Sponsors (2)
The bill empowers DoD/DNI to find and remove foreign-held stolen U.S. data—strengthening national security and reducing economic harm—but it raises significant privacy, due process, operational, and cost risks that could affect many Americans.
Taxpayers and federal employees: Enables the DoD and DNI to locate and remove foreign-held stolen classified information, reducing the risk that leaked military and intelligence secrets are exploited.
Individuals and companies: Directs strategies to find and address stolen financial, medical, biometric, intellectual-property, and trade-secret data of U.S. persons, which can limit identity theft, economic loss, and corporate IP theft.
Owners of compromised data (individuals and firms): Requires, when practicable, that lawful owners be notified of intent and of successful actions, giving them visibility into government interventions and outcomes.
People in the U.S.: Expands DoD/DNI authority to access or manipulate encrypted data of U.S. persons, risking exposure of private medical and financial records and broader civil liberties harms.
Taxpayers and businesses: Allows joint determinations and operations that may occur without individual judicial review, creating risks of government overreach and gaps in due process.
Hospitals, financial institutions, and businesses: Efforts to destroy or manipulate foreign-held data could cause collateral damage—disrupting legitimate systems, causing outages, or resulting in unintended data loss for U.S. owners.
Based on analysis of 2 sections of legislative text.
Directs DoD and DNI to identify and assess stolen encrypted U.S. data and classified information abroad and, after a joint determination, to attempt to destroy, manipulate, or recover encrypted material; requires a report to Congress within 1 year.
Requires the President, acting through the Secretary of Defense and the Director of National Intelligence, to develop strategies to locate and assess U.S. persons' stolen data and classified information that are unlawfully held by foreign entities and to determine whether that material was encrypted and whether it has been decrypted. Authorizes the Secretary of Defense and the Director of National Intelligence, acting jointly and after determining such action serves U.S. economic and national security interests, to attempt to destroy, manipulate, or recover encrypted unlawfully-held material that has not been decrypted, and to notify lawful owners when practicable; it also requires an unclassified report to Congress (with a classified annex if needed) within one year with recommendations for further action. The measure focuses on covered data types including financial, medical, biometric data, intellectual property, trade secrets of U.S. persons, and classified information, and sets a one-year deadline for agencies to present strategies and recommended legislative or administrative steps to Congress.
Introduced March 26, 2026 by Margaret Wood Hassan · Last progress March 26, 2026