HR 4518119th CongressIn Committee

Cooper Davis and Devin Norring Act

Introduced: Jul 17, 2025

Sponsor: Rep. Miller-Meeks, Mariannette [R-IA-1] (R-Iowa)

Economy & Taxes

Standard Summary

Comprehensive overview in 1-2 paragraphs

The Cooper Davis and Devin Norring Act would add a new reporting obligation to the Controlled Substances Act. It requires electronic communication service providers (ECS providers) and remote computing services to report certain controlled-substances violations to the Attorney General within 60 days of obtaining actual knowledge. The report must include contact information for the provider, details about the alleged crime (fentanyl, methamphetamine, counterfeit drugs, or unauthorized prescription drugs), and information about how the violation was discovered (human moderation vs. automated methods). The Attorney General would oversee the reporting program, conduct preliminary reviews, and may forward leads to other agencies. The bill also adds privacy protections, data-minimization rules, preservation requirements, penalties for noncompliance or false reporting, and an annual AG-produced public report on activity under the new section. It includes exemptions for broadband Internet access providers and text-messaging services, and it amends the Stored Communications Act to accommodate the new reporting.

Key Points

1New reporting duty for ECS providers and remote computing services: Providers must report certain drug-related crimes (fentanyl, meth; counterfeit substances; unauthorized or misrepresented prescription drugs) to the Attorney General within 60 days of knowledge, including the provider’s contact details and relevant facts about the crime and discovery method.
2Definitions and scope: The bill defines who is a “provider,” what counts as an “electronic communication service,” an “Internet” and a “website,” and it sets the reporting framework around content moderation findings (human vs. algorithmic detection).
3Contents and handling of reports: Reports must include account-related data and, if available, other material related to the crime (geolocation, IP addresses, timestamps, content data, and even the complete communication when appropriate). The AG can forward reports to other agencies for investigation.
4Privacy, data-minimization, and preservation: The AG must minimize stored data, preserve materials for a limited period (90 days after submission, with restrictions on extending preservation), and avoid requiring providers to monitor users or decrypt end-to-end communications. Reports may be shared only as permitted to support investigations.
5Penalties and enforcement: Criminal penalties for knowingly failing to report (up to $190k for a first violation; up to $380k for subsequent violations) and civil penalties ($50k-$100k for knowingly submitting false or incomplete information).
6Oversight and transparency: The Attorney General would be responsible for enforcement and would publish an annual report with metrics on the number of reports, outcomes, actionability, discovery method, sharing with other law enforcement, and preservation requests.
7Prohibitions and exemptions: Federal, tribal, state, or local law enforcement cannot submit reports on behalf of officers; there are protections against using the reports as evidence in trials if the submission violated these rules. Broadband Internet access providers and text messaging services are exempt from the reporting requirements.
8Conforming amendments: The bill would modify the Stored Communications Act to accommodate reporting to the Attorney General under the new CSA section and include related technical clarifications.

Impact Areas

Primary group/area affected- Electronic communication service providers and remote computing services (including large tech platforms, email providers, cloud services, and similar intermediaries) that host or process user content.- Individuals and entities involved in crimes described (fentanyl, methamphetamine, counterfeit substances, or unauthorized prescription drugs).- Federal, state, and local law enforcement and the Attorney General’s office, which would receive and process reports.Secondary group/area affected- Consumers and users of ECS/remote computing services, who may see increased data collection related to criminal activity and potential privacy implications.- Privacy advocates and civil liberties groups concerned about data retention, discovery processes, and the scope of information reported.Additional impacts- Compliance costs for providers, including potential data collection, recordkeeping, and reporting burdens (especially for smaller providers).- Effects on encryption practices and content moderation policies, given the balance between reporting requirements and privacy protections.- Potential chilling effects or changes in platform moderation and reporting behavior due to the obligation to disclose certain user-related information.- Oversight, transparency, and potential changes in federal data-sharing practices across agencies.Electronic communication service and remote computing service: Broad definitions covering platforms that host, transmit, or store user communications and data.Content moderation: The act of reviewing or removing content, which may be done by humans or automated systems (algorithms).End-to-end encryption: The bill preserves protections against requiring providers to decrypt communications; encryption remains allowed.Preservation: A limited-time hold on data to support investigations, with specific rules about notifying users and extending the hold.

Generated by gpt-5-nano on Oct 8, 2025