Bill Text: NY S03230 | 2013-2014 | General Assembly | Introduced
Bill Title: Enacts the "consumer protection against computer spyware act"; establishes a person or entity that is not an authorized user shall not cause computer software to be copied onto the computer of a consumer in this state and cause such software to do certain things; allows the attorney general to bring a civil action against any person violating the provisions of this act.
Spectrum: Partisan Bill (Democrat 1-0)
Status: (Introduced - Dead) 2014-01-08 - REFERRED TO CONSUMER PROTECTION [S03230 Detail]
Download: New_York-2013-S03230-Introduced.html
S T A T E O F N E W Y O R K ________________________________________________________________________ 3230 2013-2014 Regular Sessions I N S E N A T E January 31, 2013 ___________ Introduced by Sen. PARKER -- read twice and ordered printed, and when printed to be committed to the Committee on Consumer Protection AN ACT to amend the general business law, in relation to enacting the "consumer protection against computer spyware act" THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM- BLY, DO ENACT AS FOLLOWS: 1 Section 1. The general business law is amended by adding a new article 2 28-F to read as follows: 3 ARTICLE 28-F 4 CONSUMER PROTECTION AGAINST COMPUTER SPYWARE 5 SECTION 491. SHORT TITLE. 6 492. DEFINITIONS. 7 493. CONSUMER PROTECTION AGAINST COMPUTER SPYWARE. 8 494. ENFORCEMENT. 9 S 491. SHORT TITLE. THIS ARTICLE SHALL BE KNOWN AND MAY BE CITED AS 10 THE "CONSUMER PROTECTION AGAINST COMPUTER SPYWARE ACT". 11 S 492. DEFINITIONS. FOR PURPOSES OF THIS ARTICLE, THE FOLLOWING TERMS 12 HAVE THE FOLLOWING MEANINGS: 13 1. "ADVERTISEMENT" MEANS A COMMUNICATION, THE PRIMARY PURPOSE OF WHICH 14 IS THE COMMERCIAL PROMOTION OF A COMMERCIAL PRODUCT OR SERVICE, INCLUD- 15 ING CONTENT ON AN INTERNET WEB SITE OPERATED FOR A COMMERCIAL PURPOSE. 16 2. "AUTHORIZED USER" WITH RESPECT TO A COMPUTER, MEANS A PERSON WHO 17 OWNS OR IS AUTHORIZED BY THE OWNER OR LESSEE TO USE THE COMPUTER. 18 3. "COMPUTER SOFTWARE" MEANS A SEQUENCE OF INSTRUCTIONS WRITTEN IN ANY 19 PROGRAMMING LANGUAGE THAT IS EXECUTED ON A COMPUTER. 20 4. "COMPUTER VIRUS" MEANS A COMPUTER PROGRAM OR OTHER SET OF 21 INSTRUCTIONS THAT IS DESIGNED TO DEGRADE THE PERFORMANCE OF OR DISABLE A 22 COMPUTER OR COMPUTER NETWORK AND IS DESIGNED TO HAVE THE ABILITY TO 23 REPLICATE ITSELF ON OTHER COMPUTERS OR COMPUTER NETWORKS WITHOUT THE 24 AUTHORIZATION OF THE OWNERS OF THOSE COMPUTERS OR COMPUTER NETWORKS. EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets [ ] is old law to be omitted. LBD06875-01-3 S. 3230 2 1 5. "CONSUMER" MEANS AN INDIVIDUAL WHO RESIDES IN THIS STATE AND WHO 2 USES THE COMPUTER IN QUESTION PRIMARILY FOR PERSONAL, FAMILY, OR HOUSE- 3 HOLD PURPOSES. 4 6. "DAMAGE" MEANS ANY SIGNIFICANT IMPAIRMENT TO THE INTEGRITY OR 5 AVAILABILITY OF DATA, SOFTWARE, A SYSTEM, OR INFORMATION. 6 7. "EXECUTE" WHEN USED WITH RESPECT TO COMPUTER SOFTWARE, MEANS THE 7 PERFORMANCE OF THE FUNCTIONS OR THE CARRYING OUT OF THE INSTRUCTIONS OF 8 THE COMPUTER SOFTWARE. 9 8. "INTERNET" MEANS THE GLOBAL INFORMATION SYSTEM THAT IS LOGICALLY 10 LINKED TOGETHER BY A GLOBALLY UNIQUE ADDRESS SPACE BASED ON THE INTERNET 11 PROTOCOL (IP), OR ITS SUBSEQUENT EXTENSIONS, AND THAT IS ABLE TO SUPPORT 12 COMMUNICATIONS USING THE TRANSMISSION CONTROL PROTOCOL/INTERNET PROTOCOL 13 (TCP/IP) SUITE, OR ITS SUBSEQUENT EXTENSIONS, OR OTHER IP-COMPATIBLE 14 PROTOCOLS, AND THAT PROVIDES, USES, OR MAKES ACCESSIBLE, EITHER PUBLICLY 15 OR PRIVATELY, HIGH LEVEL SERVICES LAYERED ON THE COMMUNICATIONS AND 16 RELATED INFRASTRUCTURE DESCRIBED IN THIS SUBDIVISION. 17 9. "PERSON" MEANS ANY INDIVIDUAL, PARTNERSHIP, CORPORATION, LIMITED 18 LIABILITY COMPANY, OR OTHER ORGANIZATION, OR ANY COMBINATION THEREOF. 19 10. "PERSONALLY IDENTIFIABLE INFORMATION" MEANS ANY OF THE FOLLOWING: 20 (A) FIRST NAME OR FIRST INITIAL IN COMBINATION WITH LAST NAME; 21 (B) CREDIT OR DEBIT CARD NUMBERS OR OTHER FINANCIAL ACCOUNT NUMBERS; 22 (C) A PASSWORD OR PERSONAL IDENTIFICATION NUMBER REQUIRED TO ACCESS AN 23 IDENTIFIED FINANCIAL ACCOUNT; 24 (D) SOCIAL SECURITY NUMBER; OR 25 (E) ANY OF THE FOLLOWING INFORMATION IN A FORM THAT PERSONALLY IDENTI- 26 FIES AN AUTHORIZED USER: 27 (I) ACCOUNT BALANCES; 28 (II) OVERDRAFT HISTORY; 29 (III) PAYMENT HISTORY; 30 (IV) A HISTORY OF WEB SITES VISITED; 31 (V) HOME ADDRESS; 32 (VI) WORK ADDRESS; OR 33 (VII) A RECORD OF A PURCHASE OR PURCHASES. 34 S 493. CONSUMER PROTECTION AGAINST COMPUTER SPYWARE. 1. A PERSON OR 35 ENTITY THAT IS NOT AN AUTHORIZED USER SHALL NOT CAUSE COMPUTER SOFTWARE 36 TO BE COPIED ONTO THE COMPUTER OF A CONSUMER IN THIS STATE AND USE THE 37 SOFTWARE TO DO ANY OF THE FOLLOWING: 38 (A) MODIFY ANY OF THE FOLLOWING SETTINGS RELATED TO THE COMPUTER'S 39 ACCESS TO, OR USE OF, THE INTERNET: 40 (I) THE PAGE THAT APPEARS WHEN AN AUTHORIZED USER LAUNCHES AN INTERNET 41 BROWSER OR SIMILAR SOFTWARE PROGRAM USED TO ACCESS AND NAVIGATE THE 42 INTERNET; 43 (II) THE DEFAULT PROVIDER OR WEB PROXY THE AUTHORIZED USER USES TO 44 ACCESS OR SEARCH THE INTERNET; OR 45 (III) THE AUTHORIZED USER'S LIST OF BOOKMARKS USED TO ACCESS WEB 46 PAGES. 47 (B) COLLECT PERSONALLY IDENTIFIABLE INFORMATION THAT MEETS ANY OF THE 48 FOLLOWING CRITERIA: 49 (I) IT IS COLLECTED THROUGH THE USE OF A KEYSTROKE-LOGGING FUNCTION 50 THAT RECORDS KEYSTROKES MADE BY AN AUTHORIZED USER WHO USES THE COMPUTER 51 AND TRANSFERS THAT INFORMATION FROM THE COMPUTER TO ANOTHER PERSON; 52 (II) IT INCLUDES ALL OR SUBSTANTIALLY ALL OF THE WEB SITES VISITED BY 53 AN AUTHORIZED USER, OTHER THAN WEB SITES OF THE PROVIDER OF THE SOFT- 54 WARE, IF THE COMPUTER SOFTWARE WAS INSTALLED IN A MANNER DESIGNED TO 55 CONCEAL FROM ALL AUTHORIZED USERS OF THE COMPUTER THE FACT THAT THE 56 SOFTWARE IS BEING INSTALLED; OR S. 3230 3 1 (III) IT IS A DATA ELEMENT DESCRIBED IN PARAGRAPH (B), (C) OR (D) OR 2 SUBPARAGRAPH (I) OR (II) OF PARAGRAPH (E) OF SUBDIVISION TEN OF SECTION 3 FOUR HUNDRED NINETY-TWO OF THIS ARTICLE, THAT IS EXTRACTED FROM THE 4 CONSUMER'S COMPUTER HARD DRIVE FOR A PURPOSE WHOLLY UNRELATED TO ANY OF 5 THE PURPOSES OF THE SOFTWARE OR SERVICE DESCRIBED TO AN AUTHORIZED USER. 6 (C) PREVENT, WITHOUT THE AUTHORIZATION OF AN AUTHORIZED USER, AN 7 AUTHORIZED USER'S REASONABLE EFFORTS TO BLOCK THE INSTALLATION OF, OR TO 8 DISABLE, SOFTWARE, BY CAUSING SOFTWARE THAT THE AUTHORIZED USER HAS 9 PROPERLY REMOVED OR DISABLED TO AUTOMATICALLY REINSTALL OR REACTIVATE ON 10 THE COMPUTER WITHOUT THE AUTHORIZATION OF AN AUTHORIZED USER. 11 (D) REPRESENT THAT SOFTWARE WILL BE UNINSTALLED OR DISABLED BY AN 12 AUTHORIZED USER'S ACTION, WITH KNOWLEDGE THAT THE SOFTWARE WILL NOT BE 13 SO UNINSTALLED OR DISABLED. 14 (E) REMOVE, DISABLE, OR RENDER INOPERATIVE SECURITY, ANTISPYWARE, OR 15 ANTIVIRUS SOFTWARE INSTALLED ON THE COMPUTER. 16 2. A PERSON OR ENTITY THAT IS NOT AN AUTHORIZED USER SHALL NOT CAUSE 17 COMPUTER SOFTWARE TO BE COPIED ONTO THE COMPUTER OF A CONSUMER IN THIS 18 STATE AND USE THE SOFTWARE TO DO ANY OF THE FOLLOWING: 19 (A) TAKE CONTROL OF THE CONSUMER'S COMPUTER BY DOING ANY OF THE 20 FOLLOWING: 21 (I) TRANSMITTING OR RELAYING COMMERCIAL ELECTRONIC MAIL OR A COMPUTER 22 VIRUS FROM THE CONSUMER'S COMPUTER, WHERE THE TRANSMISSION OR RELAYING 23 IS INITIATED BY A PERSON OTHER THAN THE AUTHORIZED USER AND WITHOUT THE 24 AUTHORIZATION OF AN AUTHORIZED USER; OR 25 (II) OPENING MULTIPLE, SEQUENTIAL, STAND-ALONE ADVERTISEMENTS IN THE 26 CONSUMER'S INTERNET BROWSER WITHOUT THE AUTHORIZATION OF AN AUTHORIZED 27 USER AND WITH KNOWLEDGE THAT A REASONABLE COMPUTER USER CANNOT CLOSE THE 28 ADVERTISEMENTS WITHOUT TURNING OFF THE COMPUTER OR CLOSING THE CONSUM- 29 ER'S INTERNET BROWSER. 30 (B) MODIFY ANY OF THE FOLLOWING SETTINGS RELATED TO THE COMPUTER'S 31 ACCESS TO, OR USE OF, THE INTERNET: 32 (I) AN AUTHORIZED USER'S SECURITY OR OTHER SETTINGS THAT PROTECT 33 INFORMATION ABOUT THE AUTHORIZED USER FOR THE PURPOSE OF STEALING 34 PERSONAL INFORMATION OF AN AUTHORIZED USER; OR 35 (II) THE SECURITY SETTINGS OF THE COMPUTER FOR THE PURPOSE OF CAUSING 36 DAMAGE TO ONE OR MORE COMPUTERS. 37 (C) PREVENT, WITHOUT THE AUTHORIZATION OF AN AUTHORIZED USER, AN 38 AUTHORIZED USER'S REASONABLE EFFORTS TO BLOCK THE INSTALLATION OF, OR TO 39 DISABLE, SOFTWARE, BY DOING ANY OF THE FOLLOWING: 40 (I) PRESENTING THE AUTHORIZED USER WITH AN OPTION TO DECLINE INSTALLA- 41 TION OF SOFTWARE WITH KNOWLEDGE THAT, WHEN THE OPTION IS SELECTED BY 42 THE AUTHORIZED USER, THE INSTALLATION NEVERTHELESS PROCEEDS; OR 43 (II) FALSELY REPRESENTING THAT SOFTWARE HAS BEEN DISABLED. 44 3. (A) A PERSON OR ENTITY, WHO IS NOT AN AUTHORIZED USER SHALL NOT DO 45 ANY OF THE FOLLOWING WITH REGARD TO THE COMPUTER OF A CONSUMER IN THIS 46 STATE: 47 (I) INDUCE AN AUTHORIZED USER TO INSTALL A SOFTWARE COMPONENT ONTO THE 48 COMPUTER BY REPRESENTING THAT INSTALLING SOFTWARE IS NECESSARY FOR SECU- 49 RITY OR PRIVACY REASONS OR IN ORDER TO OPEN, VIEW, OR PLAY A PARTICULAR 50 TYPE OF CONTENT; OR 51 (II) CAUSE THE COPYING AND EXECUTION ON THE COMPUTER OF A COMPUTER 52 SOFTWARE COMPONENT WITH THE INTENT OF CAUSING AN AUTHORIZED USER TO USE 53 THE COMPONENT IN A WAY THAT VIOLATES ANY OTHER PROVISION OF THIS 54 SECTION. 55 (B) NOTHING IN THIS SECTION SHALL APPLY TO ANY MONITORING OF, OR 56 INTERACTION WITH, A SUBSCRIBER'S INTERNET OR OTHER NETWORK CONNECTION OR S. 3230 4 1 SERVICE, OR A PROTECTED COMPUTER, BY A TELECOMMUNICATIONS CARRIER, CABLE 2 OPERATOR, COMPUTER HARDWARE OR SOFTWARE PROVIDER, OR PROVIDER OF INFOR- 3 MATION SERVICE OR INTERACTIVE COMPUTER SERVICE FOR NETWORK OR COMPUTER 4 SECURITY PURPOSES, DIAGNOSTICS, TECHNICAL SUPPORT, REPAIR, AUTHORIZED 5 UPDATES OF SOFTWARE OR SYSTEM FIRMWARE, AUTHORIZED REMOTE SYSTEM MANAGE- 6 MENT, OR DETECTION OR PREVENTION OF THE UNAUTHORIZED USE OF OR FRAUDU- 7 LENT OR OTHER ILLEGAL ACTIVITIES IN CONNECTION WITH A NETWORK, SERVICE, 8 OR COMPUTER SOFTWARE, INCLUDING SCANNING FOR AND REMOVING SOFTWARE 9 PRESCRIBED UNDER THIS ARTICLE. 10 (C) ANY PROVISION OF A CONTRACT OR AN AGREEMENT ENTERED INTO BY A 11 CONSUMER THAT DECEIVES A CONSUMER AND THAT PURPORTS OR MAY BE CONSTRUED 12 TO AUTHORIZE, DIVERT, OR REQUIRE ANYTHING THAT WOULD CONSTITUTE A 13 VIOLATION OF ANY OF THE PROVISIONS OF THIS SECTION IS HEREBY DECLARED TO 14 BE VOID AS AGAINST PUBLIC POLICY AND SHALL NOT BE ENFORCEABLE. 15 S 494. ENFORCEMENT. THE ATTORNEY GENERAL MAY BRING A CIVIL ACTION 16 AGAINST ANY PERSON WHO VIOLATES THIS ARTICLE TO ENFORCE THE VIOLATION 17 AND MAY RECOVER ANY OR ALL OF THE FOLLOWING: 18 1. A CIVIL PENALTY OF FIVE HUNDRED DOLLARS PER VIOLATION OF THIS ARTI- 19 CLE; 20 2. COSTS AND A REASONABLE ATTORNEYS' FEE; AND 21 3. AN ORDER TO ENJOIN THE VIOLATION. 22 S 2. Severability. If any clause, sentence, paragraph, section or part 23 of this act shall be adjudged by any court of competent jurisdiction to 24 be invalid, such judgement shall not affect, impair or invalidate the 25 remainder thereof, but shall be confined in its operation to the clause, 26 sentence, paragraph, section or part thereof directly involved in the 27 controversy in which such judgement shall have been rendered. 28 S 3. This act shall take effect on the ninetieth day after it shall 29 have become a law.