A. 2049 2
A. TRANSMISSION, ROUTING, PROVISION OF INTERMEDIATE TEMPORARY STORAGE,
OR CACHING OF SOFTWARE;
B. A STORAGE MEDIUM, SUCH AS A COMPACT DISK, WEBSITE, OR COMPUTER
SERVER, THROUGH WHICH THE SOFTWARE WAS DISTRIBUTED BY A THIRD PARTY; OR
C. AN INFORMATION LOCATION TOOL, SUCH AS A DIRECTORY, INDEX, REFER-
ENCE, POINTER, OR HYPERTEXT LINK, THROUGH WHICH THE USER OF THE COMPUTER
LOCATED THE SOFTWARE.
4. "COMPUTER SOFTWARE" MEANS A SEQUENCE OF INSTRUCTIONS WRITTEN IN ANY
PROGRAMMING LANGUAGE THAT IS EXECUTED ON A COMPUTER. SUCH TERM SHALL NOT
INCLUDE A TEXT OR DATA FILE, A WEB PAGE, OR A DATA COMPONENT OF A WEB
PAGE THAT IS NOT EXECUTABLE INDEPENDENTLY OF THE WEB PAGE.
5. "COMPUTER VIRUS" MEANS A COMPUTER PROGRAM OR OTHER SET OF
INSTRUCTIONS THAT IS DESIGNED TO DEGRADE THE PERFORMANCE OF OR DISABLE A
COMPUTER OR COMPUTER NETWORK AND IS DESIGNED TO HAVE THE ABILITY TO
REPLICATE ITSELF ON OTHER COMPUTERS OR COMPUTER NETWORKS WITHOUT THE
AUTHORIZATION OF THE OWNERS OF THOSE COMPUTERS OR COMPUTER NETWORKS.
6. "CONSUMER" MEANS AN INDIVIDUAL WHO RESIDES IN THIS STATE AND WHO
USES THE COMPUTER IN QUESTION PRIMARILY FOR PERSONAL, FAMILY, OR HOUSE-
HOLD PURPOSES.
7. "DAMAGE" MEANS ANY SIGNIFICANT IMPAIRMENT TO THE INTEGRITY OR
AVAILABILITY OF DATA, SOFTWARE, A SYSTEM, OR INFORMATION.
8. "EXECUTE," WHEN USED WITH RESPECT TO COMPUTER SOFTWARE, MEANS THE
PERFORMANCE OF THE FUNCTIONS OR THE CARRYING OUT OF THE INSTRUCTIONS OF
THE COMPUTER SOFTWARE.
9. "INTENTIONALLY DECEPTIVE" MEANS ANY OF THE FOLLOWING:
A. BY MEANS OF AN INTENTIONALLY AND MATERIALLY FALSE OR FRAUDULENT
STATEMENT;
B. BY MEANS OF A STATEMENT OR DESCRIPTION THAT INTENTIONALLY OMITS OR
MISREPRESENTS MATERIAL INFORMATION IN ORDER TO DECEIVE THE CONSUMER; OR
C. BY MEANS OF AN INTENTIONAL AND MATERIAL FAILURE TO PROVIDE ANY
NOTICE TO AN AUTHORIZED USER REGARDING THE DOWNLOAD OR INSTALLATION OF
SOFTWARE IN ORDER TO DECEIVE THE CONSUMER.
10. "INTERNET" MEANS THE GLOBAL INFORMATION SYSTEM THAT IS LOGICALLY
LINKED TOGETHER BY A GLOBALLY UNIQUE ADDRESS SPACE BASED ON THE INTERNET
PROTOCOL OR ITS SUBSEQUENT EXTENSIONS; THAT IS ABLE TO SUPPORT COMMUNI-
CATIONS USING THE TRANSMISSION CONTROL PROTOCOL/INTERNET PROTOCOL SUITE,
ITS SUBSEQUENT EXTENSIONS, OR OTHER INTERNET PROTOCOL COMPATIBLE PROTO-
COLS; AND THAT PROVIDES, USES, OR MAKES ACCESSIBLE, EITHER PUBLICLY OR
PRIVATELY, HIGH LEVEL SERVICES LAYERED ON THE COMMUNICATIONS AND RELATED
INFRASTRUCTURE DESCRIBED IN THIS SUBDIVISION.
11. "PERSON" MEANS ANY INDIVIDUAL, PARTNERSHIP, CORPORATION, LIMITED
LIABILITY COMPANY, OR OTHER ORGANIZATION, OR ANY COMBINATION THEREOF.
12. "PERSONALLY IDENTIFIABLE INFORMATION" MEANS ANY OF THE FOLLOWING:
A. A FIRST NAME OR FIRST INITIAL IN COMBINATION WITH A LAST NAME;
B. CREDIT OR DEBIT CARD NUMBERS OR OTHER FINANCIAL ACCOUNT NUMBERS;
C. A PASSWORD OR PERSONAL IDENTIFICATION NUMBER REQUIRED TO ACCESS AN
IDENTIFIED FINANCIAL ACCOUNT;
D. A SOCIAL SECURITY NUMBER; OR
E. ANY OF THE FOLLOWING INFORMATION IN A FORM THAT PERSONALLY IDENTI-
FIES AN AUTHORIZED USER:
(1) ACCOUNT BALANCES;
(2) OVERDRAFT HISTORY;
(3) PAYMENT HISTORY;
(4) A HISTORY OF WEBSITES VISITED;
(5) A HOME ADDRESS;
(6) A WORK ADDRESS; OR
A. 2049 3
(7) A RECORD OF A PURCHASE OR PURCHASES.
S 152. UNLAWFUL ACTS INVOLVING COMPUTER SOFTWARE. 1. IT SHALL BE ILLE-
GAL FOR A PERSON OR ENTITY THAT IS NOT AN AUTHORIZED USER, AS DEFINED IN
SECTION ONE HUNDRED FIFTY-ONE OF THIS ARTICLE, OF A COMPUTER IN THIS
STATE TO KNOWINGLY, WILLFULLY, OR WITH CONSCIOUS INDIFFERENCE OR DISRE-
GARD CAUSE COMPUTER SOFTWARE TO BE COPIED ONTO SUCH COMPUTER AND USE THE
SOFTWARE TO DO ANY OF THE FOLLOWING:
A. MODIFY, THROUGH INTENTIONALLY DECEPTIVE MEANS, ANY OF THE FOLLOWING
SETTINGS RELATED TO THE COMPUTER'S ACCESS TO, OR USE OF, THE INTERNET:
(1) THE PAGE THAT APPEARS WHEN AN AUTHORIZED USER LAUNCHES AN INTERNET
BROWSER OR SIMILAR SOFTWARE PROGRAM USED TO ACCESS AND NAVIGATE THE
INTERNET;
(2) THE DEFAULT PROVIDER OR WEB PROXY THE AUTHORIZED USER USES TO
ACCESS OR SEARCH THE INTERNET; OR
(3) THE AUTHORIZED USER'S LIST OF BOOKMARKS USED TO ACCESS WEB PAGES;
B. COLLECT, THROUGH INTENTIONALLY DECEPTIVE MEANS, PERSONALLY IDEN-
TIFIABLE INFORMATION THAT MEETS ANY OF THE FOLLOWING CRITERIA:
(1) IT IS COLLECTED THROUGH THE USE OF A KEYSTROKE-LOGGING FUNCTION
THAT RECORDS ALL KEYSTROKES MADE BY AN AUTHORIZED USER WHO USES THE
COMPUTER AND TRANSFERS THAT INFORMATION FROM THE COMPUTER TO ANOTHER
PERSON;
(2) IT INCLUDES ALL OR SUBSTANTIALLY ALL OF THE WEBSITES VISITED BY AN
AUTHORIZED USER, OTHER THAN WEBSITES OF THE PROVIDER OF THE SOFTWARE, IF
THE COMPUTER SOFTWARE WAS INSTALLED IN A MANNER DESIGNED TO CONCEAL FROM
ALL AUTHORIZED USERS OF THE COMPUTER THE FACT THAT THE SOFTWARE IS BEING
INSTALLED; OR
(3) IT IS A DATA ELEMENT DESCRIBED IN PARAGRAPH B, C, OR D OF SUBDIVI-
SION TWELVE OF SECTION ONE HUNDRED FIFTY-ONE OF THIS ARTICLE, OR IN
SUBPARAGRAPH ONE OR TWO OF PARAGRAPH E OF SUBDIVISION TWELVE OF SECTION
ONE HUNDRED FIFTY-ONE OF THIS ARTICLE, THAT IS EXTRACTED FROM THE
CONSUMER'S OR BUSINESS ENTITY'S COMPUTER HARD DRIVE FOR A PURPOSE WHOLLY
UNRELATED TO ANY OF THE PURPOSES OF THE SOFTWARE OR SERVICE DESCRIBED TO
AN AUTHORIZED USER;
C. PREVENT, WITHOUT THE AUTHORIZATION OF AN AUTHORIZED USER, THROUGH
INTENTIONALLY DECEPTIVE MEANS, AN AUTHORIZED USER'S REASONABLE EFFORTS
TO BLOCK THE INSTALLATION OF, OR TO DISABLE, SOFTWARE, BY CAUSING SOFT-
WARE THAT THE AUTHORIZED USER HAS PROPERLY REMOVED OR DISABLED TO AUTO-
MATICALLY REINSTALL OR REACTIVATE ON THE COMPUTER WITHOUT THE AUTHORI-
ZATION OF AN AUTHORIZED USER;
D. INTENTIONALLY MISREPRESENT THAT SOFTWARE WILL BE UNINSTALLED OR
DISABLED BY AN AUTHORIZED USER'S ACTION, WITH KNOWLEDGE THAT THE SOFT-
WARE WILL NOT BE SO UNINSTALLED OR DISABLED; OR
E. THROUGH INTENTIONALLY DECEPTIVE MEANS, REMOVE, DISABLE, OR RENDER
INOPERATIVE SECURITY, ANTISPYWARE, OR ANTIVIRUS SOFTWARE INSTALLED ON
THE COMPUTER.
2. IT SHALL BE ILLEGAL FOR A PERSON OR ENTITY THAT IS NOT AN AUTHOR-
IZED USER, AS DEFINED IN SECTION ONE HUNDRED FIFTY-ONE OF THIS ARTICLE,
OF A COMPUTER IN THIS STATE TO KNOWINGLY, WILLFULLY, OR WITH CONSCIOUS
INDIFFERENCE OR DISREGARD CAUSE COMPUTER SOFTWARE TO BE COPIED ONTO SUCH
COMPUTER AND USE THE SOFTWARE TO DO ANY OF THE FOLLOWING:
A. TAKE CONTROL OF THE CONSUMER'S OR BUSINESS ENTITY'S COMPUTER BY
DOING ANY OF THE FOLLOWING:
(1) TRANSMITTING OR RELAYING COMMERCIAL ELECTRONIC MAIL OR A COMPUTER
VIRUS FROM THE CONSUMER'S OR BUSINESS ENTITY'S COMPUTER, WHERE THE TRAN-
SMISSION OR RELAYING IS INITIATED BY A PERSON OTHER THAN THE AUTHORIZED
USER AND WITHOUT THE AUTHORIZATION OF AN AUTHORIZED USER;
A. 2049 4
(2) ACCESSING OR USING THE CONSUMER'S OR BUSINESS ENTITY'S MODEM OR
INTERNET SERVICE FOR THE PURPOSE OF CAUSING DAMAGE TO THE CONSUMER'S OR
BUSINESS ENTITY'S COMPUTER OR OF CAUSING AN AUTHORIZED USER OR A THIRD
PARTY AFFECTED BY SUCH CONDUCT TO INCUR FINANCIAL CHARGES FOR A SERVICE
THAT IS NOT AUTHORIZED BY AN AUTHORIZED USER;
(3) USING THE CONSUMER'S OR BUSINESS ENTITY'S COMPUTER AS PART OF AN
ACTIVITY PERFORMED BY A GROUP OF COMPUTERS FOR THE PURPOSE OF CAUSING
DAMAGE TO ANOTHER COMPUTER, INCLUDING, BUT NOT LIMITED TO, LAUNCHING A
DENIAL OF SERVICE ATTACK; OR
(4) OPENING MULTIPLE, SEQUENTIAL, STAND-ALONE ADVERTISEMENTS IN THE
CONSUMER'S OR BUSINESS ENTITY'S INTERNET BROWSER WITHOUT THE AUTHORI-
ZATION OF AN AUTHORIZED USER AND WITH KNOWLEDGE THAT A REASONABLE
COMPUTER USER CANNOT CLOSE THE ADVERTISEMENTS WITHOUT TURNING OFF THE
COMPUTER OR CLOSING THE CONSUMER'S OR BUSINESS ENTITY'S INTERNET BROW-
SER;
B. MODIFY ANY OF THE FOLLOWING SETTINGS RELATED TO THE COMPUTER'S
ACCESS TO, OR USE OF, THE INTERNET:
(1) AN AUTHORIZED USER'S SECURITY OR OTHER SETTINGS THAT PROTECT
INFORMATION ABOUT THE AUTHORIZED USER FOR THE PURPOSE OF STEALING
PERSONAL INFORMATION OF AN AUTHORIZED USER; OR
(2) THE SECURITY SETTINGS OF THE COMPUTER FOR THE PURPOSE OF CAUSING
DAMAGE TO ONE OR MORE COMPUTERS; OR
C. PREVENT, WITHOUT THE AUTHORIZATION OF AN AUTHORIZED USER, AN
AUTHORIZED USER'S REASONABLE EFFORTS TO BLOCK THE INSTALLATION OF, OR TO
DISABLE, SOFTWARE, BY DOING ANY OF THE FOLLOWING:
(1) PRESENTING THE AUTHORIZED USER WITH AN OPTION TO DECLINE INSTALLA-
TION OF SOFTWARE WITH KNOWLEDGE THAT, WHEN THE OPTION IS SELECTED BY THE
AUTHORIZED USER, THE INSTALLATION NEVERTHELESS PROCEEDS; OR
(2) FALSELY REPRESENTING THE SOFTWARE HAS BEEN DISABLED.
3. IT SHALL BE ILLEGAL FOR A PERSON OR ENTITY THAT IS NOT AN AUTHOR-
IZED USER, AS DEFINED IN SECTION ONE HUNDRED FIFTY-ONE OF THIS ARTICLE,
OF A COMPUTER IN THIS STATE TO DO ANY OF THE FOLLOWING WITH REGARD TO
SUCH COMPUTER:
A. INDUCE AN AUTHORIZED USER TO INSTALL A SOFTWARE COMPONENT ONTO THE
COMPUTER BY INTENTIONALLY MISREPRESENTING THAT INSTALLING SOFTWARE IS
NECESSARY FOR SECURITY OR PRIVACY REASONS OR IN ORDER TO OPEN, VIEW, OR
PLAY A PARTICULAR TYPE OF CONTENT; OR
B. DECEPTIVELY CAUSING THE COPYING AND EXECUTION ON THE COMPUTER OF A
COMPUTER SOFTWARE COMPONENT WITH THE INTENT OF CAUSING AN AUTHORIZED
USER TO USE THE COMPONENT IN A WAY THAT VIOLATES ANY OTHER PROVISION OF
THIS SUBDIVISION.
4. NOTHING IN THIS SECTION SHALL APPLY TO ANY MONITORING OF, OR INTER-
ACTION WITH, A USER'S INTERNET OR OTHER NETWORK CONNECTION OR SERVICE,
OR A PROTECTED COMPUTER, BY A TELECOMMUNICATIONS CARRIER, CABLE OPERA-
TOR, COMPUTER HARDWARE OR SOFTWARE PROVIDER, OR PROVIDER OF INFORMATION
SERVICE OR INTERACTIVE COMPUTER SERVICE FOR NETWORK OR COMPUTER SECURITY
PURPOSES, DIAGNOSTICS, TECHNICAL SUPPORT, REPAIR, NETWORK MANAGEMENT,
NETWORK MAINTENANCE, AUTHORIZED UPDATES OF SOFTWARE OR SYSTEM FIRMWARE,
AUTHORIZE REMOTE SYSTEM MANAGEMENT, OR DETECTION OR PREVENTION OF THE
UNAUTHORIZED USE OF OR FRAUDULENT OR OTHER ILLEGAL ACTIVITIES IN
CONNECTION WITH A NETWORK, SERVICE, OR COMPUTER SOFTWARE, INCLUDING
SCANNING FOR AND REMOVING SOFTWARE PROSCRIBED UNDER THIS ARTICLE.
S 153. PENALTIES. 1. ANY PERSON WHO VIOLATES THE PROVISIONS OF PARA-
GRAPH B OF SUBDIVISION ONE OF SECTION ONE HUNDRED FIFTY-TWO OF THIS
ARTICLE, SUBPARAGRAPH ONE, TWO, OR THREE OF PARAGRAPH A OF SUBDIVISION
TWO OF SECTION ONE HUNDRED FIFTY-TWO OF THIS ARTICLE OR PARAGRAPH B OF
A. 2049 5
SUBDIVISION TWO OF SECTION ONE HUNDRED FIFTY-TWO OF THIS ARTICLE SHALL
BE GUILTY OF A FELONY AND, UPON CONVICTION THEREOF, SHALL BE SENTENCED
TO IMPRISONMENT FOR NOT LESS THAN ONE NOR MORE THAN TEN YEARS OR A FINE
OF NOT MORE THAN THREE MILLION DOLLARS, OR BOTH.
2. THE ATTORNEY GENERAL MAY BRING A CIVIL ACTION AGAINST ANY PERSON
VIOLATING THE PROVISIONS OF THIS ARTICLE TO THE PENALTIES FOR THE
VIOLATION AND MAY RECOVER ANY OR ALL OF THE FOLLOWING:
A. A CIVIL PENALTY OF UP TO ONE HUNDRED DOLLARS PER VIOLATION OF THIS
ARTICLE, OR UP TO ONE HUNDRED THOUSAND DOLLARS FOR A PATTERN OR PRACTICE
OF SUCH VIOLATIONS;
B. COSTS AND REASONABLE ATTORNEY'S FEES; AND
C. AN ORDER TO ENJOIN THE VIOLATION.
3. IN THE CASE OF A VIOLATION OF SUBPARAGRAPH TWO OF PARAGRAPH A OF
SUBDIVISION TWO OF SECTION ONE HUNDRED FIFTY-TWO OF THIS ARTICLE THAT
CAUSES A TELECOMMUNICATIONS CARRIER TO INCUR COSTS FOR THE ORIGINATION,
TRANSPORT, OR TERMINATION OF A CALL TRIGGERED USING THE MODEM OF A
CUSTOMER OF SUCH TELECOMMUNICATIONS CARRIER AS A RESULT OF SUCH
VIOLATION, THE TELECOMMUNICATIONS CARRIER MAY BRING A CIVIL ACTION
AGAINST THE VIOLATOR TO RECOVER ANY OR ALL OF THE FOLLOWING:
A. THE CHARGES SUCH CARRIER IS OBLIGATED TO PAY TO ANOTHER CARRIER OR
TO AN INFORMATION SERVICE PROVIDER AS A RESULT OF THE VIOLATION, INCLUD-
ING, BUT NOT LIMITED TO, CHARGES FOR THE ORIGINATION, TRANSPORT OR
TERMINATION OF THE CALL;
B. COSTS OF HANDLING CUSTOMER INQUIRIES OR COMPLAINTS WITH RESPECT TO
AMOUNTS BILLED FOR SUCH CALLS;
C. COSTS AND REASONABLE ATTORNEY'S FEES; AND
D. AN ORDER TO ENJOIN THE VIOLATION.
4. AN INTERNET SERVICE PROVIDER OR SOFTWARE COMPANY THAT EXPENDS
RESOURCES IN GOOD FAITH ASSISTING CONSUMERS OR BUSINESS ENTITIES HARMED
BY A VIOLATION OF THIS ARTICLE, OR A TRADEMARK OWNER WHOSE MARK IS USED
TO DECEIVE CONSUMERS OR BUSINESS ENTITIES IN VIOLATION OF THIS ARTICLE,
MAY ENFORCE THE VIOLATION AND MAY RECOVER ANY OR ALL OF THE FOLLOWING:
A. STATUTORY DAMAGES OF NOT MORE THAN ONE HUNDRED DOLLARS PER
VIOLATION OF THIS ARTICLE, OR UP TO ONE MILLION DOLLARS FOR A PATTERN OR
PRACTICE OF SUCH VIOLATIONS;
B. COSTS AND REASONABLE ATTORNEY'S FEES; AND
C. AN ORDER TO ENJOIN THE VIOLATION.
S 153-A. IMMUNITY FROM LIABILITY FOR VIOLATIONS. 1. FOR THE PURPOSES
OF THIS SECTION, THE TERM "EMPLOYER" INCLUDES A BUSINESS ENTITY'S OFFI-
CERS, DIRECTORS, PARENT CORPORATION, SUBSIDIARIES, AFFILIATES, AND OTHER
CORPORATE ENTITIES UNDER COMMON OWNERSHIP OR CONTROL WITHIN A BUSINESS
ENTERPRISE. NO EMPLOYER MAY BE HELD CRIMINALLY OR CIVILLY LIABLE UNDER
THIS ARTICLE AS A RESULT OF ANY ACTIONS TAKEN:
A. WITH RESPECT TO COMPUTER EQUIPMENT USED BY ITS EMPLOYEES, CONTRAC-
TORS, SUBCONTRACTORS, AGENTS, LEASED EMPLOYEES, OR OTHER STAFF WHICH THE
EMPLOYER OWNS, LEASES, OR OTHERWISE MAKES AVAILABLE OR ALLOWS TO BE
CONNECTED TO THE EMPLOYER'S NETWORK OR OTHER COMPUTER FACILITIES; OR
B. BY EMPLOYEES, CONTRACTORS, SUBCONTRACTORS, AGENTS, LEASED EMPLOY-
EES, OR OTHER STAFF WHO MISUSE AN EMPLOYER'S COMPUTER EQUIPMENT FOR AN
ILLEGAL PURPOSE WITHOUT THE EMPLOYER'S KNOWLEDGE, CONSENT, OR APPROVAL.
2. NO PERSON SHALL BE HELD CRIMINALLY OR CIVILLY LIABLE UNDER THIS
ARTICLE WHEN ITS PROTECTED COMPUTERS HAVE BEEN USED BY UNAUTHORIZED
USERS TO VIOLATE THIS ARTICLE OR OTHER LAWS WITHOUT SUCH PERSON'S KNOW-
LEDGE, CONSENT, OR APPROVAL.
3. A MANUFACTURER OR RETAILER OF COMPUTER EQUIPMENT SHALL NOT BE
LIABLE UNDER THIS SECTION, CRIMINALLY OR CIVILLY, TO THE EXTENT THAT THE
A. 2049 6
MANUFACTURER OR RETAILER IS PROVIDING THIRD PARTY BRANDED SOFTWARE THAT
IS INSTALLED ON THE COMPUTER EQUIPMENT THAT THE MANUFACTURER OR RETAILER
IS MANUFACTURING OR SELLING.
S 153-B. PREEMPTING OTHER JURISDICTIONAL ACTIONS ABOUT SPYWARE. THE
LEGISLATURE FINDS THAT THIS ARTICLE IS A MATTER OF STATE-WIDE CONCERN.
THIS ARTICLE SUPERSEDES AND PREEMPTS ALL RULES, REGULATIONS, CODES,
ORDINANCES, AND OTHER LAWS ADOPTED BY ANY COUNTY, MUNICIPALITY, CONSOL-
IDATED GOVERNMENT, OR OTHER LOCAL GOVERNMENTAL AGENCY REGARDING SPYWARE
AND NOTICES TO CONSUMERS FROM COMPUTER SOFTWARE PROVIDERS REGARDING
INFORMATION COLLECTION.
S 3. This act shall take effect on the first of November next succeed-
ing the date on which it shall have become a law.