S.3569 - Cloud Computing Act of 2012112th Congress (2011-2012)
Text: S.3569 — 112th Congress (2011-2012)
There is one version of the bill.
Introduced in Senate (09/19/2012)
[Congressional Bills 112th Congress] [From the U.S. Government Printing Office] [S. 3569 Introduced in Senate (IS)] 112th CONGRESS 2d Session S. 3569 To improve the enforcement of criminal and civil law with respect to cloud computing, and for other purposes. _______________________________________________________________________ IN THE SENATE OF THE UNITED STATES September 19, 2012 Ms. Klobuchar (for herself and Mr. Hoeven) introduced the following bill; which was read twice and referred to the Committee on Commerce, Science, and Transportation _______________________________________________________________________ A BILL To improve the enforcement of criminal and civil law with respect to cloud computing, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``Cloud Computing Act of 2012''. SEC. 2. UNLAWFUL ACCESS TO CLOUD COMPUTING SERVICES. (a) In General.--Section 1030 of title 18, United States Code, is amended by adding at the end the following: ``(k) For purposes of an offense described in paragraph (2)(C), (4), or (5) of subsection (a) or an attempt or conspiracy to commit such an offense, if the protected computer is part of a cloud computing service, each instance of unauthorized access of a cloud computing account, access in excess of authorization of a cloud computing account, or attempt or conspiracy to access a cloud computing account without authorization or in excess of authorization shall constitute a separate offense.''. (b) Definitions.--Section 1030(e) of title 18, United States Code, is amended-- (1) in paragraph (11), by striking ``and'' at the end; (2) in paragraph (12), by striking the period at the end and inserting a semicolon; and (3) by adding at the end the following: ``(13) the term `cloud computing account' means information stored on a cloud computing service that requires a password or similar information to access and is attributable to an individual, which may include allowing a customer of the cloud computing service to have multiple accounts; and ``(14) the term `cloud computing service' means a service that enables convenient, on-demand network access to a shared pool of configurable computing resources (including networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or interaction by the provider of the service.''. SEC. 3. PRESUMED LOSSES. Section 1030 of title 18, United States Code, as amended by section 2(a), is amended by adding at the end the following: ``(l) If an offense under this section involves a protected computer that is part of a cloud computing service, the value of the loss of the use of the protected computer for purposes of subsection (a)(4), the value of the information obtained for purposes of subsection (c)(2)(B)(iii), and the value of the aggregated loss for purposes of subsection (c)(4)(A)(i)(I) shall be the greater of-- ``(1) the value of the loss of use, information, or aggregated loss to 1 or more persons; or ``(2) the product obtained by multiplying the number of cloud computing accounts accessed by $500.''. SEC. 4. INTERACTION WITH INTERNATIONAL FORA TO ADVANCE INTERNATIONAL INTEROPERABILITY WITH LAW AND POLICIES OF UNITED STATES. The Secretary of State shall work with other international fora, such as the Organization for Economic Cooperation and Development, to advance the aims of ensuring interoperability between the provisions of this Act, the amendments made by this Act, and other laws and policies of the United States and foreign countries, including in consultations between the United States and the European Union. SEC. 5. ANNUAL STUDY AND REPORT ON INTERNATIONAL COOPERATION REGARDING DATA PRIVACY, RETENTION, AND SECURITY. (a) In General.--Not later than 180 days after the date of the enactment of this Act and not less frequently than once each year thereafter for 4 years, the Secretary of State shall-- (1) conduct a study on international cooperation regarding data privacy, retention, and security; and (2) submit to Congress a report on the findings of the Secretary with respect to the most recent study carried out under paragraph (1) and the activities of the Secretary under section 4. (b) Matters Studied.--Each study conducted under subsection (a)(1) shall include development of recommendations for best practices, treaties, common policy frameworks, mutual recognition agreements, the creation of hybrid public-private authorities, codes of conduct, or other guidance the Secretary of State considers necessary to promote the development of laws and policies in foreign countries that are interoperable with and that will reinforce the effectiveness of-- (1) the provisions of this Act and the amendments made by this Act; and (2) policies relating to data privacy, data retention, security of data, and assertions of jurisdiction over data, including with respect to law enforcement access to data. (c) Interagency Coordination.--In conducting the studies required by subsection (a)(1), the Secretary of State shall consult with the heads of relevant agencies, such as the following: (1) The National Economic Council. (2) The Attorney General. (3) The Secretary of Commerce. (4) The Federal Trade Commission. (5) The Secretary of Homeland Security. (6) The United States Trade Representative. SEC. 6. ANNUAL FEDERAL INFORMATION TECHNOLOGY AND CLOUD COMPUTING PROCUREMENT FORECAST. (a) Cloud Computing Service Defined.--In this section, the term ``cloud computing service'' has the meaning given the term by the Under Secretary of Commerce for Standards and Technology. (b) Forecast Required.--Not later than 180 days after the date of the enactment of this Act and not less frequently than once each year thereafter for 4 years, the head of each Federal agency described in section 901(b) of title 31, United States Code, shall, consistent with Cloud First policy outlined in the document of the Office of Management and Budget entitled ``Federal Cloud Computing Strategy'' and dated February 8, 2011, submit to the Administrator of the Office of Electronic Government and Information Technology of the Office of Management and Budget a 3-year forecast of the plans of the agency relating to the procurement of cloud computing services and support relating to such services. (c) Publication.--The Administrator shall make each 3-year forecast submitted under subsection (b) available to the public via an Internet website.