If the RESTRICT Act as currently proposed becomes law, it could result in criminal prosecution for individuals or entities that violate key provisions of the Act, including fines and imprisonment. The bill outlines penalties for violating any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued under the Act, including civil penalties of up to $250,000 and criminal penalties of up to $1,000,000 or imprisonment for up to 20 years. Crypto Criminal Defense Lawyer Blog
(B) No person may cause or aid, abet, counsel, command, induce, procure, permit, or approve the doing of any act prohibited by, or the omission of any act required by any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued under, this Act.
If the Act is passed as written, it will likely face challenges to key provision that appear to over-criminalize the use of internet protocols that have traditionally been regarded as otherwise as lawful security measures to protect user privacy. Critics of the Act believe, for example, it could potentially criminalize the use of VPNs. Digital rights experts told Motherboard the RESTRICT Act, which may be used to ban TikTok, could impact many other types of services too, including VPNs.
A spokesperson for the Bill’s sponsors take a contrary view noting that:
“This legislation is aimed squarely at companies like Kaspersky, Huawei and TikTok that create systemic risks to the United States’ national security—not at individual users.”
“The threshold for criminal penalty in this bill is incredibly high—too high to ever be concerned with the actions of someone an individual user of TikTok or a VPN.”
Vice: Rachel Cohen, Communications Director for Senator Warner
The proposed legislation also raises significant Fourth Amendment concerns about an over-expansion of search and seizure authority by the government under the Act. The Act also includes provisions for search and seizure, with designated officers and employees of federal agencies authorized to inspect, search, seize, and obtain information from any person subject to the provisions of the Act.
The Fourth Amendment of the United States Constitution protects individuals from unreasonable searches and seizures by the government. It states that people have the right to be secure in their persons, houses, papers, and effects, and that no warrants shall be issued without probable cause and a specific description of the place to be searched and the persons or things to be seized. The Framers believe that the Fourth Amendment should act as a check on the power of law enforcement to protect citizens from unreasonable privacy intrusions. Of course, when the Framers drafted the Fourth Amendment, they could never have imagined the privacy concerns we are now confronting in the modern digital age of social media apps and the like.
Senator Thune, one of the advocates of the RESTRICT Act believes the proposed legislation instead protects Americans against foreign privacy intrusions:
“In the United States, of course, we have the Fourth Amendment to the Constitution to protect the data Americans provide to apps from being seized by the government
“But the Chinese Communist Party has no such restraints.”
“In fact, Chinese law requires social media and technology companies to provide information – including individually identifiable personal information – to the Chinese government when asked.
“So there is no legal framework in China to effectively protect TikTok users – or users of any China-based app – from having their personal information turned over to the Chinese Communist Party.
Thune Discusses Bill to Combat National Security Risks From Foreign Adversary Technologies
Although the Act does provide for an administrative and judicial review processes, there are also limitation in the Act relating to the submission of classified and sensitive information. Under the proposed legislation, such information must be submitted to the court ex parte and in camera (meaning such information would be submitted to the reviewing court by one-party, the government, and not subject to public disclosure). This raises grave concerns and could invite possible Due Process violations as well as hinder the ability of persons or entities who are subject to the Act from effectively being put on notice of these searches and being a afforded an opportunity to challenge these government actions.
If passed as currently written, the Act will likely result in a number of Fourth Amendment challenges to the the potentially over-broad authority granted to federal government agencies to conduct these searches and seizures. Criminal defense attorneys will likely challenge these provisions arguing that the Act lacks clear limitations on the scope of the government’s power to conduct searches and seizures and these powers are too overly-broad and violate the Fourth Amendment.
Summary of the RESTRICT Act Proposed Legislation:
The RESTRICT Act was introduced on March 7, 2023 by Senator Mark Warner. Senate Bill S.686. “RESTRICT” is short for “Restricting the Emergence of Security Threats that Risk Information and Communications Technology”.
According to a statement released by Senators Warner and John Thune, the bill proposes a solution challenges the United States currently faces in securing its information and communications technology (ICT) supply chain as the result rapid technological advancements and increasing global interconnectedness. Warner & Thune Statement. The proposed legislation specifically seeks to address foreign vendors, some controlled by autocratic and illiberal governments, that are gaining significant market share in internet infrastructure, online communications, and networked software markets. The RESTRICT Act’s objective is to empower the Department of Commerce to better protect the US supply chain from potential threats.
The Senators’ joint statement notes that foreign tech such as telecommunications equipment, social media applications, security software, and e-commerce platforms have entered the US market, becoming increasingly embedded within the nation's information and communications networks. Warner & Thune Statement. They cite notable ICT products like Kaspersky antivirus software, Huawei's telecommunications equipment, and software products from Chinese firms, have raised concerns about the risks they pose to US citizens' data, critical infrastructure, privacy, and the security of everyday products. Id.
The Senators suggest that past efforts to address these risks have been “disjointed” and insufficient, often relying on antiquated authorities delegated to the President by Congress in a pre-digital age. Id. They instead propose a new approach to systematically review and address the challenges posed by technology from foreign adversaries.
Senators Warner and Thune maintain that “the solution” is a Bill that establishes a “risk-based process” for the Department of Commerce to identify and mitigate foreign threats to ICT products and services. Id. They believe this approach is “vital in the context of personal communications services, where federal courts have previously blocked remedial steps against foreign software vendors as insufficiently tailored and based on inadequately substantiated risks.” Id.
The proposed legislation would require the Secretary of Commerce to establish procedures to identify, deter, disrupt, prevent, prohibit, and mitigate transactions involving information and communications technology products that any foreign adversary has an in interest in and that poses any undue or unacceptable risk to United States national security interests.
According to the joint statement, the RESTRICT Act will:
• Prioritize evaluation of ICT products used in critical infrastructure, integral to telecommunications products, or pertaining to a range of defined emerging, foundational, and disruptive technologies with serious national security implications.
• Ensure comprehensive actions to address risks of untrusted foreign ICT by requiring the Secretary to take up consideration of concerning activity identified by other USG entities.
• Educate the public and business community about the threat by requiring the Secretary of Com- merce to coordinate with the Director of National Intelligence to provide declassified information on how transactions denied or otherwise mitigated posed undue or unacceptable risk. Id.
Summary of Key Provisions of the RESTRICT Act Proposed Bill:
Section 3 - ADDRESSING INFORMATION AND COMMUNICATION TECHNOLOGY PRODUCTS AND SERVICES THAT POSE UNDUE OR UNACCEPTABLE RISK:
Addresses the risks posed by information and communication technology (ICT) products and services, and outlines actions that the Secretary may take to mitigate those risks.
Subsection (a) lists the types of risks that the Secretary is authorized to address, including those related to ICT products and services that pose an “undue or unacceptable risk” to critical infrastructure, national security, or democratic processes.
Subsection (b) outlines the review process for covered transactions and requires the Secretary to determine if a covered transaction poses an undue or unacceptable risk, and if so, to take appropriate action.
Paragraph (2) requires the Secretary to publish information, “in declassified form” explaining how a covered transaction that was denied or mitigated meets the established criteria.
Finally, paragraph (3) of subsection (b) specifies that certain administrative procedure requirements do not apply to any regulation promulgated pursuant to paragraph (1). Section 3 of S.686
Section 4 - ADDRESSING INFORMATION AND COMMUNICATIONS TECHNOLOGY PRODUCTS AND SERVICES HOLDINGS THAT POSE UNDUE OR UNACCEPTABLE RISK:
Outlines the process for identifying and mitigating risks associated with information and communication technology (ICT) product and service holdings that are considered “undue or unacceptable.”
The Secretary, in consultation with relevant executive departments and agencies, is directed to identify and refer any “covered holding that poses an undue or unacceptable risk to the national security of the United States or the security and safety of United States persons.” The Executive Branch may then take appropriate action to compel divestment of or mitigate the risk associated with such covered holdings. Section 4 of S.686
Section 5 - CONSIDERATIONS:
Outlines the considerations that the Secretary must take into account when carrying out reviews of covered transactions. Under Section 5, the Secretary must prioritize the evaluation of certain information and communications technology products and services, including those used in critical infrastructure, telecommunications, data hosting and computing, and other emerging technologies.
Section 5 also requires the Secretary to consider various factors when determining whether a covered transaction poses an undue or unacceptable risk, including any orders or revocations issued by federal agencies, the nature and likelihood of consequences to the public and private sectors, and any relevant threat assessments or reports. Section 5 of S.686
Section 6 - DESIGNATION OF FOREIGN ADVERSARIES:
Section 6 of Senate Bill S.686 allows the Secretary, “in consultation with the Director of National Intelligence, to designate any foreign government or regime as a foreign adversary if the Secretary finds that the foreign government or regime is engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or the security and safety of United States persons.”
Not later than 15 days before the date on which the Secretary makes or removes a designation under subsection (a), the Secretary shall, by classified communication, notify the President pro tempore, Majority Leader, and Minority Leader of the Senate, the Speaker and Minority Leader of the House of Representatives, and the relevant committees of Congress, in writing, of the intent to designate a foreign government or regime as a foreign adversary under this section, together with the findings made under subsection (a) with respect to the foreign government or regime and the factual basis therefor. Section 6 of S.686
Section 7 - RESOLUTION OF DISAPPROVAL OF DESIGNATION OR REMOVAL OF DESIGNATION OF A FOREIGN ADVERSARY:
Outlines the rules for a resolution of disapproval of designation or removal of designation of a foreign adversary. The section defines terms such as "covered joint resolution," "joint resolution of disapproval of designation," and "joint resolution of disapproval of removal of designation."
It provides for expedited consideration of such resolutions in both the House of Representatives and the Senate, outlining the procedures for introduction, committee referral, reporting and discharge, debate, and voting. If a joint resolution of disapproval of designation or removal of designation is enacted, it would either remove or prohibit the removal of the designation as a foreign adversary for purposes of this Act. The section also emphasizes that these rules are part of the rules of each House and that they supersede other rules only to the extent that they are inconsistent with such rules. Section 7 of S.686
Section 8 -IMPLEMENTING AUTHORITIES :
Section 8 of the proposed legislation provides implementing authorities for the Secretary to carry out the responsibilities under the Act. The Secretary is authorized to establish regulations, procedures, and rules as needed. The Secretary can take action with respect to both individual covered transactions and classes of covered transactions.
Additionally, the Secretary may issue guidance, create lists of foreign persons, and undertake any other action necessary to carry out the responsibilities under this Act. The Secretary may also appoint technical advisory committees to provide advice, and Chapter 10 of part 1 of title 5, United States Code, shall not apply to any meeting of such an advisory committee held pursuant to this subsection. Section 8 of S.686
Section 9 - INFORMATION TO BE FURNISHED:
Outlines the information that the Secretary of Commerce can require from any party involved in a transaction or holding under review or investigation. The Secretary may require complete information, including reports and documents, relating to any act, transaction, or holding.
The Secretary has the authority to:
(3) conduct investigations, hold hearings, administer oaths, examine witnesses, receive evidence, take depositions, and require by subpoena the attendance and testimony of witnesses and the production of any documents relating to any transaction or holding under review or investigation, regardless of whether any report has been required or filed in connection therewith, including through another person or agency. Section 9 of S.686
Section 10 - ENFORCEMENT:
Section 10 of the proposed legislation discusses the enforcement of the act. It states that the President shall rely on the Secretary and other federal agencies to conduct investigations of violations.
Designated officers and employees of these agencies may inspect, search, seize, and obtain information from any person subject to the provisions of the act. They may also administer oaths and issue subpoenas. In case of refusal to obey a subpoena, the district court may issue an order requiring compliance.
(2) ACTIONS BY DESIGNEES.—In conducting investigations described in paragraph (1), designated officers or employees of Federal agencies described that paragraph may, to the extent necessary or appropriate to enforce this Act, exercise such authority as is conferred upon them by any other Federal law, subject to policies and procedures approved by the Attorney General.
(b) Permitted Activities.—Officers and employees of agencies authorized to conduct investigations under subsection (a) may—
(1) inspect, search, detain, seize, or impose temporary denial orders with respect to items, in any form, or conveyances on which it is believed that there are items that have been, are being, or are about to be imported into the United States in violation of this Act or any other applicable Federal law;
(2) require, inspect, and obtain books, records, and any other information from any person subject to the provisions of this Act or other applicable Federal law;
(3) administer oaths or affirmations and, by subpoena, require any person to appear and testify or to appear and produce books, records, and other writings, or both; and
(4) obtain court orders and issue legal process to the extent authorized under chapters 119, 121, and 206 of title 18, United States Code, or any other applicable Federal law.
(c) Enforcement Of Subpoenas.—In the case of contumacy by, or refusal to obey a subpoena issued to, any person under subsection (b)(3), a district court of the United States, after notice to such person and a hearing, shall have jurisdiction to issue an order requiring such person to appear and give testimony or to appear and produce books, records, and other writings, regardless of format, that are the subject of the subpoena. Any failure to obey such order of the court may be punished by such court as a contempt thereof.
(d) Actions By The Attorney General.—The Attorney General may bring an action in an appropriate district court of the United States for appropriate relief, including declaratory and injunctive, or divestment relief, against any person who violates this Act or any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued under this Act. In any such action, the limitations as described under section 12(b) shall apply.
Section 11 - PENALTIES:
Section 11 of the proposed legislation outlines the civil and criminal penalties that will be imposed on individuals or entities that violate any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued under this Act.
(1) IN GENERAL.—It shall be unlawful for a person to violate, attempt to violate, conspire to violate, or cause a violation of any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued under this Act, including any of the unlawful acts described in paragraph (2).
2) SPECIFIC UNLAWFUL ACTS.—The unlawful acts described in this paragraph are the following:
(A) No person may engage in any conduct prohibited by or contrary to, or refrain from engaging in any conduct required by any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued under this Act.
(B) No person may cause or aid, abet, counsel, command, induce, procure, permit, or approve the doing of any act prohibited by, or the omission of any act required by any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued under, this Act.
(C) No person may solicit or attempt a violation of any regulation, order, direction, mitigation measure, prohibition, or authorization or directive issued under this Act.
(D) No person may conspire or act in concert with 1 or more other person in any manner or for any purpose to bring about or to do any act that constitutes a violation of any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued under this Act.
(E) No person may, whether directly or indirectly through any other person, make any false or misleading representation, statement, or certification, or falsify or conceal any material fact, to the Department of Commerce or any official of any other executive department or agency—
(i) in the course of an investigation or other action subject to this Act, or any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued thereunder; or
(ii) in connection with the preparation, submission, issuance, use, or maintenance of any report filed or required to be filed pursuant to this Act, or any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued thereunder.
(F) No person may engage in any transaction or take any other action with intent to evade the provisions of this Act, or any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued thereunder.
(G) No person may fail or refuse to comply with any reporting or recordkeeping requirement of this Act, or any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued thereunder.
(H) Except as specifically authorized in this subchapter, any regulation, order, direction, mitigation measure, or other authorization or directive issued thereunder or in writing by the Department of Commerce, no person may alter any order, direction, mitigation measure, or other authorization or directive issued under this Act or any related regulation. Section 11 of S.686
See the link and text of the proposed for a further discussion of the proposed civil and forfeiture penalties.
Section 12 - JUDICIAL REVIEW:
This section of the proposed legislation establishes the administrative and judicial review process for actions taken under the Act. The term "classified information" is defined to include information that requires protection against unauthorized disclosure for reasons of national security.
The actions taken by the President and the Secretary under this Act shall not be subject to administrative or judicial review, except as otherwise provided in this section.
(b) Administrative And Judicial Review.—Notwithstanding any other provision of law, actions taken by the President and the Secretary, and the findings of the President and the Secretary, under this Act shall not be subject to administrative review or judicial review in any Federal court, except as otherwise provided in this section. Actions taken by the Secretary under this Act shall not be subject to sections 551, 553 through 559, and 701 through 707 of title 5, United States Code.
However, an aggrieved person may file a petition for review in the United States Court of Appeals for the District of Columbia Circuit within 60 days of the Secretary's or President's action under sections 3(a) and 4(c), respectively.
(1) IN GENERAL.—Not later than 60 days after the Secretary takes action under section 3(a), or the President takes action under section 4(c), an aggrieved person may apply for review by filing a petition for review in the United States Court of Appeals for the District of Columbia Circuit.
(2) STANDARD OF REVIEW.—The court shall not disturb any action taken by the Secretary under section 3(a), or by the President under section 4(c), unless the petitioner demonstrates that the action is unconstitutional or in patent violation of a clear and mandatory statutory command.
The United States Court of Appeals for the District of Columbia Circuit shall have exclusive jurisdiction over claims arising under this Act.
(1) IN GENERAL.—The procedures described in this subsection shall apply to the review of a petition for review under this section.
(2) FILING OF RECORD.—The United States shall file with the court an administrative record, which shall consist of the information that the appropriate official relied upon in taking a final action under this Act.
(3) UNCLASSIFIED, NONPRIVILEGED INFORMATION.—All unclassified information contained in the administrative record filed pursuant to paragraph (2) that is not otherwise privileged or subject to statutory protections shall be provided to the petitioner with appropriate protections for any privileged or confidential trade secrets and commercial or financial information.
(4) IN CAMERA AND EX PARTE REVIEW.—The following information may be included in the administrative record and shall be submitted only to the court ex parte and in camera:
(A) Sensitive security information, as defined by section 1520.5 of title 49, Code of Federal Regulations.
(B) Privileged law enforcement information.
(C) Information obtained or derived from any activity authorized under the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.), except that, with respect to such information, subsections (c), (e), (f), (g), and (h) of section 106 (50 U.S.C. 1806), subsections (d), (f), (g), (h), and (i) of section 305 (50 U.S.C. 1825), subsections (c), (e), (f), (g), and (h) of section 405 (50 U.S.C. 1845), and section 706 (50 U.S.C. 1881e) of that Act shall not apply.
(D) Information subject to privilege or protections under any other provision of law, including the Currency and Foreign Transactions Reporting Act of 1970 (31 U.S.C. 5311 et seq.).
(5) INFORMATION UNDER SEAL.—Any information that is part of the administrative record filed ex parte and in camera under paragraph (4), or cited by the court in any decision, shall be treated by the court consistent with the provisions of this section. In no event shall such information be released to the petitioner or as part of the public record.
The determination by the court under this section shall be the exclusive judicial remedy for any claim described in this section
(f) Exclusive Remedy.—A determination by the court under this section shall be the exclusive judicial remedy for any claim described in this section against the United States, any executive department or agency, or any component or official of any such executive department or agency.
Conclusion:
Although the RESTRICT Act proposed by Senator Warner attempts to address risks posed by foreign ICT products and services, the Act as written also raises concerns regarding the potential over-criminalization of technology applications such as VPNs designed to protect privacy and security of individuals while on the internet. In addition, the proposed Act raises significant possible Fourth Amendment concerns regarding the scope and potential overreach of the government’s authority to conduct search and seizures of individual’s internet activity.
Will Congress respond to these concerns and include clear limitations on the scope of search and seizure authority to ensure that individuals are afforded adequate Fourth Amendment and Due Process protections under the United States Constitution?
This blog post was prepared, in part, with the assistance of ChatGPT-4 AI. Nothing in this post should be considered legal advice or the creation of an attorney-client relationship. This blog is strictly for informational purposes only.