Senate
File
2080
-
Introduced
SENATE
FILE
2080
BY
NUNN
A
BILL
FOR
An
Act
prohibiting
the
state
and
political
subdivisions
of
the
1
state
from
expending
public
moneys
for
payment
to
persons
2
responsible
for
ransomware
attacks.
3
BE
IT
ENACTED
BY
THE
GENERAL
ASSEMBLY
OF
THE
STATE
OF
IOWA:
4
TLSB
5609XS
(3)
88
ja/rn
S.F.
2080
Section
1.
NEW
SECTION
.
8H.1
Definitions.
1
As
used
in
this
section,
unless
the
context
otherwise
2
requires:
3
1.
“Encryption”
means
the
use
of
an
algorithmic
process
4
to
transform
data
into
a
form
in
which
the
data
is
rendered
5
unreadable
or
unusable
without
the
use
of
a
confidential
6
process
or
key.
7
2.
“Political
subdivision”
means
a
city,
county,
township,
8
or
school
district.
9
3.
“Ransomware
attack”
means
carrying
out
until
payment
is
10
made,
or
threatening
to
carry
out
until
payment
is
made,
any
of
11
the
following
actions:
12
a.
An
act
declared
unlawful
pursuant
to
section
715.4.
13
b.
A
“breach
of
security”
as
defined
in
section
715C.1.
14
c.
The
use
of
any
form
of
software
that
results
in
the
15
unauthorized
encryption
of
data,
the
denial
of
access
to
data,
16
the
denial
of
access
to
a
computer,
or
the
denial
of
access
to
17
a
computer
system.
18
Sec.
2.
NEW
SECTION
.
8H.2
Public
moneys
——
prohibition
——
19
ransomware.
20
The
state
or
a
political
subdivision
of
the
state
shall
not
21
expend
public
moneys
for
payment
to
a
person
responsible
for,
22
or
reasonably
believed
to
be
responsible
for,
a
ransomware
23
attack.
24
EXPLANATION
25
The
inclusion
of
this
explanation
does
not
constitute
agreement
with
26
the
explanation’s
substance
by
the
members
of
the
general
assembly.
27
This
bill
prohibits
the
state
and
a
political
subdivision
of
28
the
state
from
expending
public
moneys
for
payment
to
persons
29
responsible
for
ransomware
attacks.
30
The
bill
defines
“encryption”
as
the
use
of
an
algorithmic
31
process
to
transform
data
into
a
form
in
which
the
data
32
is
rendered
unreadable
or
unusable
without
the
use
of
a
33
confidential
process
or
key.
The
bill
defines
“political
34
subdivision”
as
a
city,
county,
township,
or
school
district.
35
-1-
LSB
5609XS
(3)
88
ja/rn
1/
2
S.F.
2080
The
bill
defines
“ransomware
attack”
to
mean
carrying
out
until
1
payment
is
made,
or
threatening
to
carry
out
until
payment
is
2
made,
any
of
the
following:
an
act
declared
unlawful
pursuant
3
to
Code
section
715.4;
a
“breach
of
security”
as
defined
in
4
Code
section
715C.1;
or
the
use
of
any
form
of
software
that
5
results
in
the
unauthorized
encryption
of
data,
the
denial
of
6
access
to
data,
the
denial
of
access
to
a
computer,
or
the
7
denial
of
access
to
a
computer
system.
8
The
bill
provides
that
the
state
and
a
political
subdivision
9
of
the
state
shall
not
expend
public
moneys
for
payment
10
to
a
person
responsible
for,
or
reasonably
believed
to
be
11
responsible
for,
a
ransomware
attack.
12
-2-
LSB
5609XS
(3)
88
ja/rn
2/
2