| |
|
| |
| THE GENERAL ASSEMBLY OF PENNSYLVANIA |
| |
| HOUSE BILL |
|
| |
| |
| INTRODUCED BY MARKOSEK, BAKER, BROWNLEE, CALTAGIRONE, CARROLL, CLYMER, D. COSTA, CRUZ, DAVIS, DEASY, DeLUCA, DONATUCCI, FABRIZIO, FARRY, GEIST, GIBBONS, GOODMAN, HESS, HORNAMAN, JOSEPHS, KAVULICH, W. KELLER, KORTZ, KULA, LONGIETTI, MAHONEY, MANN, MILLARD, MILNE, M. O'BRIEN, PASHINSKI, PETRARCA, PYLE, QUINN, REICHLEY, SAINATO, STURLA, SWANGER AND VULAKOVICH, MARCH 21, 2011 |
| |
| |
| REFERRED TO COMMITTEE ON JUDICIARY, MARCH 21, 2011 |
| |
| |
| |
| AN ACT |
| |
1 | Amending Title 18 (Crimes and Offenses) of the Pennsylvania |
2 | Consolidated Statutes, in computer offenses, providing for |
3 | the offense of phishing and for protection from liability |
4 | under certain circumstances. |
5 | The General Assembly of the Commonwealth of Pennsylvania |
6 | hereby enacts as follows: |
7 | Section 1. Chapter 76 of Title 18 of the Pennsylvania |
8 | Consolidated Statutes is amended by adding a subchapter to read: |
9 | SUBCHAPTER F |
10 | PHISHING |
11 | Sec. |
12 | 7671. Definitions. |
13 | 7672. Phishing. |
14 | 7673. Protection from liability. |
15 | 7674. Civil relief. |
16 | § 7671. Definitions. |
|
1 | The following words and phrases when used in this subchapter |
2 | shall have the meanings given to them in this section unless the |
3 | context clearly indicates otherwise: |
4 | "Communication." A message conveyed by oral, written or |
5 | electronic means, including telephone, electronic mail, |
6 | Internet, facsimile, telex, wireless communication, web page or |
7 | similar transmission. |
8 | "Identifying information." Any document, photographic, |
9 | pictorial or computer image of another person or any fact used |
10 | to establish identity, including any of the following: |
11 | (1) Name. |
12 | (2) Birth date. |
13 | (3) Social Security number. |
14 | (4) Driver's license number or nondriver governmental |
15 | identification number. |
16 | (5) Telephone number. |
17 | (6) Checking or savings account number. |
18 | (7) Student identification number. |
19 | (8) Employee or payroll number. |
20 | (9) Electronic signature. |
21 | "Interactive computer service." An information service or |
22 | system that enables computer access by multiple users to a |
23 | computer server, including specifically a service or system that |
24 | provides access to the Internet or to software services |
25 | available on a server, and such systems operated or services |
26 | offered by a library or educational institution. |
27 | "Legitimate business." A business that is registered to do |
28 | business under the law of any jurisdiction. |
29 | "Web page." A location, with respect to the World Wide Web, |
30 | that has a single uniform resource locator or other single |
|
1 | location with respect to the Internet. |
2 | § 7672. Phishing. |
3 | (a) Offense of phishing.--An actor commits the offense of |
4 | phishing under the following circumstances if the actor, with |
5 | the intent to defraud or injure anyone or with the knowledge |
6 | that a fraud is being facilitated or that an injury is being |
7 | perpetrated by anyone: |
8 | (1) makes a communication under false pretenses by or on |
9 | behalf of a legitimate business, without the authority or |
10 | approval of the business; |
11 | (2) uses the communication to induce, request or solicit |
12 | a person to provide identifying information; and |
13 | (3) the person provides the identifying information to |
14 | the actor or an accomplice of the actor. |
15 | (b) Additional violations.--It shall also be a violation of |
16 | this section for a person to sell or distribute any identifying |
17 | information obtained in violation of subsection (a) with the |
18 | intent to defraud or injure anyone or with the knowledge that a |
19 | fraud is being facilitated or that an injury is being |
20 | perpetrated by anyone. |
21 | (c) Venue.--An offense committed under this section may be |
22 | deemed to have been committed at any of the following locations: |
23 | (1) The place where a person possessed, obtained or used |
24 | the identifying information of another person under false |
25 | pretenses. |
26 | (2) The residence of the person whose identifying |
27 | information has been obtained or used under false pretenses. |
28 | (3) The business or employment address of the person |
29 | whose identifying information has been obtained or used under |
30 | false pretenses, if the identifying information at issue is |
|
1 | associated with the person's business or employment. |
2 | (d) Grading.--A violation of subsection (a) shall be graded |
3 | as a felony of the third degree. A violation of subsection (b) |
4 | shall be graded as a felony of the second degree. |
5 | (e) Concurrent jurisdiction to prosecute.--In addition to |
6 | the authority conferred upon the Attorney General by the act of |
7 | October 15, 1980 (P.L.950, No.164), known as the Commonwealth |
8 | Attorneys Act, the Attorney General shall have the authority to |
9 | investigate and to institute criminal proceedings for any |
10 | violation of this section or any series of violations involving |
11 | more than one county of this Commonwealth or another state. No |
12 | person charged with a violation of this section by the Attorney |
13 | General shall have standing to challenge the authority of the |
14 | Attorney General to investigate or prosecute the case, and if |
15 | the challenge is made, the challenge shall be dismissed and no |
16 | relief shall be made available in the courts of this |
17 | Commonwealth to the person making this challenge. |
18 | § 7673. Protection from liability. |
19 | No interactive computer service provider may be held liable |
20 | under any provision of the laws of this Commonwealth or of one |
21 | of its political subdivisions for removing or disabling access |
22 | to content that resides on an Internet website or other online |
23 | location controlled or operated by the provider which the |
24 | provider believes in good faith is used to engage in a violation |
25 | of this subchapter. |
26 | § 7674. Civil relief. |
27 | (a) Civil action.--An interactive computer service provider |
28 | and a business shall each have a civil cause of action against |
29 | any person who utilizes the interactive computer service to make |
30 | a communication under false pretenses by or on behalf of the |
|
1 | business, without the authority of the business, for the purpose |
2 | of inducing, requesting or soliciting a person to provide |
3 | identifying information. |
4 | (b) Civil remedies.--A person permitted to bring a civil |
5 | action under this section may do any of the following: |
6 | (1) Seek injunctive relief to restrain the violator from |
7 | continuing the violation. |
8 | (2) Recover damages in an amount equal to the greater of |
9 | the following: |
10 | (i) Actual damages arising from the violation. |
11 | (ii) Statutory damages, as determined by the court, |
12 | of not more than $100,000 for each violation of the same |
13 | nature. |
14 | (3) Obtain both injunctive relief and damages as |
15 | provided in this subsection. |
16 | (c) Treble damages.--The court may increase an award of |
17 | actual damages in an action brought under this section to an |
18 | amount not to exceed three times the actual damages sustained if |
19 | the court finds that the violations have occurred with a |
20 | frequency as to constitute a pattern or practice. |
21 | (d) Attorney fees.--A person who prevails in an action filed |
22 | under this section shall be entitled to recover reasonable |
23 | attorneys fees and court costs. |
24 | (e) Venue.--An action under this section may be brought: |
25 | (1) At the residence or principal place of business of a |
26 | person who receives a communication. |
27 | (2) The principal place of business of the interactive |
28 | computer service. |
29 | (3) Such other location as provided for by the |
30 | Pennsylvania Rules of Civil Procedure. |
|
1 | Section 2. This act shall take effect in 60 days. |
|