Protecting Stolen Encrypted Data Act of 2026
- Bill Number
- S. 4230
- Origin Chamber
- Senate
- Congress
- 119th Congress, Session 2
- Policy Area
- Armed Forces and National Security
- Status
- Introduced
- Latest Action
- 2026-03-26: Read twice and referred to the Select Committee on Intelligence.
- Last Updated
- 2026-04-15T01:25:01Z
AI-Generated Summary
Purpose
The Protecting Stolen Encrypted Data Act of 2026 aims to require the U.S. federal government to develop strategies for identifying stolen sensitive data and classified information held by foreign entities, and to take actions like destroying, manipulating, or recovering it when it serves U.S. economic and national security interests.
Key Provisions
- Definitions:
- Classified information: Sensitive government secrets protected under national security laws (defined in the National Security Act of 1947).
- Covered data: Includes financial, medical, and biometric (e.g., fingerprints or facial scans) data of U.S. persons; intellectual property; and trade secrets of U.S. persons.
- U.S. person: U.S. citizens, permanent residents, or U.S. corporations (as defined in the Foreign Intelligence Surveillance Act).
- Identification Strategies: The President, through the Secretary of Defense (SecDef) and Director of National Intelligence (DNI), must create plans to detect:
- Covered data or classified information illegally held by foreign entities.
- Whether it was encrypted (scrambled for security).
- Whether foreign entities have decrypted (unscrambled) it.
- Addressing Strategies: Develop plans on how to handle such stolen data.
- Actions Allowed:
- SecDef and DNI jointly decide if destroying, altering, or recovering the data benefits U.S. economic or national security.
- If yes, they can target encrypted data not yet decrypted, then attempt destruction, manipulation, or recovery.
- When feasible, notify the original owners before and after actions.
- Reporting Requirement: Within 1 year of enactment, SecDef and DNI submit a joint report to Congress on strategies, actions taken, legislative/administrative recommendations; report is unclassified but may include a classified section.
Significant Changes to Existing Law
- Introduces new mandates for proactive identification and potential cyber interventions against foreign-held stolen U.S. data; no direct amendments to prior laws, but builds on definitions from the National Security Act and Foreign Intelligence Surveillance Act.
Potential Impacts
- Government Agencies: Empowers Department of Defense and intelligence community with authority for offensive cyber operations abroad; requires congressional reporting for oversight.
- Citizens and Businesses: Protects personal (e.g., health/financial records) and commercial data (e.g., trade secrets) from foreign misuse; owners may get notifications of recovery efforts.
- International Relations: Could strain ties with adversarial nations if actions target their systems, potentially escalating cyber tensions.
Main Stakeholders Affected
- U.S. Government: President, SecDef, DNI, Congress (receives reports).
- U.S. Persons: Individuals with sensitive personal data; companies with intellectual property or trade secrets.
- Foreign Entities: Governments or actors illegally holding U.S. data, who may face U.S. cyber countermeasures.
Notable Legal, Constitutional, or Political Implications
- Legal: Authorizes covert actions abroad, potentially under executive authority, but ties to national security interests; requires joint SecDef-DNI decisions to limit unilateral action.
- Constitutional: Balances executive power in foreign affairs with congressional oversight via reporting; no direct privacy impacts on U.S. persons since targets are stolen/foreign-held data.
- Political: Bipartisan sponsorship (Sens. Hassan and Blackburn); emphasizes defense against foreign cyber theft without mandating new funding or broad surveillance.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Sen. Hassan, Margaret Wood [D-NH]
Cosponsors (1)
Recent Actions
- 2026-03-26: Read twice and referred to the Select Committee on Intelligence.
- 2026-03-26: Introduced in Senate
Bill Versions
- Protecting Stolen Encrypted Data Act of 2026 — issued 2026-03-26 — PDF (5 pages)