PRIOR PRINTER'S NOS. 438, 1489 PRINTER'S NO. 1540
No. 390 Session of 2007
INTRODUCED BY CORMAN, WONDERLING, RAFFERTY, GORDNER, BROWNE,
COSTA, TARTAGLIONE, WOZNIAK, ORIE, O'PAKE, REGOLA, WAUGH,
STACK, ROBBINS, KASUNIC, C. WILLIAMS, TOMLINSON, BAKER,
FERLO, BRUBAKER, FONTANA, RHOADES, LAVALLE, PIPPY, LOGAN,
PUNT, STOUT AND WASHINGTON, MARCH 13, 2007
AS AMENDED ON SECOND CONSIDERATION, NOVEMBER 13, 2007
AN ACT
1 Amending Title 18 (Crimes and Offenses) of the Pennsylvania
2 Consolidated Statutes, providing for the offense of phishing.
3 The General Assembly of the Commonwealth of Pennsylvania
4 hereby enacts as follows:
5 Section 1. Chapter 76 of Title 18 of the Pennsylvania
6 Consolidated Statutes is amended by adding a subchapter to read:
7 SUBCHAPTER F
8 PHISHING
9 Sec.
10 7671. Definitions.
11 7672. Phishing.
12 7673. Protection from liability.
13 7674. Civil relief.
14 § 7671. Definitions.
15 The following words and phrases when used in this subchapter
16 shall have the meanings given to them in this section unless the
1 context clearly indicates otherwise:
2 "Communication." A message conveyed by oral, written or
3 electronic means, including telephone, electronic mail,
4 Internet, facsimile, telex, wireless communication, web page or
5 similar transmission.
6 "Identifying information." Any document, photographic,
7 pictorial or computer image of another person, or any fact used
8 to establish identity, including any of the following:
9 (1) Name.
10 (2) Birth date.
11 (3) Social Security number.
12 (4) Driver's license number or nondriver governmental
13 identification number.
14 (5) Telephone number.
15 (6) Checking or savings account number.
16 (7) Student identification number.
17 (8) Employee or payroll number.
18 (9) Electronic signature.
19 "Interactive computer service." An information service or
20 system that enables computer access by multiple users to a
21 computer server, including specifically a service or system that
22 provides access to the Internet or to software services
23 available on a server, and such systems operated or services
24 offered by a library or educational institution.
25 "Legitimate business." A business that is registered to do
26 business under the law of any jurisdiction.
27 "Web page." A location, with respect to the Internet
28 website, that has a single uniform resource locator or other
29 single location with respect to the Internet.
30 § 7672. Phishing.
20070S0390B1540 - 2 -
1 (a) Offense of phishing.--An actor A PERSON commits the <--
2 offense of phishing under the following circumstances if the
3 actor PERSON, with the intent to defraud or injure anyone <--
4 ANOTHER or with the knowledge that a fraud is being facilitated <--
5 or that an injury is being perpetrated by anyone ANOTHER PERSON: <--
6 (1) (i) makes a communication requesting or soliciting
7 a person to provide identifying information under false
8 pretenses by or on behalf of a legitimate business,
9 without the authority or approval of the business; and
10 (ii) the person provides the RECEIVES identifying <--
11 information PURSUANT TO THE ACTION TAKEN UNDER <--
12 SUBPARAGRAPH (I); or
13 (2) sells or distributes any identifying information
14 obtained in violation of UNDER paragraph (1). <--
15 (b) Venue.--An offense committed under this section may be
16 deemed to have been committed at any of the following locations:
17 (1) The place where a person possessed, obtained or used
18 the identifying information of another person under false
19 pretenses.
20 (2) The residence of the person whose identifying
21 information has been obtained or used under false pretenses.
22 (3) The business or employment address of the person
23 whose identifying information has been obtained or used under
24 false pretenses, if the identifying information at issue is
25 associated with the person's business or employment.
26 (c) Grading.--A violation of subsection (a)(1) shall be
27 graded as a felony of the third degree. A violation of
28 subsection (a)(2) shall be graded as a felony of the second
29 degree.
30 (d) Concurrent jurisdiction to prosecute.--In addition to
20070S0390B1540 - 3 -
1 the authority conferred upon the Attorney General by the act of
2 October 15, 1980 (P.L.950, No.164), known as the Commonwealth
3 Attorneys Act, the Attorney General shall have the authority to
4 investigate and to institute criminal proceedings for any
5 violation of this section or any series of violations involving
6 more than one county of this Commonwealth or another state. No
7 person charged with a violation of this section by the Attorney
8 General shall have standing to challenge the authority of the
9 Attorney General to investigate or prosecute the case, and if
10 the challenge is made, the challenge shall be dismissed and no
11 relief shall be made available in the courts of this
12 Commonwealth to the person making this challenge.
13 § 7673. Protection from liability.
14 No interactive computer service provider may be held liable
15 under any provision of the laws of this Commonwealth or of one
16 of its political subdivisions for removing or disabling access
17 to content that resides on an Internet website or other online
18 location controlled or operated by the provider which the
19 provider believes in good faith is used to engage in a violation
20 of this subchapter.
21 § 7674. Civil relief.
22 (a) Civil action.--An interactive computer service provider
23 and a LEGITIMATE business shall each have a civil cause of <--
24 action against any person who utilizes the interactive computer
25 service to make a communication under false pretenses by or on
26 behalf of the business, without the authority of the business,
27 for the purpose of inducing, requesting or soliciting a person <--
28 to provide identifying information.
29 (b) Civil remedies.--A person permitted to bring a civil
30 action under this section may do any of the following:
20070S0390B1540 - 4 -
1 (1) Seek injunctive relief to restrain the violator A <--
2 PERSON from continuing the violation.
3 (2) Recover damages in an amount equal to the greater of
4 the following:
5 (i) Actual damages arising from the violation.
6 (ii) Statutory damages, as determined by the court,
7 of not more than $100,000 for each violation of the same
8 nature.
9 (3) Obtain both injunctive relief and damages as <--
10 provided in this subsection.
11 (c) Treble damages.--The court may increase an award of
12 actual damages in an action brought under this section to an
13 amount not to exceed three times the actual damages sustained if
14 the court finds that the violations have occurred with a
15 frequency as to constitute a pattern or practice.
16 (d) Attorney fees.--A person who prevails in an action filed
17 under this section shall be entitled to recover reasonable
18 attorneys fees and court costs.
19 (e) Venue.--An action under this section may be brought:
20 (1) At the residence or principal place of business of a
21 person who receives a communication.
22 (2) The principal place of business of the interactive
23 computer service.
24 (3) Such other location as provided for by the
25 Pennsylvania Rules of Civil Procedure.
26 Section 2. This act shall take effect in 60 days.
A2L18MSP/20070S0390B1540 - 5 -