Read twice and referred to the Committee on the Judiciary.
This bill (Cooper Davis and Devin Norring Act) adds a new reporting requirement to the Controlled Substances Act requiring electronic communication service providers and remote computing services to report to the Attorney General, within 60 days of obtaining actual knowledge (or optionally upon reasonable belief), facts or circumstances indicating certain crimes involving fentanyl, methamphetamine, counterfeit substances (including counterfeit prescription drugs), or unauthorized sale of prescription pain medications or stimulants. Reports must include provider contact information and, to the extent in the provider’s custody, identifying account information (e.g., name, IP address, URLs, screen names), and may include content or other contextual data at the provider’s discretion; providers must indicate whether the information was discovered by human moderation or automated means.
Privacy vs enforcement tradeoff: progressives emphasize risks to privacy, encryption, and marginalized groups; conservatives emphasize law-enforcement gains.
Relative to its intended legislative type, this bill is a detailed statutory package that creates new substantive obligations, enforcement tools, and reporting requirements for both providers and the Attorney General, with thoughtful integration into existing law and several privacy and abuse-mitigation provisions.
This bill (Cooper Davis and Devin Norring Act) adds a new reporting requirement to the Controlled Substances Act requiring electronic communication service providers and remote computing services to report to the Attorney General, within 60 days of obtaining actual knowledge (or optionally upon reasonable belief), facts or circumstances indicating certain crimes involving fentanyl, methamphetamine, counterfeit substances (including counterfeit prescription drugs), or unauthorized sale of prescription pain medications or stimulants.
Reports must include provider contact information and, to the extent in the provider’s custody, identifying account information (e.g., name, IP address, URLs, screen names), and may include content or other contextual data at the provider’s discretion; providers must indicate whether the information was discovered by human moderation or automated means.
The Attorney General must preliminarily review reports, may forward reports to other law enforcement, and must publish an annual report about submissions and dispositions; the bill also treats a provider’s submission as a 90-day preservation request under the Stored Communications Act and amends that Act to permit disclosure to the Attorney General for these reports.
On content alone, the bill addresses a politically salient public-safety issue and contains compromise elements that could attract some bipartisan support, but it also imposes new compliance duties on a broad set of technology providers and amends privacy-protecting statutes, which tends to generate strong opposing coalitions (industry, privacy advocates, and potential litigation). Those factors make enactment plausible but uncertain absent negotiation and likely amendment in committee or on the floor.
Relative to its intended legislative type, this bill is a detailed statutory package that creates new substantive obligations, enforcement tools, and reporting requirements for both providers and the Attorney General, with thoughtful integration into existing law and several privacy and abuse-mitigation provisions.
Privacy vs enforcement tradeoff: progressives emphasize risks to privacy, encryption, and marginalized groups; conservatives emphasize law-enforcement gains.
These are examples from the analysis, not a ranked list of the most-affected groups.
Privacy vs enforcement tradeoff: progressives emphasize risks to privacy, encryption, and marginalized groups; conservatives emphasize law-enforcement gains.
A mainstream progressive would likely be sympathetic to the bill’s goal of disrupting online drug trafficking—especially fentanyl—but concerned that the operational reporting requirements risk undermining privacy, free expression, and encryption norms.
They would read the bill’s privacy protections (no affirmative monitoring requirement, no forced decryption) as helpful but worry that broad reporting permissions to include communications and contextual data, the low thresholds like "reasonable belief," and the creation of an automatic preservation mechanism could enable overcollection and mission creep.
They would also be concerned about disparate impacts on marginalized communities and possible over-policing if reports are forwarded to state/local law enforcement without clear oversight.
A pragmatic moderate would likely support the bill’s objective to reduce online channels for deadly drugs like fentanyl, while wanting clearer statutory definitions and procedural safeguards to limit unintended consequences.
They would welcome the exemptions for broadband and text messaging providers and the bill’s explicit statements that it does not require monitoring or forced decryption, but would flag ambiguity around "actual knowledge" and the optional "reasonable belief" reporting path.
They would focus on designing workable compliance rules, minimizing burdens on smaller providers, ensuring AG accountability, and keeping legal standards that prevent mission creep.
A mainstream conservative would generally welcome stronger tools to combat fentanyl and methamphetamine trafficking, viewing the bill as a federal mechanism to pressure online platforms that enable illicit drug sales.
They would appreciate the bill’s exemptions for broadband and text messaging providers and the explicit statements that providers are not required to monitor or decrypt communications.
However, they could be wary of expanding centralized federal data collection and the criminal/civil penalties regime for providers, preferring clear limits on scope and liability and attention to cost implications.
Reached or meaningfully advanced
Reached or meaningfully advanced
Still ahead
Still ahead
Still ahead
On content alone, the bill addresses a politically salient public-safety issue and contains compromise elements that could attract some bipartisan support, but it also imposes new compliance duties on a broad set of technology providers and amends privacy-protecting statutes, which tends to generate strong opposing coalitions (industry, privacy advocates, and potential litigation). Those factors make enactment plausible but uncertain absent negotiation and likely amendment in committee or on the floor.
The bill has not accumulated any surfaced votes yet.
Privacy vs enforcement tradeoff: progressives emphasize risks to privacy, encryption, and marginalized groups; conservatives emphasize law-…
On content alone, the bill addresses a politically salient public-safety issue and contains compromise elements that could attract some bip…
Relative to its intended legislative type, this bill is a detailed statutory package that creates new substantive obligations, enforcement tools, and reporting requirements for both providers and the Attorney General, w…
Go beyond the headline summary with full stakeholder mapping, legislative design analysis, passage barriers, and lens-by-lens tradeoff breakdowns.