§ 8102. Limitations on compelled production of electronic information
(a) Except as provided in this section, a law enforcement officer shall not compel the
production of or access to protected user information from a service provider.
(b) A law enforcement officer may compel the production of or access to protected user
information from a service provider:
(1) pursuant to a warrant;
(2) pursuant to a judicially recognized exception to the warrant requirement;
(3) with the specific consent of a lawful user of the electronic communication service;
(4) if a law enforcement officer, in good faith, believes that an emergency involving
danger of death or serious bodily injury to any person requires access to the electronic
device information without delay; or
(5) except where prohibited by State or federal law, if the device is seized from an inmate’s
possession or found in an area of a correctional facility, jail, or lock-up under
the jurisdiction of the Department of Corrections, a sheriff, or a court to which
inmates have access and the device is not in the possession of an individual and the
device is not known or believed to be in the possession of an authorized visitor.
(c) A law enforcement officer may compel the production of or access to information kept
by a service provider other than protected user information:
(1) pursuant to a subpoena issued by a judicial officer, who shall issue the subpoena
upon a finding that:
(A) there is reasonable cause to believe that an offense has been committed; and
(B) the information sought is relevant to the offense or appears reasonably calculated
to lead to discovery of evidence of the alleged offense;
(2) pursuant to a subpoena issued by a grand jury;
(3) pursuant to a court order issued by a judicial officer upon a finding that the information
sought is reasonably related to a pending investigation or pending case; or
(4) for any of the reasons listed in subdivisions (b)(1)-(3) of this section.
(d) A warrant issued for protected user information shall comply with the following requirements:
(1) The warrant shall describe with particularity the information to be seized by specifying
the time periods covered and, as appropriate and reasonable, the target individuals
or accounts, the applications or services covered, and the types of information sought.
(2)(A) The warrant shall require that any information obtained through execution of the warrant
that is unrelated to the warrant’s objective not be subject to further review, use,
or disclosure without a court order.
(B) A court shall issue an order for review, use, or disclosure of information obtained
pursuant to subdivision (A) of this subdivision (2) if it finds there is probable
cause to believe that:
(i) the information is relevant to an active investigation;
(ii) the information constitutes evidence of a criminal offense; or
(iii) review, use, or disclosure of the information is required by State or federal law.
(e) A warrant or subpoena directed to a service provider shall be accompanied by an order
requiring the service provider to verify the authenticity of electronic information
that it produces by providing an affidavit that complies with the requirements of
Rule 902(11) or 902(12) of the Vermont Rules of Evidence.
(f) A service provider may voluntarily disclose information other than protected user
information when that disclosure is not otherwise prohibited by State or federal law.
(g) If a law enforcement officer receives information voluntarily provided pursuant to
subsection (f) of this section, the officer shall destroy the information within 90
days unless any of the following circumstances apply:
(1) A law enforcement officer has or obtains the specific consent of the sender or recipient
of the electronic communications about which information was disclosed.
(2) A law enforcement officer obtains a court order authorizing the retention of the information.
A court shall issue a retention order upon a finding that the conditions justifying
the initial voluntary disclosure persist. The order shall authorize the retention
of the information only for as long as:
(A) the conditions justifying the initial voluntary disclosure persist; or
(B) there is probable cause to believe that the information constitutes evidence of the
commission of a crime.
(3) A law enforcement officer reasonably believes that the information relates to an investigation
into child exploitation and the information is retained as part of a multiagency database
used in the investigation of similar offenses and related crimes.
(h) If a law enforcement officer obtains electronic information without a warrant under
subdivision (b)(4) of this section because of an emergency involving danger of death
or serious bodily injury to a person that requires access to the electronic information
without delay, the officer shall, within five days after obtaining the information,
apply for a warrant or order authorizing obtaining the electronic information or a
motion seeking approval of the emergency disclosures. The application or motion shall
set forth the facts giving rise to the emergency and shall, if applicable, include
a request supported by a sworn affidavit for an order delaying notification under
subdivision 8103(b)(1) of this section. The court shall promptly rule on the application
or motion. If the court finds that the facts did not give rise to an emergency or
denies the motion or application on any other ground, the court shall order the immediate
destruction of all information obtained, and immediate notification pursuant to subsection 8103(a) of this title if it has not already been provided.
(i) This section does not limit the existing authority of a law enforcement officer to
use legal process to do any of the following:
(1) require an originator, addressee, or intended recipient of an electronic communication
to disclose any protected user information associated with that communication;
(2) require an entity that provides electronic communications services to its officers,
directors, employees, or agents for the purpose of carrying out their duties to disclose
protected user information associated with an electronic communication to or from
an officer, director, employee, or agent of the entity; or
(3) require a service provider to provide subscriber information.
(j) A service provider shall not be subject to civil or criminal liability for producing
or providing access to information in good faith reliance on the provisions of this
section. This subsection shall not apply to gross negligence, recklessness, or intentional
misconduct by the service provider. (Added 2015, No. 169 (Adj. Sess.), § 5, eff. Oct. 1, 2016.)