Engrossed Committee Substitute
House Bill 4053 History
OTHER VERSIONS -
Committee Substitute
|
Introduced Version
|
| Email
Key: Green = existing Code. Red = new code to be enacted
ENGROSSED
COMMITTEE SUBSTITUTE
FOR
H. B. 4053
(By Delegates Proudfoot, Webster, M. Poling, White, DeLong,
Perdue, Longstreth, Talbott, Manchin and Caputo)
(Originating in the Committee on the Judiciary)
[January 22, 2008]
A Bill
to amend and reenact §61-3C-3 and §61-3C-16 of the Code of
West Virginia, 1931, as amended; and to amend said code by
adding thereto four new sections, designated §61-3C-4a, §61-
3C-4b, §61-3C-4c and §61-3C-4d, all relating to protecting
computer owners and users from computer spyware; making it
unlawful for persons transmit computer software for the
purpose of modifying settings, collecting personal information
by deceptive means or preventing efforts to protect a computer
to access a computer; making it unlawful to transmit software
to control in such a way as to cause damage or opening
multiple pop-up windows; making it unlawful to transmit
software for the purpose of modifying setting that protect
personal information; making it unlawful to transmit software
for the purpose of blocking efforts to block or disable
computer software; making it unlawful to induce the installation by misrepresentations or deception; exceptions;
and authorizing the attorney general to enforce the provisions
of the Act.
Be it enacted by the Legislature of West Virginia:
That §61-3C-3 and §61-3C-16 of the Code of West Virginia,
1931, as amended, be amended and reenacted; and that said code be
amended by adding thereto four new sections, designated §61-3C-4a,
§61-3C-4b, §61-3C-4c and §61-3C-4d, all to read as follows:
ARTICLE 3C. WEST VIRGINIA COMPUTER CRIME AND ABUSE ACT.
§61-3C-3. Definitions.
As used in this article, unless the context clearly indicates
otherwise:
(a) "Access" means to instruct, communicate with, store data
in, retrieve data from, intercept data from or otherwise make use
of any computer, computer network, computer program, computer
software, computer data or other computer resources.
(b) "Advertisement" means a communication, the primary purpose
of which is the commercial promotion of a commercial product or
service, including a communication on an Internet web site that is
operated for a commercial purpose.
(b) (c) "Authorization" means the express or implied consent
given by a person to another to access or use said person's
computer, computer network, computer program, computer software,
computer system, password, identifying code or personal
identification number.
(c) (d) "Computer" means an electronic, magnetic, optical,
electrochemical or other high speed data processing device
performing logical, arithmetic or storage functions and includes
any data storage facility or communication facility directly
related to or operating in conjunction with such device. The term
"computer" includes any connected or directly related device,
equipment or facility which enables the computer to store, retrieve
or communicate computer programs, computer data or the results of
computer operations to or from a person, another computer or
another device, but such term does not include an automated
typewriter or typesetter, a portable hand-held calculator or other
similar device.
(d) (e) "Computer contaminant" means any set of computer
instructions that are designed to damage or destroy information
within a computer, computer system or computer network without the
consent or permission of the owner of the information. They
include, but are not limited to, a group of computer instructions
commonly called viruses or worms that are self-replicating or
self-propagating and are designed to contaminate other computer
programs or computer data, consume computer resources or damage or
destroy the normal operation of the computer.
(e)(f) "Computer data" means any representation of
knowledge, facts, concepts, instruction or other information
computed, classified, processed, transmitted, received, retrieved,
originated, stored, manifested, measured, detected, recorded, reproduced, handled or utilized by a computer, computer network,
computer program or computer software and may be in any medium,
including, but not limited to, computer print-outs, microfilm,
microfiche, magnetic storage media, optical storage media, punch
paper tape or punch cards, or it may be stored internally in
read-only memory or random access memory of a computer or any other
peripheral device.
(f) (g) "Computer network" means a set of connected devices
and communication facilities, including more than one computer,
with the capability to transmit computer data among them through
such communication facilities.
(g) (h) "Computer operations" means arithmetic, logical,
storage, display, monitoring or retrieval functions or any
combination thereof and includes, but is not limited to,
communication with, storage of data in or to, or retrieval of data
from any device and the human manual manipulation of electronic
magnetic impulses. A "computer operation" for a particular
computer shall also mean any function for which that computer was
designed.
(h) (i) "Computer program" means an ordered set of computer
data representing instructions or statements, in a form readable by
a computer, which controls, directs or otherwise influences the
functioning of a computer or computer network.
(i) (j) "Computer software" means a set of computer programs,
procedures and associated documentation concerned with computer data or with the operation of a computer, computer program or
computer network sequence of instructions written in any
programming language that is executed on a computer. "Computer
software" does not include computer software that is a web page, or
are data components of web pages that are not executable
independently of the web page.
(j) (k) "Computer services" means computer access time,
computer data processing or computer data storage and the computer
data processed or stored in connection therewith.
(k) (l) "Computer supplies" means punch cards, paper tape,
magnetic tape, magnetic disks or diskettes, optical disks or
diskettes, disk or diskette packs, paper, microfilm and any other
tangible input, output or storage medium used in connection with a
computer, computer network, computer data, computer software or
computer program.
(l) (m) "Computer resources" includes, but is not limited to,
information retrieval; computer data processing, transmission and
storage; and any other functions performed, in whole or in part, by
the use of a computer, computer network, computer software or
computer program.
(n) "Damage" means any significant impairment to the integrity
or availability of data, computer software, a system, or
information.
(o) "Execute" means the performance of the functions or the
carrying out of the instructions of the computer software.
(p) "Financial instrument" includes, but is not limited to,
any check, draft, warrant, money order, note, certificate of
deposit, letter of credit, bill of exchange, credit or debit card,
transaction authorization mechanism, marketable security or any
computerized representation thereof.
(q) "Intentionally deceptive" means any of the following:
(1) An intentionally and materially false or fraudulent
statement;
(2) A statement or description that intentionally omits or
misrepresents material information in order to deceive an owner or
operator; and
(3) An intentional and material failure to provide any notice
to an owner or operator regarding the installation or execution of
computer software in order to deceive the owner or operator.
(r) "Internet" means the global information system that is
logically linked together by a globally unique address space based
on the Internet protocol (IP), or its subsequent extensions, and
that is able to support communications using the transmission
control protocol/Internet protocol (TCP/IP) suite, or its
subsequent extensions, or other IP-compatible protocols, and that
provides, uses, or makes accessible, either publicly or privately,
high level services layered on the communications and related
infrastructure described in this subsection.
(m) (s) "Owner or Operator" means any person who owns or
leases or is a licensee of a computer, computer network, computer data, computer program, computer software, computer resources or
computer supplies the owner or lessee of a computer, or someone
using such computer with the owner's or lessee's authorization.
"Owner or operator" does not include any person who owns a computer
before the first retail sale of such computer.
(n) (t) "Person" means any natural person, general
partnership, limited partnership, trust, association, corporation,
joint venture or any state, county or municipal government and any
subdivision, branch, department or agency thereof.
(u) "Personally identifiable information" means any of the
following with respect to an individual who is an owner or
operator:
(1) First name or first initial in combination with last name;
(2) A home or other physical address including street name;
(3) An electronic mail address;
(4) A credit or debit card number, bank account number, or a
password or access code associated with a credit or debit card or
bank account;
(5) Social security number, tax identification number,
driver's license number, passport number, or any other
government-issued identification number; and
(6) Any of the following information in a form that personally
identifies an owner or operator:
(i) Account balances;
(ii) Overdraft history; and
(iii) Payment history.
(o) (v) "Property" includes:
(1) Real property;
(2) Computers and computer networks;
(3) Financial instruments, computer data, computer programs,
computer software and all other personal property regardless of
whether they are:
(i) Tangible or intangible;
(ii) In a format readable by humans or by a computer;
(iii) In transit between computers or within a computer
network or between any devices which comprise a computer; or
(iv) Located on any paper or in any device on which it is
stored by a computer or by a human; and
(4) Computer services.
(w) "Transmit" means to transfer, send, or make available
computer software, or any component thereof, via the Internet or
any other medium, including local area networks of computers, other
nonwire transmission, and disc or other data storage device.
"Transmit" does not include any action by a person providing:
(1) The Internet connection, telephone connection, or other
means of transmission capability such as a compact disk or digital
video disk through which the software was made available;
(2) The storage or hosting of the software program or a web
page through which the software was made available; or
(3) An information location tool, such as a directory, index reference, pointer, or hypertext link, through which the user of
the computer located the software, unless such person receives a
direct economic benefit from the execution of such software on the
computer.
(p) (x) "Value" means having any potential to provide any
direct or indirect gain or advantage to any person.
(q) "Financial instrument" includes, but is not limited to,
any check, draft, warrant, money order, note, certificate of
deposit, letter of credit, bill of exchange, credit or debit card,
transaction authorization mechanism, marketable security or any
computerized representation thereof.
(r) (y) "Value of property or computer services" shall be:
(1) The market value of the property or computer services at
the time of a violation of this article; or
(2) If the property or computer services are unrecoverable,
damaged or destroyed as a result of a violation of section six or
seven of this article, the cost of reproducing or replacing the
property or computer services at the time of the violation.
§61-3C-4a. Unlawful transmission of computer software to modify
settings; collection of personal information by
deceptive means; prevention of efforts to protect a
computer.
It is unlawful for a person who is not an owner or operator to
transmit computer software to the owner or operator's computer with actual knowledge or with conscious avoidance of actual knowledge
and to use such software to do any of the following:
(1) Modify, through intentionally deceptive means, settings
that control any of the following:
(a) The page that appears when an owner or operator launches
an Internet browser or similar computer software used to access and
navigate the Internet;
(b) The default provider or web proxy the owner or operator
uses to access or search the Internet; and
(c) The owner or operator's list of bookmarks used to access
web pages;
(2) Collect, through intentionally deceptive means, personally
identifiable information:
(a) Through the use of a keystroke-logging function that
records all keystrokes made by an owner or operator and transfers
that information from the computer to another person;
(b) In a manner that correlates such information with data
respecting all or substantially all of the web sites visited by an
owner or operator, other than web sites operated by the person
collecting such information; and
(c) Described in section three, subdivision (u), paragraphs
(4), (5), or (6) of this article by extracting the information from
the owner or operator's hard drive;
(3) Prevent, through intentionally deceptive means, an owner
or operator's efforts to block the installation or execution of, or to disable, computer software by causing the software that the
owner or operator has properly removed or disabled automatically to
reinstall or reactivate on the computer;
(4) Intentionally misrepresent that computer software will be
uninstalled or disabled by an owner or operator's action; or
(5) Through intentionally deceptive means, remove, disable, or
render inoperative security, anti-spyware, or anti-virus computer
software installed on the computer.
§61-3C-4b. Unlawful transmission of software to take control of a
computer or by opening multiple pop-up windows;
modifying computer setting to steal personal
information or damage computer; preventing efforts
to block or disable software.
It is unlawful for a person who is not an owner or operator to
transmit computer software to the owner or operator's computer with
actual knowledge or with conscious avoidance of actual knowledge
and to use the software to do any of the following:
(1) Take control of the computer by:
(a) Accessing or using the modem or Internet service for such
computer to cause damage to the computer or cause an owner or
operator to incur financial charges for a service that is not
authorized by the owner or operator;
(b) Opening multiple, sequential, stand-alone advertisements
in the owner or operator's Internet browser without the authorization of an owner or operator and that a computer user
cannot close without turning off the computer or closing the
Internet browser;
(2) Modify any of the following settings related to the
computer's access to, or use of, the Internet:
(a) Settings that protect information about the owner or
operator in order to steal the owner or operator's personally
identifiable information; and
(b) Security settings in order to cause damage to a computer;
or
(3) Prevent an owner or operator's efforts to block the
installation of, or to disable, computer software by doing any of
the following:
(a) Presenting the owner or operator with an option to decline
installation of computer software with knowledge that, when the
option is selected, the installation nevertheless proceeds; and
(b) Falsely representing that computer software has been
disabled.
§61-3C-4c. Unlawful inducement to install software or deceptively
causing the execution of harmful software.
It is unlawful for a person who is not an owner or operator to
do any of the following with regard to the owner or operator's
computer:
(1) Induce an owner or operator to install a computer software
component onto the computer by intentionally misrepresenting the extent to which installing the software is necessary for security
or privacy reasons or in order to open, view, or play a particular
type of content; or
(2) Deceptively cause the execution on the computer of a
computer software component with the intent of causing the owner or
operator to use the component in a manner that violates any other
provision of this section.
§61-3C-4d. Exceptions.
Sections four-b and four-c of this article do not apply to any
monitoring of, or interaction with, a subscriber's Internet or
other network connection or service, or a computer, by a
telecommunications carrier, cable operator, computer hardware or
software provider, or provider of information service or
interactive computer service for network or computer security
purposes, diagnostics, technical support, maintenance, repair,
authorized updates of software or system firmware, authorized
remote system management, or detection or prevention of the use of
or fraudulent or other illegal activities prohibited by this act in
connection with a network, service, or computer software, including
scanning for and removing software under this article.
§61-3C-16. Civil relief; damages.
(a) Any person whose property or person is injured by reason
of a violation of any provision of this article may sue therefor in
circuit court and may be entitled to recover for each violation:
(1) Compensatory damages;
(2) Punitive damages; and
(3) Such other relief, including injunctive relief, as the
court may deem appropriate.
Without limiting the generality of the term, "damages" shall
include loss of profits.
(b) The attorney general is authorized to receive and act on
complaints, take action designed to obtain voluntary compliance
with this article or commence proceedings against a person who
violates this article to enjoin further violations and to recover
damages as provided in subsection (a).
(c) At the request of any party to an action brought pursuant
to this section, the court may, in its discretion, conduct all
legal proceedings in such a manner as to protect the secrecy and
security of the computer network, computer data, computer program
or computer software involved in order to prevent any possible
recurrence of the same or a similar act by another person or to
protect any trade secret or confidential information of any person.
For the purposes of this section "trade secret" means the whole or
any portion or phase of any scientific or technological
information, design, process, procedure or formula or improvement
which is secret and of value. A trade secret shall be presumed to
be secret when the owner thereof takes measures to prevent it from
becoming available to persons other than those authorized by the
owner to have access thereto for a limited purpose.
(c d) The provisions of this section shall not be construed to limit any person's right to pursue any additional civil remedy
otherwise allowed by law.
(d e) A civil action under this section must be commenced
before the earlier of: (1) Five years after the last act in the
course of conduct constituting a violation of this article; or (2)
two years after the plaintiff discovers or reasonably should have
discovered the last act in the course of conduct constituting a
violation of this article.