House File 614 - Reprinted
HOUSE FILE
BY COMMITTEE ON COMMERCE,
REGULATION AND LABOR
(SUCCESSOR TO HF 465)
Passed House, Date Passed Senate, Date
Vote: Ayes Nays Vote: Ayes Nays
Approved
A BILL FOR
1 An Act relating to the transmission, installation, and use of
2 computer software through deceptive or unauthorized means and
3 providing for penalties.
4 BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF IOWA:
5 HF 614
6 kk/es/25
PAG LIN
1 1 Section 1. NEW SECTION. 714F.1 LEGISLATIVE INTENT.
1 2 It is the intent of the general assembly to protect owners
1 3 and operators of computers in this state from the use of
1 4 spyware and malware that is deceptively or surreptitiously
1 5 installed on the owner's or the operator's computer.
1 6 Sec. 2. NEW SECTION. 714F.2 TITLE.
1 7 This chapter shall be known and may be cited as the
1 8 "Computer Spyware Protection Act".
1 9 Sec. 3. NEW SECTION. 714F.3 DEFINITIONS.
1 10 For purposes of this chapter, unless the context otherwise
1 11 requires:
1 12 1. "Advertisement" means a communication, the primary
1 13 purpose of which is the commercial promotion of a commercial
1 14 product or service, including content on an internet website
1 15 operated for a commercial purpose.
1 16 2. "Computer software" means a sequence of instructions
1 17 written in any programming language that is executed on a
1 18 computer. "Computer software" does not include computer
1 19 software that is a web page or data components of a web page
1 20 that are not executable independently of the web page.
1 21 3. "Damage" means any significant impairment to the
1 22 integrity or availability of data, software, a system, or
1 23 information.
1 24 4. "Execute", when used with respect to computer software,
1 25 means the performance of the functions or the carrying out of
1 26 the instructions of the computer software.
1 27 5. "Intentionally deceptive" means any of the following:
1 28 a. An intentionally and materially false or fraudulent
1 29 statement.
1 30 b. A statement or description that intentionally omits or
1 31 misrepresents material information in order to deceive an
1 32 owner or operator of a computer.
1 33 c. An intentional and material failure to provide a notice
1 34 to an owner or operator regarding the installation or
1 35 execution of computer software for the purpose of deceiving
2 1 the owner or operator.
2 2 6. "Internet" means the same as defined in section 4.1.
2 3 7. "Owner or operator" means the owner or lessee of a
2 4 computer, or a person using such computer with the owner or
2 5 lessee's authorization, but does not include a person who
2 6 owned a computer prior to the first retail sale of the
2 7 computer.
2 8 8. "Person" means the same as defined in section 4.1.
2 9 9. "Personally identifiable information" means any of the
2 10 following information with respect to the owner or operator of
2 11 a computer:
2 12 a. The first name or first initial in combination with the
2 13 last name.
2 14 b. A home or other physical address including street name.
2 15 c. An electronic mail address.
2 16 d. Credit or debit card number, bank account number, or
2 17 any password or access code associated with a credit or debit
2 18 card or bank account.
2 19 e. Social security number, tax identification number,
2 20 driver's license number, passport number, or any other
2 21 government=issued identification number.
2 22 f. Account balance, overdraft history, or payment history
2 23 that personally identifies an owner or operator of a computer.
2 24 10. "Transmit" means to transfer, send, or make available
2 25 computer software using the internet or any other medium,
2 26 including local area networks of computers other than a
2 27 wireless transmission, and a disc or other data storage
2 28 device. "Transmit" does not include an action by a person
2 29 providing any of the following:
2 30 a. An internet connection, telephone connection, or other
2 31 means of transmission capability such as a compact disc or
2 32 digital video disc through which the computer software was
2 33 made available.
2 34 b. The storage or hosting of the computer software program
2 35 or an internet web page through which the software was made
3 1 available.
3 2 c. An information location tool, such as a directory,
3 3 index, reference, pointer, or hypertext link, through which
3 4 the user of the computer located the computer software, unless
3 5 the person transmitting receives a direct economic benefit
3 6 from the execution of such software on the computer.
3 7 Sec. 4. NEW SECTION. 714F.4 PROHIBITIONS == TRANSMISSION
3 8 AND USE OF SOFTWARE.
3 9 It is unlawful for a person who is not an owner or operator
3 10 of a computer to transmit computer software to such computer
3 11 knowingly or with conscious avoidance of actual knowledge, and
3 12 to use such software to do any of the following:
3 13 1. Modify, through intentionally deceptive means, settings
3 14 of a computer that control any of the following:
3 15 a. The web page that appears when an owner or operator
3 16 launches an internet browser or similar computer software used
3 17 to access and navigate the internet.
3 18 b. The default provider or web proxy that an owner or
3 19 operator uses to access or search the internet.
3 20 c. An owner's or an operator's list of bookmarks used to
3 21 access web pages.
3 22 2. Collect, through intentionally deceptive means,
3 23 personally identifiable information through any of the
3 24 following means:
3 25 a. The use of a keystroke=logging function that records
3 26 keystrokes made by an owner or operator of a computer and
3 27 transfers that information from the computer to another
3 28 person.
3 29 b. In a manner that correlates personally identifiable
3 30 information with data respecting all or substantially all of
3 31 the websites visited by an owner or operator, other than
3 32 websites operated by the person collecting such information.
3 33 c. By extracting from the hard drive of an owner's or an
3 34 operator's computer, an owner's or an operator's social
3 35 security number, tax identification number, driver's license
4 1 number, passport number, any other government=issued
4 2 identification number, account balances, or overdraft history.
4 3 3. Prevent, through intentionally deceptive means, an
4 4 owner's or an operator's reasonable efforts to block the
4 5 installation of, or to disable, computer software by causing
4 6 computer software that the owner or operator has properly
4 7 removed or disabled to automatically reinstall or reactivate
4 8 on the computer.
4 9 4. Intentionally misrepresent that computer software will
4 10 be uninstalled or disabled by an owner's or an operator's
4 11 action.
4 12 5. Through intentionally deceptive means, remove, disable,
4 13 or render inoperative security, antispyware, or antivirus
4 14 computer software installed on an owner's or an operator's
4 15 computer.
4 16 6. Take control of an owner's or an operator's computer by
4 17 doing any of the following:
4 18 a. Accessing or using a modem or internet service for the
4 19 purpose of causing damage to an owner's or an operator's
4 20 computer or causing an owner or operator to incur financial
4 21 charges for a service that the owner or operator did not
4 22 authorize.
4 23 b. Opening multiple, sequential, stand=alone
4 24 advertisements in an owner's or an operator's internet browser
4 25 without the authorization of an owner or operator and which a
4 26 reasonable computer user could not close without turning off
4 27 the computer or closing the internet browser.
4 28 7. Modify any of the following settings related to an
4 29 owner's or an operator's computer access to, or use of, the
4 30 internet:
4 31 a. Settings that protect information about an owner or
4 32 operator for the purpose of taking personally identifiable
4 33 information of the owner or operator.
4 34 b. Security settings for the purpose of causing damage to
4 35 a computer.
5 1 8. Prevent an owner's or an operator's reasonable efforts
5 2 to block the installation of, or to disable, computer software
5 3 by doing any of the following:
5 4 a. Presenting the owner or operator with an option to
5 5 decline installation of computer software with knowledge that,
5 6 when the option is selected by the authorized user, the
5 7 installation nevertheless proceeds.
5 8 b. Falsely representing that computer software has been
5 9 disabled.
5 10 Sec. 5. NEW SECTION. 714F.5 OTHER PROHIBITIONS.
5 11 It is unlawful for a person who is not an owner or operator
5 12 of a computer to do any of the following with regard to the
5 13 computer:
5 14 1. Induce an owner or operator to install a computer
5 15 software component onto the owner's or the operator's computer
5 16 by intentionally misrepresenting that installing computer
5 17 software is necessary for security or privacy reasons or in
5 18 order to open, view, or play a particular type of content.
5 19 2. Using intentionally deceptive means to cause the
5 20 execution of a computer software component with the intent of
5 21 causing an owner or operator to use such component in a manner
5 22 that violates any other provision of this chapter.
5 23 Sec. 6. NEW SECTION. 714F.6 EXCEPTIONS.
5 24 Sections 714F.4 and 714F.5 shall not apply to the
5 25 monitoring of, or interaction with, an owner's or an
5 26 operator's internet or other network connection, service, or
5 27 computer, by a telecommunications carrier, cable operator,
5 28 computer hardware or software provider, or provider of
5 29 information service or interactive computer service for
5 30 network or computer security purposes, diagnostics, technical
5 31 support, maintenance, repair, authorized updates of computer
5 32 software or system firmware, authorized remote system
5 33 management, or detection or prevention of the unauthorized use
5 34 of or fraudulent or other illegal activities in connection
5 35 with a network, service, or computer software, including
6 1 scanning for and removing computer software prescribed under
6 2 this chapter.
6 3 Sec. 7. NEW SECTION. 714F.7 CRIMINAL PENALTIES.
6 4 1. A person who commits an unlawful act under this chapter
6 5 is guilty of an aggravated misdemeanor.
6 6 2. A person who commits an unlawful act under this chapter
6 7 and who causes pecuniary losses exceeding one thousand dollars
6 8 to a victim of the unlawful act is guilty of a class "D"
6 9 felony.
6 10 Sec. 8. NEW SECTION. 714F.8 VENUE FOR CRIMINAL
6 11 VIOLATIONS.
6 12 For the purpose of determining proper venue, a violation of
6 13 this chapter shall be considered to have been committed in any
6 14 county in which any of the following apply:
6 15 1. An act was performed in furtherance of the violation.
6 16 2. The owner or operator who is the victim of the
6 17 violation has a place of business in this state.
6 18 3. The defendant has control or possession of any proceeds
6 19 of the violation, or of any books, records, documents,
6 20 property, financial instrument, computer software, computer
6 21 program, computer data, or other material or objects used in
6 22 furtherance of the violation.
6 23 4. The defendant unlawfully accessed a computer or
6 24 computer network by wires, electromagnetic waves, microwaves,
6 25 or any other means of communication.
6 26 5. The defendant resides.
6 27 6. A computer used as an object or an instrument in the
6 28 commission of the violation was located at the time of the
6 29 violation.
6 30 HF 614
6 31 kk:nh/es/25