PRIOR PRINTER'S NOS. 438, 1489 PRINTER'S NO. 1540
No. 390 Session of 2007
INTRODUCED BY CORMAN, WONDERLING, RAFFERTY, GORDNER, BROWNE, COSTA, TARTAGLIONE, WOZNIAK, ORIE, O'PAKE, REGOLA, WAUGH, STACK, ROBBINS, KASUNIC, C. WILLIAMS, TOMLINSON, BAKER, FERLO, BRUBAKER, FONTANA, RHOADES, LAVALLE, PIPPY, LOGAN, PUNT, STOUT AND WASHINGTON, MARCH 13, 2007
AS AMENDED ON SECOND CONSIDERATION, NOVEMBER 13, 2007
AN ACT 1 Amending Title 18 (Crimes and Offenses) of the Pennsylvania 2 Consolidated Statutes, providing for the offense of phishing. 3 The General Assembly of the Commonwealth of Pennsylvania 4 hereby enacts as follows: 5 Section 1. Chapter 76 of Title 18 of the Pennsylvania 6 Consolidated Statutes is amended by adding a subchapter to read: 7 SUBCHAPTER F 8 PHISHING 9 Sec. 10 7671. Definitions. 11 7672. Phishing. 12 7673. Protection from liability. 13 7674. Civil relief. 14 § 7671. Definitions. 15 The following words and phrases when used in this subchapter 16 shall have the meanings given to them in this section unless the
1 context clearly indicates otherwise: 2 "Communication." A message conveyed by oral, written or 3 electronic means, including telephone, electronic mail, 4 Internet, facsimile, telex, wireless communication, web page or 5 similar transmission. 6 "Identifying information." Any document, photographic, 7 pictorial or computer image of another person, or any fact used 8 to establish identity, including any of the following: 9 (1) Name. 10 (2) Birth date. 11 (3) Social Security number. 12 (4) Driver's license number or nondriver governmental 13 identification number. 14 (5) Telephone number. 15 (6) Checking or savings account number. 16 (7) Student identification number. 17 (8) Employee or payroll number. 18 (9) Electronic signature. 19 "Interactive computer service." An information service or 20 system that enables computer access by multiple users to a 21 computer server, including specifically a service or system that 22 provides access to the Internet or to software services 23 available on a server, and such systems operated or services 24 offered by a library or educational institution. 25 "Legitimate business." A business that is registered to do 26 business under the law of any jurisdiction. 27 "Web page." A location, with respect to the Internet 28 website, that has a single uniform resource locator or other 29 single location with respect to the Internet. 30 § 7672. Phishing. 20070S0390B1540 - 2 -
1 (a) Offense of phishing.--An actor A PERSON commits the <-- 2 offense of phishing under the following circumstances if the 3 actor PERSON, with the intent to defraud or injure anyone <-- 4 ANOTHER or with the knowledge that a fraud is being facilitated <-- 5 or that an injury is being perpetrated by anyone ANOTHER PERSON: <-- 6 (1) (i) makes a communication requesting or soliciting 7 a person to provide identifying information under false 8 pretenses by or on behalf of a legitimate business, 9 without the authority or approval of the business; and 10 (ii) the person provides the RECEIVES identifying <-- 11 information PURSUANT TO THE ACTION TAKEN UNDER <-- 12 SUBPARAGRAPH (I); or 13 (2) sells or distributes any identifying information 14 obtained in violation of UNDER paragraph (1). <-- 15 (b) Venue.--An offense committed under this section may be 16 deemed to have been committed at any of the following locations: 17 (1) The place where a person possessed, obtained or used 18 the identifying information of another person under false 19 pretenses. 20 (2) The residence of the person whose identifying 21 information has been obtained or used under false pretenses. 22 (3) The business or employment address of the person 23 whose identifying information has been obtained or used under 24 false pretenses, if the identifying information at issue is 25 associated with the person's business or employment. 26 (c) Grading.--A violation of subsection (a)(1) shall be 27 graded as a felony of the third degree. A violation of 28 subsection (a)(2) shall be graded as a felony of the second 29 degree. 30 (d) Concurrent jurisdiction to prosecute.--In addition to 20070S0390B1540 - 3 -
1 the authority conferred upon the Attorney General by the act of 2 October 15, 1980 (P.L.950, No.164), known as the Commonwealth 3 Attorneys Act, the Attorney General shall have the authority to 4 investigate and to institute criminal proceedings for any 5 violation of this section or any series of violations involving 6 more than one county of this Commonwealth or another state. No 7 person charged with a violation of this section by the Attorney 8 General shall have standing to challenge the authority of the 9 Attorney General to investigate or prosecute the case, and if 10 the challenge is made, the challenge shall be dismissed and no 11 relief shall be made available in the courts of this 12 Commonwealth to the person making this challenge. 13 § 7673. Protection from liability. 14 No interactive computer service provider may be held liable 15 under any provision of the laws of this Commonwealth or of one 16 of its political subdivisions for removing or disabling access 17 to content that resides on an Internet website or other online 18 location controlled or operated by the provider which the 19 provider believes in good faith is used to engage in a violation 20 of this subchapter. 21 § 7674. Civil relief. 22 (a) Civil action.--An interactive computer service provider 23 and a LEGITIMATE business shall each have a civil cause of <-- 24 action against any person who utilizes the interactive computer 25 service to make a communication under false pretenses by or on 26 behalf of the business, without the authority of the business, 27 for the purpose of inducing, requesting or soliciting a person <-- 28 to provide identifying information. 29 (b) Civil remedies.--A person permitted to bring a civil 30 action under this section may do any of the following: 20070S0390B1540 - 4 -
1 (1) Seek injunctive relief to restrain the violator A <-- 2 PERSON from continuing the violation. 3 (2) Recover damages in an amount equal to the greater of 4 the following: 5 (i) Actual damages arising from the violation. 6 (ii) Statutory damages, as determined by the court, 7 of not more than $100,000 for each violation of the same 8 nature. 9 (3) Obtain both injunctive relief and damages as <-- 10 provided in this subsection. 11 (c) Treble damages.--The court may increase an award of 12 actual damages in an action brought under this section to an 13 amount not to exceed three times the actual damages sustained if 14 the court finds that the violations have occurred with a 15 frequency as to constitute a pattern or practice. 16 (d) Attorney fees.--A person who prevails in an action filed 17 under this section shall be entitled to recover reasonable 18 attorneys fees and court costs. 19 (e) Venue.--An action under this section may be brought: 20 (1) At the residence or principal place of business of a 21 person who receives a communication. 22 (2) The principal place of business of the interactive 23 computer service. 24 (3) Such other location as provided for by the 25 Pennsylvania Rules of Civil Procedure. 26 Section 2. This act shall take effect in 60 days. A2L18MSP/20070S0390B1540 - 5 -