Full Text of HB0380 94th General Assembly
HB0380eng 94TH GENERAL ASSEMBLY
|
|
|
HB0380 Engrossed |
|
LRB094 06868 RXD 36975 b |
|
| 1 |
| AN ACT concerning business.
| 2 |
| Be it enacted by the People of the State of Illinois,
| 3 |
| represented in the General Assembly:
| 4 |
| Section 1. This Act may be cited as the Illinois Spyware | 5 |
| Prevention Initiative Act. | 6 |
| Section 5. Definitions. In this Act: | 7 |
| "Advertisement" means a communication, the primary purpose | 8 |
| of which is the commercial promotion of a commercial product or | 9 |
| service, including content on an Internet web site operated for | 10 |
| a commercial purpose.
| 11 |
| "Authorized user", with respect to a computer, means a | 12 |
| person who owns or is authorized by the owner or lessee to use | 13 |
| the computer. "Authorized user" does not include a person or | 14 |
| entity that has obtained authorization to use the computer | 15 |
| solely through the use of an end user license agreement.
| 16 |
| "Computer software" means a sequence of instructions | 17 |
| written in any programming language that is executed on a | 18 |
| computer.
| 19 |
| "Computer virus" means a computer program or other set of | 20 |
| instructions that is designed to degrade the performance of or | 21 |
| disable a computer or computer network and is designed to have | 22 |
| the ability to replicate itself on other computers or computer | 23 |
| networks without the authorization of the owners of those | 24 |
| computers or computer networks.
| 25 |
| "Consumer" means an individual who resides in this State | 26 |
| and who uses the computer in question primarily for personal, | 27 |
| family, or household purposes.
| 28 |
| "Damage" means any significant impairment to the integrity | 29 |
| or availability of data, software, a system, or information.
| 30 |
| "Deceptive" means any one of the following:
| 31 |
| (1) By means of materially false or fraudulent | 32 |
| statement.
|
|
|
|
HB0380 Engrossed |
- 2 - |
LRB094 06868 RXD 36975 b |
|
| 1 |
| (2) By means of a statement or description that omits | 2 |
| or misrepresents material information in order to deceive | 3 |
| the consumer.
| 4 |
| (3) By means of material failure to provide any notice | 5 |
| to an authorized user regarding the download or | 6 |
| installation of software in order to deceive the consumer.
| 7 |
| "Execute", when used with respect to computer software, | 8 |
| means the performance of the functions of the carrying out of | 9 |
| the instructions of the computer software.
| 10 |
| "Internet" means the global information system that is | 11 |
| logically linked together by a globally unique address space | 12 |
| based on the Internet Protocol (IP), or its subsequent | 13 |
| extensions, and that is able to support communications using | 14 |
| the Transmission Control Protocol/Internet Protocol (TCP/IP) | 15 |
| suite, or its subsequent extensions, or other IP-compatible | 16 |
| protocols, and that provides, uses, or makes accessible, either | 17 |
| publicly or privately, high level services layered on the | 18 |
| communications and related infrastructure.
| 19 |
| "Person" means any individual, partnership, corporation, | 20 |
| limited liability company, or other organization, or any | 21 |
| combination thereof.
| 22 |
| "Personally identifiable information" means any one of the | 23 |
| following:
| 24 |
| (1) First name or first initial in combination with | 25 |
| last name.
| 26 |
| (2) Credit or debit card numbers or other financial | 27 |
| account numbers.
| 28 |
| (3) A password or personal identification number | 29 |
| required to access an
identified financial account.
| 30 |
| (4) Social security number.
| 31 |
| (5) Any of the following information in a form that | 32 |
| personally identifies
an authorized user: (i) account | 33 |
| balances; (ii) overdraft history; (iii) payment history; | 34 |
| (iv) a history of Web sites visited; (v) home address; (vi) | 35 |
| work address; or (vii) a record of a purchase or purchases.
|
|
|
|
HB0380 Engrossed |
- 3 - |
LRB094 06868 RXD 36975 b |
|
| 1 |
| Section 10. Computer spyware; authorized user. A person or | 2 |
| entity that is
not an authorized user shall not, with actual | 3 |
| knowledge, with conscious avoidance of actual knowledge, or | 4 |
| willfully, cause computer software to be copied onto a | 5 |
| consumer's computer and use the software to do any of the | 6 |
| following:
| 7 |
| (1) Modify, through deceptive means, any of the | 8 |
| following settings related to the computer's access to, or | 9 |
| use of, the Internet: | 10 |
| (A) The page that appears when an authorized user | 11 |
| launches an Internet browser or similar software | 12 |
| program used to access and navigate the Internet.
| 13 |
| (B) The default provider or Web proxy an authorized | 14 |
| user uses to access or search the Internet.
| 15 |
| (C) An authorized user's list of bookmarks used to | 16 |
| access Web pages. | 17 |
| (2) Collect, through deceptive means, personally | 18 |
| identifiable information that meets any of the following | 19 |
| criteria: | 20 |
| (A) It is collected through the use of a | 21 |
| keystroke-logging function that records all keystrokes | 22 |
| made by an authorized user who uses the computer and | 23 |
| transfers that information from the computer to | 24 |
| another person.
| 25 |
| (B) It includes all or substantially all of the Web | 26 |
| sites visited by an authorized user, other than Web | 27 |
| sites of the provider of the software, if the computer | 28 |
| software was installed in a manner designed to conceal | 29 |
| from all authorized users of the computer the fact that | 30 |
| the software is being installed.
| 31 |
| (C) It is a data element that is extracted from the | 32 |
| consumer's computer hard drive for a purpose wholly | 33 |
| unrelated to any of the purposes of the software or | 34 |
| service described to an authorized user. | 35 |
| (3) Prevent, without the authorization of an | 36 |
| authorized user, through deceptive means, an authorized |
|
|
|
HB0380 Engrossed |
- 4 - |
LRB094 06868 RXD 36975 b |
|
| 1 |
| user's reasonable efforts to block the installation of, or | 2 |
| to disable software by causing software that the authorized | 3 |
| user has properly removed or disabled to automatically | 4 |
| reinstall or reactivate on the computer without the | 5 |
| authorization of an authorized user.
| 6 |
| (4) Misrepresent that software will be uninstalled or | 7 |
| disabled by an authorized user's action, with knowledge | 8 |
| that the software will not be so uninstalled or disabled.
| 9 |
| (5) Through deceptive means, remove, disable, or | 10 |
| render inoperative security, antispyware, or antivirus | 11 |
| software installed on the computer.
| 12 |
| Section 15. Computer spyware; unauthorized user. | 13 |
| (a) A person or entity that is not an authorized user shall | 14 |
| not, with actual knowledge, with conscious avoidance of actual | 15 |
| knowledge, or willfully, cause computer software to be copied | 16 |
| onto a consumer's computer and use the software to do any of | 17 |
| the following: | 18 |
| (1) Take control of the consumer's computer by doing | 19 |
| any of the following: | 20 |
| (A) Transmit or relay commercial electronic mail | 21 |
| or a computer
virus from the consumer's computer, where | 22 |
| the transmission or relaying is initiated by a person | 23 |
| other than the authorized user and without the | 24 |
| authorization of an authorized user.
| 25 |
| (B) Access or use the consumer's modem or Internet | 26 |
| service for the purpose of causing damage to the | 27 |
| consumer's computer or of causing an authorized user to | 28 |
| incur financial charges for a service that is not | 29 |
| authorized by an authorized user.
| 30 |
| (C) Use the consumer's computer as part of an | 31 |
| activity performed by a group of computers for the | 32 |
| purpose of causing damage to another computer, | 33 |
| including, but not limited to, launching a denial of | 34 |
| service attack.
| 35 |
| (D) Open multiple, sequential, stand-alone |
|
|
|
HB0380 Engrossed |
- 5 - |
LRB094 06868 RXD 36975 b |
|
| 1 |
| advertisements in the consumer's Internet browser | 2 |
| without the authorization of an authorized user and | 3 |
| with knowledge that a reasonable computer user cannot | 4 |
| close the advertisements without turning off the | 5 |
| computer or closing the consumer's Internet browser.
| 6 |
| (2) Modify any of the following settings related to the | 7 |
| computer's access to, or use of, the Internet: | 8 |
| (A) An authorized user's security or other | 9 |
| settings that protect information about the authorized | 10 |
| user for the purpose of stealing personal information | 11 |
| of an authorized user.
| 12 |
| (B) The security settings of the computer for the | 13 |
| purpose of causing damage to one or more computers.
| 14 |
| (3) Prevent, without the authorization of an | 15 |
| authorized user, an authorized user's reasonable efforts | 16 |
| to block the installation of, or to disable software, by | 17 |
| doing any of the following: | 18 |
| (A) Present the authorized user with an option to | 19 |
| decline installation of software with knowledge that, | 20 |
| when the option is selected by the authorized user, the | 21 |
| installation will nevertheless occur. | 22 |
| (B) Falsely represent that software has been | 23 |
| disabled. | 24 |
| (b) Nothing in this Section shall apply to any monitoring | 25 |
| of, or interaction with, a subscriber's Internet or other | 26 |
| network connection or service, or a protected computer, by a | 27 |
| telecommunications carrier, cable operator, computer hardware | 28 |
| or software provider, or provider of information service or | 29 |
| interactive computer service for network or computer security | 30 |
| purposes, diagnostics, technical support, repair, authorized | 31 |
| updates of software or system firmware, authorized remote | 32 |
| system management, or detection or prevention of the | 33 |
| unauthorized use of or fraudulent or other illegal activities | 34 |
| in connection with a network, service, or computer software, | 35 |
| including scanning for and removing software proscribed under | 36 |
| this Act. |
|
|
|
HB0380 Engrossed |
- 6 - |
LRB094 06868 RXD 36975 b |
|
| 1 |
| Section 20. Spyware installation misrepresentation. | 2 |
| (a) A person or entity, who is not an authorized user, | 3 |
| shall not do any of the following with regard to the computer | 4 |
| of a consumer in this State: | 5 |
| (1) Induce an authorized user to install a software | 6 |
| component onto the computer by misrepresenting that | 7 |
| installing software is necessary for security or privacy | 8 |
| reasons or in order to open, view, or play a particular | 9 |
| type of content.
| 10 |
| (2) Deceptively cause the copying and execution on the | 11 |
| computer of a computer software component with the intent | 12 |
| of causing an authorized user to use the component in a way | 13 |
| that violates any other provision of this Section.
| 14 |
| (b) Nothing in this Section shall apply to any monitoring | 15 |
| of, or interaction with, a subscriber's Internet or other | 16 |
| network connection or service, or a protected computer, by a | 17 |
| telecommunications carrier, cable operator, computer hardware | 18 |
| or software provider, or provider of information service or | 19 |
| interactive computer service for network or computer security | 20 |
| purposes, diagnostics, technical support, repair, authorized | 21 |
| updates of software or system firmware, authorized remote | 22 |
| system management, or detection or prevention of the | 23 |
| unauthorized use of or fraudulent or other illegal activities | 24 |
| in connection with a network, service, or computer software, | 25 |
| including scanning for and removing software proscribed under | 26 |
| this Act. | 27 |
| Section 25. Penalty. | 28 |
| (a) A person who violates Section 10, 15, or 20 of this Act | 29 |
| shall be guilty of a Class B misdemeanor. | 30 |
| (b) Absolute liability as provided under Section 4-9 of the | 31 |
| Criminal Code of 1961 shall be imposed for a violation of | 32 |
| Section 20. | 33 |
| Section 30. Severability. If any provision of this Act or |
|
|
|
HB0380 Engrossed |
- 7 - |
LRB094 06868 RXD 36975 b |
|
| 1 |
| its application to any person or circumstance is held invalid, | 2 |
| the invalidity of that provision or application does not affect | 3 |
| other provisions or applications of this Act that can be given | 4 |
| effect without the invalid provision or application.
|
|