Sec. 5. Cybertipline improvements, and accountability and transparency by the tech industry
2,791 words·~13 min read·
/bill/118/s/1199/rs/section-5·A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Chapter 110 of title 18, United States Code, is amended— in section 2258A— by striking subsections (a), (b), and
(c)and inserting the following: In order to reduce the proliferation of online child exploitation and to prevent the online sexual exploitation of children, as soon as reasonably possible after obtaining actual knowledge of any facts or circumstances described in paragraph
(2)or any apparent child pornography on the provider’s service, network, or platform, and in any event not later than 60 days after obtaining such knowledge, a provider shall— submit to the CyberTipline of NCMEC, or any successor to the CyberTipline operated by NCMEC, a report containing— the mailing address, telephone number, facsimile number, electronic mailing address of, and individual point of contact for, such provider; and information described in subsection
(b)concerning such facts or circumstances or apparent child pornography; and if applicable, remove the apparent child pornography that is the subject of the report described in subparagraph (A), if such child pornography is publicly available. The facts or circumstances described in this paragraph are any facts or circumstances indicating an apparent, planned, or imminent violation of section 2251, 2251A, 2252, 2252A, 2252B, or 2260. In order to reduce the proliferation of online child exploitation and to prevent the online sexual exploitation of children, if a provider has a reasonable belief that any facts or circumstances described in paragraph
(2)exist, the provider may submit to the CyberTipline of NCMEC, or any successor to the CyberTipline operated by NCMEC, a report described in paragraph (1)(A). In an effort to prevent the future sexual victimization of children, and to the extent the information is within the custody or control of a provider, each report provided under subsection (a)(1)(A)— shall include, to the extent that it is applicable and reasonably available— identifying information regarding any individual who is the subject of the report, including name, address, electronic mail address, user or account identification, Internet Protocol address, and uniform resource locator; the terms of service in effect at the time of— the apparent violation; or the detection of apparent child pornography or a planned or imminent violation; a copy of any apparent child pornography that is the subject of the report that was identified in a publicly available location; for each item of apparent child pornography included in the report under clause
(iii)or paragraph (2)(C), information indicating whether— the reported child pornography was publicly available; or the provider, in its sole discretion, viewed the reported child pornography, or any copy thereof, at any point concurrent with or prior to the submission of the report; and for each item of apparent child pornography that is the subject of the report, an indication as to whether the child pornography— has previously been the subject of a report under paragraph (1)(A) or
(3)of subsection (a); or is the subject of multiple contemporaneous reports due to rapid and widespread distribution; and may, at the sole discretion of the provider, include the information described in paragraph
(2)of this subsection. The information referred to in paragraph (1)(B) is the following: Information relating to when and how a customer or subscriber of a provider uploaded, transmitted, or received content relating to the report or when and how content relating to the report was reported to, or discovered by the provider, including a date and time stamp and time zone. Information relating to the geographic location of the involved individual or website, which may include the Internet Protocol address or verified address, or, if not reasonably available, at least one form of geographic identifying information, including area code or zip code, provided by the customer or subscriber, or stored or obtained by the provider. Any apparent child pornography not described in paragraph (1)(A)(iii), or other content related to the subject of the report. The complete communication containing any apparent child pornography or other content, including— any data or information regarding the transmission of the communication; and any visual depictions, data, or other digital files contained in, or attached to, the communication. An industry-standard hash value or other similar industry-standard technical identifier for any reported visual depiction as it existed on the provider’s service, network, or platform. For any item of apparent child pornography that is the subject of the report, an indication of whether— the depicted sexually explicit conduct involves— genital, oral, or anal sexual intercourse; bestiality; masturbation; sadistic or masochistic abuse; or lascivious exhibition of the anus, genitals, or pubic area of any person; and the depicted minor is— an infant or toddler; prepubescent; pubescent; post-pubescent; or of an indeterminate age or developmental stage. ; Pursuant to its clearinghouse role as a private, nonprofit organization, and at the conclusion of its review in furtherance of its nonprofit mission, NCMEC shall make available each report submitted under paragraph (1)(A) or
(3)of subsection
(a)to one or more of the following law enforcement agencies: Any Federal law enforcement agency that is involved in the investigation of child sexual exploitation, kidnapping, or enticement crimes. Any State or local law enforcement agency that is involved in the investigation of child sexual exploitation. A foreign law enforcement agency designated by the Attorney General under subsection (d)(3) or a foreign law enforcement agency that has an established relationship with the Federal Bureau of Investigation, Immigration and Customs Enforcement, or INTERPOL, and is involved in the investigation of child sexual exploitation, kidnapping, or enticement crimes. If a report submitted under paragraph (1)(A) or
(3)of subsection
(a)contains an industry-standard hash value or other similar industry-standard technical identifier— NCMEC may compare that hash value or identifier with any database or repository of visual depictions owned or operated by NCMEC; and if the comparison under subparagraph
(A)results in a match, NCMEC may include the matching visual depiction from its database or repository when forwarding the report to an agency described in subparagraph
(A)or
(B)of paragraph (1). ; in subsection (d)— in paragraph (2), by striking subsection (c)(1) and inserting subsection (c)(1)(A) ; and in paragraph (3)— in subparagraph (A), by striking subsection (c)(3) and inserting subsection (c)(1)(C) ; and in subparagraph (C), by striking subsection (c)(3) and inserting subsection (c)(1)(C) ; by striking subsection
(e)and inserting the following: It shall be unlawful for a provider to knowingly— fail to submit a report under subsection (a)(1)(A) within the time period required by that subsection; or fail to preserve material as required under subsection (h). A provider that violates subparagraph
(A)shall be fined— in the case of an initial violation, not more than $150,000; and in the case of any second or subsequent violation, not more than $300,000. The maximum fine under clause
(i)shall be tripled if an individual is harmed as a direct and proximate result of the applicable violation. A provider shall be liable to the United States Government for a civil penalty in an amount of not less than $50,000 and not more than $100,000 if the provider knowingly— fails to submit a report under subsection (a)(1)(A) within the time period required by that subsection; fails to remove apparent child pornography as required under subsection (a)(1)(B); fails to preserve material as required under subsection (h); or submits a report under subsection (a)(1)(A) that— contains materially false or fraudulent information; or omits information described in subsection (b)(1)(A) that is reasonably available. A provider shall be liable to the United States Government for a civil penalty in an amount of not less than $100,000 and not more than $1,000,000 if the provider knowingly— fails to submit an annual report as required under subsection (i); or submits an annual report under subsection
(i)that— contains a materially false, fraudulent, or misleading statement; or omits information described in subsection (i)(1) that is reasonably available. The amount of a civil penalty under subparagraph
(A)or
(B)shall be tripled if an individual is harmed as a direct and proximate result of the applicable violation. A provider that commits a violation described in subparagraph
(A)or
(B)shall be liable to the United States Government for the costs of a civil action brought to recover a civil penalty under that subparagraph. This paragraph shall be enforced in accordance with sections 3731, 3732, and 3733 of title 31, except that a civil action to recover a civil penalty under subparagraph
(A)or
(B)of this paragraph may only be brought by the United States Government. Notwithstanding any other provision of law, any criminal fine or civil penalty collected under this subsection shall be deposited into the Child Pornography Victims Reserve as provided in section 2259B. ; in subsection (f), by striking paragraph
(3)and inserting the following: affirmatively search, screen, or scan for— facts or circumstances described in subsection (a)(2); information described in subsection (b)(2); or any apparent child pornography, including any copy of apparent child pornography removed pursuant to subsection (a)(1)(B). ; in subsection (g)— in paragraph (2)(A)— in clause (iii), by inserting or personnel at a children's advocacy center after State) ; and in clause (iv), by striking State or subdivision of a State and inserting State, subdivision of a State, or children's advocacy center ; in paragraph (3), in the matter preceding subparagraph (A), by inserting paragraph (1)(A) or
(3)of before subsection
(a); and in paragraph (4), by striking subsection (a)(1) and inserting paragraph (1)(A) or
(3)of subsection
(a); in subsection (h)— in paragraph (1), by striking subsection (a)(1) and inserting paragraph (1)(A) or
(3)of subsection
(a); and by adding at the end the following: Submission of a report as required under paragraph (1)(A) or
(3)of subsection
(a)does not satisfy the obligations under this subsection. ; and by adding at the end the following: Not later than March 31 of the second year beginning after the date of enactment of the STOP CSAM Act of 2023 , and of each year thereafter, a provider that had more than 1,000,000 unique monthly visitors or users during each month of the preceding year and accrued revenue of more than $50,000,000 during the preceding year shall submit to the Attorney General and the Chair of the Federal Trade Commission a report, disaggregated by subsidiary, that provides the following information for the preceding year to the extent such information is applicable and reasonably available: The total number of reports that the provider submitted under paragraph (1)(A) or
(3)of subsection (a). The total number of publicly available items of apparent child pornography that the provider removed under subsection (a)(1)(B). Which items of information described in subsection (b)(2) are routinely included in the reports submitted by the provider under paragraph (1)(A) or
(3)of subsection (a). With respect to section 7 of the STOP CSAM Act of 2023 — a description of the provider’s designated reporting system; the number of notifications received; the number of proscribed visual depictions involving a minor that were removed; and the total amount of any fine ordered and paid. The measures the provider has in place to receive other reports concerning child sexual exploitation and abuse using the provider's product or on the provider's service, platform, or network. The average time for responding to reports described in clause (i). The number of reports described in clause
(i)that the provider received. A summary description of the actions taken upon receipt of the reports described in clause (i). A description of the policies of the provider with respect to the commission of child sexual exploitation and abuse using the provider's product or on the provider's service, platform, or network, including how child sexual exploitation and abuse is defined. A description of possible consequences for violations of the policies described in clause (i). The methods of informing users of the policies described in clause (i). The process for adjudicating potential violations of the policies described in clause (i). The measures and technologies that the provider deploys to protect the safety of children using the provider’s product, service, platform, or network. The measures and technologies that the provider deploys to prevent the use of the provider’s product, service, platform, or network by individuals seeking to commit child sexual exploitation and abuse. Factors that interfere with the provider’s ability to detect or evaluate instances of child sexual exploitation and abuse. An assessment of the efficacy of the measures and technologies described in clauses
(i)and
(ii)and the impact of the factors described in clause (iii). The measures that the provider takes before launching a new product, service, platform, or network to assess— the safety risks for children; and whether and how individuals could use the new product, service, platform, or network to commit child sexual exploitation and abuse. Any information concerning emerging trends and changing patterns with respect to online child safety and the commission of child sexual exploitation and abuse. For purposes of subparagraphs
(D)through
(G)of paragraph (1), in the case of any report submitted under that paragraph after the initial report, a provider shall only be required to submit new or updated information described in those subparagraphs. Nothing in paragraph
(1)shall require the disclosure of trade secrets or other proprietary information. The Attorney General and the Chair of the Federal Trade Commission shall publish the reports received under this subsection. A provider may request the redaction of any information that is law enforcement sensitive or otherwise not suitable for public distribution, and the Attorney General and Chair of the Federal Trade Commission may, in their discretion, redact any such information, whether or not requested. ; in section 2258B— in subsection (a)— by striking may not be brought in any Federal or State court ; and by striking Except as provided in subsection (b), a civil claim or criminal charge and inserting the following: Except as provided in subsection (b), a civil claim or criminal charge described in paragraph
(2)may not be brought in any Federal or State court. A civil claim or criminal charge referred to in paragraph
(1)is a civil claim or criminal charge ; and in subsection (b)(1), by inserting or knowingly failed to comply with a requirement under section 2258A after misconduct ; in section 2258C— in subsection (a)(1), by inserting use of the provider's products, services, platforms, or networks to commit after stop the ; in subsection (b)— by striking Any provider and inserting the following: Any provider ; in paragraph (1), as so designated, by striking receives and inserting , in its sole discretion, obtains ; and by adding at the end the following: A provider that obtains elements under subsection (a)(1) may not distribute those elements, or make those elements available, to any other entity, except for the sole and exclusive purpose of stopping the online sexual exploitation of children. ; and in subsection (c)— by striking subsections and inserting subsection ; by striking providers receiving and inserting a provider to obtain ; by inserting , or after NCMEC ; and by inserting use of the provider's products, services, platforms, or networks to commit after stop the ; in section 2258E(6), by striking electronic communication service provider and inserting electronic communication service ; in section 2259B(a), by inserting , any fine or penalty collected under section 2258A(e) or subparagraph
(A)of section 7(g)(24) of the after STOP CSAM Act of 2023 (except as provided in clauses
(i)and (ii)(I) of subparagraph
(B)of such section 7(g)(24)), 2259A ; and by adding at the end the following: It shall be unlawful for a provider of an interactive computer service, as that term is defined in section 230 of the Communications Act of 1934 ( 47 U.S.C. 230 ), that operates through the use of any facility or means of interstate or foreign commerce or in or affecting interstate or foreign commerce, through such service to knowingly— host or store child pornography or make child pornography available to any person; or otherwise knowingly promote or facilitate a violation of section 2251, 2251A, 2252, 2252A, or 2422(b). A provider of an interactive computer service that violates subsection (a)— subject to paragraph (2), shall be fined not more than $1,000,000; and if the offense involves a conscious or reckless risk of serious personal injury or an individual is harmed as a direct and proximate result of the violation, shall be fined not more than $5,000,000. Nothing in this section shall be construed to apply to any action by a provider of an interactive computer service that is necessary to comply with a valid court order, subpoena, search warrant, statutory obligation, or preservation request from law enforcement. . The table of sections for chapter 110 of title 18, United States Code, is amended by adding at the end the following: 2260B. Liability for certain child exploitation offenses. .
Connectionstraces to 1
Traces to 1 document
Citation graph
cites case law
Sec. 5
Cybertipline improvements, and accountability and transparency by the tech industry
Cites 1Cited by 0 across 0 sources