House File 614 - Enrolled

PAG LIN

  1  1                                             HOUSE FILE 614
  1  2
  1  3                             AN ACT
  1  4 RELATING TO THE TRANSMISSION, INSTALLATION, AND USE OF
  1  5    COMPUTER SOFTWARE THROUGH DECEPTIVE OR UNAUTHORIZED
  1  6    MEANS AND PROVIDING FOR PENALTIES.
  1  7
  1  8 BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF IOWA:
  1  9
  1 10    Section 1.  NEW SECTION.  714F.1  LEGISLATIVE INTENT.
  1 11    It is the intent of the general assembly to protect owners
  1 12 and operators of computers in this state from the use of
  1 13 spyware and malware that is deceptively or surreptitiously
  1 14 installed on the owner's or the operator's computer.
  1 15    Sec. 2.  NEW SECTION.  714F.2  TITLE.
  1 16    This chapter shall be known and may be cited as the
  1 17 "Computer Spyware Protection Act".
  1 18    Sec. 3.  NEW SECTION.  714F.3  DEFINITIONS.
  1 19    For purposes of this chapter, unless the context otherwise
  1 20 requires:
  1 21    1.  "Advertisement" means a communication, the primary
  1 22 purpose of which is the commercial promotion of a commercial
  1 23 product or service, including content on an internet website
  1 24 operated for a commercial purpose.
  1 25    2.  "Computer software" means a sequence of instructions
  1 26 written in any programming language that is executed on a
  1 27 computer.  "Computer software" does not include computer
  1 28 software that is a web page or data components of a web page
  1 29 that are not executable independently of the web page.
  1 30    3.  "Damage" means any significant impairment to the
  1 31 integrity or availability of data, software, a system, or
  1 32 information.
  1 33    4.  "Execute", when used with respect to computer software,
  1 34 means the performance of the functions or the carrying out of
  1 35 the instructions of the computer software.
  2  1    5.  "Intentionally deceptive" means any of the following:
  2  2    a.  An intentionally and materially false or fraudulent
  2  3 statement.
  2  4    b.  A statement or description that intentionally omits or
  2  5 misrepresents material information in order to deceive an
  2  6 owner or operator of a computer.
  2  7    c.  An intentional and material failure to provide a notice
  2  8 to an owner or operator regarding the installation or
  2  9 execution of computer software for the purpose of deceiving
  2 10 the owner or operator.
  2 11    6.  "Internet" means the same as defined in section 4.1.
  2 12    7.  "Owner or operator" means the owner or lessee of a
  2 13 computer, or a person using such computer with the owner or
  2 14 lessee's authorization, but does not include a person who
  2 15 owned a computer prior to the first retail sale of the
  2 16 computer.
  2 17    8.  "Person" means the same as defined in section 4.1.
  2 18    9.  "Personally identifiable information" means any of the
  2 19 following information with respect to the owner or operator of
  2 20 a computer:
  2 21    a.  The first name or first initial in combination with the
  2 22 last name.
  2 23    b.  A home or other physical address including street name.
  2 24    c.  An electronic mail address.
  2 25    d.  Credit or debit card number, bank account number, or
  2 26 any password or access code associated with a credit or debit
  2 27 card or bank account.
  2 28    e.  Social security number, tax identification number,
  2 29 driver's license number, passport number, or any other
  2 30 government=issued identification number.
  2 31    f.  Account balance, overdraft history, or payment history
  2 32 that personally identifies an owner or operator of a computer.
  2 33    10.  "Transmit" means to transfer, send, or make available
  2 34 computer software using the internet or any other medium,
  2 35 including local area networks of computers other than a
  3  1 wireless transmission, and a disc or other data storage
  3  2 device.  "Transmit" does not include an action by a person
  3  3 providing any of the following:
  3  4    a.  An internet connection, telephone connection, or other
  3  5 means of transmission capability such as a compact disc or
  3  6 digital video disc through which the computer software was
  3  7 made available.
  3  8    b.  The storage or hosting of the computer software program
  3  9 or an internet web page through which the software was made
  3 10 available.
  3 11    c.  An information location tool, such as a directory,
  3 12 index, reference, pointer, or hypertext link, through which
  3 13 the user of the computer located the computer software, unless
  3 14 the person transmitting receives a direct economic benefit
  3 15 from the execution of such software on the computer.
  3 16    Sec. 4.  NEW SECTION.  714F.4  PROHIBITIONS == TRANSMISSION
  3 17 AND USE OF SOFTWARE.
  3 18    It is unlawful for a person who is not an owner or operator
  3 19 of a computer to transmit computer software to such computer
  3 20 knowingly or with conscious avoidance of actual knowledge, and
  3 21 to use such software to do any of the following:
  3 22    1.  Modify, through intentionally deceptive means, settings
  3 23 of a computer that control any of the following:
  3 24    a.  The web page that appears when an owner or operator
  3 25 launches an internet browser or similar computer software used
  3 26 to access and navigate the internet.
  3 27    b.  The default provider or web proxy that an owner or
  3 28 operator uses to access or search the internet.
  3 29    c.  An owner's or an operator's list of bookmarks used to
  3 30 access web pages.
  3 31    2.  Collect, through intentionally deceptive means,
  3 32 personally identifiable information through any of the
  3 33 following means:
  3 34    a.  The use of a keystroke=logging function that records
  3 35 keystrokes made by an owner or operator of a computer and
  4  1 transfers that information from the computer to another
  4  2 person.
  4  3    b.  In a manner that correlates personally identifiable
  4  4 information with data respecting all or substantially all of
  4  5 the websites visited by an owner or operator, other than
  4  6 websites operated by the person collecting such information.
  4  7    c.  By extracting from the hard drive of an owner's or an
  4  8 operator's computer, an owner's or an operator's social
  4  9 security number, tax identification number, driver's license
  4 10 number, passport number, any other government=issued
  4 11 identification number, account balances, or overdraft history.
  4 12    3.  Prevent, through intentionally deceptive means, an
  4 13 owner's or an operator's reasonable efforts to block the
  4 14 installation of, or to disable, computer software by causing
  4 15 computer software that the owner or operator has properly
  4 16 removed or disabled to automatically reinstall or reactivate
  4 17 on the computer.
  4 18    4.  Intentionally misrepresent that computer software will
  4 19 be uninstalled or disabled by an owner's or an operator's
  4 20 action.
  4 21    5.  Through intentionally deceptive means, remove, disable,
  4 22 or render inoperative security, antispyware, or antivirus
  4 23 computer software installed on an owner's or an operator's
  4 24 computer.
  4 25    6.  Take control of an owner's or an operator's computer by
  4 26 doing any of the following:
  4 27    a.  Accessing or using a modem or internet service for the
  4 28 purpose of causing damage to an owner's or an operator's
  4 29 computer or causing an owner or operator to incur financial
  4 30 charges for a service that the owner or operator did not
  4 31 authorize.
  4 32    b.  Opening multiple, sequential, stand=alone
  4 33 advertisements in an owner's or an operator's internet browser
  4 34 without the authorization of an owner or operator and which a
  4 35 reasonable computer user could not close without turning off
  5  1 the computer or closing the internet browser.
  5  2    7.  Modify any of the following settings related to an
  5  3 owner's or an operator's computer access to, or use of, the
  5  4 internet:
  5  5    a.  Settings that protect information about an owner or
  5  6 operator for the purpose of taking personally identifiable
  5  7 information of the owner or operator.
  5  8    b.  Security settings for the purpose of causing damage to
  5  9 a computer.
  5 10    8.  Prevent an owner's or an operator's reasonable efforts
  5 11 to block the installation of, or to disable, computer software
  5 12 by doing any of the following:
  5 13    a.  Presenting the owner or operator with an option to
  5 14 decline installation of computer software with knowledge that,
  5 15 when the option is selected by the authorized user, the
  5 16 installation nevertheless proceeds.
  5 17    b.  Falsely representing that computer software has been
  5 18 disabled.
  5 19    Sec. 5.  NEW SECTION.  714F.5  OTHER PROHIBITIONS.
  5 20    It is unlawful for a person who is not an owner or operator
  5 21 of a computer to do any of the following with regard to the
  5 22 computer:
  5 23    1.  Induce an owner or operator to install a computer
  5 24 software component onto the owner's or the operator's computer
  5 25 by intentionally misrepresenting that installing computer
  5 26 software is necessary for security or privacy reasons or in
  5 27 order to open, view, or play a particular type of content.
  5 28    2.  Using intentionally deceptive means to cause the
  5 29 execution of a computer software component with the intent of
  5 30 causing an owner or operator to use such component in a manner
  5 31 that violates any other provision of this chapter.
  5 32    Sec. 6.  NEW SECTION.  714F.6  EXCEPTIONS.
  5 33    Sections 714F.4 and 714F.5 shall not apply to the
  5 34 monitoring of, or interaction with, an owner's or an
  5 35 operator's internet or other network connection, service, or
  6  1 computer, by a telecommunications carrier, cable operator,
  6  2 computer hardware or software provider, or provider of
  6  3 information service or interactive computer service for
  6  4 network or computer security purposes, diagnostics, technical
  6  5 support, maintenance, repair, authorized updates of computer
  6  6 software or system firmware, authorized remote system
  6  7 management, or detection or prevention of the unauthorized use
  6  8 of or fraudulent or other illegal activities in connection
  6  9 with a network, service, or computer software, including
  6 10 scanning for and removing computer software prescribed under
  6 11 this chapter.  Nothing in this chapter shall limit the rights
  6 12 of providers of wire and electronic communications under 18
  6 13 U.S.C. } 2511.
  6 14    Sec. 7.  NEW SECTION.  714F.7  CRIMINAL PENALTIES.
  6 15    1.  A person who commits an unlawful act under this chapter
  6 16 is guilty of an aggravated misdemeanor.
  6 17    2.  A person who commits an unlawful act under this chapter
  6 18 and who causes pecuniary losses exceeding one thousand dollars
  6 19 to a victim of the unlawful act is guilty of a class "D"
  6 20 felony.
  6 21    Sec. 8.  NEW SECTION.  714F.8  VENUE FOR CRIMINAL
  6 22 VIOLATIONS.
  6 23    For the purpose of determining proper venue, a violation of
  6 24 this chapter shall be considered to have been committed in any
  6 25 county in which any of the following apply:
  6 26    1.  An act was performed in furtherance of the violation.
  6 27    2.  The owner or operator who is the victim of the
  6 28 violation has a place of business in this state.
  6 29    3.  The defendant has control or possession of any proceeds
  6 30 of the violation, or of any books, records, documents,
  6 31 property, financial instrument, computer software, computer
  6 32 program, computer data, or other material or objects used in
  6 33 furtherance of the violation.
  6 34    4.  The defendant unlawfully accessed a computer or
  6 35 computer network by wires, electromagnetic waves, microwaves,
  7  1 or any other means of communication.
  7  2    5.  The defendant resides.
  7  3    6.  A computer used as an object or an instrument in the
  7  4 commission of the violation was located at the time of the
  7  5 violation.
  7  6
  7  7
  7  8                                                             
  7  9                               CHRISTOPHER C. RANTS
  7 10                               Speaker of the House
  7 11
  7 12
  7 13                                                             
  7 14                               JOHN P. KIBBIE
  7 15                               President of the Senate
  7 16
  7 17    I hereby certify that this bill originated in the House and
  7 18 is known as House File 614, Eighty=first General Assembly.
  7 19
  7 20
  7 21                                                             
  7 22                               MARGARET THOMSON
  7 23                               Chief Clerk of the House
  7 24 Approved                , 2005
  7 25
  7 26
  7 27                            
  7 28 THOMAS J. VILSACK
  7 29 Governor