House File 614 - Enrolled PAG LIN 1 1 HOUSE FILE 614 1 2 1 3 AN ACT 1 4 RELATING TO THE TRANSMISSION, INSTALLATION, AND USE OF 1 5 COMPUTER SOFTWARE THROUGH DECEPTIVE OR UNAUTHORIZED 1 6 MEANS AND PROVIDING FOR PENALTIES. 1 7 1 8 BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF IOWA: 1 9 1 10 Section 1. NEW SECTION. 714F.1 LEGISLATIVE INTENT. 1 11 It is the intent of the general assembly to protect owners 1 12 and operators of computers in this state from the use of 1 13 spyware and malware that is deceptively or surreptitiously 1 14 installed on the owner's or the operator's computer. 1 15 Sec. 2. NEW SECTION. 714F.2 TITLE. 1 16 This chapter shall be known and may be cited as the 1 17 "Computer Spyware Protection Act". 1 18 Sec. 3. NEW SECTION. 714F.3 DEFINITIONS. 1 19 For purposes of this chapter, unless the context otherwise 1 20 requires: 1 21 1. "Advertisement" means a communication, the primary 1 22 purpose of which is the commercial promotion of a commercial 1 23 product or service, including content on an internet website 1 24 operated for a commercial purpose. 1 25 2. "Computer software" means a sequence of instructions 1 26 written in any programming language that is executed on a 1 27 computer. "Computer software" does not include computer 1 28 software that is a web page or data components of a web page 1 29 that are not executable independently of the web page. 1 30 3. "Damage" means any significant impairment to the 1 31 integrity or availability of data, software, a system, or 1 32 information. 1 33 4. "Execute", when used with respect to computer software, 1 34 means the performance of the functions or the carrying out of 1 35 the instructions of the computer software. 2 1 5. "Intentionally deceptive" means any of the following: 2 2 a. An intentionally and materially false or fraudulent 2 3 statement. 2 4 b. A statement or description that intentionally omits or 2 5 misrepresents material information in order to deceive an 2 6 owner or operator of a computer. 2 7 c. An intentional and material failure to provide a notice 2 8 to an owner or operator regarding the installation or 2 9 execution of computer software for the purpose of deceiving 2 10 the owner or operator. 2 11 6. "Internet" means the same as defined in section 4.1. 2 12 7. "Owner or operator" means the owner or lessee of a 2 13 computer, or a person using such computer with the owner or 2 14 lessee's authorization, but does not include a person who 2 15 owned a computer prior to the first retail sale of the 2 16 computer. 2 17 8. "Person" means the same as defined in section 4.1. 2 18 9. "Personally identifiable information" means any of the 2 19 following information with respect to the owner or operator of 2 20 a computer: 2 21 a. The first name or first initial in combination with the 2 22 last name. 2 23 b. A home or other physical address including street name. 2 24 c. An electronic mail address. 2 25 d. Credit or debit card number, bank account number, or 2 26 any password or access code associated with a credit or debit 2 27 card or bank account. 2 28 e. Social security number, tax identification number, 2 29 driver's license number, passport number, or any other 2 30 government=issued identification number. 2 31 f. Account balance, overdraft history, or payment history 2 32 that personally identifies an owner or operator of a computer. 2 33 10. "Transmit" means to transfer, send, or make available 2 34 computer software using the internet or any other medium, 2 35 including local area networks of computers other than a 3 1 wireless transmission, and a disc or other data storage 3 2 device. "Transmit" does not include an action by a person 3 3 providing any of the following: 3 4 a. An internet connection, telephone connection, or other 3 5 means of transmission capability such as a compact disc or 3 6 digital video disc through which the computer software was 3 7 made available. 3 8 b. The storage or hosting of the computer software program 3 9 or an internet web page through which the software was made 3 10 available. 3 11 c. An information location tool, such as a directory, 3 12 index, reference, pointer, or hypertext link, through which 3 13 the user of the computer located the computer software, unless 3 14 the person transmitting receives a direct economic benefit 3 15 from the execution of such software on the computer. 3 16 Sec. 4. NEW SECTION. 714F.4 PROHIBITIONS == TRANSMISSION 3 17 AND USE OF SOFTWARE. 3 18 It is unlawful for a person who is not an owner or operator 3 19 of a computer to transmit computer software to such computer 3 20 knowingly or with conscious avoidance of actual knowledge, and 3 21 to use such software to do any of the following: 3 22 1. Modify, through intentionally deceptive means, settings 3 23 of a computer that control any of the following: 3 24 a. The web page that appears when an owner or operator 3 25 launches an internet browser or similar computer software used 3 26 to access and navigate the internet. 3 27 b. The default provider or web proxy that an owner or 3 28 operator uses to access or search the internet. 3 29 c. An owner's or an operator's list of bookmarks used to 3 30 access web pages. 3 31 2. Collect, through intentionally deceptive means, 3 32 personally identifiable information through any of the 3 33 following means: 3 34 a. The use of a keystroke=logging function that records 3 35 keystrokes made by an owner or operator of a computer and 4 1 transfers that information from the computer to another 4 2 person. 4 3 b. In a manner that correlates personally identifiable 4 4 information with data respecting all or substantially all of 4 5 the websites visited by an owner or operator, other than 4 6 websites operated by the person collecting such information. 4 7 c. By extracting from the hard drive of an owner's or an 4 8 operator's computer, an owner's or an operator's social 4 9 security number, tax identification number, driver's license 4 10 number, passport number, any other government=issued 4 11 identification number, account balances, or overdraft history. 4 12 3. Prevent, through intentionally deceptive means, an 4 13 owner's or an operator's reasonable efforts to block the 4 14 installation of, or to disable, computer software by causing 4 15 computer software that the owner or operator has properly 4 16 removed or disabled to automatically reinstall or reactivate 4 17 on the computer. 4 18 4. Intentionally misrepresent that computer software will 4 19 be uninstalled or disabled by an owner's or an operator's 4 20 action. 4 21 5. Through intentionally deceptive means, remove, disable, 4 22 or render inoperative security, antispyware, or antivirus 4 23 computer software installed on an owner's or an operator's 4 24 computer. 4 25 6. Take control of an owner's or an operator's computer by 4 26 doing any of the following: 4 27 a. Accessing or using a modem or internet service for the 4 28 purpose of causing damage to an owner's or an operator's 4 29 computer or causing an owner or operator to incur financial 4 30 charges for a service that the owner or operator did not 4 31 authorize. 4 32 b. Opening multiple, sequential, stand=alone 4 33 advertisements in an owner's or an operator's internet browser 4 34 without the authorization of an owner or operator and which a 4 35 reasonable computer user could not close without turning off 5 1 the computer or closing the internet browser. 5 2 7. Modify any of the following settings related to an 5 3 owner's or an operator's computer access to, or use of, the 5 4 internet: 5 5 a. Settings that protect information about an owner or 5 6 operator for the purpose of taking personally identifiable 5 7 information of the owner or operator. 5 8 b. Security settings for the purpose of causing damage to 5 9 a computer. 5 10 8. Prevent an owner's or an operator's reasonable efforts 5 11 to block the installation of, or to disable, computer software 5 12 by doing any of the following: 5 13 a. Presenting the owner or operator with an option to 5 14 decline installation of computer software with knowledge that, 5 15 when the option is selected by the authorized user, the 5 16 installation nevertheless proceeds. 5 17 b. Falsely representing that computer software has been 5 18 disabled. 5 19 Sec. 5. NEW SECTION. 714F.5 OTHER PROHIBITIONS. 5 20 It is unlawful for a person who is not an owner or operator 5 21 of a computer to do any of the following with regard to the 5 22 computer: 5 23 1. Induce an owner or operator to install a computer 5 24 software component onto the owner's or the operator's computer 5 25 by intentionally misrepresenting that installing computer 5 26 software is necessary for security or privacy reasons or in 5 27 order to open, view, or play a particular type of content. 5 28 2. Using intentionally deceptive means to cause the 5 29 execution of a computer software component with the intent of 5 30 causing an owner or operator to use such component in a manner 5 31 that violates any other provision of this chapter. 5 32 Sec. 6. NEW SECTION. 714F.6 EXCEPTIONS. 5 33 Sections 714F.4 and 714F.5 shall not apply to the 5 34 monitoring of, or interaction with, an owner's or an 5 35 operator's internet or other network connection, service, or 6 1 computer, by a telecommunications carrier, cable operator, 6 2 computer hardware or software provider, or provider of 6 3 information service or interactive computer service for 6 4 network or computer security purposes, diagnostics, technical 6 5 support, maintenance, repair, authorized updates of computer 6 6 software or system firmware, authorized remote system 6 7 management, or detection or prevention of the unauthorized use 6 8 of or fraudulent or other illegal activities in connection 6 9 with a network, service, or computer software, including 6 10 scanning for and removing computer software prescribed under 6 11 this chapter. Nothing in this chapter shall limit the rights 6 12 of providers of wire and electronic communications under 18 6 13 U.S.C. } 2511. 6 14 Sec. 7. NEW SECTION. 714F.7 CRIMINAL PENALTIES. 6 15 1. A person who commits an unlawful act under this chapter 6 16 is guilty of an aggravated misdemeanor. 6 17 2. A person who commits an unlawful act under this chapter 6 18 and who causes pecuniary losses exceeding one thousand dollars 6 19 to a victim of the unlawful act is guilty of a class "D" 6 20 felony. 6 21 Sec. 8. NEW SECTION. 714F.8 VENUE FOR CRIMINAL 6 22 VIOLATIONS. 6 23 For the purpose of determining proper venue, a violation of 6 24 this chapter shall be considered to have been committed in any 6 25 county in which any of the following apply: 6 26 1. An act was performed in furtherance of the violation. 6 27 2. The owner or operator who is the victim of the 6 28 violation has a place of business in this state. 6 29 3. The defendant has control or possession of any proceeds 6 30 of the violation, or of any books, records, documents, 6 31 property, financial instrument, computer software, computer 6 32 program, computer data, or other material or objects used in 6 33 furtherance of the violation. 6 34 4. The defendant unlawfully accessed a computer or 6 35 computer network by wires, electromagnetic waves, microwaves, 7 1 or any other means of communication. 7 2 5. The defendant resides. 7 3 6. A computer used as an object or an instrument in the 7 4 commission of the violation was located at the time of the 7 5 violation. 7 6 7 7 7 8 7 9 CHRISTOPHER C. RANTS 7 10 Speaker of the House 7 11 7 12 7 13 7 14 JOHN P. KIBBIE 7 15 President of the Senate 7 16 7 17 I hereby certify that this bill originated in the House and 7 18 is known as House File 614, Eighty=first General Assembly. 7 19 7 20 7 21 7 22 MARGARET THOMSON 7 23 Chief Clerk of the House 7 24 Approved , 2005 7 25 7 26 7 27 7 28 THOMAS J. VILSACK 7 29 Governor