Legal Report December 2008
The following overview highlights the major security-related legislation that was passed and became law during the 110th Congress. It also reviews some security bills that did not get approved.
The new laws passed include measures on the ADA, background checks, courthouse security, genetic discrimination, guards, gun control, homeland security, infrastructure protection, terrorism, cybercrime, rail safety, litigation, and intellectual property. Measures that did not become law in this session include those on retail theft, homeland security, airport security, spyware, employment discrimination, and school safety.
The bills that have not been signed into law by the end of 2008 will die and must be reintroduced in the next legislative session if they are ever to become law. The next Congress convenes in January.
ADA. A bill broadening the scope of the Americans with Disabilities Act (ADA) was signed into law (P.L. 110-325). Under the bill, key provisions of the ADA will be clarified. For example, current law provides that a person is considered disabled if an impairment substantially limits a major life activity. The law defines a “major life activity” as caring for oneself, performing manual tasks, seeing, hearing, eating, sleeping, walking, standing, lifting, bending, speaking, breathing, learning, reading, concentrating, thinking, communicating, and working.
The law also mandates that the “regarded as” provision would not apply to transitory impairments expected to last six months or less. (The “regarded as” provision provides that persons are considered disabled if their employer regards them as disabled even if they are not.)
The law also clearly states that a disabled person continues to bear the burden of proving that he or she is a qualified person with a disability.
BACKGROUND CHECKS. An amendment introduced by Sen. Carl Levin (D-MI) to improve oversight of the FBI National Name Check Program was included in the 2007 appropriations bill for the Department of Homeland Security, which was signed into law (P.L. 110-161).
The law is designed to make the program, under which the government conducts background checks on its employees and on anyone applying for immigration benefits, more efficient. At the time the bill was introduced, the program had a backlog of 31,000 cases. The new law requires that the FBI improve the program and issue annual reports to Congress on its progress.
COURTHOUSE SECURITY. A law (P.L. 110-218) designed to increase courthouse security requires that the U.S. Marshals Service offer ongoing security advice to the judiciary. It authorizes additional funding to hire marshals to protect courthouses. In addition, the law makes it illegal to publicly disclose restricted personal information about a federal officer, witness, or juror with the intent to harm the individual. The law also makes it illegal to bring into the courtroom any item that could be used as a dangerous weapon.
The law increases criminal penalties for tampering with or retaliating against a witness, victim, or informant. It authorizes grant programs to create and expand witness and victim protection programs.
GENETIC DISCRIMINATION. A law (P.L. 110-233) expands the prohibition against genetic discrimination by group health plans and health insurance providers. The law also makes it illegal to request or require genetic testing for enrollment in an insurance plan or to base premiums on genetic testing. The law extends medical privacy and confidentiality rules to include disclosure of genetic information. Under the law, an employer may not discriminate against or deprive an employee of employment opportunities because of genetic information. The law also establishes a commission to review the current and future state of genetic research and advise Congress on any additional legislation that might be needed.
GUARDS. A new law (P.L. 110-356) prohibits a company that is owned, controlled, or operated by anyone convicted of a felony from providing contract security guard services for federal government buildings.
GUN CONTROL. In response to the Virginia Tech shootings, the President signed a bill into law (P.L. 110 180) that would require all states to submit information to the National Instant Criminal Background Check System (NICS).
According to lawmakers, the measure was necessary because not all states submit complete information. For example, not all states enter the records of those deemed mentally defective into the NICS system. And for some states that do have complete information, the data is not automated, so it cannot be entered into the NICS system.
The law will provide grant money for states to input these records, making NICS more comprehensive. Under the measure, states will be required to input criminal records that would make it illegal for persons to own firearms.
Those convicted of a crime carrying at least a one-year prison term will be prohibited from owning a firearm. Those identified as drug addicts and those deemed mentally defective or previously committed to a mental institution will also be prohibited from owning firearms.
HOMELAND SECURITY. A measure designed to track the use of Department of Homeland Security (DHS) grant money was included in the DHS appropriations bill for 2008, which became law (P.L. 110-161).
The provision requires that homeland security grant recipients submit quarterly reports describing the nature and amount of each expenditure made using grant funds. This information will be published and made available to the public on the DHS Web site.
INFRASTRUCTURE. A bill providing funding for site security at some federal facilities has been included in a 2008 appropriations bill funding the Department of the Interior. The bill became P.L. 110-229.
The law will allocate money to facilities operated by the Bureau of Reclamation to hire more security officers and to purchase equipment needed by those officers. The bureau oversees water resource management and water diversion, delivery, and storage facilities. The agency also controls numerous hydroelectric power stations throughout the United States.
TERRORISM. A new law (P.L. 110-53) implemented the recommendations of the 9/11 Commission that were not enacted in the prior Congress. Under the law, homeland security grants are to be allocated based on risk assessments undertaken by the Department of Homeland Security (DHS). Mitigating factors such as a large commuting population or tourist attractions can also affect grant allocation. The grants could be used for various purposes, including purchasing or upgrading equipment, conducting preparedness exercises, developing risk assessments, and establishing ways to share terrorist information. The law also establishes a separate grant program to improve emergency communications.
The law also requires that all air cargo and baggage be screened for explosives. The details of the program are being set out by the Transportation Security Administration (TSA) via regulation. As part of the air cargo screening section, the bill establishes a redress program for passengers that are wrongly delayed or prohibited from boarding a flight because they are on a TSA watch list.
To enhance cargo screening, the law requires that each container entering the United States, either directly or via a foreign port, be scanned and secured with a cargo seal. The law sets dates by which this should be established. Hearings have since been held on whether these goals are achievable.
The law also provides that TSA must establish standards for scanning equipment and seals. The law stipulates that when certain technology becomes available, the TSA must include it in the screening standards. Examples of this include technology that would identify where a breach occurred in a container, notify TSA personnel of a breach before a container reaches U.S. waters, or track the time and location of the container during transit to the United States by truck, rail, or vessel.
The law required the DHS to submit a vulnerability assessment of the critical infrastructure of the United States. The assessment had to include recommendations for mitigating the risks addressed.
The law directed DHS to implement a voluntary program to enhance private sector preparedness for terrorist acts and other emergencies. This program must include best practices in identifying risks, mitigating the impact of emergencies, managing preparedness and response resources, and conducting training exercises. ASIS is involved in this program through its standards development initiatives.
TERRORISM INSURANCE. Congress approved a law (P.L. 110-160) reauthorizing the government-based terrorism insurance program for seven more years. Under the law, the terrorism insurance program, which was slated to expire at the end of 2008, will be extended until the end of 2015. A study of how to move terrorism insurance into the private market had concluded that private terrorism insurance was highly unlikely in the foreseeable future and that the government program was the only way to provide such insurance.
The terms of the previous program (including deductibles and copays), which was reauthorized in 2006, will remain in place under the new law. However, the previous distinction between foreign and domestic acts of terrorism—the prior bill covered only the former—has been eliminated.
CYBERCRIME. A bill (S. 2168) that would increase penalties for identity theft and fraud was included in another bill (H.R. 5938) designed to provide security details for U.S. vice presidents. That measure became P.L. 110-326.
The law allows consumers to sue identity thieves and recover damages based on the time and money spent recovering from the theft. The measure would also make it a felony to use spyware or keyloggers to damage 10 or more computers regardless of the amount of damage caused by the hacker. P.L. 110-326 provides for crimes resulting in losses of less than $5,000 to be prosecuted as misdemeanors. Under prior law, losses from a cybercrime incident had to exceed $5,000 to be classified as a crime.
The definition of cybercrime would also be expanded to include demanding money to prevent damage to a protected computer. Those found guilty of this crime could be subject to a fine and up to five years in prison.
RAIL SAFETY. A law (P.L. 110-432) designed to improve railroad safety will reduce stress on workers by decreasing overall work hours and increasing the amount of time off between shifts. The measure also provides whistleblower protections for those employees who cooperate with a safety investigation, furnish rail accident information, or refuse to authorize the use of safety equipment, tracks, or structures that are in a hazardous condition. Employees will be entitled to damages if subjected to mistreatment because of their whistleblower activity. Those guilty of safety violations under the bill would face criminal penalties.
LITIGATION. A new law (P.L. 110-264) amends the Federal Rules of Evidence, altering when and how information is covered by attorney-client privilege. Under the new law, if a disclosure is made in a federal proceeding or to a federal office or agency, and the owner of the information waives attorney-client privilege or workproduct protection, the waiver extends to undisclosed communication or information in a federal or state proceeding under certain circumstances. The waiver extends to such information if the waiver is intentional, the disclosed and undisclosed communications or information concern the same subject matter, and they clearly should be considered together.
The law also states that, when the disclosure is made in a federal proceeding or to a federal office or agency, it does not constitute a waiver in a federal or state proceeding if the disclosure is inadvertent, the holder of the privileged information took reasonable steps to prevent the disclosure, and the holder then promptly took reasonable steps to rectify the error.
INTELLECTUAL PROPERTY. A law (P.L. 110-322) that will revise the criminal code relating to the theft of intellectual property will triple the amount of damages assessed by the government in counterfeiting cases. The bill prohibits the transshipment or exportation of recordings without the authority of the copyright owner. Current law only prohibits the importation of such items.
The law also requires that the President appoint an intellectual property enforcement coordinator to chair an interagency intellectual property enforcement advisory committee. The coordinator is responsible for developing a joint strategic plan against counterfeiting and piracy.
The bill amends existing law to allow grants designed to combat computer crime to be used for activities relating to infringement of copyrighted works over the Internet. The Department of Justice will make grants for training, prevention, enforcement, and prosecution of intellectual property theft and infringement crimes.
Under the measure, the Attorney General is required to create a task force to develop and implement a comprehensive plan to investigate and prosecute international organized crime syndicates engaging in crimes relating to intellectual property theft.
ORGANIZED RETAIL THEFT. Three bills designed to address organized retail theft were introduced in the 110th Congress. However, none of the bills were approved in committee.
Two bills (H.R. 6491 and S. 3434)) would have defined organized retail crime as the “stealing, embezzlement, obtaining by fraud, false pretenses, or other illegal means of retail merchandise in quantities that would not normally be purchased for personal use or consumption for the purpose of reselling or otherwise reentering such retail merchandise in commerce.”
The bill would have included selling stolen merchandise online in the definition of “transporting and selling or receiving stolen goods.” Similarly, under the bill, the use of gift cards, UPC codes, or RFID transponders, to perpetrate retail theft would have been classified as fraud.
Those online retailers who sell a high volume of merchandise—at least $12,000 a year—would have been required to report the sale of goods that they suspect could have been acquired through organized retail crime. Under the measure, businesses whose goods or services were sold or used in the facilitation of organized retail crime through an online marketplace could have sued for damages.
Another bill (H.R. 6713) would have required any online retailer to disclose the contact information of any high volume seller who had listed goods or items for sale on the provider’s online marketplace that matched the description of stolen goods listed in a signed report from a criminal law enforcement agency. Retailers would have been required to retain that contact information for three years.
HOMELAND SECURITY. This bill (H.R. 599) would have streamlined the certification process under the SAFETY Act, which provides legal immunity for the use of certified products. It was approved by the House of Representatives, but the Senate Homeland Security and Governmental Affairs Committee, to which the bill was referred, did not consider the bill.
The measure would have required that the Department of Homeland Security (DHS) devote a sufficient number of personnel to determine whether technologies could be designated or certified under the SAFETY Act. These employees would have been trained and qualified to apply legal, economic, and risk analyses.
The bill would also have required that DHS establish a formal process for coordinating with other agencies involved with SAFETY Act certification, such as those that contribute to the evaluation of products or provide grant money.
AIRPORT SECURITY. A bill (H.R. 1413) that would have established an airport security pilot program was approved by the House of Representatives, but it never made it out of the Senate Commerce, Science, and Transportation Committee.
Under the program, which would have been carried out at five commercial airports, researchers would have screened all airport workers with access to sensitive areas within the airport and would have then conducted a vulnerability assessment of each airport to determine how well the screening programs worked.
SPYWARE. A bill (H.R. 964) that would have made the use of spyware illegal in certain circumstances was approved by the House of Representatives, but it stalled in the Senate Commerce, Science, and Transportation Committee.
Under the measure, it would have been illegal for any person who was not the owner or authorized user of a protected computer to modify the settings of that computer, collect personal information from the computer, remove or disable security technology, or cause the installation of unsolicited software. A protected computer was defined under the bill as a computer used exclusively by a financial institution or the government, or any computer used in interstate or foreign commerce.
The bill would have provided an exception for such software used within a particular Web site when the information collected was sent only to the provider of the Web site accessed or used only for Internet- based search functions.
EMPLOYMENT DISCRIMINATION. A bill (H.R. 2831) that would have revised employment discrimination laws was approved by the House of Representatives, but the Senate did not consider the measure.
Under the bill, an employee could have acted on a discriminatory practice at the time it occurred as well as each time the employee was affected by the application of the decision or practice, such as each time an employee is paid, for example. The measure would have allowed an employee to recover back pay for up to two years preceding the filing of a lawsuit in cases where the unlawful employment practices stated in the claim also occurred in the prior time period. The changes set out in the bill would have applied to the Americans with Disabilities Act as well as to discrimination law.
The bill was in response to a U.S. Supreme Court ruling, Ledbetter v. Goodyear Tire and Rubber Co. In the case, a lawsuit filed by a female employee claiming that she was paid less than her male employees was thrown out because it was filed more than 120 days after the act of discrimination—her promotion at reduced pay—occurred.
SCHOOL SAFETY. A bill (H.R. 2352) that would have provided grants to schools to purchase security equipment was approved by the House of Representatives but was not considered in the Senate.
Under the bill, public elementary and secondary schools could have used grant money to purchase surveillance equipment or to establish hotlines for reporting potentially dangerous students and situations. The measure would have required that any school using the grants conduct an annual campus-safety assessment in consultation with local law-enforcement officials and implement a campus emergency-response plan that addresses a comprehensive set of emergency situations including natural disasters, active-shooter situations, and terrorism.
The bill would also have established an interagency task force under the Secretary of Education to develop and dispense school-safety guidelines.
This column should not be construed as legal or legislative advice.