Bill Text: NY A02049 | 2013-2014 | General Assembly | Introduced


Bill Title: Establishes the computer security act, addressing the widespread problem of spyware; makes it illegal for third parties to knowingly and deceptively cause computer software to be copied on to personal computers that changes the computer users settings without permission, prevents users from resetting computers to the original preferences or removing third party software, secretly collects information about internet searches, disables the computer's security software or causes related disruptive activities.

Spectrum: Partisan Bill (Democrat 1-0)

Status: (Introduced - Dead) 2014-01-08 - referred to economic development [A02049 Detail]

Download: New_York-2013-A02049-Introduced.html
                           S T A T E   O F   N E W   Y O R K
       ________________________________________________________________________
                                         2049
                              2013-2014 Regular Sessions
                                 I N  A S S E M B L Y
                                      (PREFILED)
                                    January 9, 2013
                                      ___________
       Introduced by M. of A. KAVANAGH -- read once and referred to the Commit-
         tee on Economic Development
       AN  ACT  to  amend the general business law, in relation to establishing
         "the computer security act"
         THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEM-
       BLY, DO ENACT AS FOLLOWS:
    1    Section  1.  Section  150  of  the  general business law is renumbered
    2  section 154.
    3    S 2. The general business law is amended by adding a new  article  9-D
    4  to read as follows:
    5                                 ARTICLE 9-D
    6                          THE COMPUTER SECURITY ACT
    7  SECTION 150.   SHORT TITLE.
    8          151.   DEFINITIONS.
    9          152.   UNLAWFUL ACTS INVOLVING COMPUTER SOFTWARE.
   10          153.   PENALTIES.
   11          153-A. IMMUNITY FROM LIABILITY FOR VIOLATIONS.
   12          153-B. PREEMPTING OTHER JURISDICTIONAL ACTIONS ABOUT SPYWARE.
   13    S  150.  SHORT TITLE. THIS ACT SHALL BE KNOWN AND MAY BE CITED AS "THE
   14  COMPUTER SECURITY ACT."
   15    S 151. DEFINITIONS.  FOR PURPOSES OF THIS ARTICLE, THE FOLLOWING TERMS
   16  SHALL HAVE THE FOLLOWING MEANINGS:
   17    1. "ADVERTISEMENT" MEANS A COMMUNICATION, THE PRIMARY PURPOSE OF WHICH
   18  IS THE COMMERCIAL PROMOTION OF A COMMERCIAL PRODUCT OR SERVICE,  INCLUD-
   19  ING CONTENT ON AN INTERNET WEBSITE OPERATED FOR A COMMERCIAL PURPOSE.
   20    2.  "AUTHORIZED  USER," WITH RESPECT TO A COMPUTER, MEANS A PERSON WHO
   21  OWNS OR IS AUTHORIZED BY THE OWNER OR LESSEE TO USE THE COMPUTER.
   22    3. "CAUSE TO BE COPIED" MEANS TO DISTRIBUTE OR TRANSFER COMPUTER SOFT-
   23  WARE OR ANY COMPONENT THEREOF. SUCH TERM SHALL NOT INCLUDE PROVIDING:
        EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                             [ ] is old law to be omitted.
                                                                  LBD03128-01-3
       A. 2049                             2
    1    A. TRANSMISSION, ROUTING, PROVISION OF INTERMEDIATE TEMPORARY STORAGE,
    2  OR CACHING OF SOFTWARE;
    3    B.  A  STORAGE  MEDIUM,  SUCH  AS A COMPACT DISK, WEBSITE, OR COMPUTER
    4  SERVER, THROUGH WHICH THE SOFTWARE WAS DISTRIBUTED BY A THIRD PARTY; OR
    5    C. AN INFORMATION LOCATION TOOL, SUCH AS A  DIRECTORY,  INDEX,  REFER-
    6  ENCE, POINTER, OR HYPERTEXT LINK, THROUGH WHICH THE USER OF THE COMPUTER
    7  LOCATED THE SOFTWARE.
    8    4. "COMPUTER SOFTWARE" MEANS A SEQUENCE OF INSTRUCTIONS WRITTEN IN ANY
    9  PROGRAMMING LANGUAGE THAT IS EXECUTED ON A COMPUTER. SUCH TERM SHALL NOT
   10  INCLUDE  A  TEXT  OR DATA FILE, A WEB PAGE, OR A DATA COMPONENT OF A WEB
   11  PAGE THAT IS NOT EXECUTABLE INDEPENDENTLY OF THE WEB PAGE.
   12    5.  "COMPUTER  VIRUS"  MEANS  A  COMPUTER  PROGRAM  OR  OTHER  SET  OF
   13  INSTRUCTIONS THAT IS DESIGNED TO DEGRADE THE PERFORMANCE OF OR DISABLE A
   14  COMPUTER  OR  COMPUTER  NETWORK   AND IS DESIGNED TO HAVE THE ABILITY TO
   15  REPLICATE ITSELF ON OTHER COMPUTERS OR  COMPUTER  NETWORKS  WITHOUT  THE
   16  AUTHORIZATION OF THE OWNERS OF THOSE COMPUTERS OR COMPUTER NETWORKS.
   17    6.  "CONSUMER"  MEANS  AN INDIVIDUAL WHO RESIDES IN THIS STATE AND WHO
   18  USES THE COMPUTER IN QUESTION PRIMARILY FOR PERSONAL, FAMILY, OR  HOUSE-
   19  HOLD PURPOSES.
   20    7.  "DAMAGE"  MEANS  ANY  SIGNIFICANT  IMPAIRMENT  TO THE INTEGRITY OR
   21  AVAILABILITY OF DATA, SOFTWARE, A SYSTEM, OR INFORMATION.
   22    8. "EXECUTE," WHEN USED WITH RESPECT TO COMPUTER SOFTWARE,  MEANS  THE
   23  PERFORMANCE  OF THE FUNCTIONS OR THE CARRYING OUT OF THE INSTRUCTIONS OF
   24  THE COMPUTER SOFTWARE.
   25    9. "INTENTIONALLY DECEPTIVE" MEANS ANY OF THE FOLLOWING:
   26    A. BY MEANS OF AN INTENTIONALLY AND  MATERIALLY  FALSE  OR  FRAUDULENT
   27  STATEMENT;
   28    B.  BY MEANS OF A STATEMENT OR DESCRIPTION THAT INTENTIONALLY OMITS OR
   29  MISREPRESENTS MATERIAL INFORMATION IN ORDER TO DECEIVE THE CONSUMER; OR
   30    C. BY MEANS OF AN INTENTIONAL AND  MATERIAL  FAILURE  TO  PROVIDE  ANY
   31  NOTICE  TO  AN AUTHORIZED USER REGARDING THE DOWNLOAD OR INSTALLATION OF
   32  SOFTWARE IN ORDER TO DECEIVE THE CONSUMER.
   33    10. "INTERNET" MEANS THE GLOBAL INFORMATION SYSTEM THAT  IS  LOGICALLY
   34  LINKED TOGETHER BY A GLOBALLY UNIQUE ADDRESS SPACE BASED ON THE INTERNET
   35  PROTOCOL  OR ITS SUBSEQUENT EXTENSIONS; THAT IS ABLE TO SUPPORT COMMUNI-
   36  CATIONS USING THE TRANSMISSION CONTROL PROTOCOL/INTERNET PROTOCOL SUITE,
   37  ITS SUBSEQUENT EXTENSIONS, OR OTHER INTERNET PROTOCOL COMPATIBLE  PROTO-
   38  COLS;  AND  THAT PROVIDES, USES, OR MAKES ACCESSIBLE, EITHER PUBLICLY OR
   39  PRIVATELY, HIGH LEVEL SERVICES LAYERED ON THE COMMUNICATIONS AND RELATED
   40  INFRASTRUCTURE DESCRIBED IN THIS SUBDIVISION.
   41    11. "PERSON" MEANS ANY INDIVIDUAL, PARTNERSHIP,  CORPORATION,  LIMITED
   42  LIABILITY COMPANY, OR OTHER ORGANIZATION, OR ANY COMBINATION THEREOF.
   43    12. "PERSONALLY IDENTIFIABLE INFORMATION" MEANS ANY OF THE FOLLOWING:
   44    A. A FIRST NAME OR FIRST INITIAL IN COMBINATION WITH A LAST NAME;
   45    B. CREDIT OR DEBIT CARD NUMBERS OR OTHER FINANCIAL ACCOUNT NUMBERS;
   46    C.  A PASSWORD OR PERSONAL IDENTIFICATION NUMBER REQUIRED TO ACCESS AN
   47  IDENTIFIED FINANCIAL ACCOUNT;
   48    D. A SOCIAL SECURITY NUMBER; OR
   49    E. ANY OF THE FOLLOWING INFORMATION IN A FORM THAT PERSONALLY  IDENTI-
   50  FIES AN AUTHORIZED USER:
   51    (1) ACCOUNT BALANCES;
   52    (2) OVERDRAFT HISTORY;
   53    (3) PAYMENT HISTORY;
   54    (4) A HISTORY OF WEBSITES VISITED;
   55    (5) A HOME ADDRESS;
   56    (6) A WORK ADDRESS; OR
       A. 2049                             3
    1    (7) A RECORD OF A PURCHASE OR PURCHASES.
    2    S 152. UNLAWFUL ACTS INVOLVING COMPUTER SOFTWARE. 1. IT SHALL BE ILLE-
    3  GAL FOR A PERSON OR ENTITY THAT IS NOT AN AUTHORIZED USER, AS DEFINED IN
    4  SECTION  ONE  HUNDRED  FIFTY-ONE  OF THIS ARTICLE, OF A COMPUTER IN THIS
    5  STATE TO KNOWINGLY, WILLFULLY, OR WITH CONSCIOUS INDIFFERENCE OR  DISRE-
    6  GARD CAUSE COMPUTER SOFTWARE TO BE COPIED ONTO SUCH COMPUTER AND USE THE
    7  SOFTWARE TO DO ANY OF THE FOLLOWING:
    8    A. MODIFY, THROUGH INTENTIONALLY DECEPTIVE MEANS, ANY OF THE FOLLOWING
    9  SETTINGS RELATED TO THE COMPUTER'S ACCESS TO, OR USE OF, THE INTERNET:
   10    (1) THE PAGE THAT APPEARS WHEN AN AUTHORIZED USER LAUNCHES AN INTERNET
   11  BROWSER  OR  SIMILAR  SOFTWARE  PROGRAM  USED TO ACCESS AND NAVIGATE THE
   12  INTERNET;
   13    (2) THE DEFAULT PROVIDER OR WEB PROXY  THE  AUTHORIZED  USER  USES  TO
   14  ACCESS OR SEARCH THE INTERNET; OR
   15    (3) THE AUTHORIZED USER'S LIST OF BOOKMARKS USED TO ACCESS WEB PAGES;
   16    B.  COLLECT,  THROUGH  INTENTIONALLY DECEPTIVE MEANS, PERSONALLY IDEN-
   17  TIFIABLE INFORMATION THAT MEETS ANY OF THE FOLLOWING CRITERIA:
   18    (1) IT IS COLLECTED THROUGH THE USE OF  A  KEYSTROKE-LOGGING  FUNCTION
   19  THAT  RECORDS  ALL  KEYSTROKES  MADE  BY AN AUTHORIZED USER WHO USES THE
   20  COMPUTER AND TRANSFERS THAT INFORMATION FROM  THE  COMPUTER  TO  ANOTHER
   21  PERSON;
   22    (2) IT INCLUDES ALL OR SUBSTANTIALLY ALL OF THE WEBSITES VISITED BY AN
   23  AUTHORIZED USER, OTHER THAN WEBSITES OF THE PROVIDER OF THE SOFTWARE, IF
   24  THE COMPUTER SOFTWARE WAS INSTALLED IN A MANNER DESIGNED TO CONCEAL FROM
   25  ALL AUTHORIZED USERS OF THE COMPUTER THE FACT THAT THE SOFTWARE IS BEING
   26  INSTALLED; OR
   27    (3) IT IS A DATA ELEMENT DESCRIBED IN PARAGRAPH B, C, OR D OF SUBDIVI-
   28  SION  TWELVE  OF  SECTION  ONE  HUNDRED FIFTY-ONE OF THIS ARTICLE, OR IN
   29  SUBPARAGRAPH ONE OR TWO OF PARAGRAPH E OF SUBDIVISION TWELVE OF  SECTION
   30  ONE  HUNDRED  FIFTY-ONE  OF  THIS  ARTICLE,  THAT  IS EXTRACTED FROM THE
   31  CONSUMER'S OR BUSINESS ENTITY'S COMPUTER HARD DRIVE FOR A PURPOSE WHOLLY
   32  UNRELATED TO ANY OF THE PURPOSES OF THE SOFTWARE OR SERVICE DESCRIBED TO
   33  AN AUTHORIZED USER;
   34    C. PREVENT, WITHOUT THE AUTHORIZATION OF AN AUTHORIZED  USER,  THROUGH
   35  INTENTIONALLY  DECEPTIVE  MEANS, AN AUTHORIZED USER'S REASONABLE EFFORTS
   36  TO BLOCK THE INSTALLATION OF, OR TO DISABLE, SOFTWARE, BY CAUSING  SOFT-
   37  WARE  THAT THE AUTHORIZED USER HAS PROPERLY REMOVED OR DISABLED TO AUTO-
   38  MATICALLY REINSTALL OR REACTIVATE ON THE COMPUTER WITHOUT  THE  AUTHORI-
   39  ZATION OF AN AUTHORIZED USER;
   40    D.  INTENTIONALLY  MISREPRESENT  THAT  SOFTWARE WILL BE UNINSTALLED OR
   41  DISABLED BY AN AUTHORIZED USER'S ACTION, WITH KNOWLEDGE THAT  THE  SOFT-
   42  WARE WILL NOT BE SO UNINSTALLED OR DISABLED; OR
   43    E.  THROUGH  INTENTIONALLY DECEPTIVE MEANS, REMOVE, DISABLE, OR RENDER
   44  INOPERATIVE SECURITY, ANTISPYWARE, OR ANTIVIRUS  SOFTWARE  INSTALLED  ON
   45  THE COMPUTER.
   46    2.  IT  SHALL BE ILLEGAL FOR A PERSON OR ENTITY THAT IS NOT AN AUTHOR-
   47  IZED USER, AS DEFINED IN SECTION ONE HUNDRED FIFTY-ONE OF THIS  ARTICLE,
   48  OF  A  COMPUTER IN THIS STATE TO KNOWINGLY, WILLFULLY, OR WITH CONSCIOUS
   49  INDIFFERENCE OR DISREGARD CAUSE COMPUTER SOFTWARE TO BE COPIED ONTO SUCH
   50  COMPUTER AND USE THE SOFTWARE TO DO ANY OF THE FOLLOWING:
   51    A. TAKE CONTROL OF THE CONSUMER'S OR  BUSINESS  ENTITY'S  COMPUTER  BY
   52  DOING ANY OF THE FOLLOWING:
   53    (1)  TRANSMITTING OR RELAYING COMMERCIAL ELECTRONIC MAIL OR A COMPUTER
   54  VIRUS FROM THE CONSUMER'S OR BUSINESS ENTITY'S COMPUTER, WHERE THE TRAN-
   55  SMISSION OR RELAYING IS INITIATED BY A PERSON OTHER THAN THE  AUTHORIZED
   56  USER AND WITHOUT THE AUTHORIZATION OF AN AUTHORIZED USER;
       A. 2049                             4
    1    (2)  ACCESSING  OR  USING THE CONSUMER'S OR BUSINESS ENTITY'S MODEM OR
    2  INTERNET SERVICE FOR THE PURPOSE OF CAUSING DAMAGE TO THE CONSUMER'S  OR
    3  BUSINESS  ENTITY'S  COMPUTER OR OF CAUSING AN AUTHORIZED USER OR A THIRD
    4  PARTY AFFECTED BY SUCH CONDUCT TO INCUR FINANCIAL CHARGES FOR A  SERVICE
    5  THAT IS NOT AUTHORIZED BY AN AUTHORIZED USER;
    6    (3)  USING  THE CONSUMER'S OR BUSINESS ENTITY'S COMPUTER AS PART OF AN
    7  ACTIVITY PERFORMED BY A GROUP OF COMPUTERS FOR THE  PURPOSE  OF  CAUSING
    8  DAMAGE  TO  ANOTHER COMPUTER, INCLUDING, BUT NOT LIMITED TO, LAUNCHING A
    9  DENIAL OF SERVICE ATTACK; OR
   10    (4) OPENING MULTIPLE, SEQUENTIAL, STAND-ALONE  ADVERTISEMENTS  IN  THE
   11  CONSUMER'S  OR  BUSINESS  ENTITY'S INTERNET BROWSER WITHOUT THE AUTHORI-
   12  ZATION OF AN AUTHORIZED  USER  AND  WITH  KNOWLEDGE  THAT  A  REASONABLE
   13  COMPUTER  USER  CANNOT  CLOSE THE ADVERTISEMENTS WITHOUT TURNING OFF THE
   14  COMPUTER OR CLOSING THE CONSUMER'S OR BUSINESS ENTITY'S  INTERNET  BROW-
   15  SER;
   16    B.  MODIFY  ANY  OF  THE  FOLLOWING SETTINGS RELATED TO THE COMPUTER'S
   17  ACCESS TO, OR USE OF, THE INTERNET:
   18    (1) AN AUTHORIZED USER'S  SECURITY  OR  OTHER  SETTINGS  THAT  PROTECT
   19  INFORMATION  ABOUT  THE  AUTHORIZED  USER  FOR  THE  PURPOSE OF STEALING
   20  PERSONAL INFORMATION OF AN AUTHORIZED USER; OR
   21    (2) THE SECURITY SETTINGS OF THE COMPUTER FOR THE PURPOSE  OF  CAUSING
   22  DAMAGE TO ONE OR MORE COMPUTERS; OR
   23    C.  PREVENT,  WITHOUT  THE  AUTHORIZATION  OF  AN  AUTHORIZED USER, AN
   24  AUTHORIZED USER'S REASONABLE EFFORTS TO BLOCK THE INSTALLATION OF, OR TO
   25  DISABLE, SOFTWARE, BY DOING ANY OF THE FOLLOWING:
   26    (1) PRESENTING THE AUTHORIZED USER WITH AN OPTION TO DECLINE INSTALLA-
   27  TION OF SOFTWARE WITH KNOWLEDGE THAT, WHEN THE OPTION IS SELECTED BY THE
   28  AUTHORIZED USER, THE INSTALLATION NEVERTHELESS PROCEEDS; OR
   29    (2) FALSELY REPRESENTING THE SOFTWARE HAS BEEN DISABLED.
   30    3. IT SHALL BE ILLEGAL FOR A PERSON OR ENTITY THAT IS NOT  AN  AUTHOR-
   31  IZED  USER, AS DEFINED IN SECTION ONE HUNDRED FIFTY-ONE OF THIS ARTICLE,
   32  OF A COMPUTER IN THIS STATE TO DO ANY OF THE FOLLOWING  WITH  REGARD  TO
   33  SUCH COMPUTER:
   34    A.  INDUCE AN AUTHORIZED USER TO INSTALL A SOFTWARE COMPONENT ONTO THE
   35  COMPUTER BY INTENTIONALLY MISREPRESENTING THAT  INSTALLING  SOFTWARE  IS
   36  NECESSARY  FOR SECURITY OR PRIVACY REASONS OR IN ORDER TO OPEN, VIEW, OR
   37  PLAY A PARTICULAR TYPE OF CONTENT; OR
   38    B. DECEPTIVELY CAUSING THE COPYING AND EXECUTION ON THE COMPUTER OF  A
   39  COMPUTER  SOFTWARE  COMPONENT  WITH  THE INTENT OF CAUSING AN AUTHORIZED
   40  USER TO USE THE COMPONENT IN A WAY THAT VIOLATES ANY OTHER PROVISION  OF
   41  THIS SUBDIVISION.
   42    4. NOTHING IN THIS SECTION SHALL APPLY TO ANY MONITORING OF, OR INTER-
   43  ACTION  WITH,  A USER'S INTERNET OR OTHER NETWORK CONNECTION OR SERVICE,
   44  OR A PROTECTED COMPUTER, BY A TELECOMMUNICATIONS CARRIER,  CABLE  OPERA-
   45  TOR,  COMPUTER HARDWARE OR SOFTWARE PROVIDER, OR PROVIDER OF INFORMATION
   46  SERVICE OR INTERACTIVE COMPUTER SERVICE FOR NETWORK OR COMPUTER SECURITY
   47  PURPOSES, DIAGNOSTICS, TECHNICAL SUPPORT,  REPAIR,  NETWORK  MANAGEMENT,
   48  NETWORK  MAINTENANCE, AUTHORIZED UPDATES OF SOFTWARE OR SYSTEM FIRMWARE,
   49  AUTHORIZE REMOTE SYSTEM MANAGEMENT, OR DETECTION OR  PREVENTION  OF  THE
   50  UNAUTHORIZED  USE  OF  OR  FRAUDULENT  OR  OTHER  ILLEGAL  ACTIVITIES IN
   51  CONNECTION WITH A NETWORK,  SERVICE,  OR  COMPUTER  SOFTWARE,  INCLUDING
   52  SCANNING FOR AND REMOVING SOFTWARE PROSCRIBED UNDER THIS ARTICLE.
   53    S  153.  PENALTIES. 1. ANY PERSON WHO VIOLATES THE PROVISIONS OF PARA-
   54  GRAPH B OF SUBDIVISION ONE OF SECTION  ONE  HUNDRED  FIFTY-TWO  OF  THIS
   55  ARTICLE,  SUBPARAGRAPH  ONE, TWO, OR THREE OF PARAGRAPH A OF SUBDIVISION
   56  TWO OF SECTION ONE HUNDRED FIFTY-TWO OF THIS ARTICLE OR PARAGRAPH  B  OF
       A. 2049                             5
    1  SUBDIVISION  TWO  OF SECTION ONE HUNDRED FIFTY-TWO OF THIS ARTICLE SHALL
    2  BE GUILTY OF A FELONY AND, UPON CONVICTION THEREOF, SHALL  BE  SENTENCED
    3  TO  IMPRISONMENT FOR NOT LESS THAN ONE NOR MORE THAN TEN YEARS OR A FINE
    4  OF NOT MORE THAN THREE MILLION DOLLARS, OR BOTH.
    5    2.  THE  ATTORNEY  GENERAL MAY BRING A CIVIL ACTION AGAINST ANY PERSON
    6  VIOLATING THE PROVISIONS OF  THIS  ARTICLE  TO  THE  PENALTIES  FOR  THE
    7  VIOLATION AND MAY RECOVER ANY OR ALL OF THE FOLLOWING:
    8    A.  A CIVIL PENALTY OF UP TO ONE HUNDRED DOLLARS PER VIOLATION OF THIS
    9  ARTICLE, OR UP TO ONE HUNDRED THOUSAND DOLLARS FOR A PATTERN OR PRACTICE
   10  OF SUCH VIOLATIONS;
   11    B. COSTS AND REASONABLE ATTORNEY'S FEES; AND
   12    C. AN ORDER TO ENJOIN THE VIOLATION.
   13    3. IN THE CASE OF A VIOLATION OF SUBPARAGRAPH TWO OF  PARAGRAPH  A  OF
   14  SUBDIVISION  TWO  OF  SECTION ONE HUNDRED FIFTY-TWO OF THIS ARTICLE THAT
   15  CAUSES A TELECOMMUNICATIONS CARRIER TO INCUR COSTS FOR THE  ORIGINATION,
   16  TRANSPORT,  OR  TERMINATION  OF  A  CALL  TRIGGERED USING THE MODEM OF A
   17  CUSTOMER  OF  SUCH  TELECOMMUNICATIONS  CARRIER  AS  A  RESULT  OF  SUCH
   18  VIOLATION,  THE  TELECOMMUNICATIONS  CARRIER  MAY  BRING  A CIVIL ACTION
   19  AGAINST THE VIOLATOR TO RECOVER ANY OR ALL OF THE FOLLOWING:
   20    A. THE CHARGES SUCH CARRIER IS OBLIGATED TO PAY TO ANOTHER CARRIER  OR
   21  TO AN INFORMATION SERVICE PROVIDER AS A RESULT OF THE VIOLATION, INCLUD-
   22  ING,  BUT  NOT  LIMITED  TO,  CHARGES  FOR THE ORIGINATION, TRANSPORT OR
   23  TERMINATION OF THE CALL;
   24    B. COSTS OF HANDLING CUSTOMER INQUIRIES OR COMPLAINTS WITH RESPECT  TO
   25  AMOUNTS BILLED FOR SUCH CALLS;
   26    C. COSTS AND REASONABLE ATTORNEY'S FEES; AND
   27    D. AN ORDER TO ENJOIN THE VIOLATION.
   28    4.  AN  INTERNET  SERVICE  PROVIDER  OR  SOFTWARE COMPANY THAT EXPENDS
   29  RESOURCES IN GOOD FAITH ASSISTING CONSUMERS OR BUSINESS ENTITIES  HARMED
   30  BY  A VIOLATION OF THIS ARTICLE, OR A TRADEMARK OWNER WHOSE MARK IS USED
   31  TO DECEIVE CONSUMERS OR BUSINESS ENTITIES IN VIOLATION OF THIS  ARTICLE,
   32  MAY ENFORCE THE VIOLATION AND MAY RECOVER ANY OR ALL OF THE FOLLOWING:
   33    A.  STATUTORY  DAMAGES  OF  NOT  MORE  THAN  ONE  HUNDRED  DOLLARS PER
   34  VIOLATION OF THIS ARTICLE, OR UP TO ONE MILLION DOLLARS FOR A PATTERN OR
   35  PRACTICE OF SUCH VIOLATIONS;
   36    B. COSTS AND REASONABLE ATTORNEY'S FEES; AND
   37    C. AN ORDER TO ENJOIN THE VIOLATION.
   38    S 153-A. IMMUNITY FROM LIABILITY FOR VIOLATIONS. 1. FOR  THE  PURPOSES
   39  OF  THIS SECTION, THE TERM "EMPLOYER" INCLUDES A BUSINESS ENTITY'S OFFI-
   40  CERS, DIRECTORS, PARENT CORPORATION, SUBSIDIARIES, AFFILIATES, AND OTHER
   41  CORPORATE ENTITIES UNDER COMMON OWNERSHIP OR CONTROL WITHIN  A  BUSINESS
   42  ENTERPRISE.  NO  EMPLOYER MAY BE HELD CRIMINALLY OR CIVILLY LIABLE UNDER
   43  THIS ARTICLE AS A RESULT OF ANY ACTIONS TAKEN:
   44    A. WITH RESPECT TO COMPUTER EQUIPMENT USED BY ITS EMPLOYEES,  CONTRAC-
   45  TORS, SUBCONTRACTORS, AGENTS, LEASED EMPLOYEES, OR OTHER STAFF WHICH THE
   46  EMPLOYER  OWNS,  LEASES,  OR  OTHERWISE  MAKES AVAILABLE OR ALLOWS TO BE
   47  CONNECTED TO THE EMPLOYER'S NETWORK OR OTHER COMPUTER FACILITIES; OR
   48    B. BY EMPLOYEES, CONTRACTORS, SUBCONTRACTORS, AGENTS,  LEASED  EMPLOY-
   49  EES,  OR  OTHER STAFF WHO MISUSE AN EMPLOYER'S COMPUTER EQUIPMENT FOR AN
   50  ILLEGAL PURPOSE WITHOUT THE EMPLOYER'S KNOWLEDGE, CONSENT, OR APPROVAL.
   51    2. NO PERSON SHALL BE HELD CRIMINALLY OR  CIVILLY  LIABLE  UNDER  THIS
   52  ARTICLE  WHEN  ITS  PROTECTED  COMPUTERS  HAVE BEEN USED BY UNAUTHORIZED
   53  USERS TO VIOLATE THIS ARTICLE OR OTHER LAWS WITHOUT SUCH PERSON'S  KNOW-
   54  LEDGE, CONSENT, OR APPROVAL.
   55    3.  A  MANUFACTURER  OR  RETAILER  OF  COMPUTER EQUIPMENT SHALL NOT BE
   56  LIABLE UNDER THIS SECTION, CRIMINALLY OR CIVILLY, TO THE EXTENT THAT THE
       A. 2049                             6
    1  MANUFACTURER OR RETAILER IS PROVIDING THIRD PARTY BRANDED SOFTWARE  THAT
    2  IS INSTALLED ON THE COMPUTER EQUIPMENT THAT THE MANUFACTURER OR RETAILER
    3  IS MANUFACTURING OR SELLING.
    4    S  153-B.  PREEMPTING OTHER JURISDICTIONAL ACTIONS ABOUT SPYWARE.  THE
    5  LEGISLATURE FINDS THAT THIS ARTICLE IS A MATTER OF  STATE-WIDE  CONCERN.
    6  THIS  ARTICLE  SUPERSEDES  AND  PREEMPTS  ALL RULES, REGULATIONS, CODES,
    7  ORDINANCES, AND OTHER LAWS ADOPTED BY ANY COUNTY, MUNICIPALITY,  CONSOL-
    8  IDATED  GOVERNMENT, OR OTHER LOCAL GOVERNMENTAL AGENCY REGARDING SPYWARE
    9  AND NOTICES TO CONSUMERS  FROM  COMPUTER  SOFTWARE  PROVIDERS  REGARDING
   10  INFORMATION COLLECTION.
   11    S 3. This act shall take effect on the first of November next succeed-
   12  ing the date on which it shall have become a law.
feedback