Bill Text: CA SB1137 | 2015-2016 | Regular Session | Chaptered
Bill Title: Computer crimes: ransomware.
Spectrum: Bipartisan Bill
Status: (Passed) 2016-09-27 - Chaptered by Secretary of State. Chapter 725, Statutes of 2016. [SB1137 Detail]
Download: California-2015-SB1137-Chaptered.html
BILL NUMBER: SB 1137 CHAPTERED
BILL TEXT
CHAPTER 725
FILED WITH SECRETARY OF STATE SEPTEMBER 27, 2016
APPROVED BY GOVERNOR SEPTEMBER 27, 2016
PASSED THE SENATE AUGUST 25, 2016
PASSED THE ASSEMBLY AUGUST 23, 2016
AMENDED IN ASSEMBLY AUGUST 19, 2016
AMENDED IN ASSEMBLY AUGUST 1, 2016
AMENDED IN SENATE MARCH 31, 2016
AMENDED IN SENATE MARCH 28, 2016
INTRODUCED BY Senator Hertzberg
(Principal coauthor: Senator Beall)
(Coauthors: Senators Anderson, Bates, Cannella, Hill, Huff, Liu,
Stone, and Wieckowski)
(Coauthors: Assembly Members Brough, Chang, Chau, Chávez, Dodd,
Cristina Garcia, Lackey, Lopez, Low, Maienschein, and Obernolte)
FEBRUARY 18, 2016
An act to amend Section 523 of the Penal Code, relating to
computer crimes.
LEGISLATIVE COUNSEL'S DIGEST
SB 1137, Hertzberg. Computer crimes: ransomware.
Existing law establishes various crimes relating to computer
services and systems, including, but not limited to, knowingly
introducing a computer contaminant, as defined. Existing law makes a
violation of those crimes punishable by specified fines or terms of
imprisonment, or by both those fines and imprisonment.
Existing law defines extortion as obtaining the property of
another, with his or her consent, induced by a wrongful use of force
or fear. Existing law makes extortion a crime, punishable by
imprisonment in a county jail for 2, 3, or 4 years.
This bill would define ransomware as a computer contaminant or
lock placed or introduced without authorization into a computer,
computer system, or computer network that restricts access by an
authorized person to the computer, computer system, computer network,
or any data therein under circumstances in which the person
responsible for the placement or introduction of the ransomware
demands payment of money or other consideration to remove the
computer contaminant, restore access to the computer, computer
system, computer network, or data, or otherwise remediate the impact
of the computer contaminant or lock. The bill would provide that a
person is responsible for placing or introducing ransomware into a
computer, computer system, or computer network if the person directly
places or introduces the ransomware or directs or induces another
person do so, with the intent of demanding payment or other
consideration to remove the ransomware, restore access, or otherwise
remediate the impact of the ransomware. The bill would provide that a
person who, with intent to extort money or other consideration from
another, introduces ransomware into any computer, computer system, or
computer network is punishable as if that money or other
consideration were actually obtained by means of the ransomware. By
expanding the scope of a crime, this bill would create a
state-mandated local program.
The California Constitution requires the state to reimburse local
agencies and school districts for certain costs mandated by the
state. Statutory provisions establish procedures for making that
reimbursement.
This bill would provide that no reimbursement is required by this
act for a specified reason.
THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:
SECTION 1. Section 523 of the Penal Code is amended to read:
523. (a) Every person who, with intent to extort any money or
other property from another, sends or delivers to any person any
letter or other writing, whether subscribed or not, expressing or
implying, or adapted to imply, any threat such as is specified in
Section 519 is punishable in the same manner as if such money or
property were actually obtained by means of such threat.
(b) (1) Every person who, with intent to extort money or other
consideration from another, introduces ransomware into any computer,
computer system, or computer network is punishable pursuant to
Section 520 in the same manner as if such money or other
consideration were actually obtained by means of the ransomware.
(2) Prosecution pursuant to this subdivision does not prohibit or
limit prosecution under any other law.
(c) (1) "Ransomware" means a computer contaminant, as defined in
Section 502, or lock placed or introduced without authorization into
a computer, computer system, or computer network that restricts
access by an authorized person to the computer, computer system,
computer network, or any data therein under circumstances in which
the person responsible for the placement or introduction of the
ransomware demands payment of money or other consideration to remove
the computer contaminant, restore access to the computer, computer
system, computer network, or data, or otherwise remediate the impact
of the computer contaminant or lock.
(2) A person is responsible for placing or introducing ransomware
into a computer, computer system, or computer network if the person
directly places or introduces the ransomware or directs or induces
another person to do so, with the intent of demanding payment or
other consideration to remove the ransomware, restore access, or
otherwise remediate the impact of the ransomware.
SEC. 2. No reimbursement is required by this act pursuant to
Section 6 of Article XIII B of the California Constitution because
the only costs that may be incurred by a local agency or school
district will be incurred because this act creates a new crime or
infraction, eliminates a crime or infraction, or changes the penalty
for a crime or infraction, within the meaning of Section 17556 of the
Government Code, or changes the definition of a crime within the
meaning of Section 6 of Article XIII B of the California
Constitution.
