Bill Text: TX HB9 | 2017-2018 | 85th Legislature | Comm Sub
NOTE: There are more recent revisions of this legislation. Read Latest Draft
Bill Title: Relating to cybercrime; creating criminal offenses.
Spectrum: Slight Partisan Bill (Republican 8-4)
Status: (Passed) 2017-06-12 - Effective on 9/1/17 [HB9 Detail]
Download: Texas-2017-HB9-Comm_Sub.html
Bill Title: Relating to cybercrime; creating criminal offenses.
Spectrum: Slight Partisan Bill (Republican 8-4)
Status: (Passed) 2017-06-12 - Effective on 9/1/17 [HB9 Detail]
Download: Texas-2017-HB9-Comm_Sub.html
| By: Capriglione, et al. | H.B. No. 9 | |
| (Senate Sponsor - Taylor of Collin) | ||
| (In the Senate - Received from the House April 18, 2017; | ||
| April 19, 2017, read first time and referred to Committee on | ||
| Criminal Justice; May 19, 2017, reported favorably by the | ||
| following vote: Yeas 7, Nays 0; May 19, 2017, sent to printer.) | ||
|
|
||
|
|
||
| relating to cybercrime; creating criminal offenses. | ||
| BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: | ||
| SECTION 1. This Act may be cited as the Texas Cybercrime | ||
| Act. | ||
| SECTION 2. Section 33.01, Penal Code, is amended by | ||
| amending Subdivision (2) and adding Subdivisions (11-a), (13-a), | ||
| (13-b), and (13-c) to read as follows: | ||
| (2) "Aggregate amount" means the amount of: | ||
| (A) any direct or indirect loss incurred by a | ||
| victim, including the value of money, property, or service stolen, | ||
| appropriated, or rendered unrecoverable by the offense; or | ||
| (B) any expenditure required by the victim to: | ||
| (i) determine whether data or [ |
||
| a computer, computer network, computer program, or computer system | ||
| was [ |
||
| disrupted by the offense; or | ||
| (ii) attempt to restore, recover, or | ||
| replace any data altered, acquired, appropriated, damaged, | ||
| deleted, or disrupted. | ||
| (11-a) "Decryption," "decrypt," or "decrypted" means | ||
| the decoding of encrypted communications or information, whether by | ||
| use of a decryption key, by breaking an encryption formula or | ||
| algorithm, or by the interference with a person's use of an | ||
| encryption service in a manner that causes information or | ||
| communications to be stored or transmitted without encryption. | ||
| (13-a) "Encrypted private information" means | ||
| encrypted data, documents, wire or electronic communications, or | ||
| other information stored on a computer or computer system, whether | ||
| in the possession of the owner or a provider of an electronic | ||
| communications service or a remote computing service, and which has | ||
| not been accessible to the public. | ||
| (13-b) "Encryption," "encrypt," or "encrypted" means | ||
| the encoding of data, documents, wire or electronic communications, | ||
| or other information, using mathematical formulas or algorithms in | ||
| order to preserve the confidentiality, integrity, or authenticity | ||
| of, and prevent unauthorized access to, such information. | ||
| (13-c) "Encryption service" means a computing | ||
| service, a computer device, computer software, or technology with | ||
| encryption capabilities, and includes any subsequent version of or | ||
| update to an encryption service. | ||
| SECTION 3. Chapter 33, Penal Code, is amended by adding | ||
| Sections 33.022, 33.023, and 33.024 to read as follows: | ||
| Sec. 33.022. ELECTRONIC ACCESS INTERFERENCE. (a) A | ||
| person, other than a network provider or online service provider | ||
| acting for a legitimate business purpose, commits an offense if the | ||
| person intentionally interrupts or suspends access to a computer | ||
| system or computer network without the effective consent of the | ||
| owner. | ||
| (b) An offense under this section is a third degree felony. | ||
| (c) It is a defense to prosecution under this section that | ||
| the person acted with the intent to facilitate a lawful seizure or | ||
| search of, or lawful access to, a computer, computer network, or | ||
| computer system for a legitimate law enforcement purpose. | ||
| Sec. 33.023. ELECTRONIC DATA TAMPERING. (a) In this | ||
| section, "ransomware" means a computer contaminant or lock that | ||
| restricts access by an unauthorized person to a computer, computer | ||
| system, or computer network or any data in a computer, computer | ||
| system, or computer network under circumstances in which a person | ||
| demands money, property, or a service to remove the computer | ||
| contaminant or lock, restore access to the computer, computer | ||
| system, computer network, or data, or otherwise remediate the | ||
| impact of the computer contaminant or lock. | ||
| (b) A person commits an offense if the person intentionally | ||
| alters data as it transmits between two computers in a computer | ||
| network or computer system through deception and without a | ||
| legitimate business purpose. | ||
| (c) A person commits an offense if the person intentionally | ||
| introduces ransomware onto a computer, computer network, or | ||
| computer system through deception and without a legitimate business | ||
| purpose. | ||
| (d) An offense under this section is a Class A misdemeanor, | ||
| unless the person acted with the intent to defraud or harm another, | ||
| in which event the offense is: | ||
| (1) a state jail felony if the aggregate amount | ||
| involved is $2,500 or more but less than $30,000; | ||
| (2) a felony of the third degree if the aggregate | ||
| amount involved is $30,000 or more but less than $150,000; | ||
| (3) a felony of the second degree if: | ||
| (A) the aggregate amount involved is $150,000 or | ||
| more but less than $300,000; or | ||
| (B) the aggregate amount involved is any amount | ||
| less than $300,000 and the computer, computer network, or computer | ||
| system is owned by the government or a critical infrastructure | ||
| facility; or | ||
| (4) a felony of the first degree if the aggregate | ||
| amount involved is $300,000 or more. | ||
| (e) When benefits are obtained, a victim is defrauded or | ||
| harmed, or property is altered, appropriated, damaged, or deleted | ||
| in violation of this section, whether or not in a single incident, | ||
| the conduct may be considered as one offense and the value of the | ||
| benefits obtained and of the losses incurred because of the fraud, | ||
| harm, or alteration, appropriation, damage, or deletion of property | ||
| may be aggregated in determining the grade of the offense. | ||
| (f) A person who is subject to prosecution under this | ||
| section and any other section of this code may be prosecuted under | ||
| either or both sections. | ||
| (g) Software is not ransomware for the purposes of this | ||
| section if the software restricts access to data because: | ||
| (1) authentication is required to upgrade or access | ||
| purchased content; or | ||
| (2) access to subscription content has been blocked | ||
| for nonpayment. | ||
| Sec. 33.024. UNLAWFUL DECRYPTION. (a) A person commits an | ||
| offense if the person intentionally decrypts encrypted private | ||
| information through deception and without a legitimate business | ||
| purpose. | ||
| (b) An offense under this section is a Class A misdemeanor, | ||
| unless the person acted with the intent to defraud or harm another, | ||
| in which event the offense is: | ||
| (1) a state jail felony if the aggregate amount | ||
| involved is less than $30,000; | ||
| (2) a felony of the third degree if the aggregate | ||
| amount involved is $30,000 or more but less than $150,000; | ||
| (3) a felony of the second degree if: | ||
| (A) the aggregate amount involved is $150,000 or | ||
| more but less than $300,000; or | ||
| (B) the aggregate amount involved is any amount | ||
| less than $300,000 and the computer, computer network, or computer | ||
| system is owned by the government or a critical infrastructure | ||
| facility; or | ||
| (4) a felony of the first degree if the aggregate | ||
| amount involved is $300,000 or more. | ||
| (c) It is a defense to prosecution under this section that | ||
| the actor's conduct was pursuant to an agreement entered into with | ||
| the owner for the purpose of: | ||
| (1) assessing or maintaining the security of the | ||
| information or of a computer, computer network, or computer system; | ||
| or | ||
| (2) providing other services related to security. | ||
| (d) A person who is subject to prosecution under this | ||
| section and any other section of this code may be prosecuted under | ||
| either or both sections. | ||
| SECTION 4. Section 33.03, Penal Code, is amended to read as | ||
| follows: | ||
| Sec. 33.03. DEFENSES. It is an affirmative defense to | ||
| prosecution under Section 33.02 or 33.022 that the actor was an | ||
| officer, employee, or agent of a communications common carrier or | ||
| electric utility and committed the proscribed act or acts in the | ||
| course of employment while engaged in an activity that is a | ||
| necessary incident to the rendition of service or to the protection | ||
| of the rights or property of the communications common carrier or | ||
| electric utility. | ||
| SECTION 5. The change in law made by this Act applies only | ||
| to an offense committed on or after the effective date of this Act. | ||
| An offense committed before the effective date of this Act is | ||
| governed by the law in effect on the date the offense was committed, | ||
| and the former law is continued in effect for that purpose. For | ||
| purposes of this section, an offense was committed before the | ||
| effective date of this Act if any element of the offense occurred | ||
| before that date. | ||
| SECTION 6. This Act takes effect September 1, 2017. | ||
| * * * * * | ||
