BILL ANALYSIS Ó AB 1649 Page 1 ASSEMBLY THIRD READING AB 1649 (Waldron) As Amended April 1, 2014 Majority vote PUBLIC SAFETY 7-0 APPROPRIATIONS 17-0 ----------------------------------------------------------------- |Ayes:|Ammiano, Melendez, |Ayes:|Gatto, Bigelow, | | |Jones-Sawyer, Quirk, | |Bocanegra, Bradford, Ian | | |Skinner, Stone, Waldron | |Calderon, Campos, | | | | |Donnelly, Eggman, Gomez, | | | | |Holden, Jones, Linder, | | | | |Pan, Quirk, | | | | |Ridley-Thomas, Wagner, | | | | |Weber | ----------------------------------------------------------------- SUMMARY : Specifies the penalties for any person who disrupts or causes the disruption of, adds, alters, damages, destroys, provides or assists in providing a means of accessing, or introduces any computer contaminant into a "government computer system" or a "public safety infrastructure computer system," as specified, and changes and adds the definition of specified terms. Specifically, this bill : 1)Punishes any person who knowingly and without permission disrupts or causes the disruption of government computer services or denies or causes the denial of government computer services to an authorized user of a government computer, computer system, or computer network by a fine not exceeding $10,000, by imprisonment pursuant to realignment for 16 months, or two or three years, or by both that fine and imprisonment, or by a fine not exceeding $5,000, by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment. 2)Punishes any person who knowingly accesses and without permission adds, alters, damages, deletes, or destroys any data, computer software, or computer programs which reside or exist internal or external to a public safety infrastructure computer system computer, computer system, or computer network by a fine not exceeding $10,000, by imprisonment pursuant to realignment for 16 months, or two or three years, or by both AB 1649 Page 2 that fine and imprisonment, or by a fine not exceeding $5,000, by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment. 3)Punishes any person who knowingly and without permission disrupts or causes the disruption of public safety infrastructure computer system computer services or denies or causes the denial of computer services to an authorized user of a public safety infrastructure computer system computer, computer system, or computer network by a fine not exceeding $10,000, by imprisonment pursuant to realignment for 16 months, or two or three years, or by both that fine and imprisonment, or by a fine not exceeding $5,000, by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment. 4)Punishes any person who knowingly and without permission provides or assists in providing a means of accessing a computer, computer system, or public safety infrastructure computer system computer, computer system, or computer network as follows: a) For a first violation that does not result in injury, an infraction punishable by a fine not exceeding $1,000; b) For a violation that results in a victim expenditure in an amount not greater than $5,000, or for a second or subsequent violation, by a fine not exceeding $5,000, by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment; and c) For any violation that results in a victim expenditure in an amount greater than $5,000, by a fine not exceeding $10,000, by imprisonment pursuant to realignment for 16 months, or two or three years, or by both that fine and imprisonment, or by a fine not exceeding $5,000, by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment. 5)Punishes any person who knowingly introduces any computer contaminant into any public safety infrastructure computer system computer, computer system, or computer network as follows: a) For a first violation that does not result in injury, a AB 1649 Page 3 misdemeanor punishable by a fine not exceeding $5,000, by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment; and b) For any violation that results in injury, or for a second or subsequent violation, by a fine not exceeding $10,000, by imprisonment in a county jail not exceeding one year or by imprisonment pursuant to realignment, or by both that fine and imprisonment. 6)Adds "cause input to, cause output from, or cause data processing with" within the meaning of "access." 7)Adds "remote systems" and "mobile devices" within the meaning of "computer network." 8)Adds "Internet services, electronic mail services, or electronic message services" within what "computer services" includes. 9)Defines "government computer system" to mean any computer system, or part thereof, that is owned, operated, or used by any federal, state, or local governmental entity. 10)Defines "public safety infrastructure computer system" to mean any computer system, or part thereof, that is necessary for the health and safety of the public including computer systems owned, operated, or used by drinking water and wastewater treatment facilities, hospitals, emergency service providers, telecommunication companies, and gas and electric utility companies. FISCAL EFFECT : According to the Assembly Appropriations Committee, negligible state and/or local law enforcement costs as the offenses targeted by this bill could be charged under current law. COMMENTS : According to the author: AB 1649 would increase protection to government systems such as websites and phone lines that are utilized by hospitals, schools, cities, and many other organizations. This bill would also increase fines for these escalating crimes and the threat they impose to AB 1649 Page 4 public safety. Cyber criminals often target government computer systems, resulting in tampering, interferences, or damages. Numerous incidents have occurred that have compromised the privacy, safety, and personal information of many individuals. For example in 2013, a caller to a San Diego emergency room threatened the dispatcher that he would paralyze the hospital's phone service if she didn't pay him the amount demanded. Shortly after, the emergency room's phone lines went silent for nearly 48 hours, affecting the communication services. Recently, another case arose when a California State University Sacramento employee website was breached, where Social Security and Driver's License numbers of 1,800 employees could have been accessed. These few examples clearly demonstrate the significance of the rapidly increasing rate of computer related crimes. California must keep up with the emerging difficulties associated with compromised government systems. By expanding the degree of protection to hospitals, schools, cities, and many other organizations, along with individuals' private and personal information will be safe from unauthorized access. Please see the policy committee analysis for a full discussion of this bill. Analysis Prepared by : Shaun Naidu / PUB. S. / (916) 319-3744 FN: 0003263