, and its  
            officers, employees, and agents, are not subject to any cause  
            of action for providing records, information, facilities, or  
            assistance in accordance with the terms of a warrant, court  
            order, statutory authorization, emergency certification, or  
            wiretap order issued pursuant to these provisions. 


          19)Defines the terms "adverse result," "authorized possessor,"  
            "electronic communication," "electronic communication  
            information," "electronic communication service," "electronic  
            device," "electronic device information," "electronic  
            information," "government entity," "service provider,"  
            "specific consent," and "subscriber information."


          FISCAL EFFECT:  According to the Assembly Appropriations  
          Committee: 


          1)Ongoing annual General Fund costs to [the Department] of  
          approximately $300,000 to research and provide notices to  
          identified targets; unknown, though likely substantial, ongoing  
          annual General Fund costs to [the Department] for researching  
          and completing reports for investigations with no identified  
          targets, and posting local agency reports to its website.


          2)Unknown ongoing annual costs for local law enforcement  








                                                                     SB 178


                                                                    Page  9





          agencies for providing notices and producing investigation  
          reports for [Department] publication.  Though this bill is not  
          keyed a local mandate, there could be substantial state mandated  
          reimbursement of local costs.


          COMMENTS:   This bill is intended to codify, expand and  
          harmonize existing case law and current statutes to generally  
          require law enforcement entities to obtain a search warrant  
          before accessing data (or metadata) on an electronic device or  
          from an online service provider.  This bill is co-sponsored by  
          the Electronic Frontier Foundation and the California Newspaper  
          Publishers Association. 


          According to the author, the federal law governing legal search  
          and seizure in criminal investigations "has not been  
          meaningfully updated to account for modern technology."  As a  
          result, the author and supporters believe that existing law is  
          insufficient to protect all forms of electronic communications  
          and their metadata, such personal emails stored on a company's  
          servers or mobile phone location data held by carriers.  Such  
          information is in great demand from law enforcement, according  
          to supporters, with warrantless demands by government agencies  
          for personal information having increased substantially in  
          recent years.


          This bill aims to codify and strengthen privacy protections  
          under the California Constitution in a number of ways.  First,  
          it requires a demonstration of probable cause to obtain  
          electronic communications information from a third party service  
          provider, which better protects vital communications technology  
          like smartphones and the information they contain.  It also  
          applies the probable cause requirement to past electronic  
          communications, regardless of their age, which is an improvement  
          over federal law.  This bill also guarantees that geolocation  
          information is protected by the same standard, and also protects  
          some forms of metadata.  The end goal, according to the author,  








                                                                     SB 178


                                                                    Page  10





          is to create a "clear, uniform warrant rule for California law  
          enforcement access to electronic information."    


          Recent amendments include a clarification of what constitutes  
          "specific consent" in the voluntary sharing of information so as  
          not to disrupt child pornography investigations, a clarification  
          of the right to suppress evidence obtained in violation of the  
          Fourth Amendment, and elaboration of the requirements for a  
          warrant (including the sealing of unrelated information and  
          verification of authenticity by service providers).   


          The California Constitution provides for a "Right to  
          Truth-in-Evidence" as a result of the passage of the Victim's  
          Bill of Rights Act (California Proposition 8, 1982).  Because  
          this bill would permit the suppression of evidence obtained or  
          retained in violation of this bill's provisions, it will require  
          a two-thirds vote for passage on the Assembly Floor.  




          Analysis Prepared by:                                             
                          Hank Dempsey / P. & C.P. / (916) 319-2200  FN:  
          0002170