Computer Protection Act

Computer Protection Act

Computer Protection Act

Summary

Prohibits a person from using specified protected computers to relay or retransmit commercial electronic mail messages with the intent to deceive or mislead recipients or an electronic mail service provider under specified circumstances; prohibits a person from materially falsifying header information in commercial electronic mail messages under specified circumstances; prohibits a person from registering for electronic mail accounts or domain names under specified circumstances; provides for specified penalties and fines; etc.

Model Legislation

An Act to amend and reenact [insert appropriate sections]

Be it enacted by state of [insert state]:

That [insert appropriate sections] are amended and reenacted as follows:

Section 1. {Definitions}

(1) In this section the following words have the meanings indicated.

(2) “Commercial electronic mail message” means an electronic message sent primarily for the purpose of commercial advertisement or promotion of:

(I) A commercial product;

(II) A commercial service;

(III) The content on an Internet website; or

(IV) A website operated for a commercial purpose.

(3) “Domain name” means any alphanumeric designation that is registered with or assigned by a domain name registrar, domain name registry, or other domain name registration authority as part of an electronic mail address on the Internet.

(4) “Electronic mail service provider” means any person, including an Internet service provider, that is an intermediary in sending and receiving electronic mail and that provides to the public the ability to send or receive electronic mail to or from an electronic mail account or online user account.

(5) “Financial institution” means any financial institution of the type supervised under [statute regulating financial institutions], whether or not State-chartered.

(6) “Header information” means the source, destination, and routing information attached to an electronic mail message, including the originating domain name and originating electronic mails, and any other information that appears in the line identifying or purporting to identify a person initiating the message, and technical information that authenticates the sender of an electronic mail message for network security or network management purposes.

(7) The term “initiate”, when used with respect to a commercial electronic mail message, means to originate or transmit the message or to procure the origination or transmission of the message and does not include actions that constitute routine conveyances of such message.

(8) “Internet” means the international computer network of both federal and nonfederal interoperable packet switched data networks.

(9) “Internet protocol address” means the string of numbers by which a location on the Internet is identified by routers or other computers connected to the Internet.

(10) “Materially falsified” means altered or concealed in a manner that would impair the ability of one of the following to identify, locate, or respond to a person who initiated an electronic mail message or to investigate an alleged violation of this section:

(I) A recipient of the message;

(II) An Internet access service processing the message on behalf of a recipient;

(III) A person alleging a violation of this section; or

(IV) A law enforcement agency.

(11) “Multiple” means:

(I) More than 10 commercial electronic mail messages during a 24-hour period;

(II) More than 100 commercial electronic mail messages during a 30-day period; or

(III) More than 1,000 commercial electronic mail message during a 1-year period.

(12) “Protected computer” means a computer used in intrastate or interstate communication.

(13) “Routine conveyance” means the transmission, routing, relaying, handling, or storing, through an automatic technical process, of an electronic mail message for which another person has identified the recipients or provided the recipients’ addresses.

Section 2. {Violations} A person may not conspire to or knowingly:

(1) Use a protected computer of another to relay or retransmit multiple commercial electronic mail messages with the intent to deceive or mislead recipients or an electronic mail service provider as to the origin of the message;

(2) Materially falsify header information in multiple commercial electronic mail messages and intentionally initiate the transmission of the messages;

(3) Register, using information that materially falsifies the identity of the actual registrant, for 15 or more electronic mail accounts or on-line user accounts of two or more domain names and intentionally initiate the transmission of multiple commercial electronic mail messages from one or any combination of accounts or domain names;

(4) Falsely represent the right to use five or more Internet protocol addresses and intentionally initiate the transmission of multiple commercial electronic mail messages from the Internet protocol addresses;

(5) Access a protected computer of another without authorization, and intentionally initiate the transmission of multiple electronic mail advertisements from or through the protected computer;

(6) Violate item (1), (2), (3), (4), or (5) of this subsection by providing or selecting addresses to which a message was transmitted, knowing that:

(I) The electronic mail addresses of the recipients were obtained using an automated means from an Internet website or proprietary online service operated by another person; and

(II) The website or online service included, at the time the addresses were obtained, a notice stating that the operator of the website or online service will not transfer addresses maintained by the website or online service to any other party for the purposes of initiating or enabling others to initiate electronic mail messages; or

(7) Violate item (1), (2), (3), (4), or (5) of this subsection by providing or selecting electronic mail addresses of recipients obtained using an automated means that generates possible electronic mail addresses by combining names, letters, or numbers into numerous permutations.

Section 3. {Penalties}

(1) A person who violates subsection (B)(1), (2), (3), (4), or (5) of this section is guilty of a felony and on conviction is subject to imprisonment not exceeding 3 years or a fine not exceeding $5,000 or both.

(2) A person who violates subsection (B)(1), (2), (3), (4), or (5) of this section involving the transmission of more than 250 commercial electronic mail messages during a 24-hour period, 2,500 commercial electronic mail messages during any 30-day period, or 25,000 commercial electronic mail messages during any 1-year period is guilty of a felony and on conviction is subject to imprisonment not exceeding 5 years or a fine not exceeding $10,000 or both.

(3) A person who violates subsection (B)(3) or (B)(4) of this section involving 20 or more electronic mail accounts or 10 or more domain names and intentionally initiates the transmission of multiple commercial electronic mail messages from the accounts or using the domain names is guilty of a felony and on conviction is subject to imprisonment not exceeding 5 years or a fine not exceeding $10,000 or both.

(4) A person who violates subsection (B)(1), (2), (3), (4), or (5) of this section that causes a loss of $500 or more during any 1-year period is guilty of a felony and on conviction is subject to imprisonment not exceeding 5 years or a fine not exceeding $10,000 or both.

(5) A person who violates subsection (B)(1), (2), (3), (4), or (5) of this section in concert with three or more other persons as the leader or organizer of the action that constitutes the violation is guilty of a felony and on conviction is subject to imprisonment not exceeding 5 years or a fine not exceeding $10,000 or both.

(6) A person who violates subsection (B)(1), (2), (3), (4), or (5) of this section in furtherance of a felony, or who has previously been convicted of an offense under the laws of this state, another state, or under any Federal law involving the transmission of multiple commercial electronic mail messages is guilty of a felony and on conviction is subject to imprisonment not exceeding 10 years or a fine not exceeding $25,000 or both.

(7) A person who violates subsection (b)(6) or (7) of this section is guilty of a felony and on conviction is subject to imprisonment not exceeding 1 year or a fine not exceeding $5,000 or both.

Section 4. {Forfeiture} In addition to any other sentence authorized by law, the court may direct that a person convicted of a violation of this section forfeit to the state:

(1) Any moneys and other income, including all proceeds earned but not yet received by a defendant from a third party as a result of the defendant’s violation of this section; and

(2) All computer equipment, computer software, and personal property used in connection with a violation of this section known by the owner to have been used in violation of this section.

Section 4. {Civil action by attorney general}

(1) An action brought under this subsection shall be commenced within 2 years after the commission of the act.

(2) The attorney general may institute a civil action against a person who violates this section to recover a civil penalty not exceeding:

(I) $25,000 per day of violation; or

(II) Not less than $2 nor more than $8 per commercial electronic mail message initiated in violation of this section.

(III) For any violation of this Act, the amount determined under paragraph (2) may not exceed $2,000,000.

(3) The attorney general may seek an injunction in a civil action to prohibit a person who has engaged in or is engaged in a violation of this section from engaging in the violation.

(4) The attorney general may enforce criminal violations of this section.

Section 5. {Lawfulness of electronic mail service provider policies} Nothing in this section shall be construed to have any effect on the lawfulness of the adoption, implementation, or enforcement by an electronic mail service provider of a policy of declining to transmit, route, relay, handle, or store certain types of electronic mail messages under any other provision of law.

Section 6. {Severability clause.}

Section 7. {Repealer clause.}

Section 8. {Effective date.}

Approved by the ALEC Board of Directors August 2004.

Amended by the ALEC Board of Directors December 2012.