PRIOR PRINTER'S NOS. 2159, 2887 PRINTER'S NO. 3262
No. 1697 Session of 2005
INTRODUCED BY SAYLOR, BAKER, BOYD, CREIGHTON, DENLINGER, GOOD, HARRIS, R. MILLER, MUNDY, THOMAS, WANSACZ, BARRAR, CALTAGIRONE, CLYMER, CORNELL, FAIRCHILD, GEORGE, GILLESPIE, HUTCHINSON, M. KELLER, MANN, S. MILLER, O'NEILL, PETRARCA, PICKETT, RAYMOND, ROHRER, RUBLEY, SCAVELLO, WALKO, WASHINGTON, YOUNGBLOOD, ALLEN AND SIPTROTH, JUNE 13, 2005
AS AMENDED ON THIRD CONSIDERATION, HOUSE OF REPRESENTATIVES, DECEMBER 6, 2005
AN ACT 1 Amending Title 18 (Crimes and Offenses) of the Pennsylvania 2 Consolidated Statutes, providing for the OFFENSE OF SELLING <-- 3 OR FURNISHING LIQUOR OR MALT OR BREWED BEVERAGES TO MINORS 4 RESULTING IN INJURY OR DEATH, FOR protection of consumers 5 from having spyware deceptively installed on their computers 6 and for criminal and civil enforcement. 7 The General Assembly of the Commonwealth of Pennsylvania 8 hereby enacts as follows: 9 Section 1. Chapter 76 of Title 18 of the Pennsylvania <-- 10 Consolidated Statutes is amended by adding a subchapter to read: 11 SECTION 1. TITLE 18 OF THE PENNSYLVANIA CONSOLIDATED <-- 12 STATUTES IS AMENDED BY ADDING A SECTION TO READ: 13 § 6310.8. SELLING OR FURNISHING LIQUOR OR MALT OR BREWED 14 BEVERAGES TO MINORS RESULTING IN INJURY OR DEATH. 15 (A) BODILY INJURY.--A PERSON COMMITS A MISDEMEANOR OF THE 16 SECOND DEGREE IF THAT PERSON SELLS OR FURNISHES ANY LIQUOR OR 17 ANY MALT OR BREWED BEVERAGE TO A PERSON WHO IS UNDER 21 YEARS OF
1 AGE AND WHO SUFFERS OR CAUSES ANOTHER PERSON TO SUFFER BODILY 2 INJURY AS A RESULT OF INGESTING THAT LIQUOR OR MALT OR BREWED 3 BEVERAGE. 4 (B) SERIOUS BODILY INJURY.--A PERSON COMMITS A MISDEMEANOR 5 OF THE FIRST DEGREE IF THAT PERSON SELLS OR FURNISHES ANY LIQUOR 6 OR ANY MALT OR BREWED BEVERAGE TO A PERSON WHO IS UNDER 21 YEARS 7 OF AGE AND WHO SUFFERS OR CAUSES ANOTHER PERSON TO SUFFER 8 SERIOUS BODILY INJURY AS A RESULT OF INGESTING THAT LIQUOR OR 9 MALT OR BREWED BEVERAGE. 10 (C) DEATH.--A PERSON COMMITS A FELONY OF THE THIRD DEGREE IF 11 THAT PERSON SELLS OR FURNISHES ANY LIQUOR OR ANY MALT OR BREWED 12 BEVERAGE TO A PERSON WHO IS UNDER 21 YEARS OF AGE AND WHO DIES 13 OR CAUSES THE DEATH OF ANOTHER PERSON AS A RESULT OF INGESTING 14 THAT LIQUOR OR MALT OR BREWED BEVERAGE. 15 (D) EXCEPTION.--THE PROVISIONS OF THIS SECTION SHALL NOT 16 APPLY TO ANY RELIGIOUS SERVICE OR CEREMONY WHICH MAY BE 17 CONDUCTED IN A PRIVATE HOME OR A PLACE OF WORSHIP WHERE THE 18 AMOUNT OF WINE SERVED DOES NOT EXCEED THE AMOUNT REASONABLY, 19 CUSTOMARILY AND TRADITIONALLY REQUIRED AS AN INTEGRAL PART OF 20 THE SERVICE OR CEREMONY. 21 (E) DEFINITIONS.--AS USED IN THIS SECTION, THE FOLLOWING 22 WORDS AND PHRASES SHALL HAVE THE MEANINGS GIVEN TO THEM IN THIS 23 SUBSECTION: 24 "BODILY INJURY." AS DEFINED IN SECTION 2301 (RELATING TO 25 DEFINITIONS). 26 "SERIOUS BODILY INJURY." AS DEFINED IN SECTION 2301 27 (RELATING TO DEFINITIONS). 28 SECTION 2. CHAPTER 76 OF TITLE 18 IS AMENDED BY ADDING A 29 SUBCHAPTER TO READ: 30 SUBCHAPTER F 20050H1697B3262 - 2 -
1 SPYWARE 2 Sec. 3 7671. Scope. 4 7672. Definitions. 5 7673. Computer spyware prohibitions. 6 7674. Control or modification. 7 7675. Misrepresentation and deception. 8 7676. Nonapplicability. 9 7677. Criminal enforcement. 10 7678. Penalty. 11 7679. Civil relief. 12 § 7671. Scope. 13 This subchapter deals with the consumer protection against 14 computer spyware. 15 § 7672. Definitions. 16 The following words and phrases when used in this subchapter 17 shall have the meanings given to them in this section unless the 18 context clearly indicates otherwise: 19 "Authorized user." With respect to a computer, a person who 20 owns or is authorized by the owner or lessee to use the 21 computer. 22 "Cause to be copied." To distribute, transfer or procure the 23 copying of computer software or any component thereof. The term 24 shall not include the following: 25 (1) Transmission, routing, provision of intermediate 26 temporary storage or caching of software. 27 (2) A storage or hosting medium, such as a compact disc, 28 Internet website or computer server, through which the 29 software was distributed by a third party. 30 (3) An information location tool, such as a directory, 20050H1697B3262 - 3 -
1 index, reference, pointer or hypertext link, through which 2 the user of the computer located the software. 3 "Communications provider." Entity providing communications 4 networks or services that enable consumers to access the 5 Internet or destinations on the public switched telephone 6 network via a computer modem. This term shall include cable 7 service providers that also provide telephone services and 8 providers of Voice over Internet Protocol services. 9 "Computer software." A sequence of instructions written in 10 any programming language that is executed on a computer. The 11 term shall not include a text or data file, an Internet website 12 or a data component of an Internet website that is not 13 executable independently of the Internet website. 14 "Computer virus." A computer program or other set of 15 instructions that is designed to degrade the performance of or 16 disable a computer or computer network and is designed to have 17 the ability to replicate itself on other computers or computer 18 networks without the authorization of the owners of those 19 computers or computer networks. 20 "Damage." Any material impairment to the integrity, 21 functionality or availability of data, software, a computer, a 22 system or information. 23 "Deceptive" or "deception." Includes: 24 (1) An intentionally and materially false or fraudulent 25 statement. 26 (2) A statement or description that intentionally omits 27 or misrepresents material information in order to deceive the 28 authorized user. 29 (3) An intentional and material failure to provide any 30 notice to an authorized user regarding the download or 20050H1697B3262 - 4 -
1 installation of software in order to deceive the authorized 2 user. 3 "Execute." With respect to computer software, the 4 performance of the functions or the carrying out of the 5 instructions of the computer software. 6 "Internet." The global information system that is logically 7 linked together by a globally unique address space based on the 8 Internet Protocol (IP), or its subsequent extensions, and that 9 is able to support communications using the Transmission Control 10 Protocol/Internet Protocol (TCP/IP) suite, or its subsequent 11 extensions, or other IP-compatible protocols, and that provides, 12 uses or makes accessible, either publicly or privately, high- 13 level services layered on the communications and related 14 infrastructure described in this subchapter. 15 "Message." A graphical or text communication presented to an 16 authorized user of a computer other than communications 17 originated and sent by the computer's operating system or 18 communications presented for any of the purposes described in 19 section 7676 (relating to nonapplicability). 20 "Person." Any individual, partnership, corporation, limited 21 liability company or other organization or any combination 22 thereof. 23 "Personally identifiable information." The term shall 24 include any of the following: 25 (1) First name or first initial in combination with last 26 name. 27 (2) Credit or debit card numbers or other financial 28 account numbers. 29 (3) A password or personal identification number 30 required to access an identified financial account other than 20050H1697B3262 - 5 -
1 a password, personal identification number or other
2 identification number transmitted by an authorized user to
3 the issuer of the account or its agent.
4 (4) Social Security number.
5 (5) Any of the following information in a form that
6 personally identifies an authorized user:
7 (i) Account balances.
8 (ii) Overdraft history.
9 (iii) Payment history.
10 (iv) A history of Internet websites visited.
11 (v) Home address.
12 (vi) Work address.
13 (vii) A record of a purchase or purchases.
14 "Procure the copying." To pay or provide other consideration
15 to, or induce another person to cause software to be copied onto
16 a computer.
17 § 7673. Computer spyware prohibitions.
18 A person or entity that is not an authorized user shall not,
19 with actual knowledge OR with conscious avoidance of actual <--
20 knowledge, or willfully cause computer software to be copied or <--
21 procure the copying onto the computer of an authorized user in
22 this Commonwealth and use the software to do any of the
23 following acts or any other acts deemed to be deceptive:
24 (1) Modify through deceptive means any of the following
25 settings related to the computer's access to or use of the
26 Internet:
27 (i) The page that appears when an authorized user
28 launches an Internet browser or similar software program
29 used to access and navigate the Internet.
30 (ii) The default provider or Internet website proxy
20050H1697B3262 - 6 -
1 that the authorized user uses to access or search the 2 Internet. 3 (iii) The authorized user's list of bookmarks used 4 to access Internet website pages. 5 (2) Collect through deceptive means personally 6 identifiable information that meets any of the following 7 criteria: 8 (i) It is collected through the use of a keystroke- 9 logging function that records all keystrokes made by an 10 authorized user who uses the computer and transfers that 11 information from the computer to another person. 12 (ii) It includes all or substantially all of the 13 Internet websites visited by an authorized user, other 14 than Internet websites of the provider of the software, 15 if the computer software was installed in a manner 16 designed to conceal from all authorized users of the 17 computer the fact that the software is being installed. 18 (iii) It is a data element described in paragraph 19 (2), (3), (4) or (5)(i) or (ii) of the definition of 20 "personally identifiable information" that is extracted 21 from the authorized user's computer hard drive for a 22 purpose wholly unrelated to any of the purposes of the 23 software or service described to an authorized user. 24 (3) Prevent, without the authorization of an authorized 25 user, through deceptive means an authorized user's reasonable 26 efforts to block the installation of or to disable software 27 by causing software that the authorized user has properly 28 removed or disabled to automatically reinstall or reactivate 29 on the computer without the authorization of an authorized 30 user. 20050H1697B3262 - 7 -
1 (4) Misrepresent that software will be uninstalled or 2 disabled by an authorized user's action with knowledge that 3 the software will not be so uninstalled or disabled. 4 (5) Through deceptive means, remove, disable or render 5 inoperative security, antispyware or antivirus software 6 installed on the computer. 7 § 7674. Control or modification. 8 A person or entity that is not an authorized user shall not, 9 with actual knowledge, with conscious avoidance of actual 10 knowledge, or willfully cause computer software to be copied or 11 procure the copying onto the computer of an authorized user in 12 this Commonwealth and use the software to do any of the 13 following acts or any other acts deemed to be deceptive: 14 (1) Take control of the authorized user's computer by 15 doing any of the following: 16 (i) Transmitting or relaying commercial electronic 17 mail or a computer virus from the authorized user's 18 computer, where the transmission or relaying is initiated 19 by a person other than the authorized user and without 20 the authorization of an authorized user. 21 (ii) Accessing or using the authorized user's modem 22 or Internet service for the purpose of causing damage to 23 the authorized user's computer or of causing an 24 authorized user to incur financial charges for a service 25 that is not authorized by an authorized user. 26 (iii) Using the authorized user's computer as part 27 of an activity performed by a group of computers for the 28 purpose of causing damage to another computer, including, 29 but not limited to, launching a denial of service attack. 30 (iv) Opening a series of stand-alone messages in the 20050H1697B3262 - 8 -
1 authorized user's computer without the authorization of 2 an authorized user and with knowledge that a reasonable 3 computer user cannot close the advertisements without 4 turning off the computer or closing the Internet 5 application. 6 (2) Modify any of the following settings related to the 7 computer's access to or use of the Internet: 8 (i) An authorized user's security or other settings 9 that protect information about the authorized user for 10 the purpose of stealing personal information of an 11 authorized user. 12 (ii) The security settings of the computer for the 13 purpose of causing damage to one or more computers. 14 (3) Prevent, without the authorization of an authorized 15 user, an authorized user's reasonable efforts to block the 16 installation of or to disable software by doing any of the 17 following: 18 (i) Presenting the authorized user with an option to 19 decline installation of software with knowledge that, 20 when the option is selected by the authorized user, the 21 installation nevertheless proceeds. 22 (ii) Falsely representing that software has been 23 disabled. 24 (iii) Requiring in a deceptive manner the user to 25 access the Internet to remove the software with knowledge 26 or reckless disregard of the fact that the software 27 frequently operates in a manner that prevents the user 28 from accessing the Internet. 29 (iv) Changing the name, location or other 30 designation information of the software for the purpose 20050H1697B3262 - 9 -
1 of preventing an authorized user from locating the 2 software to remove it. 3 (v) Using randomized or deceptive file names, 4 directory folders, formats or registry entries for the 5 purpose of avoiding detection and removal of the software 6 by an authorized user. 7 (vi) Causing the installation of software in a 8 particular computer directory or computer memory for the 9 purpose of evading authorized users' attempts to remove 10 the software from the computer. 11 (vii) Requiring, without the authority of the owner 12 of the computer, that an authorized user obtain a special 13 code or download software from a third party to uninstall 14 the software. 15 § 7675. Misrepresentation and deception. 16 A person or entity who is not an authorized user shall not do 17 any of the following or any other misrepresenting and deceptive 18 acts with regard to the computer of an authorized user in this 19 Commonwealth: 20 (1) Induce an authorized user to install a software 21 component onto the computer by misrepresenting that 22 installing software is necessary for security or privacy 23 reasons or in order to open, view or play a particular type 24 of content. 25 (2) Causing the copying and execution on the computer of 26 a computer software component with the intent of causing an 27 authorized user to use the component in a way that violates 28 any other provision of this section. 29 § 7676. Nonapplicability. 30 (1) Nothing in section 7674 (relating to control or 20050H1697B3262 - 10 -
1 modification) or 7675 (relating to misrepresentation and 2 deception) shall apply to any monitoring of or interaction 3 with a user's Internet or other network connection or 4 service, or a protected computer, by a cable operator, 5 computer hardware or software provider or provider of 6 information service or interactive computer service for 7 network or computer security purposes, diagnostics, technical 8 support, repair, authorized updates of software or system 9 firmware, network management or maintenance, authorized 10 remote system management or detection or prevention of the 11 unauthorized use of or fraudulent or other illegal activities 12 in connection with a network, service or computer software, 13 including scanning for and removing software proscribed under 14 this subchapter. 15 (2) Nothing in this subchapter shall limit the rights of 16 providers of wire and electronic communications under 18 17 U.S.C. § 2511 (relating to interception and disclosure of 18 wire, oral, or electronic communications prohibited). 19 § 7677. Criminal enforcement. 20 (a) District attorneys.--The district attorneys of the 21 several counties shall have authority to investigate and to 22 institute criminal proceedings for any violations of this act. 23 (b) Attorney General.--In addition to the authority 24 conferred upon the Attorney General under the act of October 15, 25 1980 (P.L.950, No.164), known as the Commonwealth Attorneys Act, 26 the Attorney General shall have the authority to investigate and 27 institute criminal proceedings for any violation of this 28 subchapter. A person charged with a violation of this subchapter 29 by the Attorney General shall not have standing to challenge the 30 authority of the Attorney General to investigate or prosecute 20050H1697B3262 - 11 -
1 the case, and, if any such challenge is made, the challenge 2 shall be dismissed and no relief shall be available in the 3 courts of this Commonwealth to the person making the challenge. 4 (c) Proceedings against persons outside Commonwealth.--In 5 addition to the powers conferred upon the district attorneys and 6 the Attorney General in subsections (a) and (b), district 7 attorneys and the Attorney General shall have the authority to 8 investigate and initiate criminal proceedings against persons 9 for violations of this act in accordance with section 102 10 (relating to territorial applicability). 11 § 7678. Penalty. 12 Any person that violates the provisions of sections 7673(2) 13 (relating to computer spyware prohibitions) and 7574(1)(i), (ii) 14 and (iii) and (2)(i) and (ii) (relating to control or 15 modification) shall be guilty of a felony of the second degree 16 and, upon conviction thereof, shall be sentenced to imprisonment 17 for not less than one nor more than ten years or a fine, 18 notwithstanding section 1101 (relating to fines), of not more 19 than $25,000, or both. 20 § 7679. Civil relief. 21 (a) General rule.--Subject to the limitation set forth in 22 subsection (g), the following persons may bring a civil action 23 against a person who violates this act: 24 (1) A provider of computer software who is adversely 25 affected by the violation. 26 (2) An Internet service provider who is adversely 27 affected by the violation. 28 (3) A trademark owner whose trademark is used without 29 the authorization of the owner to deceive users in the course 30 of any of the deceptive practices prohibited by this section. 20050H1697B3262 - 12 -
1 (4) The Attorney General. 2 (b) Additional remedies.--In addition to any other remedy 3 provided by law, a permitted person bringing an action under 4 this section may: 5 (1) Seek injunctive relief to restrain the violator from 6 continuing the violation. 7 (2) Recover damages in an amount equal to the greater 8 of: 9 (i) Actual damages arising from the violation. 10 (ii) Up to $100,000 for each violation, as the court 11 considers just. 12 (3) Seek both injunctive relief and recovery of damages 13 as provided by this subsection. 14 (c) Increase by court.--The court may increase an award of 15 actual damages in an action brought under this section to an 16 amount not to exceed three times the actual damages sustained if 17 the court finds that the violations have occurred with a 18 frequency with respect to a group of victims as to constitute a 19 pattern or practice. 20 (d) Fees and costs.--A plaintiff who prevails in an action 21 filed under this section is entitled to recover reasonable 22 attorney fees and court costs. 23 (e) Communications provider relief.--In the case of a 24 violation of section 7674(1)(ii) (relating to control or 25 modification) that causes a communications provider to incur 26 costs for the origination, transport or termination of a call 27 triggered using the modem of a customer of the communications 28 provider as a result of a violation, the communications provider 29 may bring a civil action against the violator to recover any or 30 all of the following: 20050H1697B3262 - 13 -
1 (1) The charges the carrier is obligated to pay to
2 another carrier or to an information service provider as a
3 result of the violation, including, but not limited to,
4 charges for the origination, transport or termination of the
5 call.
6 (2) Costs of handling customer inquiries or complaints
7 with respect to amounts billed for calls.
8 (3) Costs and a reasonable attorney fee.
9 (4) An order to enjoin the violation.
10 (f) Multiple violations.--For purposes of a civil action
11 under this section, any single action or conduct that violates
12 more than one provision of this subchapter shall be considered
13 multiple violations based on the number of such paragraphs
14 violated.
15 (g) Unfair trade practice.--A violation of this subchapter
16 shall be deemed to be an unfair or deceptive act or practice in
17 violation of the act of December 17, 1968 (P.L.1224, No.387),
18 known as the Unfair Trade Practices and Consumer Protection Law.
19 The Office of Attorney General shall have exclusive authority to
20 bring an action under the Unfair Trade Practices and Consumer
21 Protection Law for a violation of that act.
22 Section 2 3. This act shall take effect in 60 days. <--
A31L18DMS/20050H1697B3262 - 14 -