CORRECTIVE REPRINT
PRIOR PRINTER'S NOS. 2159, 2887, 3262 PRINTER'S NO. 3279
No. 1697 Session of 2005
INTRODUCED BY SAYLOR, BAKER, BOYD, CREIGHTON, DENLINGER, GOOD,
HARRIS, R. MILLER, MUNDY, THOMAS, WANSACZ, BARRAR,
CALTAGIRONE, CLYMER, CORNELL, FAIRCHILD, GEORGE, GILLESPIE,
HUTCHINSON, M. KELLER, MANN, S. MILLER, O'NEILL, PETRARCA,
PICKETT, RAYMOND, ROHRER, RUBLEY, SCAVELLO, WALKO,
WASHINGTON, YOUNGBLOOD, ALLEN AND SIPTROTH, JUNE 13, 2005
AS AMENDED ON THIRD CONSIDERATION, HOUSE OF REPRESENTATIVES,
DECEMBER 6, 2005
AN ACT
1 Amending Title 18 (Crimes and Offenses) of the Pennsylvania
2 Consolidated Statutes, FURTHER PROVIDING FOR FAILURE TO <--
3 COMPLY WITH REGISTRATION OF SEXUAL OFFENDERS REQUIREMENTS;
4 AND providing for the OFFENSE OF SELLING OR FURNISHING LIQUOR <--
5 OR MALT OR BREWED BEVERAGES TO MINORS RESULTING IN INJURY OR
6 DEATH, FOR protection of consumers from having spyware
7 deceptively installed on their computers and for criminal and
8 civil enforcement.
9 The General Assembly of the Commonwealth of Pennsylvania
10 hereby enacts as follows:
11 Section 1. Chapter 76 of Title 18 of the Pennsylvania <--
12 Consolidated Statutes is amended by adding a subchapter to read:
13 SECTION 1. SECTION 4915(B) AND (C) OF TITLE 18 OF THE <--
14 PENNSYLVANIA CONSOLIDATED STATUTES ARE AMENDED TO READ:
15 § 4915. FAILURE TO COMPLY WITH REGISTRATION OF SEXUAL OFFENDERS
16 REQUIREMENTS.
17 * * *
18 [(B) GRADING FOR OFFENDERS WHO MUST REGISTER FOR TEN
1 YEARS.--
2 (1) EXCEPT AS PROVIDED IN PARAGRAPH (2), AN INDIVIDUAL
3 SUBJECT TO REGISTRATION UNDER 42 PA.C.S. § 9795.1(A) WHO
4 VIOLATES SUBSECTION (A)(1) OR (2) COMMITS A MISDEMEANOR OF
5 THE THIRD DEGREE.
6 (2) AN INDIVIDUAL SUBJECT TO REGISTRATION UNDER 42
7 PA.C.S. § 9795.1(A) WHO COMMITS A VIOLATION OF SUBSECTION
8 (A)(1) OR (2) AND WHO HAS PREVIOUSLY BEEN CONVICTED OF AN
9 OFFENSE UNDER SUBSECTION (A)(1) OR (2) OR A SIMILAR OFFENSE
10 COMMITS A MISDEMEANOR OF THE SECOND DEGREE.
11 (3) AN INDIVIDUAL SUBJECT TO REGISTRATION UNDER 42
12 PA.C.S. § 9795.1(A) WHO COMMITS A VIOLATION OF SUBSECTION
13 (A)(1) OR (2) AND WHO HAS PREVIOUSLY BEEN CONVICTED OF TWO OR
14 MORE OFFENSES UNDER SUBSECTION (A)(1) OR (2) OR A SIMILAR
15 OFFENSE COMMITS A FELONY OF THE THIRD DEGREE.
16 (4) AN INDIVIDUAL SUBJECT TO REGISTRATION UNDER 42
17 PA.C.S. § 9795.1(A) WHO VIOLATES SUBSECTION (A)(3) COMMITS A
18 FELONY OF THE THIRD DEGREE.
19 (C) GRADING FOR SEXUALLY VIOLENT PREDATORS AND OTHERS WITH
20 LIFETIME REGISTRATION.--
21 (1) EXCEPT AS PROVIDED IN PARAGRAPH (2), AN INDIVIDUAL
22 SUBJECT TO REGISTRATION UNDER 42 PA.C.S. § 9795.1(B)(1), (2)
23 OR (3) WHO VIOLATES SUBSECTION (A)(1) OR (2) COMMITS A
24 MISDEMEANOR OF THE SECOND DEGREE.
25 (2) AN INDIVIDUAL SUBJECT TO REGISTRATION UNDER 42
26 PA.C.S. § 9795.1(B)(1), (2) OR (3) WHO COMMITS A VIOLATION OF
27 SUBSECTION (A)(1) OR (2) AND WHO HAS PREVIOUSLY BEEN
28 CONVICTED OF AN OFFENSE UNDER SUBSECTION (A)(1) OR (2) OR A
29 SIMILAR OFFENSE COMMITS A MISDEMEANOR OF THE FIRST DEGREE.
30 (3) AN INDIVIDUAL SUBJECT TO REGISTRATION UNDER 42
20050H1697B3279 - 2 -
1 PA.C.S § 9795.1(B)(1), (2) OR (3) WHO COMMITS A VIOLATION OF
2 SUBSECTION (A)(1) OR (2) AND WHO HAS PREVIOUSLY BEEN
3 CONVICTED OF TWO OR MORE OFFENSES UNDER SUBSECTION (A)(1) OR
4 (2) OR A SIMILAR OFFENSE COMMITS A FELONY OF THE THIRD
5 DEGREE.
6 (4) AN INDIVIDUAL SUBJECT TO REGISTRATION UNDER 42
7 PA.C.S. § 9795.1(B)(1), (2) OR (3) WHO VIOLATES SUBSECTION
8 (A)(3) COMMITS A FELONY OF THE THIRD DEGREE.]
9 (B) GRADING.--AN INDIVIDUAL SUBJECT TO REGISTRATION UNDER 42
10 PA.C.S. § 9795.1(A) OR (B)(1), (2) OR (3) WHO COMMITS A
11 VIOLATION OF SUBSECTION (A) OR A SIMILAR OFFENSE COMMITS A
12 FELONY OF THE THIRD DEGREE.
13 * * *
14 SECTION 2. TITLE 18 IS AMENDED BY ADDING A SECTION TO READ:
15 § 6310.8. SELLING OR FURNISHING LIQUOR OR MALT OR BREWED
16 BEVERAGES TO MINORS RESULTING IN INJURY OR DEATH.
17 (A) BODILY INJURY.--A PERSON COMMITS A MISDEMEANOR OF THE
18 SECOND DEGREE IF THAT PERSON SELLS OR FURNISHES ANY LIQUOR OR
19 ANY MALT OR BREWED BEVERAGE TO A PERSON WHO IS UNDER 21 YEARS OF
20 AGE AND WHO SUFFERS OR CAUSES ANOTHER PERSON TO SUFFER BODILY
21 INJURY AS A RESULT OF INGESTING THAT LIQUOR OR MALT OR BREWED
22 BEVERAGE.
23 (B) SERIOUS BODILY INJURY.--A PERSON COMMITS A MISDEMEANOR
24 OF THE FIRST DEGREE IF THAT PERSON SELLS OR FURNISHES ANY LIQUOR
25 OR ANY MALT OR BREWED BEVERAGE TO A PERSON WHO IS UNDER 21 YEARS
26 OF AGE AND WHO SUFFERS OR CAUSES ANOTHER PERSON TO SUFFER
27 SERIOUS BODILY INJURY AS A RESULT OF INGESTING THAT LIQUOR OR
28 MALT OR BREWED BEVERAGE.
29 (C) DEATH.--A PERSON COMMITS A FELONY OF THE THIRD DEGREE IF
30 THAT PERSON SELLS OR FURNISHES ANY LIQUOR OR ANY MALT OR BREWED
20050H1697B3279 - 3 -
1 BEVERAGE TO A PERSON WHO IS UNDER 21 YEARS OF AGE AND WHO DIES
2 OR CAUSES THE DEATH OF ANOTHER PERSON AS A RESULT OF INGESTING
3 THAT LIQUOR OR MALT OR BREWED BEVERAGE.
4 (D) EXCEPTION.--THE PROVISIONS OF THIS SECTION SHALL NOT
5 APPLY TO ANY RELIGIOUS SERVICE OR CEREMONY WHICH MAY BE
6 CONDUCTED IN A PRIVATE HOME OR A PLACE OF WORSHIP WHERE THE
7 AMOUNT OF WINE SERVED DOES NOT EXCEED THE AMOUNT REASONABLY,
8 CUSTOMARILY AND TRADITIONALLY REQUIRED AS AN INTEGRAL PART OF
9 THE SERVICE OR CEREMONY.
10 (E) DEFINITIONS.--AS USED IN THIS SECTION, THE FOLLOWING
11 WORDS AND PHRASES SHALL HAVE THE MEANINGS GIVEN TO THEM IN THIS
12 SUBSECTION:
13 "BODILY INJURY." AS DEFINED IN SECTION 2301 (RELATING TO
14 DEFINITIONS).
15 "SERIOUS BODILY INJURY." AS DEFINED IN SECTION 2301
16 (RELATING TO DEFINITIONS).
17 SECTION 3. CHAPTER 76 OF TITLE 18 IS AMENDED BY ADDING A
18 SUBCHAPTER TO READ:
19 SUBCHAPTER F
20 SPYWARE
21 Sec.
22 7671. Scope.
23 7672. Definitions.
24 7673. Computer spyware prohibitions.
25 7674. Control or modification.
26 7675. Misrepresentation and deception.
27 7676. Nonapplicability.
28 7677. Criminal enforcement.
29 7678. Penalty.
30 7679. Civil relief.
20050H1697B3279 - 4 -
1 § 7671. Scope.
2 This subchapter deals with the consumer protection against
3 computer spyware.
4 § 7672. Definitions.
5 The following words and phrases when used in this subchapter
6 shall have the meanings given to them in this section unless the
7 context clearly indicates otherwise:
8 "Authorized user." With respect to a computer, a person who
9 owns or is authorized by the owner or lessee to use the
10 computer.
11 "Cause to be copied." To distribute, transfer or procure the
12 copying of computer software or any component thereof. The term
13 shall not include the following:
14 (1) Transmission, routing, provision of intermediate
15 temporary storage or caching of software.
16 (2) A storage or hosting medium, such as a compact disc,
17 Internet website or computer server, through which the
18 software was distributed by a third party.
19 (3) An information location tool, such as a directory,
20 index, reference, pointer or hypertext link, through which
21 the user of the computer located the software.
22 "Communications provider." Entity providing communications
23 networks or services that enable consumers to access the
24 Internet or destinations on the public switched telephone
25 network via a computer modem. This term shall include cable
26 service providers that also provide telephone services and
27 providers of Voice over Internet Protocol services.
28 "Computer software." A sequence of instructions written in
29 any programming language that is executed on a computer. The
30 term shall not include a text or data file, an Internet website
20050H1697B3279 - 5 -
1 or a data component of an Internet website that is not
2 executable independently of the Internet website.
3 "Computer virus." A computer program or other set of
4 instructions that is designed to degrade the performance of or
5 disable a computer or computer network and is designed to have
6 the ability to replicate itself on other computers or computer
7 networks without the authorization of the owners of those
8 computers or computer networks.
9 "Damage." Any material impairment to the integrity,
10 functionality or availability of data, software, a computer, a
11 system or information.
12 "Deceptive" or "deception." Includes:
13 (1) An intentionally and materially false or fraudulent
14 statement.
15 (2) A statement or description that intentionally omits
16 or misrepresents material information in order to deceive the
17 authorized user.
18 (3) An intentional and material failure to provide any
19 notice to an authorized user regarding the download or
20 installation of software in order to deceive the authorized
21 user.
22 "Execute." With respect to computer software, the
23 performance of the functions or the carrying out of the
24 instructions of the computer software.
25 "Internet." The global information system that is logically
26 linked together by a globally unique address space based on the
27 Internet Protocol (IP), or its subsequent extensions, and that
28 is able to support communications using the Transmission Control
29 Protocol/Internet Protocol (TCP/IP) suite, or its subsequent
30 extensions, or other IP-compatible protocols, and that provides,
20050H1697B3279 - 6 -
1 uses or makes accessible, either publicly or privately, high-
2 level services layered on the communications and related
3 infrastructure described in this subchapter.
4 "Message." A graphical or text communication presented to an
5 authorized user of a computer other than communications
6 originated and sent by the computer's operating system or
7 communications presented for any of the purposes described in
8 section 7676 (relating to nonapplicability).
9 "Person." Any individual, partnership, corporation, limited
10 liability company or other organization or any combination
11 thereof.
12 "Personally identifiable information." The term shall
13 include any of the following:
14 (1) First name or first initial in combination with last
15 name.
16 (2) Credit or debit card numbers or other financial
17 account numbers.
18 (3) A password or personal identification number
19 required to access an identified financial account other than
20 a password, personal identification number or other
21 identification number transmitted by an authorized user to
22 the issuer of the account or its agent.
23 (4) Social Security number.
24 (5) Any of the following information in a form that
25 personally identifies an authorized user:
26 (i) Account balances.
27 (ii) Overdraft history.
28 (iii) Payment history.
29 (iv) A history of Internet websites visited.
30 (v) Home address.
20050H1697B3279 - 7 -
1 (vi) Work address.
2 (vii) A record of a purchase or purchases.
3 "Procure the copying." To pay or provide other consideration
4 to, or induce another person to cause software to be copied onto
5 a computer.
6 § 7673. Computer spyware prohibitions.
7 A person or entity that is not an authorized user shall not,
8 with actual knowledge OR with conscious avoidance of actual <--
9 knowledge, or willfully cause computer software to be copied or <--
10 procure the copying onto the computer of an authorized user in
11 this Commonwealth and use the software to do any of the
12 following acts or any other acts deemed to be deceptive:
13 (1) Modify through deceptive means any of the following
14 settings related to the computer's access to or use of the
15 Internet:
16 (i) The page that appears when an authorized user
17 launches an Internet browser or similar software program
18 used to access and navigate the Internet.
19 (ii) The default provider or Internet website proxy
20 that the authorized user uses to access or search the
21 Internet.
22 (iii) The authorized user's list of bookmarks used
23 to access Internet website pages.
24 (2) Collect through deceptive means personally
25 identifiable information that meets any of the following
26 criteria:
27 (i) It is collected through the use of a keystroke-
28 logging function that records all keystrokes made by an
29 authorized user who uses the computer and transfers that
30 information from the computer to another person.
20050H1697B3279 - 8 -
1 (ii) It includes all or substantially all of the
2 Internet websites visited by an authorized user, other
3 than Internet websites of the provider of the software,
4 if the computer software was installed in a manner
5 designed to conceal from all authorized users of the
6 computer the fact that the software is being installed.
7 (iii) It is a data element described in paragraph
8 (2), (3), (4) or (5)(i) or (ii) of the definition of
9 "personally identifiable information" that is extracted
10 from the authorized user's computer hard drive for a
11 purpose wholly unrelated to any of the purposes of the
12 software or service described to an authorized user.
13 (3) Prevent, without the authorization of an authorized
14 user, through deceptive means an authorized user's reasonable
15 efforts to block the installation of or to disable software
16 by causing software that the authorized user has properly
17 removed or disabled to automatically reinstall or reactivate
18 on the computer without the authorization of an authorized
19 user.
20 (4) Misrepresent that software will be uninstalled or
21 disabled by an authorized user's action with knowledge that
22 the software will not be so uninstalled or disabled.
23 (5) Through deceptive means, remove, disable or render
24 inoperative security, antispyware or antivirus software
25 installed on the computer.
26 § 7674. Control or modification.
27 A person or entity that is not an authorized user shall not,
28 with actual knowledge, with conscious avoidance of actual
29 knowledge, or willfully cause computer software to be copied or
30 procure the copying onto the computer of an authorized user in
20050H1697B3279 - 9 -
1 this Commonwealth and use the software to do any of the
2 following acts or any other acts deemed to be deceptive:
3 (1) Take control of the authorized user's computer by
4 doing any of the following:
5 (i) Transmitting or relaying commercial electronic
6 mail or a computer virus from the authorized user's
7 computer, where the transmission or relaying is initiated
8 by a person other than the authorized user and without
9 the authorization of an authorized user.
10 (ii) Accessing or using the authorized user's modem
11 or Internet service for the purpose of causing damage to
12 the authorized user's computer or of causing an
13 authorized user to incur financial charges for a service
14 that is not authorized by an authorized user.
15 (iii) Using the authorized user's computer as part
16 of an activity performed by a group of computers for the
17 purpose of causing damage to another computer, including,
18 but not limited to, launching a denial of service attack.
19 (iv) Opening a series of stand-alone messages in the
20 authorized user's computer without the authorization of
21 an authorized user and with knowledge that a reasonable
22 computer user cannot close the advertisements without
23 turning off the computer or closing the Internet
24 application.
25 (2) Modify any of the following settings related to the
26 computer's access to or use of the Internet:
27 (i) An authorized user's security or other settings
28 that protect information about the authorized user for
29 the purpose of stealing personal information of an
30 authorized user.
20050H1697B3279 - 10 -
1 (ii) The security settings of the computer for the
2 purpose of causing damage to one or more computers.
3 (3) Prevent, without the authorization of an authorized
4 user, an authorized user's reasonable efforts to block the
5 installation of or to disable software by doing any of the
6 following:
7 (i) Presenting the authorized user with an option to
8 decline installation of software with knowledge that,
9 when the option is selected by the authorized user, the
10 installation nevertheless proceeds.
11 (ii) Falsely representing that software has been
12 disabled.
13 (iii) Requiring in a deceptive manner the user to
14 access the Internet to remove the software with knowledge
15 or reckless disregard of the fact that the software
16 frequently operates in a manner that prevents the user
17 from accessing the Internet.
18 (iv) Changing the name, location or other
19 designation information of the software for the purpose
20 of preventing an authorized user from locating the
21 software to remove it.
22 (v) Using randomized or deceptive file names,
23 directory folders, formats or registry entries for the
24 purpose of avoiding detection and removal of the software
25 by an authorized user.
26 (vi) Causing the installation of software in a
27 particular computer directory or computer memory for the
28 purpose of evading authorized users' attempts to remove
29 the software from the computer.
30 (vii) Requiring, without the authority of the owner
20050H1697B3279 - 11 -
1 of the computer, that an authorized user obtain a special
2 code or download software from a third party to uninstall
3 the software.
4 § 7675. Misrepresentation and deception.
5 A person or entity who is not an authorized user shall not do
6 any of the following or any other misrepresenting and deceptive
7 acts with regard to the computer of an authorized user in this
8 Commonwealth:
9 (1) Induce an authorized user to install a software
10 component onto the computer by misrepresenting that
11 installing software is necessary for security or privacy
12 reasons or in order to open, view or play a particular type
13 of content.
14 (2) Causing the copying and execution on the computer of
15 a computer software component with the intent of causing an
16 authorized user to use the component in a way that violates
17 any other provision of this section.
18 § 7676. Nonapplicability.
19 (1) Nothing in section 7674 (relating to control or
20 modification) or 7675 (relating to misrepresentation and
21 deception) shall apply to any monitoring of or interaction
22 with a user's Internet or other network connection or
23 service, or a protected computer, by a cable operator,
24 computer hardware or software provider or provider of
25 information service or interactive computer service for
26 network or computer security purposes, diagnostics, technical
27 support, repair, authorized updates of software or system
28 firmware, network management or maintenance, authorized
29 remote system management or detection or prevention of the
30 unauthorized use of or fraudulent or other illegal activities
20050H1697B3279 - 12 -
1 in connection with a network, service or computer software,
2 including scanning for and removing software proscribed under
3 this subchapter.
4 (2) Nothing in this subchapter shall limit the rights of
5 providers of wire and electronic communications under 18
6 U.S.C. § 2511 (relating to interception and disclosure of
7 wire, oral, or electronic communications prohibited).
8 § 7677. Criminal enforcement.
9 (a) District attorneys.--The district attorneys of the
10 several counties shall have authority to investigate and to
11 institute criminal proceedings for any violations of this act.
12 (b) Attorney General.--In addition to the authority
13 conferred upon the Attorney General under the act of October 15,
14 1980 (P.L.950, No.164), known as the Commonwealth Attorneys Act,
15 the Attorney General shall have the authority to investigate and
16 institute criminal proceedings for any violation of this
17 subchapter. A person charged with a violation of this subchapter
18 by the Attorney General shall not have standing to challenge the
19 authority of the Attorney General to investigate or prosecute
20 the case, and, if any such challenge is made, the challenge
21 shall be dismissed and no relief shall be available in the
22 courts of this Commonwealth to the person making the challenge.
23 (c) Proceedings against persons outside Commonwealth.--In
24 addition to the powers conferred upon the district attorneys and
25 the Attorney General in subsections (a) and (b), district
26 attorneys and the Attorney General shall have the authority to
27 investigate and initiate criminal proceedings against persons
28 for violations of this act in accordance with section 102
29 (relating to territorial applicability).
30 § 7678. Penalty.
20050H1697B3279 - 13 -
1 Any person that violates the provisions of sections 7673(2)
2 (relating to computer spyware prohibitions) and 7574(1)(i), (ii)
3 and (iii) and (2)(i) and (ii) (relating to control or
4 modification) shall be guilty of a felony of the second degree
5 and, upon conviction thereof, shall be sentenced to imprisonment
6 for not less than one nor more than ten years or a fine,
7 notwithstanding section 1101 (relating to fines), of not more
8 than $25,000, or both.
9 § 7679. Civil relief.
10 (a) General rule.--Subject to the limitation set forth in
11 subsection (g), the following persons may bring a civil action
12 against a person who violates this act:
13 (1) A provider of computer software who is adversely
14 affected by the violation.
15 (2) An Internet service provider who is adversely
16 affected by the violation.
17 (3) A trademark owner whose trademark is used without
18 the authorization of the owner to deceive users in the course
19 of any of the deceptive practices prohibited by this section.
20 (4) The Attorney General.
21 (b) Additional remedies.--In addition to any other remedy
22 provided by law, a permitted person bringing an action under
23 this section may:
24 (1) Seek injunctive relief to restrain the violator from
25 continuing the violation.
26 (2) Recover damages in an amount equal to the greater
27 of:
28 (i) Actual damages arising from the violation.
29 (ii) Up to $100,000 for each violation, as the court
30 considers just.
20050H1697B3279 - 14 -
1 (3) Seek both injunctive relief and recovery of damages
2 as provided by this subsection.
3 (c) Increase by court.--The court may increase an award of
4 actual damages in an action brought under this section to an
5 amount not to exceed three times the actual damages sustained if
6 the court finds that the violations have occurred with a
7 frequency with respect to a group of victims as to constitute a
8 pattern or practice.
9 (d) Fees and costs.--A plaintiff who prevails in an action
10 filed under this section is entitled to recover reasonable
11 attorney fees and court costs.
12 (e) Communications provider relief.--In the case of a
13 violation of section 7674(1)(ii) (relating to control or
14 modification) that causes a communications provider to incur
15 costs for the origination, transport or termination of a call
16 triggered using the modem of a customer of the communications
17 provider as a result of a violation, the communications provider
18 may bring a civil action against the violator to recover any or
19 all of the following:
20 (1) The charges the carrier is obligated to pay to
21 another carrier or to an information service provider as a
22 result of the violation, including, but not limited to,
23 charges for the origination, transport or termination of the
24 call.
25 (2) Costs of handling customer inquiries or complaints
26 with respect to amounts billed for calls.
27 (3) Costs and a reasonable attorney fee.
28 (4) An order to enjoin the violation.
29 (f) Multiple violations.--For purposes of a civil action
30 under this section, any single action or conduct that violates
20050H1697B3279 - 15 -
1 more than one provision of this subchapter shall be considered
2 multiple violations based on the number of such paragraphs
3 violated.
4 (g) Unfair trade practice.--A violation of this subchapter
5 shall be deemed to be an unfair or deceptive act or practice in
6 violation of the act of December 17, 1968 (P.L.1224, No.387),
7 known as the Unfair Trade Practices and Consumer Protection Law.
8 The Office of Attorney General shall have exclusive authority to
9 bring an action under the Unfair Trade Practices and Consumer
10 Protection Law for a violation of that act.
11 Section 2 4. This act shall take effect in 60 days. <--
A31L18DMS/20050H1697B3279 - 16 -