U.S. LEGISLATION

114th U.S. Congressional Wrap-up. This month’s “Legal Report” is a round-up of the major security-related legislation considered by the 114th U.S. Congress, which concluded at the beginning of this month. Included in this summary are public laws that went into effect and legislation that was introduced but failed to pass. The bills that failed to pass will be nullified, and members of Congress will have to reintroduce them when they reconvene early in January as part of the 115th Congress.

Terrorism. Congress reauthorized the Terrorism Risk Insurance Program, which allows the federal government to repay business costs following a catastrophic attack that costs more than $200 million in damages. 

The law (P.L. 114-1) extends the program through December 31, 2020, and includes measures absent from the Terrorism Risk Insurance Act (TRIA) of 2002, such as new provisions increasing the original trigger amount from $100 million to $200 million and requiring the secretary of treasury to create a “reasonable timeline” to determine whether to certify an event as an act of terrorism.

Congress overrode President Barack Obama’s veto, allowing legislation to become law that gives terrorism victims and their families the ability to sue foreign states and officials for their role in an act of terrorism.

The veto override enacted the Justice Against Sponsors of Terrorism Act (P.L. 114-222), which removes sovereign immunity in U.S. courts from foreign governments that are not designated state sponsors of terrorism. It authorizes U.S. courts to hear cases involving claims against a foreign state for injuries, death, or damages that occur inside the United States as a result of a tort—including an act of terrorism—committed anywhere by a foreign state or official.

Legislation that would have created a U.S. Department of Homeland Security (DHS) Office for Countering Violent Extremism failed to advance in Congress.

The bill (H.R. 2899) would have authorized $10 million for the DHS secretary to establish the office through 2020 to coordinate DHS’s efforts to counter violent extremism by identifying risk factors and populations targeted by propaganda and recruiters. Managing DHS outreach and engagement efforts to at-risk communities was also included.

House Homeland Security Committee Chair Michael McCaul (R-TX) introduced the bill, which did not advance in the House.

The House also failed to pass a bill that would have encouraged banks to tip off federal investigators about terrorism financing. H.R. 5606 would have enhanced Section 314 of the Patriot Act to allow financial institutions to report to the federal government if they suspected funds were being used for “terrorist acts, money laundering activities, or a specified unlawful activity.” 

The bill also would have shielded financial institutions from civil litigation for filing these reports. 

Cybersecurity. As part of an omnibus spending bill in 2015, Congress passed the Cybersecurity Information Sharing Act (P.L. 114-110).

The act allows private entities to share and receive cyberthreat indicators and defensive measures with other entities and with the federal government. Threat indicators are defined as information that is “necessary to describe or identify malicious reconnaissance.”

Companies, however, must remove personal identifying information not related to cybersecurity threats before sharing data under the act.

It also allows the director of national intelligence and the U.S. Departments of Homeland Security, Defense, and Justice to share cyberthreat indicators with private companies and state, tribal, or local governments.

Congress failed to advance legislation that would have directed the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) to create federal standards to secure vehicles.

The bill (S. 1806) would have created vehicle performance standards that required all access points in vehicles to be equipped with reasonable measures to protect against hacking attacks, all collected information from the vehicle to be secured to prevent unwanted access, and all vehicles to be equipped with technology that can detect, report, and stop hacking attempts in real time. 

Aviation. Congress passed legislation (P.L. 114-50) that verifies that airports have working plans in place to respond to security incidents inside their perimeters. 

The law directs the assistant secretary of homeland security to verify at all U.S. airports that the Transportation Security Administration (TSA) performs or oversees implementation of security measures and that airports have working plans in place to respond to active shooters, acts of terrorism, and incidents that target passenger-screening checkpoints.

The assistant secretary must then report his or her findings to Congress to identify best practices and establish a mechanism to share those with other airport operators.

Congress failed, however, to pass a bill that would limit airport employees’ access to secure areas within airport facilities. 

The bill (H.R. 3102) would have directed the TSA to create a risk-based, intelligence-driven model for screening airport employees based on the level of employment-related access to Secure Identification Display Areas, Airport Operations Areas, or secure areas at U.S. airports. 

Additionally, it would have required TSA to create a program to allow airport badging offices to use E-Verify, create a process to transmit applicants’ fingerprint data to a federal office for vetting, and assess credential application data received by DHS to ensure that it’s complete and matches data submitted by airport operators.

The House passed the bill, which stalled in the Senate Commerce, Science, and Transportation Committee.

In a Federal Aviation Administration (FAA) extension act, Congress created a variety of new security measures to enhance aviation security.

Under the law (P.L. 114-190), the number of government “viper teams” increased from 30 to 60. These teams stop and search suspicious passengers in public places outside the airport.

Another measure requires new passenger airlines to create secondary barriers to keep unauthorized individuals from gaining access when a pilot opens the cockpit door. It also requires the FAA to consider whether to implement additional screening for mental health conditions as part of a comprehensive medical certification process for pilots.

Additionally, the law requires TSA to use private companies to market and enroll more individuals in its PreCheck program. It also requires the FAA to authorize package deliveries by drones within two years of its passage.

Drones. Congress failed to pass legislation that would address the security implications of drones. 

The bill (H.R. 1646) would have required DHS to assess the security risks associated with commercially available small and medium unmanned aerial systems (drones). The measure would also have required DHS to develop policies, guidance, and protocols to prevent or mitigate the risks if drones are used in an attack.

The House passed the legislation, which later stalled in the Senate.

Privacy. Congress extended some rights under the U.S. Privacy Act to European Union citizens and other designated allies.

The Judicial Redress Act (P.L. 114-129) allows the U.S. Department of Justice—with the agreement of the U.S. Departments of State, Treasury, and Homeland Security—to designate countries or organizations whose citizens may pursue civil remedies if they have appropriate privacy protections for sharing information with the United States.

The law was enacted as part of an agreement between the United States and the European Union that allows the two to exchange more data during criminal and terrorism investigations. 

Human trafficking. Congress expanded the definition of child abuse under the Victims of Child Abuse Act of 1990 to include human trafficking and the production of child pornography.

The law (P.L. 114-22) also expands prosecution to include individuals who patronize or solicit people for a commercial sex act, “making traffickers and buyers equally culpable for sex trafficking offenses.”

Communications. A new law requires DHS to achieve and maintain interoperable communications. The law (P.L. 114-29) requires a DHS undersecretary to submit a strategy to Congress to achieve and maintain communications for daily operations, planned events, and emergencies. 

The strategy must include an assessment of interoperability gaps in radio communications among DHS groups, information on DHS efforts to achieve and maintain interoperable communications, and information about the adequacy of mechanisms available to the undersecretary to enforce and compel compliance with interoperable communications policies and directives of DHS.

Screening. Congress did not advance a bill that would require the FBI to ensure that select individuals applying for U.S. refugee admission receive full background investigations before being admitted to the country.

DHS already conducts such screenings, but the bill (H.R. 4038) would have required the FBI to perform background investigations on nationals or residents from Iraq or Syria, individuals with no nationality whose last residence was in Iraq or Syria, and individuals present in Iraq and Syria at any time on or after March 1, 2011. 

The House passed the bill, which stalled when it reached the Senate floor.

Disaster relief. Congress passed legislation that requires the Federal Emergency Management Agency (FEMA) to develop and implement a plan to control and reduce administrative costs for delivering assistance for major disasters.

Under the law (P.L. 114-132), FEMA must compare the costs and benefits of tracking administrative cost data for major disasters by public assistance, individual assistance, hazard mitigation, and mission assignment programs. 

FEMA must then submit to Congress by November 30 each year—until 2023—a report on the total amount spent on administrative costs. 

Prisons. Congress authorized legislation that requires the director of the Bureau of Prisons to issue oleoresin capsicum spray (pepper spray) to designated individuals.

The law (P.L. 114-133) requires the director to issue the spray to any bureau officer or prison employee who may respond to an emergency situation in the prison. The law also allows the director to distribute the spray to other prison officers and employees as appropriate. Minimum and low-security prisons are excluded from the requirement.

Officers and employees designated to use the spray must first be trained on how to use it, and are required to under­­­go annual training on using the spray. 

Equipment. The Senate failed to pass legislation that would have allowed DHS to give excess nonlethal equipment and supplies to foreign governments.

Under the bill (H.R. 4314), DHS would have provided these supplies to foreign governments if doing so furthered U.S. homeland security interests and enhanced the recipient government’s capacity to mitigate the threat of terrorism, infectious disease, or natural disaster; protect lawful trade and travel; or enforce intellectual property rights.

The House passed the bill, which stalled in the Senate Foreign Relations Committee.

Sexual assault. Congress established rights for sexual assault survivors that clarify what basic services sexual violence victims are entitled to.

Under the law (P.L. 114-236), victims may not be prevented from obtaining a medical forensic examination. They may not be charged for the examination. They have the right to have sexual assault evidence collection kits and their contents preserved—without charge—for the duration of the maximum statute of limitations or 20 years (whichever is shorter). They also have the right to be informed of any result of a collection kit if the disclosure would not impede or compromise an ongoing investigation.

Victims also have the right to be informed—in writing—of policies governing the collection and preservation of collection kits, and the right to receive written notification from officials no later than 60 days before their collection kit is to be destroyed or disposed of.

ELSEWHERE IN THE COURTS

POLICING. The Massachusetts Supreme Judicial Court found that the behavior of a young, black, male suspect who tried to avoid the police did not justify law enforcement to stop and search him. “Rather, the finding that black males in Boston are disproportionately and repeatedly targeted for Field Interrogation Observations encounters suggests a reason for flight totally unrelated to consciousness of guilt,” the court explained in its ruling. “Such an individual, when approached by the police, might just as easily be motivated by the desire to avoid the recurring indignity of being racially profiled as by the desire to hide criminal activity.” (Commonwealth v. Warren, Supreme Judicial Court of Massachusetts, No. 11956, 2016)

Excessive Force. The U.S. Supreme Court did not take up a case where police officers challenged restrictions on the use of Tasers on individuals who are resisting arrest. The Court’s decision leaves in place a lower court opinion, which ruled that police should not use stun guns on individuals trying to evade custody if they do not pose a threat to officers or others. The decision stems from a court case brought after the 2011 death of Ronald Armstrong, a mentally ill man who was tased by police five times for refusing to let go of a sign post to avoid being taken to a hospital. The lower court found that police used excessive force because Armstrong did not pose a safety risk. (Estate of Ronald H. Armstrong v. Village of Pinehurst, U.S. Court of Appeals for the Fourth Circuit, No. 15-1191, 2016) 

Sexual harassment. The owner/operator and management company for a Columbus, Ohio, Texas Roadhouse restaurant will pay $1.4 million to settle a class sexual harassment suit filed by the U.S. Equal Employment Opportunity Commission (EEOC). The EEOC charged that East Columbus Host, LLC, and management company Ultra Steak, Inc., victimized a group of female employees by subjecting them to sexual harassment and then retaliating against them for complaining about it. The restaurant manager allegedly made humiliating remarks about victims and other females’ bodies and sexuality, and pressured them for sexual favors in exchange for employment benefits or as a condition of avoiding adverse employment action. The consent decree resolving the lawsuit requires the companies to offer reinstatement to injured women in agreed locations and positions. The companies are also prohibited from rehiring the offending manager. (EEOC v. East Columbus Host, LLC, U.S. District Court for the Southern District of Ohio, Eastern Division, No. 2:14-cv-1696, 2016).​