House File 614 - Introduced
HOUSE FILE
BY COMMITTEE ON COMMERCE,
REGULATION AND LABOR
(SUCCESSOR TO HF 465)
Passed House, Date Passed Senate, Date
Vote: Ayes Nays Vote: Ayes Nays
Approved
A BILL FOR
1 An Act relating to the transmission, installation, and use of
2 computer software through deceptive or unauthorized means.
3 BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF IOWA:
4 TLSB 2193HV 81
5 kk/cf/24
PAG LIN
1 1 Section 1. NEW SECTION. 714F.1 LEGISLATIVE INTENT.
1 2 It is the intent of the general assembly to protect owners
1 3 and operators of computers in this state from the use of
1 4 spyware and malware that is deceptively or surreptitiously
1 5 installed on the owner's or the operator's computer.
1 6 Sec. 2. NEW SECTION. 714F.2 TITLE.
1 7 This chapter shall be known and may be cited as the
1 8 "Computer Spyware Protection Act".
1 9 Sec. 3. NEW SECTION. 714F.3 DEFINITIONS.
1 10 For purposes of this chapter, unless the context otherwise
1 11 requires:
1 12 1. "Advertisement" means a communication, the primary
1 13 purpose of which is the commercial promotion of a commercial
1 14 product or service, including content on an internet website
1 15 operated for a commercial purpose.
1 16 2. "Computer software" means a sequence of instructions
1 17 written in any programming language that is executed on a
1 18 computer. "Computer software" does not include computer
1 19 software that is a web page or data components of a web page
1 20 that are not executable independently of the web page.
1 21 3. "Damage" means any significant impairment to the
1 22 integrity or availability of data, software, a system, or
1 23 information.
1 24 4. "Execute", when used with respect to computer software,
1 25 means the performance of the functions or the carrying out of
1 26 the instructions of the computer software.
1 27 5. "Intentionally deceptive" means any of the following:
1 28 a. An intentionally and materially false or fraudulent
1 29 statement.
1 30 b. A statement or description that intentionally omits or
1 31 misrepresents material information in order to deceive an
1 32 owner or operator of a computer.
1 33 c. An intentional and material failure to provide a notice
1 34 to an owner or operator regarding the installation or
1 35 execution of computer software for the purpose of deceiving
2 1 the owner or operator.
2 2 6. "Internet" means the same as defined in section 4.1.
2 3 7. "Owner or operator" means the owner or lessee of a
2 4 computer, or a person using such computer with the owner or
2 5 lessee's authorization, but does not include a person who
2 6 owned a computer prior to the first retail sale of the
2 7 computer.
2 8 8. "Person" means the same as defined in section 4.1.
2 9 9. "Personally identifiable information" means any of the
2 10 following information with respect to the owner or operator of
2 11 a computer:
2 12 a. The first name or first initial in combination with the
2 13 last name.
2 14 b. A home or other physical address including street name.
2 15 c. An electronic mail address.
2 16 d. Credit or debit card number, bank account number, or
2 17 any password or access code associated with a credit or debit
2 18 card or bank account.
2 19 e. Social security number, tax identification number,
2 20 driver's license number, passport number, or any other
2 21 government=issued identification number.
2 22 f. Account balance, overdraft history, or payment history
2 23 that personally identifies an owner or operator of a computer.
2 24 10. "Transmit" means to transfer, send, or make available
2 25 computer software using the internet or any other medium,
2 26 including local area networks of computers other than a
2 27 wireless transmission, and a disc or other data storage
2 28 device. "Transmit" does not include an action by a person
2 29 providing any of the following:
2 30 a. An internet connection, telephone connection, or other
2 31 means of transmission capability such as a compact disc or
2 32 digital video disc through which the computer software was
2 33 made available.
2 34 b. The storage or hosting of the computer software program
2 35 or an internet web page through which the software was made
3 1 available.
3 2 c. An information location tool, such as a directory,
3 3 index, reference, pointer, or hypertext link, through which
3 4 the user of the computer located the computer software, unless
3 5 the person transmitting receives a direct economic benefit
3 6 from the execution of such software on the computer.
3 7 Sec. 4. NEW SECTION. 714F.4 PROHIBITIONS == TRANSMISSION
3 8 AND USE OF SOFTWARE.
3 9 It is unlawful for a person who is not an owner or operator
3 10 of a computer to transmit computer software to such computer
3 11 knowingly or with conscious avoidance of actual knowledge, and
3 12 to use such software to do any of the following:
3 13 1. Modify, through intentionally deceptive means, settings
3 14 of a computer that control any of the following:
3 15 a. The web page that appears when an owner or operator
3 16 launches an internet browser or similar computer software used
3 17 to access and navigate the internet.
3 18 b. The default provider or web proxy that an owner or
3 19 operator uses to access or search the internet.
3 20 c. An owner's or an operator's list of bookmarks used to
3 21 access web pages.
3 22 2. Collect, through intentionally deceptive means,
3 23 personally identifiable information through any of the
3 24 following means:
3 25 a. The use of a keystroke=logging function that records
3 26 keystrokes made by an owner or operator of a computer and
3 27 transfers that information from the computer to another
3 28 person.
3 29 b. In a manner that correlates personally identifiable
3 30 information with data respecting all or substantially all of
3 31 the websites visited by an owner or operator, other than
3 32 websites operated by the person collecting such information.
3 33 c. By extracting from the hard drive of an owner's or an
3 34 operator's computer, an owner's or an operator's social
3 35 security number, tax identification number, driver's license
4 1 number, passport number, any other government=issued
4 2 identification number, account balances, or overdraft history.
4 3 3. Prevent, through intentionally deceptive means, an
4 4 owner's or an operator's reasonable efforts to block the
4 5 installation of, or to disable, computer software by causing
4 6 computer software that the owner or operator has properly
4 7 removed or disabled to automatically reinstall or reactivate
4 8 on the computer.
4 9 4. Intentionally misrepresent that computer software will
4 10 be uninstalled or disabled by an owner's or an operator's
4 11 action.
4 12 5. Through intentionally deceptive means, remove, disable,
4 13 or render inoperative security, antispyware, or antivirus
4 14 computer software installed on an owner's or an operator's
4 15 computer.
4 16 6. Take control of an owner's or an operator's computer by
4 17 doing any of the following:
4 18 a. Accessing or using a modem or internet service for the
4 19 purpose of causing damage to an owner's or an operator's
4 20 computer or causing an owner or operator to incur financial
4 21 charges for a service that the owner or operator did not
4 22 authorize.
4 23 b. Opening multiple, sequential, stand=alone
4 24 advertisements in an owner's or an operator's internet browser
4 25 without the authorization of an owner or operator and which a
4 26 reasonable computer user could not close without turning off
4 27 the computer or closing the internet browser.
4 28 7. Modify any of the following settings related to an
4 29 owner's or an operator's computer access to, or use of, the
4 30 internet:
4 31 a. Settings that protect information about an owner or
4 32 operator for the purpose of taking personally identifiable
4 33 information of the owner or operator.
4 34 b. Security settings for the purpose of causing damage to
4 35 a computer.
5 1 8. Prevent an owner's or an operator's reasonable efforts
5 2 to block the installation of, or to disable, computer software
5 3 by doing any of the following:
5 4 a. Presenting the owner or operator with an option to
5 5 decline installation of computer software with knowledge that,
5 6 when the option is selected by the authorized user, the
5 7 installation nevertheless proceeds.
5 8 b. Falsely representing that computer software has been
5 9 disabled.
5 10 Sec. 5. NEW SECTION. 714F.5 OTHER PROHIBITIONS.
5 11 It is unlawful for a person who is not an owner or operator
5 12 of a computer to do any of the following with regard to the
5 13 computer:
5 14 1. Induce an owner or operator to install a computer
5 15 software component onto the owner's or the operator's computer
5 16 by intentionally misrepresenting that installing computer
5 17 software is necessary for security or privacy reasons or in
5 18 order to open, view, or play a particular type of content.
5 19 2. Using intentionally deceptive means to cause the
5 20 execution of a computer software component with the intent of
5 21 causing an owner or operator to use such component in a manner
5 22 that violates any other provision of this chapter.
5 23 Sec. 6. NEW SECTION. 714F.6 EXCEPTIONS.
5 24 Sections 714F.4 and 714F.5 shall not apply to the
5 25 monitoring of, or interaction with, an owner's or an
5 26 operator's internet or other network connection, service, or
5 27 computer, by a telecommunications carrier, cable operator,
5 28 computer hardware or software provider, or provider of
5 29 information service or interactive computer service for
5 30 network or computer security purposes, diagnostics, technical
5 31 support, maintenance, repair, authorized updates of computer
5 32 software or system firmware, authorized remote system
5 33 management, or detection or prevention of the unauthorized use
5 34 of or fraudulent or other illegal activities in connection
5 35 with a network, service, or computer software, including
6 1 scanning for and removing computer software prescribed under
6 2 this chapter.
6 3 Sec. 7. NEW SECTION. 714F.7 REMEDIES.
6 4 1. The attorney general may bring a civil action against a
6 5 person who violates any provision of this chapter to recover
6 6 actual damages, liquidated damages of at least one thousand
6 7 dollars, not to exceed one million dollars, for each
6 8 violation, attorney fees, and costs.
6 9 2. The court may increase a damage award to an amount
6 10 equal to not more than three times the amount otherwise
6 11 recoverable under subsection 1 if the court determines that
6 12 the defendant committed the violation willfully and knowingly.
6 13 3. The court may reduce liquidated damages recoverable
6 14 under subsection 1, to a minimum of one hundred dollars, not
6 15 to exceed one hundred thousand dollars for each violation if
6 16 the court finds that the defendant established and implemented
6 17 practices and procedures reasonably designed to prevent a
6 18 violation of this chapter.
6 19 EXPLANATION
6 20 This bill, in new Code chapter 714F, prohibits actions
6 21 related to the transmission, installation, and use of computer
6 22 software. The bill prohibits a person, other than the owner
6 23 or operator of a computer acting with actual knowledge or
6 24 conscious avoidance of actual knowledge, from transmitting
6 25 computer software onto the computer and using the software to
6 26 modify certain settings relating to the computer's access to
6 27 or use of the internet, collect personally identifiable
6 28 information through certain intentionally deceptive means,
6 29 prevent an owner's or an operator's reasonable efforts to
6 30 block the installation of or disable software through
6 31 intentionally deceptive means, intentionally misrepresent that
6 32 computer software will be uninstalled or disabled by an
6 33 owner's or an operator's action, or through intentionally
6 34 deceptive means remove, disable, or render inoperative
6 35 security, antispyware, or antivirus software installed on a
7 1 computer.
7 2 The bill prohibits a person who is not an owner or operator
7 3 from taking control of an owner's or an operator's computer
7 4 for the purpose of causing damage to the computer or causing
7 5 the owner or operator to incur financial charges for
7 6 unauthorized services, opening certain advertisements in an
7 7 owner's or an operator's internet browser, modifying a
7 8 computer's settings related to an owner's or an operator's
7 9 computer access to the internet, and preventing an owner or
7 10 operator from blocking or disabling software by installing
7 11 software despite the owner or operator declining the
7 12 installation, and falsely representing that computer software
7 13 has been disabled.
7 14 The bill prohibits a person who is not an owner or operator
7 15 from inducing an owner or operator to install a software
7 16 component by intentionally misrepresenting that the
7 17 installation is necessary for security or privacy or in order
7 18 to open, view, or play a particular type of content. The bill
7 19 prohibits a person who is not an owner or operator from using
7 20 intentionally deceptive means to cause the execution of
7 21 computer software components with the intent of causing an
7 22 owner or operator to use the components in a way that violates
7 23 any provision of new Code chapter 714F.
7 24 The monitoring or interaction with an internet or network
7 25 connection by a telecommunications carrier or provider of
7 26 certain computer services, or a provider of interactive
7 27 computer service for security and other technical support are
7 28 not subject to the prohibitions of Code chapter 714F.
7 29 The bill provides that the attorney general may bring a
7 30 civil action against any person who violates any provision of
7 31 new Code chapter 714F and may seek actual damages, liquidated
7 32 damages in an amount not less than $1,000 but not more than $1
7 33 million, attorney fees, and costs. A court may increase an
7 34 award of damages to three times the amount if the defendant
7 35 acted willfully and knowingly. A court may reduce the amount
8 1 of liquidated damages recoverable if the defendant established
8 2 and implemented practices and procedures reasonably designed
8 3 to prevent a violation of Code chapter 714F.
8 4 LSB 2193HV 81
8 5 kk:nh/cf/24