Computer Security (Spyware)



Similar documents
The General Assembly of the Commonwealth of Pennsylvania hereby enacts as follows:

SP0346, LD 1029, item 1, 123rd Maine State Legislature An Act To Create the Maine Spyware Prevention Act

A Bill Regular Session, 2005 HOUSE BILL 2904

RHODE ISLAND IDENTITY THEFT RANKING BY STATE: Rank 34, 56.0 Complaints Per 100,000 Population, 592 Complaints (2007) Updated January 5, 2009

WASHINGTON IDENTITY THEFT RANKING BY STATE: Rank 13, 76.4 Complaints Per 100,000 Population, 4942 Complaints (2007) Updated January 11, 2009

ACE DigiTech SM Digital Technology & Professional Liability Small Business Application

Please see Section IX. for Additional Information:

MISSOURI IDENTITY THEFT RANKING BY STATE: Rank 21, 67.4 Complaints Per 100,000 Population, 3962 Complaints (2007) Updated January 11, 2009

TERMS OF SERVICE TELEPORT REQUEST RECEIVERS

MISSISSIPPI IDENTITY THEFT RANKING BY STATE: Rank 32, 57.3 Complaints Per 100,000 Population, 1673 Complaints (2007) Updated December 21, 2008

H. R SEC DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.

MARYLAND IDENTITY THEFT RANKING BY STATE: Rank 10, 85.8 Complaints Per 100,000 Population, 4821 Complaints (2007) Updated January 29, 2009

8 Securities Limited ( 8Sec ) reserves the right to update and change the TOS from time to time without notice or acceptance by you.

Broadband Acceptable Use Policy

Service Schedule for Business Lite powered by Microsoft Office 365

maintain and enforce on its user clients an acceptable use policy similar in scope and intent to this Acceptable Use Policy.

Enrolled Copy S.B. 67

INFORMATION SECURITY & PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY APPLICATION

Service Schedule for BT Business Lite Web Hosting and Business Lite powered by Microsoft Office 365

The Rosenthal Fair Debt Collection Practices Act California Civil Code 1788 et seq.

MOBILE BANKING AGREEMENT AND DISCLOSURE ONLINE BANKING ADDENDUM

Circumstances under which life settlement transactions are unlawful -- Required statement regarding false information -- Furnishing

Brattleboro Savings & Loan Mobile Banking Agreement

H. R. IN THE HOUSE OF REPRESENTATIVES A BILL

Terms and Conditions

13 HB 254/AP A BILL TO BE ENTITLED AN ACT

INFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE. I. GENERAL INFORMATION Full Name:

(1) The term automatic telephone dialing system means equipment which has the capacity

How To Pass A Bill Inmaryland

Acceptable Usage Policy Internet Service Provider / Customer Agreement

SOCIAL SECURITY NUMBER PRIVACY ACT (EXCERPT) Act 454 of This act shall be known and may be cited as the "social security number privacy act".

Chapter 8.24 ALARM SYSTEMS. Sections: Purpose and intent Applicability Definitions Alarm business duties.

EMPLOYEE ACCESS RELEASE AND AUTHORIZATION FORM MCS warehouse form No

INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES

COLORADO IDENTITY THEFT RANKING BY STATE: Rank 8, 89.0 Complaints Per 100,000 Population, 4328 Complaints (2007) Updated November 28, 2008

COMPUTER MISUSE AND CYBERSECURITY ACT (CHAPTER 50A)

Senate Bill No. 48 Committee on Health and Human Services

IMPORTANT IT IS DEAMED THAT YOU HAVE READ AND AGREE TO ALL TERMS & CONDITIONS BEFORE USING THIS WEBSITE.

MEDJOBBERS.COM & JOBBERS INC TERMS AND CONDITIONS

Sycamore Leaf Solutions LLC

By writing to: Cougar Wireless, Attention: Customer Service, 4526 S. Regal St., Suite A, Spokane, WA., 99224

Atlantic Broadband High-Speed Internet Subscriber Agreement. 1. Equipment Requirements for Provision of the Service

Privacy, Data Collection and Information Management Practice Team November 13, 2003

3. A. Date applicant was established: B. Geographic area in which applicant operates: Local Regional (multi-state) National International

GOSFIELD NORTH COMMUNICATIONS CO-OPERATIVE LIMITED ( GOSFIELD ) ACCEPTABLE USE POLICY

Acceptable Use Policy ("AUP")

VIRGIN BROADBAND BROADBAND SERVICES DESCRIPTION 1 ABOUT THIS SERVICE DESCRIPTION HOW WILL WE NOTIFY YOU OF CHANGES TO THE AGREEMENT?.

Consumer Software Working Group

Electronic Communications Privacy Protection Act. SECTION 1. {Title} This Act may be cited as the Electronic Communications Privacy Protection Act.

CYBER LIABILITY AND PRIVACY CRISIS MANAGEMENT EXPENSE APPLICATION

WISCONSIN IDENTITY THEFT RANKING BY STATE: Rank 15, Complaints Per 100,000 Population, 9852 Complaints (2007) Updated January 16, 2009

Zurich Security And Privacy Protection Policy Application

Plunder Design Terms and Conditions

Transfer funds between your savings, checking, and money market accounts.

State Enforcement of Privacy Laws. Phil Ziperman. Mark Pacella. Allen Brandt, CIPP/US, CIPP/E

Fusion Acceptable Use Policy. Effective Feb 2, 2015

VoIP Enhanced 911 and Enhanced Wireless 911 Service

MPL SECURE: MISCELLANEOUS PROFESSIONAL AND NETWORK SECURITY LIABILITY INSURANCE POLICY APPLICATION

APPLICATION FOR PRIMARY COMMERCIAL LIABILITY INSURANCE

ERRORS & OMISSIONS INSURANCE APPLICATION

Terms of Use Gateway Clipper Website

Online (Internet) Banking Agreement and Disclosure

Criminal Law Consolidation (Identity Theft) Amendment Act 2003

Legislative Language. Law Enforcement Provisions Related to Computer Security

AGREEMENT AND TERMS OF USE

BEAZLEY BREACH RESPONSE INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES SHORT FORM APPLICATION

ACCEPTABLE USE POLICY OF BROADVOX, INC; BROADVOX, LLC; (COLLECTIVELY BROADVOX )

TTCU THE CREDIT UNION

Computer Crime Laws, Trends and Security Basics

PocketSuite Terms of Service. Last modified: November 2015

THOMSON REUTERS (TAX & ACCOUNTING) INC. FOREIGN NATIONAL INFORMATION SYSTEM TERMS OF USE

Primary Commercial Liability Insurance Application

SUMMARY OF PUBLIC LAW THE CAN-SPAM ACT OF 2003

ILLINOIS IDENTITY THEFT RANKING BY STATE: Rank 11, 80.2 Complaints Per 100,000 Population, Complaints (2007) Updated November 30, 2008

TRANSPARENCY STATEMENT POLICIES PRESERVING THE OPEN INTERNET

HP0868, LD 1187, item 1, 123rd Maine State Legislature An Act To Recoup Health Care Funds through the Maine False Claims Act

Module 12 Managed Services TABLE OF CONTENTS. Use Guidelines

You must be at least 18 years of age to use our website. By using our website you warrant and represent that you are at least 18 years of age.

HART TELEPHONE COMPANY SERVICE TERMS AND CONDITIONS OF SERVICE

SECTION III COVERAGE REQUESTED. 2.Policy Limits Requested: $1M per claim / $1M annual aggregate $1M per claim / $3M annual aggregate Other:

Acceptable Use (Anti-Abuse) Policy

E-Sign Disclosure & E-Statements Terms and Conditions

Foreign Corrupt Practices Act Amendments 1

GlaxoSmithKline Single Sign On Portal for ClearView and Campaign Tracker - Terms of Use

OREGON IDENTITY THEFT RANKING BY STATE: Rank 20, 68.1 Complaints Per 100,000 Population, 2552 Complaints (2007) Updated January 10, 2009

OKLAHOMA LAWS RELATING TO IDENTITY THEFT

Legislative Language

Notes on Drafting LC0074 REQUIRING COMMERCIAL WEBSITES TO POST PRIVACY POLICIES

Fraud, Waste and Abuse Page 1 of 9

NC General Statutes - Chapter 75 Article 4 1

ARTICLE 5. ALARM DEVICES AND SYSTEMS

Acceptable Use Policy of UNWIRED Ltd.

TITLE I FORMER VICE PRESIDENT PROTECTION ACT

Essential Conversations Project Inc. Websites Terms & Conditions

January An Overview of U.S. Security Breach Statutes

Card Account means your Card account that is in relation to your Visa Wallet maintained and operated by Tune Money Sdn Bhd.

Service Monitoring Discrimination. Prohibited Uses and Activities Spamming Intellectual Property Violations 5

TERMS OF USE 1 DEFINITIONS

Money One Federal Credit Union Pocket 2 Pocket Service E-SIGNATURE AND ELECTRONIC DISCLOSURES AGREEMENT

Fraud Act 2006 CHAPTER 35 CONTENTS

Transcription:

Computer Security (Spyware) This draft legislation is one of several efforts by the SSL Committee to address the widespread problem of spyware, which occurs when software is surreptitiously loaded on someone s computer to monitor their Internet searches or collect data on their computer without their knowledge or consent. In 2005, the SSL Committee reviewed Utah H.B. 323 4 th Sub. The SSL Committee ultimately pulled that bill from its dockets at the request of the bill s sponsor. That Utah legislation was also struck down for violating the First Amendment and Dormant Commerce Clauses of the U.S. Constitution in WhenU.com, Inc., v. State of Utah. An SSL draft about spyware based on Utah H.B. 104 of the 2005 session (enrolled version) is in the 2006 Suggested State Legislation volume. Several bills about spyware were also introduced in Georgia in 2005. An SSL draft based on Georgia SB127 of 2005 (SB127/CSFA/1) is in the 2006 Suggested State Legislation volume. The SSL draft in this 2010 volume is based on Georgia 05 SB127/AP, a different version of that 2005 Georgia bill. This draft makes it illegal for third parties to knowingly and deceptively cause computer software to be copied onto personal computers that: changes the computer users settings without the users permission; prevents users from resetting their computers to their original preferences or removing the third party software; secretly collects information about Internet searches; disables the computer s security software; or causes related disruptive activities. Submitted as: Georgia SB 127 (As Passed) Status: Enacted into law in 2005. Suggested State Legislation (Title, enacting clause, etc.) 1 2 3 4 5 6 7 8 9 10 11 12 Section 1. [Short Title.] This Act shall be cited as The Computer Security Act. Section 2. [Definitions.] As used in this Act: (1) Advertisement means a communication, the primary purpose of which is the commercial promotion of a commercial product or service, including content on an Internet website operated for a commercial purpose. (2) Authorized user, with respect to a computer, means a person who owns or is authorized by the owner or lessee to use the computer. (3) Cause to be copied means to distribute or transfer computer software or any component thereof. Such term shall not include providing: (a) Transmission, routing, provision of intermediate temporary storage, or caching of software; 50 2010 Suggested State Legislation

13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 (b) A storage medium, such as a compact disk, website, or computer server, through which the software was distributed by a third party; or (c) An information location tool, such as a directory, index, reference, pointer, or hypertext link, through which the user of the computer located the software. (4) Computer software means a sequence of instructions written in any programming language that is executed on a computer. Such term shall not include a text or data file, a web page, or a data component of a web page that is not executable independently of the web page. (5) Computer virus means a computer program or other set of instructions that is designed to degrade the performance of or disable a computer or computer network and is designed to have the ability to replicate itself on other computers or computer networks without the authorization of the owners of those computers or computer networks. (6) Consumer means an individual who resides in this state and who uses the computer in question primarily for personal, family, or household purposes. (7) Damage means any significant impairment to the integrity or availability of data, software, a system, or information. (8) Execute, when used with respect to computer software, means the performance of the functions or the carrying out of the instructions of the computer software. (9) Intentionally deceptive means any of the following: (a) By means of an intentionally and materially false or fraudulent statement; (b) By means of a statement or description that intentionally omits or misrepresents material information in order to deceive the consumer; or (c) By means of an intentional and material failure to provide any notice to an authorized user regarding the download or installation of software in order to deceive the consumer. (10) Internet means the global information system that is logically linked together by a globally unique address space based on the Internet Protocol or its subsequent extensions; that is able to support communications using the Transmission Control Protocol/Internet Protocol suite, its subsequent extensions, or other Internet Protocol compatible protocols; and that provides, uses, or makes accessible, either publicly or privately, high level services layered on the communications and related infrastructure described in this paragraph. (11) Person means any individual, partnership, corporation, limited liability company, or other organization, or any combination thereof. (12) Personally identifiable information means any of the following: (a) A first name or first initial in combination with a last name; (b) Credit or debit card numbers or other financial account numbers; (c) A password or personal identification number required to access an identified financial account; (d) A Social Security number; or (e) Any of the following information in a form that personally identifies an authorized user: (i) Account balances; (ii) Overdraft history; (iii) Payment history; (iv) A history of websites visited; (v) A home address; (vi) A work address; or (vii) A record of a purchase or purchases. 51 2010 Suggested State Legislation

61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 Section 3. [Unlawful Acts Involving Computer Software.] (A) It shall be illegal for a person or entity that is not an authorized user, as defined in Section 2 of this Act, of a computer in this state to knowingly, willfully, or with conscious indifference or disregard cause computer software to be copied onto such computer and use the software to do any of the following: (1) Modify, through intentionally deceptive means, any of the following settings related to the computer s access to, or use of, the Internet: (a) The page that appears when an authorized user launches an Internet browser or similar software program used to access and navigate the Internet; (b) The default provider or web proxy the authorized user uses to access or search the Internet; or (c) The authorized user s list of bookmarks used to access web pages; (2) Collect, through intentionally deceptive means, personally identifiable information that meets any of the following criteria: (a) It is collected through the use of a keystroke-logging function that records all keystrokes made by an authorized user who uses the computer and transfers that information from the computer to another person; (b) It includes all or substantially all of the websites visited by an authorized user, other than websites of the provider of the software, if the computer software was installed in a manner designed to conceal from all authorized users of the computer the fact that the software is being installed; or (c) It is a data element described in subparagraph (b), (c), or (d) of paragraph (12) of section 2 of this Act, or in division (i) or (ii) of subparagraph (e) of paragraph (12) of section 2 of this Act, that is extracted from the consumer s or business entity s computer hard drive for a purpose wholly unrelated to any of the purposes of the software or service described to an authorized user; (3) Prevent, without the authorization of an authorized user, through intentionally deceptive means, an authorized user s reasonable efforts to block the installation of, or to disable, software, by causing software that the authorized user has properly removed or disabled to automatically reinstall or reactivate on the computer without the authorization of an authorized user; (4) Intentionally misrepresent that software will be uninstalled or disabled by an authorized user s action, with knowledge that the software will not be so uninstalled or disabled; or (5) Through intentionally deceptive means, remove, disable, or render inoperative security, antispyware, or antivirus software installed on the computer. (B) It shall be illegal for a person or entity that is not an authorized user, as defined in section 2 of this Act, of a computer in this state to knowingly, willfully, or with conscious indifference or disregard cause computer software to be copied onto such computer and use the software to do any of the following: (1) Take control of the consumer s or business entity s computer by doing any of the following: (a) Transmitting or relaying commercial electronic mail or a computer virus from the consumer s or business entity s computer, where the transmission or relaying is initiated by a person other than the authorized user and without the authorization of an authorized user; (b) Accessing or using the consumer s or business entity s modem or Internet service for the purpose of causing damage to the consumer s or business entity s 52 2010 Suggested State Legislation

109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 computer or of causing an authorized user or a third party affected by such conduct to incur financial charges for a service that is not authorized by an authorized user; (c) Using the consumer s or business entity s computer as part of an activity performed by a group of computers for the purpose of causing damage to another computer, including, but not limited to, launching a denial of service attack; or (d) Opening multiple, sequential, stand-alone advertisements in the consumer s or business entity s Internet browser without the authorization of an authorized user and with knowledge that a reasonable computer user cannot close the advertisements without turning off the computer or closing the consumer s or business entity s Internet browser; (2) Modify any of the following settings related to the computer s access to, or use of, the Internet: (a) An authorized user s security or other settings that protect information about the authorized user for the purpose of stealing personal information of an authorized user; or (b) The security settings of the computer for the purpose of causing damage to one or more computers; or (3) Prevent, without the authorization of an authorized user, an authorized user s reasonable efforts to block the installation of, or to disable, software, by doing any of the following: (a) Presenting the authorized user with an option to decline installation of software with knowledge that, when the option is selected by the authorized user, the installation nevertheless proceeds; or (b) Falsely representing that software has been disabled. (C) It shall be illegal for a person or entity that is not an authorized user, as defined in section 2 of this Act, of a computer in this state to do any of the following with regard to such computer: (1) Induce an authorized user to install a software component onto the computer by intentionally misrepresenting that installing software is necessary for security or privacy reasons or in order to open, view, or play a particular type of content; or (2) Deceptively causing the copying and execution on the computer of a computer software component with the intent of causing an authorized user to use the component in a way that violates any other provision of this paragraph C of this section of this Act. (D) Nothing in this section of this Act shall apply to any monitoring of, or interaction with, a user s Internet or other network connection or service, or a protected computer, by a telecommunications carrier, cable operator, computer hardware or software provider, or provider of information service or interactive computer service for network or computer security purposes, diagnostics, technical support, repair, network management, network maintenance, authorized updates of software or system firmware, authorized remote system management, or detection or prevention of the unauthorized use of or fraudulent or other illegal activities in connection with a network, service, or computer software, including scanning for and removing software proscribed under this Act. Section 4. [Penalties.] (A) Any person who violates the provisions of paragraph (2) of section 3 (A) of this Act, subparagraph (a), (b), or (c) of paragraph (1) of section 3 (B), or paragraph (2) of subsection (A) of section 3 (B) of this Act shall be guilty of a felony and, upon conviction thereof, shall be sentenced to imprisonment for [not less than one nor more than ten years] or a fine of [not more than $3 million], or both. 53 2010 Suggested State Legislation

157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 (B) The [Attorney General] may bring a civil action against any person violating this Act to the penalties for the violation and may recover any or all of the following: (1) A [civil penalty] of [up to $100 per violation] of this Act, or up to [$100,000] for a pattern or practice of such violations; (2) Costs and reasonable attorney s fees; and (3) An order to enjoin the violation. (C) In the case of a violation of subparagraph (B) of paragraph (1) of subsection (B) of section 3 of this Act that causes a telecommunications carrier to incur costs for the origination, transport, or termination of a call triggered using the modem of a customer of such telecommunications carrier as a result of such violation, the telecommunications carrier may bring a civil action against the violator to recover any or all of the following: (1) The charges such carrier is obligated to pay to another carrier or to an information service provider as a result of the violation, including, but not limited to, charges for the origination, transport or termination of the call; (2) Costs of handling customer inquiries or complaints with respect to amounts billed for such calls; (3) Costs and reasonable attorney s fees; and (4) An order to enjoin the violation. (D) An Internet service provider or software company that expends resources in good faith assisting consumers or business entities harmed by a violation of this Act, or a trademark owner whose mark is used to deceive consumers or business entities in violation of this Act, may enforce the violation and may recover any or all of the following: (1) Statutory damages of [not more than $100 per violation] of this Act, or up to [$1 million] for a pattern or practice of such violations; (2) Costs and reasonable attorney s fees; and (3) An order to enjoin the violation. Section 5. [Immunity from Liability for Violating this Act.] (A) For the purposes of this section, the term employer includes a business entity s officers, directors, parent corporation, subsidiaries, affiliates, and other corporate entities under common ownership or control within a business enterprise. No employer may be held criminally or civilly liable under this Act as a result of any actions taken: (1) With respect to computer equipment used by its employees, contractors, subcontractors, agents, leased employees, or other staff which the employer owns, leases, or otherwise makes available or allows to be connected to the employer s network or other computer facilities; or (2) By employees, contractors, subcontractors, agents, leased employees, or other staff who misuse an employer s computer equipment for an illegal purpose without the employer s knowledge, consent, or approval. (B) No person shall be held criminally or civilly liable under this Act when its protected computers have been used by unauthorized users to violate this Act or other laws without such person s knowledge, consent, or approval. (C) A manufacturer or retailer of computer equipment shall not be liable under this section, criminally or civilly, to the extent that the manufacturer or retailer is providing third party branded software that is installed on the computer equipment that the manufacturer or retailer is manufacturing or selling. 54 2010 Suggested State Legislation

204 205 206 207 208 209 210 211 212 213 214 Section 6. [Preempting Other Jurisdictional Actions About Spyware.] The [General Assembly] finds that this Act is a matter of state-wide concern. This Act supersedes and preempts all rules, regulations, codes, ordinances, and other laws adopted by any county, municipality, consolidated government, or other local governmental agency regarding spyware and notices to consumers from computer software providers regarding information collection. Section 7. [Severability.] [Insert severability clause.] Section 8. [Repealer.] [Insert repealer clause.] Section 9. [Effective Date.] [Insert effective date.] 55 2010 Suggested State Legislation

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information