BILL ANALYSIS                                                                                                                                                                                                    Ó



                                                                  AB 1649
                                                                  Page  1


          ASSEMBLY THIRD READING
          AB 1649 (Waldron)
          As Amended  April 1, 2014
          Majority vote 

           PUBLIC SAFETY       7-0         APPROPRIATIONS      17-0        
           
           ----------------------------------------------------------------- 
          |Ayes:|Ammiano, Melendez,        |Ayes:|Gatto, Bigelow,           |
          |     |Jones-Sawyer, Quirk,      |     |Bocanegra, Bradford, Ian  |
          |     |Skinner, Stone, Waldron   |     |Calderon, Campos,         |
          |     |                          |     |Donnelly, Eggman, Gomez,  |
          |     |                          |     |Holden, Jones, Linder,    |
          |     |                          |     |Pan, Quirk,               |
          |     |                          |     |Ridley-Thomas, Wagner,    |
          |     |                          |     |Weber                     |
           ----------------------------------------------------------------- 

           SUMMARY  :  Specifies the penalties for any person who disrupts or  
          causes the disruption of, adds, alters, damages, destroys,  
          provides or assists in providing a means of accessing, or  
          introduces any computer contaminant into a "government computer  
          system" or a "public safety infrastructure computer system," as  
          specified, and changes and adds the definition of specified  
          terms.  Specifically,  this bill  :

          1)Punishes any person who knowingly and without permission  
            disrupts or causes the disruption of government computer  
            services or denies or causes the denial of government computer  
            services to an authorized user of a government computer,  
            computer system, or computer network by a fine not exceeding  
            $10,000, by imprisonment pursuant to realignment for 16  
            months, or two or three years, or by both that fine and  
            imprisonment, or by a fine not exceeding $5,000, by  
            imprisonment in a county jail not exceeding one year, or by  
            both that fine and imprisonment.

          2)Punishes any person who knowingly accesses and without  
            permission adds, alters, damages, deletes, or destroys any  
            data, computer software, or computer programs which reside or  
            exist internal or external to a public safety infrastructure  
            computer system computer, computer system, or computer network  
            by a fine not exceeding $10,000, by imprisonment pursuant to  
            realignment for 16 months, or two or three years, or by both  








                                                                  AB 1649
                                                                  Page  2


            that fine and imprisonment, or by a fine not exceeding $5,000,  
            by imprisonment in a county jail not exceeding one year, or by  
            both that fine and imprisonment.

          3)Punishes any person who knowingly and without permission  
            disrupts or causes the disruption of public safety  
            infrastructure computer system computer services or denies or  
            causes the denial of computer services to an authorized user  
            of a public safety infrastructure computer system computer,  
            computer system, or computer network by a fine not exceeding  
            $10,000, by imprisonment pursuant to realignment for 16  
            months, or two or three years, or by both that fine and  
            imprisonment, or by a fine not exceeding $5,000, by  
            imprisonment in a county jail not exceeding one year, or by  
            both that fine and imprisonment.

          4)Punishes any person who knowingly and without permission  
            provides or assists in providing a means of accessing a  
            computer, computer system, or public safety infrastructure  
            computer system computer, computer system, or computer network  
            as follows:

             a)   For a first violation that does not result in injury, an  
               infraction punishable by a fine not exceeding $1,000;
             b)   For a violation that results in a victim expenditure in  
               an amount not greater than $5,000, or for a second or  
               subsequent violation, by a fine not exceeding $5,000, by  
               imprisonment in a county jail not exceeding one year, or by  
               both that fine and imprisonment; and

             c)   For any violation that results in a victim expenditure  
               in an amount greater than $5,000, by a fine not exceeding  
               $10,000, by imprisonment pursuant to realignment for 16  
               months, or two or three years, or by both that fine and  
               imprisonment, or by a fine not exceeding $5,000, by  
               imprisonment in a county jail not exceeding one year, or by  
               both that fine and imprisonment.

          5)Punishes any person who knowingly introduces any computer  
            contaminant into any public safety infrastructure computer  
            system computer, computer system, or computer network as  
            follows:

             a)   For a first violation that does not result in injury, a  








                                                                  AB 1649
                                                                  Page  3


               misdemeanor punishable by a fine not exceeding $5,000, by  
               imprisonment in a county jail not exceeding one year, or by  
               both that fine and imprisonment; and

             b)   For any violation that results in injury, or for a  
               second or subsequent violation, by a fine not exceeding  
               $10,000, by imprisonment in a county jail not exceeding one  
               year or by imprisonment pursuant to realignment, or by both  
               that fine and imprisonment.

          6)Adds "cause input to, cause output from, or cause data  
            processing with" within the meaning of "access."

          7)Adds "remote systems" and "mobile devices" within the meaning  
            of "computer network."

          8)Adds "Internet services, electronic mail services, or  
            electronic message services" within what "computer services"  
            includes.

          9)Defines "government computer system" to mean any computer  
            system, or part thereof, that is owned, operated, or used by  
            any federal, state, or local governmental entity.

          10)Defines "public safety infrastructure computer system" to  
            mean any computer system, or part thereof, that is necessary  
            for the health and safety of the public including computer  
            systems owned, operated, or used by drinking water and  
            wastewater treatment facilities, hospitals, emergency service  
            providers, telecommunication companies, and gas and electric  
            utility companies.

           FISCAL EFFECT  :  According to the Assembly Appropriations  
          Committee, negligible state and/or local law enforcement costs  
          as the offenses targeted by this bill could be charged under  
          current law.

           COMMENTS  :  According to the author: 

               AB 1649 would increase protection to government  
               systems such as websites and phone lines that are  
               utilized by hospitals, schools, cities, and many other  
               organizations. This bill would also increase fines for  
               these escalating crimes and the threat they impose to  








                                                                  AB 1649
                                                                  Page  4


               public safety. Cyber criminals often target government  
               computer systems, resulting in tampering,  
               interferences, or damages. Numerous incidents have  
               occurred that have compromised the privacy, safety,  
               and personal information of many individuals. For  
               example in 2013, a caller to a San Diego emergency  
               room threatened the dispatcher that he would paralyze  
               the hospital's phone service if she didn't pay him the  
               amount demanded. Shortly after, the emergency room's  
               phone lines went silent for nearly 48 hours, affecting  
               the communication services. Recently, another case  
               arose when a California State University Sacramento  
               employee website was breached, where Social Security  
               and Driver's License numbers of 1,800 employees could  
               have been accessed. These few examples clearly  
               demonstrate the significance of the rapidly increasing  
               rate of computer related crimes.

               California must keep up with the emerging difficulties  
               associated with compromised government systems.  By  
               expanding the degree of protection to hospitals,  
               schools, cities, and many other organizations, along  
               with individuals' private and personal information  
               will be safe from unauthorized access.
           
           Please see the policy committee analysis for a full discussion  
          of this bill.
           

          Analysis Prepared by  :    Shaun Naidu / PUB. S. / (916) 319-3744 


                                                                FN: 0003263