§ 8102. Limitations on compelled production of electronic information
(a) Except as provided in this section, a law enforcement officer shall not compel the production of or access to protected user information from a service provider.
(b) A law enforcement officer may compel the production of or access to protected user information from a service provider:
(1) pursuant to a warrant;
(2) pursuant to a judicially recognized exception to the warrant requirement;
(3) with the specific consent of a lawful user of the electronic communication service;
(4) if a law enforcement officer, in good faith, believes that an emergency involving danger of death or serious bodily injury to any person requires access to the electronic device information without delay; or
(5) except where prohibited by State or federal law, if the device is seized from an inmate's possession or found in an area of a correctional facility, jail, or lock-up under the jurisdiction of the Department of Corrections, a sheriff, or a court to which inmates have access and the device is not in the possession of an individual and the device is not known or believed to be in the possession of an authorized visitor.
(c) A law enforcement officer may compel the production of or access to information kept by a service provider other than protected user information:
(1) pursuant to a subpoena issued by a judicial officer, who shall issue the subpoena upon a finding that:
(A) there is reasonable cause to believe that an offense has been committed; and
(B) the information sought is relevant to the offense or appears reasonably calculated to lead to discovery of evidence of the alleged offense;
(2) pursuant to a subpoena issued by a grand jury;
(3) pursuant to a court order issued by a judicial officer upon a finding that the information sought is reasonably related to a pending investigation or pending case; or
(4) for any of the reasons listed in subdivisions (b)(1)-(3) of this section.
(d) A warrant issued for protected user information shall comply with the following requirements:
(1) The warrant shall describe with particularity the information to be seized by specifying the time periods covered and, as appropriate and reasonable, the target individuals or accounts, the applications or services covered, and the types of information sought.
(2)(A) The warrant shall require that any information obtained through execution of the warrant that is unrelated to the warrant's objective not be subject to further review, use, or disclosure without a court order.
(B) A court shall issue an order for review, use, or disclosure of information obtained pursuant to subdivision (A) of this subdivision (2) if it finds there is probable cause to believe that:
(i) the information is relevant to an active investigation;
(ii) the information constitutes evidence of a criminal offense; or
(iii) review, use, or disclosure of the information is required by State or federal law.
(e) A warrant or subpoena directed to a service provider shall be accompanied by an order requiring the service provider to verify the authenticity of electronic information that it produces by providing an affidavit that complies with the requirements of Rule 902(11) or 902(12) of the Vermont Rules of Evidence.
(f) A service provider may voluntarily disclose information other than protected user information when that disclosure is not otherwise prohibited by State or federal law.
(g) If a law enforcement officer receives information voluntarily provided pursuant to subsection (f) of this section, the officer shall destroy the information within 90 days unless any of the following circumstances apply:
(1) A law enforcement officer has or obtains the specific consent of the sender or recipient of the electronic communications about which information was disclosed.
(2) A law enforcement officer obtains a court order authorizing the retention of the information. A court shall issue a retention order upon a finding that the conditions justifying the initial voluntary disclosure persist. The order shall authorize the retention of the information only for as long as:
(A) the conditions justifying the initial voluntary disclosure persist; or
(B) there is probable cause to believe that the information constitutes evidence of the commission of a crime.
(3) A law enforcement officer reasonably believes that the information relates to an investigation into child exploitation and the information is retained as part of a multiagency database used in the investigation of similar offenses and related crimes.
(h) If a law enforcement officer obtains electronic information without a warrant under subdivision (b)(4) of this section because of an emergency involving danger of death or serious bodily injury to a person that requires access to the electronic information without delay, the officer shall, within five days after obtaining the information, apply for a warrant or order authorizing obtaining the electronic information or a motion seeking approval of the emergency disclosures. The application or motion shall set forth the facts giving rise to the emergency and shall, if applicable, include a request supported by a sworn affidavit for an order delaying notification under subdivision 8103(b)(1) of this section. The court shall promptly rule on the application or motion. If the court finds that the facts did not give rise to an emergency or denies the motion or application on any other ground, the court shall order the immediate destruction of all information obtained, and immediate notification pursuant to subsection 8103(a) of this title if it has not already been provided.
(i) This section does not limit the existing authority of a law enforcement officer to use legal process to do any of the following:
(1) require an originator, addressee, or intended recipient of an electronic communication to disclose any protected user information associated with that communication;
(2) require an entity that provides electronic communications services to its officers, directors, employees, or agents for the purpose of carrying out their duties to disclose protected user information associated with an electronic communication to or from an officer, director, employee, or agent of the entity; or
(3) require a service provider to provide subscriber information.
(j) A service provider shall not be subject to civil or criminal liability for producing or providing access to information in good faith reliance on the provisions of this section. This subsection shall not apply to gross negligence, recklessness, or intentional misconduct by the service provider. (Added 2015, No. 169 (Adj. Sess.), § 5, eff. Oct. 1, 2016.)