NY State Senate Bill 2011-S1670

Archive: Last Bill Status - In Senate Committee Codes Committee

Introduced
- In Committee Assembly
- In Committee Senate
- On Floor Calendar Assembly
- On Floor Calendar Senate
- Passed Assembly
- Passed Senate
Delivered to Governor
Signed By Governor

Please enter your contact information

First Name

Last Name

Email Address

A valid email address is required.

Home address is used to determine the senate district in which you reside. Your support or opposition to this bill is then shared immediately with the senator who represents you.

Optional services from the NY State Senate:

Create an account. An account allows you to officially support or oppose key legislation, sign petitions with a single click, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Include a custom message for your Senator? (Optional)

Enter a message to your senator. Many New Yorkers use this to share the reasoning behind their support or opposition to the bill. Others might share a personal anecdote about how the bill would affect them or people they care about.

Actions

View Actions

Date of Action	Assembly Actions - Lowercase Senate Actions - UPPERCASE
Jan 04, 2012	referred to codes
Jan 11, 2011	referred to codes

2011-S1670 (ACTIVE) - Details

Current Committee:: Senate Codes
Law Section:: Penal Law
Laws Affected:: Add §156.40, Pen L
Versions Introduced in Other Legislative Sessions:: 2009-2010: S137
2013-2014: S244
2015-2016: S4057

2011-S1670 (ACTIVE) - Summary

Establishes the crime of unlawful use of spyware and malware; unlawful use of spyware and malware is a class A misdemeanor, provided, however, that unlawful use of spyware and malware by a person who has been previously convicted within the last five years of having violated this section is a class E felony.

2011-S1670 (ACTIVE) - Sponsor Memo

                                BILL NUMBER:S1670

TITLE OF BILL:
An act
to amend the penal law, in relation to establishing the crime of
unlawful use of spyware and malware

PURPOSE:
The act aims to protect the privacy of computer users by banning the
dissemination of computer spyware and malware without the
authorization of the owner of a computer.

SUMMARY OF PROVISIONS:
Section 1 amends section 156 of the Penal Law to ban the use of
computer spyware and malware, where spyware and malware are a
computer program when downloaded and functioning, transmits
information to a third party without the authorization of a computer
user. Section 2 establishes an effective date of the first of
November next succeeding date on which it shall have become a law.

JUSTIFICATION:
Computer users download information from the internet without truly
understanding what functions the programs will have. Many times
computer users will encounter the opportunity to download a computer
program from the internet that they believe will give them an
innocuous program that will help them organize their lives. However,

it sometimes is not known to the computer user what other functions
the computer program will actually have and these seemingly harmless
programs may also send information to a third party such as a
marketing firm, or worse a person who wishes to commit identity
theft:. Key-logging computer programs record all of the keystrokes
that a computer user makes while using a computer.
Because many use computers for banking and credit card transactions,
these programs allow for criminals to commit identity theft:.
Therefore, this legislation includes (but is not limited to)
key-logging within the spyware ban.

PRIOR LEGISLATIVE HISTORY:
S.4948 of 2007
04/24/07 Referred to Codes
S.137 of 2009
01107/09 REFERRED TO CODES
01/06/10 REFERRED TO CODES

FISCAL IMPLICATIONS FOR STATE AND LOCAL GOVERNMENTS:
None.

EFFECTIVE DATE:
This act shall take effect on the first of November next succeeding
the date on which it shall have become a law.

2011-S1670 (ACTIVE) - Bill Text download pdf

                            
                    S T A T E   O F   N E W   Y O R K
________________________________________________________________________

                                  1670

                       2011-2012 Regular Sessions

                            I N  S E N A T E

                            January 11, 2011
                               ___________

Introduced  by  Sen. SAMPSON -- read twice and ordered printed, and when
  printed to be committed to the Committee on Codes

AN ACT to amend the penal law, in relation to establishing the crime  of
  unlawful use of spyware and malware

  THE  PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM-
BLY, DO ENACT AS FOLLOWS:

  Section 1. The penal law is amended by adding a new section 156.40  to
read as follows:
S 156.40 UNLAWFUL USE OF SPYWARE AND MALWARE.
  1. A PERSON IS GUILTY OF UNLAWFUL USE OF SPYWARE AND MALWARE WHEN SUCH
PERSON  OR ENTITY THAT IS NOT AN AUTHORIZED USER, AS DEFINED IN SUBDIVI-
SION FOUR OF THIS SECTION, WITH ACTUAL KNOWLEDGE, WITH CONSCIOUS  AVOID-
ANCE  OF  ACTUAL KNOWLEDGE, OR WILLFULLY, CAUSES COMPUTER SOFTWARE TO BE
COPIED ONTO THE COMPUTER OF A CONSUMER IN THIS STATE AND USES THE  SOFT-
WARE TO DO ANY OF THE FOLLOWING:
  (A)  MODIFY, THROUGH INTENTIONALLY DECEPTIVE MEANS, ANY OF THE FOLLOW-
ING SETTINGS RELATED TO THE COMPUTER'S ACCESS TO, OR USE OF, THE  INTER-
NET:
  (1) THE PAGE THAT APPEARS WHEN AN AUTHORIZED USER LAUNCHES AN INTERNET
BROWSER  OR  SIMILAR  SOFTWARE  PROGRAM  USED TO ACCESS AND NAVIGATE THE
INTERNET.
  (2) THE DEFAULT PROVIDER OR WEB PROXY  THE  AUTHORIZED  USER  USES  TO
ACCESS OR SEARCH THE INTERNET.
  (3) THE AUTHORIZED USER'S LIST OF BOOKMARKS USED TO ACCESS WEB PAGES.
  (B)  COLLECT,  THROUGH INTENTIONALLY DECEPTIVE MEANS, PERSONALLY IDEN-
TIFIABLE INFORMATION THAT MEETS ANY OF THE FOLLOWING CRITERIA:
  (1) IT IS COLLECTED THROUGH THE USE OF  A  KEYSTROKE-LOGGING  FUNCTION
THAT  RECORDS  ALL  KEYSTROKES  MADE  BY AN AUTHORIZED USER WHO USES THE
COMPUTER AND TRANSFERS THAT INFORMATION FROM  THE  COMPUTER  TO  ANOTHER
PERSON.

 EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                      [ ] is old law to be omitted.
                                                           LBD05901-01-1

S. 1670                             2

  (2)  IT  INCLUDES ALL OR SUBSTANTIALLY ALL OF THE WEB SITES VISITED BY
AN AUTHORIZED USER, OTHER THAN WEB SITES OF THE PROVIDER  OF  THE  SOFT-
WARE,  IF  THE  COMPUTER  SOFTWARE WAS INSTALLED IN A MANNER DESIGNED TO
CONCEAL FROM ALL AUTHORIZED USERS OF THE  COMPUTER  THE  FACT  THAT  THE
SOFTWARE IS BEING INSTALLED.
  (3) IT IS A DATA ELEMENT DESCRIBED IN SUBPARAGRAPH TWO, THREE, OR FOUR
OF  PARAGRAPH  (K) OF SUBDIVISION FOUR OF THIS SECTION, OR IN CLAUSE (A)
OR (B) OF SUBPARAGRAPH FIVE OF PARAGRAPH (K) OF SUBDIVISION FOUR OF THIS
SECTION, THAT IS EXTRACTED FROM THE CONSUMER'S COMPUTER HARD DRIVE FOR A
PURPOSE WHOLLY UNRELATED TO ANY OF  THE  PURPOSES  OF  THE  SOFTWARE  OR
SERVICE DESCRIBED TO AN AUTHORIZED USER.
  (C)  PREVENT, WITHOUT THE AUTHORIZATION OF AN AUTHORIZED USER, THROUGH
INTENTIONALLY DECEPTIVE MEANS, AN AUTHORIZED USER'S  REASONABLE  EFFORTS
TO  BLOCK THE INSTALLATION OF, OR TO DISABLE, SOFTWARE, BY CAUSING SOFT-
WARE THAT THE AUTHORIZED USER HAS PROPERLY REMOVED OR DISABLED TO  AUTO-
MATICALLY  REINSTALL  OR REACTIVATE ON THE COMPUTER WITHOUT THE AUTHORI-
ZATION OF AN AUTHORIZED USER.
  (D) INTENTIONALLY MISREPRESENT THAT SOFTWARE WILL  BE  UNINSTALLED  OR
DISABLED  BY  AN AUTHORIZED USER'S ACTION, WITH KNOWLEDGE THAT THE SOFT-
WARE WILL NOT BE SO UNINSTALLED OR DISABLED.
  (E) THROUGH INTENTIONALLY DECEPTIVE MEANS, REMOVE, DISABLE, OR  RENDER
INOPERATIVE  SECURITY,  ANTISPYWARE,  OR ANTIVIRUS SOFTWARE INSTALLED ON
THE COMPUTER.
  2. A PERSON OR ENTITY THAT IS NOT AN AUTHORIZED USER,  AS  DEFINED  IN
SUBDIVISION FOUR OF THIS SECTION, SHALL NOT, WITH ACTUAL KNOWLEDGE, WITH
CONSCIOUS  AVOIDANCE  OF  ACTUAL KNOWLEDGE, OR WILLFULLY, CAUSE COMPUTER
SOFTWARE TO BE COPIED ONTO THE COMPUTER OF A CONSUMER IN THIS STATE  AND
USE THE SOFTWARE TO DO ANY OF THE FOLLOWING:
  (A)  TAKE  CONTROL  OF  THE  CONSUMER'S  COMPUTER  BY DOING ANY OF THE
FOLLOWING:
  (1) TRANSMITTING OR RELAYING COMMERCIAL ELECTRONIC MAIL OR A  COMPUTER
VIRUS  FROM  THE CONSUMER'S COMPUTER, WHERE THE TRANSMISSION OR RELAYING
IS INITIATED BY A PERSON OTHER THAN THE AUTHORIZED USER AND WITHOUT  THE
AUTHORIZATION OF AN AUTHORIZED USER.
  (2)  ASSESSING  OR  USING THE CONSUMER'S MODEM OR INTERNET SERVICE FOR
THE PURPOSE OF CAUSING DAMAGE TO THE CONSUMER'S COMPUTER OR  OF  CAUSING
AN  AUTHORIZED USER TO INCUR FINANCIAL CHARGES FOR A SERVICE THAT IS NOT
AUTHORIZED BY AN AUTHORIZED USER.
  (3) USING THE CONSUMER'S COMPUTER AS PART OF AN ACTIVITY PERFORMED  BY
A  GROUP  OF  COMPUTERS  FOR  THE  PURPOSE  OF CAUSING DAMAGE TO ANOTHER
COMPUTER, INCLUDING, BUT NOT LIMITED TO, LAUNCHING A DENIAL  OF  SERVICE
ATTACK.
  (4)  OPENING  MULTIPLE,  SEQUENTIAL, STAND-ALONE ADVERTISEMENTS IN THE
CONSUMER'S INTERNET BROWSER WITHOUT THE AUTHORIZATION OF  AN  AUTHORIZED
USER AND WITH KNOWLEDGE THAT A REASONABLE COMPUTER USER CANNOT CLOSE THE
ADVERTISEMENTS  WITHOUT  TURNING OFF THE COMPUTER OR CLOSING THE CONSUM-
ER'S INTERNET BROWSER.
  (B) MODIFY ANY OF THE FOLLOWING SETTINGS  RELATED  TO  THE  COMPUTER'S
ACCESS TO, OR USE OF, THE INTERNET:
  (1)  AN  AUTHORIZED  USER'S  SECURITY  OR  OTHER SETTINGS THAT PROTECT
INFORMATION ABOUT THE  AUTHORIZED  USER  FOR  THE  PURPOSE  OF  STEALING
PERSONAL INFORMATION OF AN AUTHORIZED USER.
  (2)  THE  SECURITY SETTINGS OF THE COMPUTER FOR THE PURPOSE OF CAUSING
DAMAGE TO ONE OR MORE COMPUTERS.

S. 1670                             3

  (C) PREVENT, WITHOUT THE  AUTHORIZATION  OF  AN  AUTHORIZED  USER,  AN
AUTHORIZED USER'S REASONABLE EFFORTS TO BLOCK THE INSTALLATION OF, OR TO
DISABLE, SOFTWARE, BY DOING ANY OF THE FOLLOWING:
  (1) PRESENTING THE AUTHORIZED USER WITH AN OPTION TO DECLINE INSTALLA-
TION OF SOFTWARE WITH KNOWLEDGE THAT, WHEN THE OPTION IS SELECTED BY THE
AUTHORIZED USER, THE INSTALLATION NEVERTHELESS PROCEEDS.
  (2) FALSELY REPRESENTING THAT SOFTWARE HAS BEEN DISABLED.
  (D)  NOTHING  IN  THIS  SECTION  SHALL  APPLY TO ANY MONITORING OF, OR
INTERACTION WITH, A SUBSCRIBER'S INTERNET OR OTHER NETWORK CONNECTION OR
SERVICE, OR A PROTECTED COMPUTER, BY A TELECOMMUNICATIONS CARRIER, CABLE
OPERATOR, COMPUTER HARDWARE OR SOFTWARE PROVIDER, OR PROVIDER OF  INFOR-
MATION  SERVICE  OR INTERACTIVE COMPUTER SERVICE FOR NETWORK OR COMPUTER
SECURITY PURPOSES, DIAGNOSTICS, TECHNICAL  SUPPORT,  REPAIR,  AUTHORIZED
UPDATES OF SOFTWARE OR SYSTEM FIRMWARE, AUTHORIZED REMOTE SYSTEM MANAGE-
MENT,  OR  DETECTION OR PREVENTION OF THE UNAUTHORIZED USE OF OR FRAUDU-
LENT OR OTHER ILLEGAL ACTIVITIES IN CONNECTION WITH A NETWORK,  SERVICE,
OR  COMPUTER  SOFTWARE,  INCLUDING  SCANNING  FOR  AND REMOVING SOFTWARE
PROSCRIBED UNDER THIS SECTION.
  3. (A) A PERSON OR ENTITY, WHO IS NOT AN UNAUTHORIZED USER, AS DEFINED
IN SUBDIVISION FOUR OF THIS SECTION, SHALL NOT DO ANY OF  THE  FOLLOWING
WITH REGARD TO THE COMPUTER OF A CONSUMER IN THIS STATE:
  (1) INDUCE AN AUTHORIZED USER TO INSTALL A SOFTWARE COMPONENT ONTO THE
COMPUTER  BY  INTENTIONALLY  MISREPRESENTING THAT INSTALLING SOFTWARE IS
NECESSARY FOR SECURITY OR PRIVACY REASONS OR IN ORDER TO OPEN, VIEW,  OR
PLAY A PARTICULAR TYPE OF CONTENT.
  (2) DECEPTIVELY CAUSING THE COPYING AND EXECUTION ON THE COMPUTER OF A
COMPUTER  SOFTWARE  COMPONENT  WITH  THE INTENT OF CAUSING AN AUTHORIZED
USER TO USE THE COMPONENT IN A WAY THAT VIOLATES ANY OTHER PROVISION  OF
THIS SECTION.
  (B)  NOTHING  IN  THIS  SECTION  SHALL  APPLY TO ANY MONITORING OF, OR
INTERACTION WITH, A SUBSCRIBER'S INTERNET OR OTHER NETWORK CONNECTION OR
SERVICE, OR A PROTECTED COMPUTER, BY A TELECOMMUNICATIONS CARRIER, CABLE
OPERATOR, COMPUTER HARDWARE OR SOFTWARE PROVIDER, OR PROVIDER OF  INFOR-
MATION  SERVICE  OR INTERACTIVE COMPUTER SERVICE FOR NETWORK OR COMPUTER
SECURITY PURPOSES, DIAGNOSTICS, TECHNICAL  SUPPORT,  REPAIR,  AUTHORIZED
UPDATES OF SOFTWARE OR SYSTEM FIRMWARE, AUTHORIZED REMOTE SYSTEM MANAGE-
MENT,  OR  DETECTION OR PREVENTION OF THE UNAUTHORIZED USE OF OR FRAUDU-
LENT OR OTHER ILLEGAL ACTIVITIES IN CONNECTION WITH A NETWORK,  SERVICE,
OR  COMPUTER  SOFTWARE,  INCLUDING  SCANNING  FOR  AND REMOVING SOFTWARE
PROSCRIBED UNDER THIS SECTION.
  4. FOR PURPOSES OF THIS SECTION:
  (A) "ADVERTISEMENT" SHALL MEAN A COMMUNICATION, THE PRIMARY PURPOSE OF
WHICH IS THE COMMERCIAL PROMOTION OF A COMMERCIAL  PRODUCT  OR  SERVICE,
INCLUDING  CONTENT  ON  AN  INTERNET  WEB SITE OPERATED FOR A COMMERCIAL
PURPOSE.
  (B) "AUTHORIZED USER," WITH RESPECT TO A COMPUTER, SHALL MEAN A PERSON
WHO OWNS OR IS AUTHORIZED BY THE OWNER OR LESSEE TO USE THE COMPUTER. AN
"AUTHORIZED USER" DOES NOT INCLUDE A PERSON OR ENTITY THAT HAS  OBTAINED
AUTHORIZATION  TO USE THE COMPUTER SOLELY THROUGH THE USE OF AN END USER
LICENSE AGREEMENT.
  (C) "COMPUTER SOFTWARE" SHALL MEAN A SEQUENCE OF INSTRUCTIONS  WRITTEN
IN ANY PROGRAMMING LANGUAGE THAT IS EXECUTED ON A COMPUTER.
  (D)  "COMPUTER  VIRUS"  SHALL  MEAN A COMPUTER PROGRAM OR OTHER SET OF
INSTRUCTIONS THAT IS DESIGNED TO DEGRADE THE PERFORMANCE OF OR DISABLE A
COMPUTER OR COMPUTER NETWORK AND IS DESIGNED  TO  HAVE  THE  ABILITY  TO

S. 1670                             4

REPLICATE  ITSELF  ON  OTHER  COMPUTERS OR COMPUTER NETWORKS WITHOUT THE
AUTHORIZATION OF THE OWNERS OF THOSE COMPUTERS OR COMPUTER NETWORKS.
  (E)  "CONSUMER" SHALL MEAN AN INDIVIDUAL WHO RESIDES IN THIS STATE AND
WHO USES THE COMPUTER IN QUESTION PRIMARILY  FOR  PERSONAL,  FAMILY,  OR
HOUSEHOLD PURPOSES.
  (F)"DAMAGE"  SHALL MEAN ANY SIGNIFICANT IMPAIRMENT TO THE INTEGRITY OR
AVAILABILITY OF DATA, SOFTWARE, A SYSTEM, OR INFORMATION.
  (G) "EXECUTE," WHEN USED WITH RESPECT TO COMPUTER SOFTWARE, SHALL MEAN
THE PERFORMANCE OF THE FUNCTIONS OR THE CARRYING OUT OF THE INSTRUCTIONS
OF THE COMPUTER SOFTWARE.
  (H) "INTENTIONALLY DECEPTIVE" SHALL MEAN ANY OF THE FOLLOWING:
  (1) BY MEANS OF AN INTENTIONALLY AND MATERIALLY  FALSE  OR  FRAUDULENT
STATEMENT.
  (2) BY MEANS OF A STATEMENT OR DESCRIPTION THAT INTENTIONALLY OMITS OR
MISREPRESENTS MATERIAL INFORMATION IN ORDER TO DECEIVE THE CONSUMER.
  (3)  BY  MEANS  OF  AN INTENTIONAL AND MATERIAL FAILURE TO PROVIDE ANY
NOTICE TO AN AUTHORIZED USER REGARDING THE DOWNLOAD OR  INSTALLATION  OF
SOFTWARE IN ORDER TO DECEIVE THE CONSUMER.
  (I)  "INTERNET"  SHALL  MEAN  THE  GLOBAL  INFORMATION  SYSTEM THAT IS
LOGICALLY LINKED TOGETHER BY A GLOBALLY UNIQUE ADDRESS  SPACE  BASED  ON
THE  INTERNET  PROTOCOL  (IP), OR ITS SUBSEQUENT EXTENSIONS, AND THAT IS
ABLE  TO  SUPPORT  COMMUNICATIONS   USING   THE   TRANSMISSION   CONTROL
PROTOCOL/INTERNET PROTOCOL (TCP/IP) SUITE, OR ITS SUBSEQUENT EXTENSIONS,
OR  OTHER  IP-COMPATIBLE  PROTOCOLS,  AND  THAT PROVIDES, USES, OR MAKES
ACCESSIBLE, EITHER PUBLICLY OR PRIVATELY, HIGH LEVEL SERVICES LAYERED ON
THE COMMUNICATIONS AND RELATED INFRASTRUCTURE DESCRIBED IN THIS SUBDIVI-
SION.
  (J) "PERSON" SHALL  MEAN  ANY  INDIVIDUAL,  PARTNERSHIP,  CORPORATION,
LIMITED  LIABILITY  COMPANY,  OR  OTHER ORGANIZATION, OR ANY COMBINATION
THEREOF.
  (K) "PERSONALLY  IDENTIFIABLE  INFORMATION"  SHALL  MEAN  ANY  OF  THE
FOLLOWING:
  (1) FIRST NAME OR FIRST INITIAL IN COMBINATION WITH LAST NAME.
  (2) CREDIT OR DEBIT CARD NUMBERS OR OTHER FINANCIAL ACCOUNT NUMBERS.
  (3) A PASSWORD OR PERSONAL IDENTIFICATION NUMBER REQUIRED TO ACCESS AN
IDENTIFIED FINANCIAL ACCOUNT.
  (4) SOCIAL SECURITY NUMBER.
  (5) ANY OF THE FOLLOWING INFORMATION IN A FORM THAT PERSONALLY IDENTI-
FIES AN AUTHORIZED USER:
  (A) ACCOUNT BALANCES.
  (B) OVERDRAFT HISTORY.
  (C) PAYMENT HISTORY.
  (D) A HISTORY OF WEB SITES VISITED.
  (E) HOME ADDRESS.
  (F) WORK ADDRESS.
  (G) A RECORD OF A PURCHASE OR PURCHASES.
  UNLAWFUL  USE  OF  SPYWARE  AND  MALWARE  IS  A  CLASS  A MISDEMEANOR,
PROVIDED, HOWEVER, THAT UNLAWFUL USE OF SPYWARE AND MALWARE BY A  PERSON
WHO  HAS  BEEN PREVIOUSLY CONVICTED WITHIN THE LAST FIVE YEARS OF HAVING
VIOLATED THIS SECTION IS A CLASS E FELONY.
  S 2. This act shall take effect on the first of November next succeed-
ing the date on which it shall have become a law.

Comments

Open Legislation is a forum for New York State legislation. All comments are subject to review and community moderation is encouraged.

Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity, hate or toxic speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Attempts to intimidate and silence contributors or deliberately deceive the public, including excessive or extraneous posting/posts, or coordinated activity, are prohibited and may result in the temporary or permanent banning of the user. Comment moderation is generally performed Monday through Friday. By contributing or voting you agree to the Terms of Participation and verify you are over 13.

Create an account. An account allows you to sign petitions with a single click, officially support or oppose key legislation, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Find your Senator and share your views on important issues.

Do you support this bill?

Senate Bill S1670

Sponsored By

Archive: Last Bill Status - In Senate Committee Codes Committee

Actions

2011-S1670 (ACTIVE) - Details

2011-S1670 (ACTIVE) - Summary

2011-S1670 (ACTIVE) - Sponsor Memo

2011-S1670 (ACTIVE) - Bill Text download pdf

Comments

Do you support this bill?

Get Status Alerts for 2011-S1670

Senate Bill S1670

Share this bill

Sponsored By

John L. Sampson

Archive: Last Bill Status - In Senate Committee Codes Committee

Actions

2011-S1670 (ACTIVE) - Details

2011-S1670 (ACTIVE) - Summary

2011-S1670 (ACTIVE) - Sponsor Memo

2011-S1670 (ACTIVE) - Bill Text download pdf

Comments