115th CONGRESS 2d Session |
To require studies on cyberexploitation of employees of certain Federal departments and their families, and for other purposes.
December 19, 2018
Mr. Sasse introduced the following bill; which was read twice and referred to the Committee on Homeland Security and Governmental Affairs
To require studies on cyberexploitation of employees of certain Federal departments and their families, and for other purposes.
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
SECTION 1. Study on cyberexploitation of employees of certain Federal departments and their families.
(a) Definitions.—In this section:
(1) COVERED DEPARTMENT.—The term “covered department” includes the following:
(A) The Department of Justice.
(B) The Department of Energy.
(C) The Department of Homeland Security.
(D) The Department of State.
(E) The Department of the Treasury.
(F) The United States Agency for International Development.
(G) The civilian employees of the Department of Defense.
(2) CYBEREXPLOITATION.—The term “cyberexploitation” means the use of digital means to knowingly access, or conspire to access, without authorization, an individual’s personal information to be employed (or to be used for) with malicious intent.
(3) DEEP FAKE.—The term “deep fake” means the digital insertion of a person’s likeness into or digital alteration of a person’s likeness in visual media, such as photographs and videos, without the person’s permission and with malicious intent.
(b) Study required.—Not later than 150 days after the date of the enactment of this Act, each head of a covered department shall complete a study on the cyberexploitation of the personal information and accounts of employees of the covered department and their families.
(c) Elements.—The study required by subsection (b) shall include, with respect to a covered department, the following:
(1) An assessment of the vulnerability of employees described in subsection (b) and their families to inappropriate access to their personal information and accounts of such employees and their families, including identification of particularly vulnerable subpopulations.
(2) Creation of a catalogue of past and current efforts by foreign governments and non-state actors at the cyberexploitation of the personal information and accounts of such employees and their families, including an assessment of the purposes of such efforts and their degrees of success.
(3) An assessment of the actions taken by the department or agency to educate employees and their families, including particularly vulnerable subpopulations, about and actions that can be taken to otherwise reduce these threats.
(4) Assessment of the potential for the cyberexploitation of misappropriated images and videos as well as deep fakes.
(5) Development of recommendations for policy changes to reduce the vulnerability of such employees and their families to cyberexploitation, including recommendations for legislative or administrative action.
(1) IN GENERAL.—Each head of a covered department shall submit to Congress a report on the findings of the head with respect to the study conducted by the head under subsection (b).
(2) FORM.—The report required by paragraph (1) shall be submitted in unclassified form, but may include a classified annex.