BILL ANALYSIS �Ó
AB 195
Page 1
Date of Hearing: March 17, 2015
Counsel: Gabriel Caswell
ASSEMBLY COMMITTEE ON PUBLIC SAFETY
Bill Quirk, Chair
AB
195 (Chau) - As Introduced January 28, 2015
SUMMARY: Makes it a misdemeanor, punishable by up to six
months, for any person to solicit another to join in the
commission of specified crimes relating to unauthorized access
of computer systems, and expands the definition of a "computer
network" to include smartphones. Specifically, this bill:
1)Expands the definition of "computer network" to include
smartphones and defines "smartphone" as a cellular radio
telephone or other mobile communications device that performs
many of the functions of a computer, typically having a
touchscreen interface, internet access, and an operating
system capable of running downloaded applications.
2)Provides that every person who, with the intent that the crime
be committed, solicits another to commit one of a number of
specified computer crimes shall be punished by imprisonment in
a county jail for a period not to exceed six months. Every
subsequent violation of this subdivision by that same person
shall be punished by imprisonment in a county jail not
exceeding one year.
3)Provides that every person who, with the intent that the crime
�
AB 195
Page 2
be committed, offers to solicit assistance for another to
conduct activities in violation of a number of specified
computer crimes shall be punished by imprisonment in a county
jail for a period not to exceed six months. Every subsequent
violation of this subdivision by that same person shall be
punished by imprisonment in a county jail not exceeding one
year:
a) Specifies that this includes persons operating websites
that offer to assist others in locating hacking services;
b) Defines "hacking services" as assistance in the
unauthorized access to computers, computer systems, or
computer data in violation of specified computer crimes;
and
c) Specifies that this offense shall be proven by the
testimony of one witness and corroborating circumstances.
EXISTING LAW:
1)Provides general punishments for solicitation of another to
commit crimes as follows: (Pen. Code § 653f.)
a) For every person who, with the intent that the crime be
committed, solicits another to offer, accept, or join in
the offer or acceptance of a bribe, or to commit or join in
the commission of carjacking, robbery, burglary, grand
theft, receiving stolen property, extortion, perjury,
subornation of perjury, forgery, kidnapping, arson or
assault with a deadly weapon or instrument or by means of
force likely to produce great bodily injury, or, by the use
of force or a threat of force, to prevent or dissuade any
person who is or may become a witness from attending upon,
or testifying at, any trial, proceeding, or inquiry
authorized by law, shall be punished by imprisonment in a
county jail for not more than one year, or by a fine of not
more than ten thousand dollars ($10,000), or the amount
which could have been assessed for commission of the
offense itself, whichever is greater, or by both the fine
and imprisonment.
�
AB 195
Page 3
b) Every person who, with the intent that the crime be
committed, solicits another to commit or join in the
commission of murder shall be punished by imprisonment in
the state prison for three, six, or nine years.
c) Every person who, with the intent that the crime be
committed, solicits another to commit rape by force or
violence, sodomy by force or violence, oral copulation by
force or violence, or other specified sex crime, shall be
punished by imprisonment in the state prison for two,
three, or four years.
d) Every person who, with the intent that the crime be
committed, solicits another to commit a specified drug
sales offense shall be punished by imprisonment in a county
jail not exceeding six months. Subsequent convictions
shall be punished by imprisonment in a county jail not
exceeding one year.
2)Punishes the following offenses by a fine not exceeding
$10,000, by a sentenced felony jail term of 16 months, two
years or three years, or both, or as a misdemeanor by a fine
not exceeding $5,000, by imprisonment in a county jail not
exceeding one year, or both: (Pen. Code, § 502, subd.
(d)(1).)
a) Any person who knowingly accesses and without permission
alters, damages, deletes, destroys, or otherwise uses any
data, computer, computer system, or computer network in
order to either devise or execute any scheme or artifice to
defraud, deceive, or extort, or wrongfully control or
obtain money, property, or data. (Pen. Code § 502, subd.,
(c)(1).)
b) Any person who knowingly accesses and without permission
takes, copies, or makes use of any data from a computer,
computer system, or computer network, or takes or copies
any supporting documentation, whether existing or residing
internal or external to a computer, computer system, or
computer network. (Pen. Code, § 502, subd. (c)(2).)
�
AB 195
Page 4
c) Any person who knowingly accesses and without permission
adds, alters, damages, deletes, or destroys any data,
computer software, or computer programs which reside or
exist internal or external to a computer, computer system,
or computer network. (Pen. Code, § 502, subd. (c)(4).)
d) Any person who knowingly and without permission disrupts
or causes the disruption of computer services or denies or
causes the denial of computer services to an authorized
user of a computer, computer system, or computer network.
(Pen. Code, § 502, subd. (c)(5).)
e) Any person who knowingly and without permission disrupts
or causes the disruption of government computer services or
denies or causes the denial of government computer services
to an authorized user of a government computer, computer
system, or computer network. (Pen. Code, § 502, subd.
(c)(10).)
f) Any person who knowingly accesses and without permission
adds, alters, damages, deletes, or destroys any data,
computer software, or computer programs which reside or
exist internal or external to a public safety
infrastructure computer system computer, computer system,
or computer network. (Pen. Code, § 502, subd. (c)(11).)
g) Any person who knowingly and without permission disrupts
or causes the disruption of public safety infrastructure
computer system computer services or denies or causes the
denial of computer services to an authorized user of a
�
AB 195
Page 5
public safety infrastructure computer system computer,
computer system, or computer network. (Pen. Code, § 502
subd., (c)(12).)
1)Punishes any person who knowingly and without permission uses
or causes to be used computer services as follows: (Pen Code,
§ 502, subd. (c)(3).)
a) For the first violation that does not result in injury,
and where the value of the computer services used does not
exceed nine hundred fifty dollars ($950), by a fine not
exceeding five thousand dollars ($5,000), or by
imprisonment in a county jail not exceeding one year, or by
both that fine and imprisonment. (Pen. Code, § 502, subd.
(d)(2).)
b) For any violation that results in a victim expenditure
in an amount greater than five thousand dollars ($5,000) or
in an injury, or if the value of the computer services used
exceeds nine hundred fifty dollars ($950), or for any
second or subsequent violation, by a fine not exceeding ten
thousand dollars ($10,000), or by imprisonment for 16
months, or two or three years, or by both that fine and
imprisonment, or by a fine not exceeding five thousand
dollars ($5,000), or by imprisonment in a county jail not
exceeding one year, or by both that fine and imprisonment.
(Pen. Code, § 502, subd. (d)(2).)
2)Punishes any person who knowingly and without permission
provides or assists in providing a means of accessing a
computer, computer system, or computer network as follows:
(Pen. Code, § 502, subd. (c)(6).)
�
AB 195
Page 6
a) For a first violation that does not result in injury, an
infraction punishable by a fine not exceeding one thousand
dollars ($1,000).
b) For any violation that results in a victim expenditure
in an amount not greater than five thousand dollars
($5,000), or for a second or subsequent violation, by a
fine not exceeding five thousand dollars ($5,000), or by
imprisonment in a county jail not exceeding one year, or by
both that fine and imprisonment.
c) For any violation that results in a victim expenditure
in an amount greater than five thousand dollars ($5,000),
by a fine not exceeding ten thousand dollars ($10,000), or
by imprisonment pursuant to subdivision (h) of Section 1170
for 16 months, or two or three years, or by both that fine
and imprisonment, or by a fine not exceeding five thousand
dollars ($5,000), or by imprisonment in a county jail not
exceeding one year, or by both that fine and imprisonment.
(Pen. Code, § 502, subd. (d)(3).)
3)Punishes any person who knowingly and without permission
accesses or causes to be accessed any computer, computer
system, or computer network as follows: (Pen. Code, § 502,
subd. (c)(7).)
a) For a first violation that does not result in injury, an
infraction punishable by a fine not exceeding one thousand
dollars ($1,000).
b) For any violation that results in a victim expenditure
in an amount not greater than five thousand dollars
($5,000), or for a second or subsequent violation, by a
�
AB 195
Page 7
fine not exceeding five thousand dollars ($5,000), or by
imprisonment in a county jail not exceeding one year, or by
both that fine and imprisonment.
c) For any violation that results in a victim expenditure
in an amount greater than five thousand dollars ($5,000),
by a fine not exceeding ten thousand dollars ($10,000), or
by imprisonment pursuant to subdivision (h) of Section 1170
for 16 months, or two or three years, or by both that fine
and imprisonment, or by a fine not exceeding five thousand
dollars ($5,000), or by imprisonment in a county jail not
exceeding one year, or by both that fine and imprisonment.
(Pen. Code § 502 subd. (d)(3).)
4)Punishes any person who knowingly and without permission
provides or assists in providing a means of accessing a
computer, computer system, or public safety infrastructure
computer system computer, computer system, or computer network
as follows: (Pen. Code, § 502, subd. (c)(11).)
a) For a first violation that does not result in injury, an
infraction punishable by a fine not exceeding one thousand
dollars ($1,000).
b) For any violation that results in a victim expenditure
in an amount not greater than five thousand dollars
($5,000), or for a second or subsequent violation, by a
fine not exceeding five thousand dollars ($5,000), or by
imprisonment in a county jail not exceeding one year, or by
both that fine and imprisonment.
�
AB 195
Page 8
c) For any violation that results in a victim expenditure
in an amount greater than five thousand dollars ($5,000),
by a fine not exceeding ten thousand dollars ($10,000), or
by imprisonment pursuant to subdivision (h) of Section 1170
for 16 months, or two or three years, or by both that fine
and imprisonment, or by a fine not exceeding five thousand
dollars ($5,000), or by imprisonment in a county jail not
exceeding one year, or by both that fine and imprisonment.
(Pen. Code, § 502, subd. (d)(3).)
5)Punishes any person who knowingly introduces any computer
contaminant into any computer, computer system, or computer
network as follows: (Pen. Code, § 502, subd. (c)(8).)
a) For a first violation that does not result in injury, a
misdemeanor punishable by a fine not exceeding five
thousand dollars ($5,000), or by imprisonment in a county
jail not exceeding one year, or by both that fine and
imprisonment.
b) For any violation that results in injury, or for a
second or subsequent violation, by a fine not exceeding ten
thousand dollars ($10,000), or by imprisonment in a county
jail not exceeding one year, or by imprisonment, or by both
that fine and imprisonment. (Pen. Code, § 502, subd.
(d)(4).)
6)Punishes any person who knowingly introduces any computer
contaminant into any public safety infrastructure computer
system computer, computer system, or computer network as
follows: (Pen. Code, § 502, subd. (c)(14).)
�
AB 195
Page 9
a) For a first violation that does not result in injury, a
misdemeanor punishable by a fine not exceeding five
thousand dollars ($5,000), or by imprisonment in a county
jail not exceeding one year, or by both that fine and
imprisonment.
b) For any violation that results in injury, or for a
second or subsequent violation, by a fine not exceeding ten
thousand dollars ($10,000), or by imprisonment in a county
jail not exceeding one year, or by imprisonment, or by both
that fine and imprisonment. (Pen. Code, § 502, subd.
(d)(4).)
7)Punishes any person who knowingly and without permission uses
the Internet domain name or profile of another individual,
corporation, or entity in connection with the sending of one
or more electronic mail messages or posts and thereby damages
or causes damage to a computer, computer data, computer
system, or computer network. (Pen. Code, § 502, subd.
(c)(9).)
a) For a first violation that does not result in injury, an
infraction punishable by a fine not exceeding one thousand
dollars ($1,000).
b) For any violation that results in injury, or for a
second or subsequent violation, by a fine not exceeding
five thousand dollars ($5,000), or by imprisonment in a
county jail not exceeding one year, or by both that fine
and imprisonment. (Pen. Code, § 502, subd. (d)(5).)
�
AB 195
Page 10
8)Defines the following terms as follows:
a) "Access" means to gain entry to, instruct, cause input
to, cause output from, cause data processing with, or
communicate with, the logical, arithmetical, or memory
function resources of a computer, computer system, or
computer network. (Pen. Code, § 502, subd. (b)(1).)
b) "Computer network" means any system that provides
communications between one or more computer systems and
input/output devices including, but not limited to, display
terminals, remote systems, mobile devices, and printers
connected by telecommunication facilities. (Pen. Code, §
502, subd. (b)(2).)
c) "Computer program or software" means a set of
instructions or statements, and related data, that when
executed in actual or modified form, cause a computer,
computer system, or computer network to perform specified
functions. (Pen. Code, § 502, subd. (b)(3).)
d) "Computer services" includes, but is not limited to,
computer time, data processing, or storage functions,
Internet services, electronic mail services, electronic
message services, or other uses of a computer, computer
system, or computer network. (Pen. Code, § 502, subd.
(b)(4).)
e) "Computer system" means a device or collection of
devices, including support devices and excluding
calculators that are not programmable and capable of being
used in conjunction with external files, one or more of
�
AB 195
Page 11
which contain computer programs, electronic instructions,
input data, and output data, that performs functions
including, but not limited to, logic, arithmetic, data
storage and retrieval, communication, and control. (Pen.
Code, § 502, subd. (b)(5).)
f) "Government computer system" means any computer system,
or part thereof, that is owned, operated, or used by any
federal, state, or local governmental entity. (Pen. Code,
§ 502, subd. (b)(6).)
g) "Public safety infrastructure computer system" means any
computer system, or part thereof, that is necessary for the
health and safety of the public including computer systems
owned, operated, or used by drinking water and wastewater
treatment facilities, hospitals, emergency service
providers, telecommunication companies, and gas and
electric utility companies. (Pen. Code, § 502, subd.
(b)(7).)
h) "Data" means a representation of information, knowledge,
facts, concepts, computer software, computer programs or
instructions. Data may be in any form, in storage media, or
as stored in the memory of the computer or in transit or
presented on a display device. (Pen. Code, § 502, subd.
(b)(8).)
i) "Supporting documentation" includes, but is not limited
to, all information, in any form, pertaining to the design,
construction, classification, implementation, use, or
modification of a computer, computer system, computer
network, computer program, or computer software, which
information is not generally available to the public and is
necessary for the operation of a computer, computer system,
�
AB 195
Page 12
computer network, computer program, or computer software.
(Pen. Code, § 502, subd. (b)(9).)
j) "Injury" means any alteration, deletion, damage, or
destruction of a computer system, computer network,
computer program, or data caused by the access, or the
denial of access to legitimate users of a computer system,
network, or program. (Pen. Code, § 502, subd. (b)(10).)
aa) "Victim expenditure" means any expenditure reasonably
and necessarily incurred by the owner or lessee to verify
that a computer system, computer network, computer program,
or data was or was not altered, deleted, damaged, or
destroyed by the access. (Pen. Code, § 502, subd.
(b)(11).)
bb) "Computer contaminant" means any set of computer
instructions that are designed to modify, damage, destroy,
record, or transmit information within a computer, computer
system, or computer network without the intent or
permission of the owner of the information. They include,
but are not limited to, a group of computer instructions
commonly called viruses or worms, that are self-replicating
or self-propagating and are designed to contaminate other
computer programs or computer data, consume computer
resources, modify, destroy, record, or transmit data, or in
some other fashion usurp the normal operation of the
computer, computer system, or computer network. (Pen.
Code, § 502, subd. (b)(12).)
cc) "Internet domain name" means a globally unique,
hierarchical reference to an Internet host or service,
assigned through centralized Internet naming authorities,
comprising a series of character strings separated by
�
AB 195
Page 13
periods, with the rightmost character string specifying the
top of the hierarchy. (Pen. Code, § 502, subd. (b)(13).)
dd) "Electronic mail" means an electronic message or
computer file that is transmitted between two or more
telecommunications devices; computers; computer networks,
regardless of whether the network is a local, regional, or
global network; or electronic devices capable or receiving
electronic messages, regardless of whether the message is
converted to hard copy format after receipt, viewed upon
transmission, or stored for later retrieval. (Pen. Code, §
502, subd. (b)(14).)
ee) "Profile" means either of the following:
i) A configuration of user data required by a computer
so that the user may access programs or services and have
the desired functionality on that computer.
ii) An Internet website user's personal page or section
of a page that is made up of data, in text of graphical
form, that displays significant, unique, or identifying
information, including, but not limited to, listing
acquaintances, interests, associations, activities, or
personal statements. (Pen. Code, § 502, subd. (b)(15).)
FISCAL EFFECT: Unknown
COMMENTS:
1)Author's Statement: According to the author, "Today, we live
in a digitally connected world where more of our devices are
equipped with sensors and connected to the internet. This
�
AB 195
Page 14
includes our phones, cars and household appliances; all of
which perform functions that where once exclusive to our
computers.
"This new form of digital access has also spawned a new type of
criminal, one who can invade our homes and offices not by
breaking down doors and windows, but by breaking into our
computer networks from the convenience and safety of their own
homes. These cybercrimes range from breaking into someone's
computer network to steal financial information to other
crimes such as corporate espionage, fraud, and extortion.
"Under current law, it is a crime to solicit another to commit
certain crimes, such as bribery, kidnapping, and robbery,
among others. In addition, it is a crime for someone to
knowingly hack into another's computer network without
permission. However, it is not a crime to solicit someone to
knowingly and without permission hack into a computer network
or smartphone.
"Cybercrimes have greater and longer lasting effects on victims,
because the personal information stolen can result in identify
theft, fraud, and personal embarrassment, all of which could
take years to recover from, if ever. In fact, according to the
FBI's Internet Crime Complaint Center, in 2013, it received
over 200,000 consumer complaints about online scams, which
resulted in a loss of over 781 million dollars; an almost 50%
increase from the year before.
"In recent years, we have seen the growth of so called
Hacker-for-Hire websites where individuals solicit hackers to
perform certain projects. These websites work in different
ways. Some work by requiring the person to submit a
description of the hacking job along with contact information.
The website then sets up a time to connect the person with a
hacker over the phone or video-conferencing to complete the
process. Others websites work by creating a platform that
allows customers to register and post projects on the website
for different hackers to bid on. The websites then holds the
money in an escrow account until both parties agree that the
transaction has been completed. The website then takes a
commission from each transaction and releases the money.
�
AB 195
Page 15
"Hacker-for-Hire projects range from recovering lost passwords
to tracking stolen devices. But some of these websites also
provide a platform for individuals seeking illegal hacking
services from less than ethical hackers, such as installing
spyware on devices and gaining access to the email and social
media accounts of unsuspecting victims.
"AB 195 would make it a crime to solicit someone to knowingly
and without permission gain access to a computer network or
smartphone. This includes offering to obtain or assist in
locating hacking services. The bill would also clarify that a
computer network includes smartphones. This bill would make
any violation punishable by imprisonment not to exceed six
months. Any subsequent violation would be punishable by
imprisonment not to exceed one year."
2)Solicitation: Solicitation is the crime of recruiting another
person to commit a crime. Solicitation of specified offenses
is illegal in and of itself. The crime of solicitation is
defined under Pen. Code § 653f. The offenses for which a
defendant can be charged for solicitation include: bribery,
carjacking, robbery, burglary, grand theft, receiving stolen
property, extortion, perjury, forgery, kidnapping, arson,
assault with a deadly weapon, and intimidating a witness.
This bill would add the commission of specified computer
crimes to the list, punishable as a misdemeanor with a maximum
penalty of six months in the county jail. The commission of
subsequent solicitation offenses would be punishable by
imprisonment in the county jail for up to one year.
How to Prove Solicitation Offenses: Solicitation requires
facilitating, commanding, encouraging, promoting, recruiting,
counseling, inducing, or urging another person to commit a
crime. The elements of solicitation require: (1) actual
words or terms used to encourage someone to commit the crime,
(2) intent to complete the crime, and (3) the other person
receives the request. A person can be guilty of solicitation
even if the crime solicited is not completed. The person
being solicited does not have to agree to commit the crime.
�
AB 195
Page 16
Solicitation v. Attempt: "Solicitation" and "attempt" are
often thought of as incomplete crimes. Attempt requires a
specific intent to commit a crime and more than an initial
step or act towards the commission of the crime. The act of
an attempt crime must be a "substantial step" toward the
commission of the crime. Solicitation does not require the
initial step or substantial act toward the completion of the
crime. Solicitation is complete when the request to commit
the crime is made. Solicitation is a crime of words, as
opposed to attempt which is a crime of both words and actions.
3)Expansion of the Definition of Computer Network: This bill
expands the definition of a computer network to include
smartphones. Under existing law, computer network includes
"any system that provides communications between one or more
computer systems and input/output devices including, but not
limited to, display terminals, remote systems, mobile devices,
and printers connected by telecommunication facilities."
Expansion to smartphones is an update of existing law.
Existing law does include mobile devices, however the
expansion to smartphones appears to be a minor clarification
of existing law. Additionally, this bill defines smartphones
as follows: "a cellular radio telephone or other mobile
communications device that performs many of the functions of a
computer, typically having a touchscreen interface, internet
access, and an operating system capable of running downloaded
applications."
4)Argument in Support: According to The California Public
Defenders Association, "Existing law establishes various
crimes related to computer services and systems. Existing law
makes it a crime to knowingly, and without permission, access,
cause to be accessed, or provide or assist in providing, a
means of accessing a computer, computer system, computer
�
AB 195
Page 17
network, or computer data in violation of prescribed
provisions and defines related terms?Computing technology has
expanded greatly in the last few years. With the introduction
of the smartphone, computer technology advanced with a device
that is highly portable, yet gives one computing power that
heretofore required large, often cumbersome, equipment.
Essentially, it put the power of computers into one's pocket.
With the proliferation of smartphones, and their ever-growing
capabilities, more private data is carried on the person.
Given this incredible increase in technology, it only makes
sense to include smartphones as devices that can be the target
of illicit hacking and data transmission."
5)Argument in Opposition: According to Legal Services for
Prisoners with Children (LSPC), "We write to inform you of
LSPC's strong opposition to AB 195, a bill that would expand
the scope of solicitation crimes to the digital realm. By
incarcerating those who merely solicit crimes (rather than
those principally liable), this bill will require significant
public and human costs. Moreover, is has not been shown that
this law would be an effective deterrent, so it may not be
worth the price. Given California's strapped budget, this
costly measure is therefore unjustified. We at LSPC believe
that if the legislature seeks to inhibit behavior, they should
first look to solutions outside of the prison system - which
is a burden on families and taxpayers."
6)Related Legislation: AB 32 (Waldron), of this legislative
session, adds an additional fine not to exceed $10,000 for
each digital image of a person's body parts that were acquired
as a result of an unauthorized access to a computer system.
AB 32 is set for hearing in the Assembly Public Safety
Committee on March 24, 2015.
7)Prior Legislation: AB 1642 (Waldron), Chapter 379, Statutes
of 2014, specified the penalties for any person who disrupts
or causes the disruption of, adds, alters, damages, destroys,
provides or assists in providing a means of accessing, or
introduces any computer contaminant into a "government
computer system" or a "public safety infrastructure computer
system," as specified, and changes and adds the definition of
specified terms.
�
AB 195
Page 18
REGISTERED SUPPORT / OPPOSITION:
Support
California Public Defenders Association
Opposition
Legal Services for Prisoners with Children
Analysis Prepared
by: Gabriel Caswell/PUB. S./(916) 319-3744