BILL ANALYSIS                                                                                                                                                                                                    Ó






           ----------------------------------------------------------------- 
          |SENATE RULES COMMITTEE            |                        AB 195|
          |Office of Senate Floor Analyses   |                              |
          |(916) 651-1520    Fax: (916)      |                              |
          |327-4478                          |                              |
           ----------------------------------------------------------------- 


                                   THIRD READING 


          Bill No:  AB 195
          Author:   Chau (D)
          Amended:  6/23/15 in Senate
          Vote:     21  

           SENATE PUBLIC SAFETY COMMITTEE:  7-0, 6/9/15
           AYES:  Hancock, Anderson, Glazer, Leno, Liu, Monning, Stone

           SENATE APPROPRIATIONS COMMITTEE: Senate Rule 28.8

           ASSEMBLY FLOOR:  75-0, 4/23/15 - See last page for vote

           SUBJECT:   Unauthorized access to computer systems


          SOURCE:    Author

          DIGEST:  This bill 1) includes specified computer offenses in  
          the list of target crimes in the offense of solicitation of  
          another person to commit a crime; and 2) defines offering to  
          solicit assistance for a person to violate specified computer  
          crimes as a form of criminal solicitation. 

          ANALYSIS: 

          Existing law:  

          1)Defines the criminal offense of solicitation of another to  
            commit one of a list of target crimes.  (Pen. Code § 653f.)   
            Solicitation involves the following elements, penalties and  
            evidentiary rules:

                 Solicitation includes the following elements:








                                                                     AB 195  
                                                                    Page  2



               o      The defendant requested or solicited another person  
                 to commit the target offense. 
               o      The defendant intended that the crime be committed.
               o      The other person received the solicitation actual  
                 words or terms used to encourage someone to commit the  
                 crime.  

                 Solicitation of any one the following offenses is an  
               alternate felony-misdemeanor, punishable by imprisonment in  
               a county jail for up to one year, a fine of up to $1,000,  
               or both, or, pursuant to Penal Code Section 1170,  
               subdivision (h), or by an executed felony jail term of 16  
               months, 2 or 3 years and a fine of up to $10,000: 

               o      Carjacking
               o      Robbery
               o      Burglary
               o      Grand theft and forgery
               o      Receiving stolen property
               o      Extortion
               o      Perjury and subornation of perjury
               o      Kidnapping
               o      Arson
               o      Assault with a deadly weapon or by means of force  
                 likely to produce great bodily injury
               o      Dissuading a witness by the use of force or a threat  
                 of force.  (Pen. Code § 653f, subd. (a),):

                 Solicitation of murder is a felony, punishable by a  
               prison term of three, six or nine years and a fine of up to  
               $10,000.  (Pen. Code § 653f, subd. (b).)

                 Solicitation of the commission by force or violence of  
               rape, sodomy, oral copulation, sexual penetration, lewd  
               conduct or a sex crime in concert is a felony, punishable  
               by imprisonment in the state prison for two, three, or four  
               years and a fine of up to $10,000.  (Pen. Code § 653f,  
               subd. (c).)

                 Solicitation of specified crimes involving drug commerce  
               is a misdemeanor, punishable by imprisonment in a county  
               jail for up to six months, a fine of up to $1,000, or both.  
                A subsequent conviction of this offense is an alternate  







                                                                     AB 195  
                                                                    Page  3


               felony-misdemeanor, punishable by imprisonment in a county  
               jail for up to one year, a fine of up to $1,000, or both,  
               or by exceeding six months.  (Pen. Code § 653f, subd. (d).)

                 Solicitation of  Medi-Cal or health care eligibility  
               fraud is a misdemeanor, punishable by imprisonment in a  
               county jail for up to six months, a fine of up to $1,000,  
               or both.  A subsequent conviction of this offense is an  
               alternate felony-misdemeanor, punishable by imprisonment in  
               a county jail for up to one year, a fine of up to $1,000,  
               or both, or by exceeding six months.  (Pen. Code § 653f,  
               subd. (e).)

                 Proof of solicitation of drug commerce requires the  
               testimony of one witness and corroborating evidence.  (Pen.  
               Code § 653f, subd. (f).)

                 Proof of solicitation of murder, sex crimes, kidnapping,  
               robbery, carjacking, arson, specified financial or theft  
               crimes, assault or dissuading a witness requires the  
               testimony of at least two witnesses and corroborating  
               evidence. (Pen. Code § 653f, subd. (f).)

          1)Defines numerous computer-related offenses and imposes  
            penalties based on the seriousness of the offense or harm  
            caused by the defendant:  The penalties range from a fine not  
            exceeding $10,000, by a sentenced felony jail term of 16  
            months, two years or three years, or both, or as a misdemeanor  
            by a fine not exceeding $5,000, by imprisonment in a county  
            jail not exceeding one year, or both:

                 Any person who knowingly accesses and without permission  
               alters, damages, deletes, destroys, or otherwise uses any  
               data, computer, computer system, or computer network in  
               order to devise or execute any scheme or artifice to  
               defraud, deceive, or extort, or wrongfully control or  
               obtain money, property or data.

                 Any person who knowingly accesses and without permission  
               takes, copies or makes use of data from a computer,  
               computer system, or network, or takes or copies any  
               supporting documentation, whether existing or residing  
               internal or external to a computer, computer system, or  
               computer network.







                                                                     AB 195  
                                                                    Page  4



                 Any person who knowingly accessing and without  
               permission adds, alters, damages, deletes, or destroys any  
               data, computer software, or computer programs which reside  
               or exist internal or external to a computer, computer  
               system, or computer network.

                 Any person who knowingly and without permission  
               disrupting or causing the disruption of computer services  
               or denies or causes the denial of computer services or  
               denies or causes the denial of computer services to an  
               authorized user of a computer, computer system, or computer  
               network. 

                 Disrupting or improperly accessing a government of  
               public safety computer systems, data or software is  
               separately defined, but subject to the same penalties as  
               other such crimes. (Pen. Code § 502, subds. (c) and  
               (d)(1).)

          1)Provides that any person who knowingly and without permission  
            uses or causes to be used computer services shall be punished  
            as follows:

                 For the first violation that does not result in injury,  
               and where the value of the computer services used does not  
               exceed $950, by a fine not exceeding $5,000, by  
               imprisonment in a county jail not exceeding one year, or by  
               both that fine and imprisonment; and

                 For any violation that results in a victim expenditure  
               in an amount more than $5,000 or in an injury, if the value  
               of the computer services used exceeds $950, or for any  
               second or subsequent violation, by a fine not exceeding  
               $10,000, by imprisonment pursuant to realignment for 16  
               months, or two or three years, or by both that fine and  
               imprisonment, or by a fine not exceeding $5,000, by  
               imprisonment in a county jail not exceeding one year, or by  
               both that fine and imprisonment.  (Pen. Code § 502, subds.  
               (c) and (d)(2).)

          1)Punishes any person who knowingly and without permission  
            provides or assists in providing a means of accessing,  
            accesses, or causes to be accessed a computer, computer  







                                                                     AB 195  
                                                                    Page  5


            system, or computer network as follows:

                 For a first violation that does not result in injury, an  
               infraction punishable by a fine not exceeding $1,000;

                 For any violation that results in a victim expenditure  
               in an amount not more than $5,000, or for a second or  
               subsequent violation, by a fine not exceeding $5,000, by  
               imprisonment in a county jail not exceeding one year, or by  
               both that fine and imprisonment; and

                 For any violation that results in a victim expenditure  
               in an amount more than $5,000, by a fine not exceeding ten  
               thousand dollars $10,000, by imprisonment pursuant to  
               realignment for 16 months, or two or three years, or by  
               both that fine and imprisonment, or by a fine not exceeding  
               $5,000, by imprisonment in a county jail not exceeding one  
               year, or by both that fine and imprisonment.  (Pen. Code §  
               502, subds. (c) and (d)(3).)

          1)Punishes any person who knowingly introduces any computer  
            contaminant into any computer, or computer system, or computer  
            network as follows:

                 For a first violation that does not result in injury, a  
               misdemeanor punishable by a fine not exceeding $5,000, by  
               imprisonment in a county jail not exceeding one year, or by  
               both that fine and imprisonment; and

                 For any violation that results in injury, or for a  
               second or subsequent violation, by a fine not exceeding  
               $10,000, by imprisonment in a county jail not exceeding one  
               year, or by imprisonment pursuant to realignment, or by  
               both that fine and imprisonment.  (Pen. Code § 502 subds.  
               (c) and (d)(4).)

          1)Punishes any person who knowingly and without permission uses  
            the Internet domain name of another individual, corporation,  
            or entity in connection with the sending of one or more  
            electronic mail messages, and thereby damages or causes damage  
            to a computer, computer system, or computer network as  
            follows:

                 For a first violation that does not result in injury, an  







                                                                     AB 195  
                                                                    Page  6


               infraction punishable by a fine not more than $1,000; and

                 For any violation that results in injury, or for a  
               second or subsequent violation, by a fine not exceeding  
               five thousand dollars ($5,000), or by imprisonment in a  
               county jail not exceeding one year, or by both that fine  
               and imprisonment.  (Pen. Code § 502, subds. (c) and  
               (d)(5).)

          This bill:

          1)Provides that every person who, with the intent that the crime  
            be committed, solicits another to commit one of a number of  
            specified computer crimes shall be punished by imprisonment in  
            a county jail for a period not to exceed six months. Every  
            subsequent violation of this subdivision by that same person  
            shall be punished by imprisonment in a county jail not  
            exceeding one year. 

          2)Provides that every person who, with the intent that the crime  
            be committed, offers to solicit assistance for another to  
            conduct activities in violation of a number of specified  
            computer crimes shall be punished by imprisonment in a county  
            jail for a period not to exceed six months. Every subsequent  
            violation of this subdivision by that same person shall be  
            punished by imprisonment in a county jail not exceeding one  
            year. 

                 This offense - offering to solicit assistance for the  
               purpose of committing a computer crime - applies to a  
               person who operates the website that offers to assist  
               others in locating hacking services.

                 For purposes of this crime, "hacking services" means  
               assistance in the unauthorized access to computers,  
               computer systems, or computer data in violation of  
               specified computer crimes.

          3)Provides that solicitation of a computer crime, or offering to  
            assist others in committing a computer crime, shall be proved  
            by the testimony of one witness and corroborating evidence.

          Background
          







                                                                     AB 195  
                                                                    Page  7


          An attempt to commit a crime includes the elements of a specific  
          intent to commit a crime and a direct, but unsuccessful step  
          towards commission of the crime.  Mere preparation to commit a  
          crime is not an attempt. Solicitation is the requesting of  
          another person to commit a crime, with the intent that the crime  
          be committed.  The crime of solicitation has been committed at  
          that point.  The crime need not be committed and the person  
          solicited need not prepare to commit the crime or take steps  
          towards its commission.  

          FISCAL EFFECT:   Appropriation:    No          Fiscal  
          Com.:YesLocal:   Yes


          SUPPORT:   (Verified 6/22/15)


          Association for Los Angeles Deputy Sheriffs
          California College and University Police Chiefs' Association
          California District Attorneys Association
          California Public Defenders Association
          Los Angeles County Board of Supervisors
          Los Angeles County District Attorney's Office
          Los Angeles County Sheriff's Department
          Los Angeles Police Protective League
          Riverside Sheriffs Association


          OPPOSITION:   (Verified 6/22/15)


          Electronic Frontier Foundation
          Legal Services for Prisoners with Children


          ARGUMENTS IN SUPPORT:     


          According to the County of Los Angeles:


               Under current law, it is a crime to knowingly access  
               another's computer network without permission, but  
               it is not a crime to solicit someone to do so.  AB  







                                                                     AB 195  
                                                                    Page  8


               195 sould prohibit the solicitation of another  
               person to assist in the commission of a variety of  
               crimes related to the unauthorized access off  
               computer systems. 


               Los Angeles County's computer networks contain vital  
               information about county finances, employees and  
               residents, and must be protected to prevent  
               unauthorized access, which could lead to identity  
               theft, financial crimes and fraud.  AB 195 would  
               give law enforcement officers additional tools to  
               combat unauthorized access to the county's  
               information technology infrastructure.


          ARGUMENTS IN OPPOSITION:     

          According to the Electronic Frontier Foundation:

               Our primary concern with AB 195 is that it would  
               criminalize the offering of technical assistance in  
               accessing computers or data, which the bill deems to  
               be "hacking services."  Such services are often wholly  
               legitimate; as the author himself states, such  
               services include "recovering lost passwords to  
               tracking stolen devices."  As written, however, we  
               believe AB 195 makes it very hard to such legitimate  
               services to be offered.

               What the statute fails to recognize is the vast array  
               of "hacking services" that are beneficial and indeed  
               critical to the computer security industry. Take for  
               example, so-called "penetration testing" services,  
               also called pen testing. Penetration testing is a  
               procedure where an information security professional  
               is hired to attempt to hack into a network, using the  
               same tools and techniques as a criminal hacker. The  
               resulting report is used, not for crime, but to secure  
               the network.  As written, the bill could criminalize  
               linking to sites that offer such services.  Although  
               there is an intent requirement, the statutory language  
               specifically calls out a website that "offer[s] to  
               assist others in locating hacking services," which  







                                                                     AB 195  
                                                                    Page  9


               undoubtedly includes penetration testing.  The intent  
               requirement would not prevent a constitutionally  
               impermissible chilling effect on those seeking to list  
               or compare penetration services.


          ASSEMBLY FLOOR:  75-0, 4/23/15
          AYES:  Achadjian, Alejo, Travis Allen, Baker, Bigelow, Bloom,  
            Bonilla, Bonta, Brough, Brown, Burke, Calderon, Chau, Chávez,  
            Chiu, Chu, Cooley, Cooper, Dababneh, Dahle, Daly, Dodd,  
            Eggman, Frazier, Beth Gaines, Gallagher, Cristina Garcia,  
            Eduardo Garcia, Gatto, Gomez, Gonzalez, Gordon, Gray, Grove,  
            Hadley, Harper, Roger Hernández, Holden, Irwin, Jones-Sawyer,  
            Kim, Lackey, Levine, Linder, Lopez, Low, Maienschein, Mathis,  
            Mayes, McCarty, Medina, Melendez, Mullin, Nazarian, Obernolte,  
            O'Donnell, Olsen, Patterson, Perea, Quirk, Rendon,  
            Ridley-Thomas, Rodriguez, Santiago, Steinorth, Mark Stone,  
            Thurmond, Ting, Wagner, Waldron, Weber, Wilk, Williams, Wood,  
            Atkins
          NO VOTE RECORDED:  Campos, Chang, Gipson, Jones, Salas

          Prepared by:Jerome McGuire / PUB. S. / 
          6/26/15 15:07:38


                                   ****  END  ****