BILL ANALYSIS �Ó
-----------------------------------------------------------------
|SENATE RULES COMMITTEE | AB 195|
|Office of Senate Floor Analyses | |
|(916) 651-1520 Fax: (916) | |
|327-4478 | |
-----------------------------------------------------------------
THIRD READING
Bill No: AB 195
Author: Chau (D)
Amended: 6/23/15 in Senate
Vote: 21
SENATE PUBLIC SAFETY COMMITTEE: 7-0, 6/9/15
AYES: Hancock, Anderson, Glazer, Leno, Liu, Monning, Stone
SENATE APPROPRIATIONS COMMITTEE: Senate Rule 28.8
ASSEMBLY FLOOR: 75-0, 4/23/15 - See last page for vote
SUBJECT: Unauthorized access to computer systems
SOURCE: Author
DIGEST: This bill 1) includes specified computer offenses in
the list of target crimes in the offense of solicitation of
another person to commit a crime; and 2) defines offering to
solicit assistance for a person to violate specified computer
crimes as a form of criminal solicitation.
ANALYSIS:
Existing law:
1)Defines the criminal offense of solicitation of another to
commit one of a list of target crimes. (Pen. Code § 653f.)
Solicitation involves the following elements, penalties and
evidentiary rules:
Solicitation includes the following elements:
�
AB 195
Page 2
o The defendant requested or solicited another person
to commit the target offense.
o The defendant intended that the crime be committed.
o The other person received the solicitation actual
words or terms used to encourage someone to commit the
crime.
Solicitation of any one the following offenses is an
alternate felony-misdemeanor, punishable by imprisonment in
a county jail for up to one year, a fine of up to $1,000,
or both, or, pursuant to Penal Code Section 1170,
subdivision (h), or by an executed felony jail term of 16
months, 2 or 3 years and a fine of up to $10,000:
o Carjacking
o Robbery
o Burglary
o Grand theft and forgery
o Receiving stolen property
o Extortion
o Perjury and subornation of perjury
o Kidnapping
o Arson
o Assault with a deadly weapon or by means of force
likely to produce great bodily injury
o Dissuading a witness by the use of force or a threat
of force. (Pen. Code § 653f, subd. (a),):
Solicitation of murder is a felony, punishable by a
prison term of three, six or nine years and a fine of up to
$10,000. (Pen. Code § 653f, subd. (b).)
Solicitation of the commission by force or violence of
rape, sodomy, oral copulation, sexual penetration, lewd
conduct or a sex crime in concert is a felony, punishable
by imprisonment in the state prison for two, three, or four
years and a fine of up to $10,000. (Pen. Code § 653f,
subd. (c).)
Solicitation of specified crimes involving drug commerce
is a misdemeanor, punishable by imprisonment in a county
jail for up to six months, a fine of up to $1,000, or both.
A subsequent conviction of this offense is an alternate
�
AB 195
Page 3
felony-misdemeanor, punishable by imprisonment in a county
jail for up to one year, a fine of up to $1,000, or both,
or by exceeding six months. (Pen. Code § 653f, subd. (d).)
Solicitation of Medi-Cal or health care eligibility
fraud is a misdemeanor, punishable by imprisonment in a
county jail for up to six months, a fine of up to $1,000,
or both. A subsequent conviction of this offense is an
alternate felony-misdemeanor, punishable by imprisonment in
a county jail for up to one year, a fine of up to $1,000,
or both, or by exceeding six months. (Pen. Code § 653f,
subd. (e).)
Proof of solicitation of drug commerce requires the
testimony of one witness and corroborating evidence. (Pen.
Code § 653f, subd. (f).)
Proof of solicitation of murder, sex crimes, kidnapping,
robbery, carjacking, arson, specified financial or theft
crimes, assault or dissuading a witness requires the
testimony of at least two witnesses and corroborating
evidence. (Pen. Code § 653f, subd. (f).)
1)Defines numerous computer-related offenses and imposes
penalties based on the seriousness of the offense or harm
caused by the defendant: The penalties range from a fine not
exceeding $10,000, by a sentenced felony jail term of 16
months, two years or three years, or both, or as a misdemeanor
by a fine not exceeding $5,000, by imprisonment in a county
jail not exceeding one year, or both:
Any person who knowingly accesses and without permission
alters, damages, deletes, destroys, or otherwise uses any
data, computer, computer system, or computer network in
order to devise or execute any scheme or artifice to
defraud, deceive, or extort, or wrongfully control or
obtain money, property or data.
Any person who knowingly accesses and without permission
takes, copies or makes use of data from a computer,
computer system, or network, or takes or copies any
supporting documentation, whether existing or residing
internal or external to a computer, computer system, or
computer network.
�
AB 195
Page 4
Any person who knowingly accessing and without
permission adds, alters, damages, deletes, or destroys any
data, computer software, or computer programs which reside
or exist internal or external to a computer, computer
system, or computer network.
Any person who knowingly and without permission
disrupting or causing the disruption of computer services
or denies or causes the denial of computer services or
denies or causes the denial of computer services to an
authorized user of a computer, computer system, or computer
network.
Disrupting or improperly accessing a government of
public safety computer systems, data or software is
separately defined, but subject to the same penalties as
other such crimes. (Pen. Code § 502, subds. (c) and
(d)(1).)
1)Provides that any person who knowingly and without permission
uses or causes to be used computer services shall be punished
as follows:
For the first violation that does not result in injury,
and where the value of the computer services used does not
exceed $950, by a fine not exceeding $5,000, by
imprisonment in a county jail not exceeding one year, or by
both that fine and imprisonment; and
For any violation that results in a victim expenditure
in an amount more than $5,000 or in an injury, if the value
of the computer services used exceeds $950, or for any
second or subsequent violation, by a fine not exceeding
$10,000, by imprisonment pursuant to realignment for 16
months, or two or three years, or by both that fine and
imprisonment, or by a fine not exceeding $5,000, by
imprisonment in a county jail not exceeding one year, or by
both that fine and imprisonment. (Pen. Code § 502, subds.
(c) and (d)(2).)
1)Punishes any person who knowingly and without permission
provides or assists in providing a means of accessing,
accesses, or causes to be accessed a computer, computer
�
AB 195
Page 5
system, or computer network as follows:
For a first violation that does not result in injury, an
infraction punishable by a fine not exceeding $1,000;
For any violation that results in a victim expenditure
in an amount not more than $5,000, or for a second or
subsequent violation, by a fine not exceeding $5,000, by
imprisonment in a county jail not exceeding one year, or by
both that fine and imprisonment; and
For any violation that results in a victim expenditure
in an amount more than $5,000, by a fine not exceeding ten
thousand dollars $10,000, by imprisonment pursuant to
realignment for 16 months, or two or three years, or by
both that fine and imprisonment, or by a fine not exceeding
$5,000, by imprisonment in a county jail not exceeding one
year, or by both that fine and imprisonment. (Pen. Code §
502, subds. (c) and (d)(3).)
1)Punishes any person who knowingly introduces any computer
contaminant into any computer, or computer system, or computer
network as follows:
For a first violation that does not result in injury, a
misdemeanor punishable by a fine not exceeding $5,000, by
imprisonment in a county jail not exceeding one year, or by
both that fine and imprisonment; and
For any violation that results in injury, or for a
second or subsequent violation, by a fine not exceeding
$10,000, by imprisonment in a county jail not exceeding one
year, or by imprisonment pursuant to realignment, or by
both that fine and imprisonment. (Pen. Code § 502 subds.
(c) and (d)(4).)
1)Punishes any person who knowingly and without permission uses
the Internet domain name of another individual, corporation,
or entity in connection with the sending of one or more
electronic mail messages, and thereby damages or causes damage
to a computer, computer system, or computer network as
follows:
For a first violation that does not result in injury, an
�
AB 195
Page 6
infraction punishable by a fine not more than $1,000; and
For any violation that results in injury, or for a
second or subsequent violation, by a fine not exceeding
five thousand dollars ($5,000), or by imprisonment in a
county jail not exceeding one year, or by both that fine
and imprisonment. (Pen. Code § 502, subds. (c) and
(d)(5).)
This bill:
1)Provides that every person who, with the intent that the crime
be committed, solicits another to commit one of a number of
specified computer crimes shall be punished by imprisonment in
a county jail for a period not to exceed six months. Every
subsequent violation of this subdivision by that same person
shall be punished by imprisonment in a county jail not
exceeding one year.
2)Provides that every person who, with the intent that the crime
be committed, offers to solicit assistance for another to
conduct activities in violation of a number of specified
computer crimes shall be punished by imprisonment in a county
jail for a period not to exceed six months. Every subsequent
violation of this subdivision by that same person shall be
punished by imprisonment in a county jail not exceeding one
year.
This offense - offering to solicit assistance for the
purpose of committing a computer crime - applies to a
person who operates the website that offers to assist
others in locating hacking services.
For purposes of this crime, "hacking services" means
assistance in the unauthorized access to computers,
computer systems, or computer data in violation of
specified computer crimes.
3)Provides that solicitation of a computer crime, or offering to
assist others in committing a computer crime, shall be proved
by the testimony of one witness and corroborating evidence.
Background
�
AB 195
Page 7
An attempt to commit a crime includes the elements of a specific
intent to commit a crime and a direct, but unsuccessful step
towards commission of the crime. Mere preparation to commit a
crime is not an attempt. Solicitation is the requesting of
another person to commit a crime, with the intent that the crime
be committed. The crime of solicitation has been committed at
that point. The crime need not be committed and the person
solicited need not prepare to commit the crime or take steps
towards its commission.
FISCAL EFFECT: Appropriation: No Fiscal
Com.:YesLocal: Yes
SUPPORT: (Verified 6/22/15)
Association for Los Angeles Deputy Sheriffs
California College and University Police Chiefs' Association
California District Attorneys Association
California Public Defenders Association
Los Angeles County Board of Supervisors
Los Angeles County District Attorney's Office
Los Angeles County Sheriff's Department
Los Angeles Police Protective League
Riverside Sheriffs Association
OPPOSITION: (Verified 6/22/15)
Electronic Frontier Foundation
Legal Services for Prisoners with Children
ARGUMENTS IN SUPPORT:
According to the County of Los Angeles:
Under current law, it is a crime to knowingly access
another's computer network without permission, but
it is not a crime to solicit someone to do so. AB
�
AB 195
Page 8
195 sould prohibit the solicitation of another
person to assist in the commission of a variety of
crimes related to the unauthorized access off
computer systems.
Los Angeles County's computer networks contain vital
information about county finances, employees and
residents, and must be protected to prevent
unauthorized access, which could lead to identity
theft, financial crimes and fraud. AB 195 would
give law enforcement officers additional tools to
combat unauthorized access to the county's
information technology infrastructure.
ARGUMENTS IN OPPOSITION:
According to the Electronic Frontier Foundation:
Our primary concern with AB 195 is that it would
criminalize the offering of technical assistance in
accessing computers or data, which the bill deems to
be "hacking services." Such services are often wholly
legitimate; as the author himself states, such
services include "recovering lost passwords to
tracking stolen devices." As written, however, we
believe AB 195 makes it very hard to such legitimate
services to be offered.
What the statute fails to recognize is the vast array
of "hacking services" that are beneficial and indeed
critical to the computer security industry. Take for
example, so-called "penetration testing" services,
also called pen testing. Penetration testing is a
procedure where an information security professional
is hired to attempt to hack into a network, using the
same tools and techniques as a criminal hacker. The
resulting report is used, not for crime, but to secure
the network. As written, the bill could criminalize
linking to sites that offer such services. Although
there is an intent requirement, the statutory language
specifically calls out a website that "offer[s] to
assist others in locating hacking services," which
�
AB 195
Page 9
undoubtedly includes penetration testing. The intent
requirement would not prevent a constitutionally
impermissible chilling effect on those seeking to list
or compare penetration services.
ASSEMBLY FLOOR: 75-0, 4/23/15
AYES: Achadjian, Alejo, Travis Allen, Baker, Bigelow, Bloom,
Bonilla, Bonta, Brough, Brown, Burke, Calderon, Chau, Chávez,
Chiu, Chu, Cooley, Cooper, Dababneh, Dahle, Daly, Dodd,
Eggman, Frazier, Beth Gaines, Gallagher, Cristina Garcia,
Eduardo Garcia, Gatto, Gomez, Gonzalez, Gordon, Gray, Grove,
Hadley, Harper, Roger Hernández, Holden, Irwin, Jones-Sawyer,
Kim, Lackey, Levine, Linder, Lopez, Low, Maienschein, Mathis,
Mayes, McCarty, Medina, Melendez, Mullin, Nazarian, Obernolte,
O'Donnell, Olsen, Patterson, Perea, Quirk, Rendon,
Ridley-Thomas, Rodriguez, Santiago, Steinorth, Mark Stone,
Thurmond, Ting, Wagner, Waldron, Weber, Wilk, Williams, Wood,
Atkins
NO VOTE RECORDED: Campos, Chang, Gipson, Jones, Salas
Prepared by:Jerome McGuire / PUB. S. /
6/26/15 15:07:38
**** END ****