BILL ANALYSIS ��
AB 1604
Page 1
Date of Hearing: March 27, 2012
Counsel: Stella Choe
ASSEMBLY COMMITTEE ON PUBLIC SAFETY
Tom Ammiano, Chair
AB 1604 (Campos) - As Amended: March 22, 2012
SUMMARY : Authorizes the interception of an electronic
transmission of a computer trespasser transmitted to, through or
from a computer system if authorized by the owner of the
computer system for the sole purpose of recovering the computer
system. Specifically, this bill :
1)States that it shall not be unlawful for law enforcement
officers to use information obtained through the interception
of an electronic transmission of a computer trespasser,
authorized by the owner of the computer system, for the sole
purpose of recovering a computer system.
2)Defines "computer trespasser" as a person who unlawfully
possesses or accesses a computer without authorization and
does not include a person known by the owner of the computer
to have an existing contractual relationship with the owner or
operator of the computer for access to all or part of the
protected computer while acting within the scope of the
contractual relationship.
3)States that a computer trespasser has no reasonable
expectation of privacy in communications made to, from or
through the computer system.
4)Provides that "computer system" shall refer to a device or
collection of devices, including support devices and excluding
calculators that are not programmable and capable of being
used in conjunction with external files, one or more of which
contain computer programs, electronic instructions, input
data, and output data, that performs functions including, but
not limited to, logic, arithmetic, data storage and retrieval,
communication, and control.
EXISTING LAW:
�
AB 1604
Page 2
1)States the finding of the Legislature that the proliferation
of computer technology has resulted in a concomitant
proliferation of computer crime and other forms of
unauthorized access to computers, computer systems, and
computer data. The protection of the integrity of all types
and forms of lawfully created computers, computer systems, and
computer data is vital to the protection of the privacy of
individuals as well as to the well-being of financial
institutions, business concerns, governmental agencies, and
others within this state that lawfully utilize those
computers, computer systems, and data. �Penal Code Section
502(a).]
2)Provides that any person, who commits any of the following
acts is guilty of a public offense, and provides specified
penalties for each act:
a) Knowingly accesses and without permission alters,
damages, deletes, destroys, or otherwise uses any data,
computer, computer system, or computer network in order to
either: (i) devise or execute any scheme or artifice to
defraud, deceive, or extort, or (ii) wrongfully control or
obtain money, property, or data;
b) Knowingly accesses and without permission takes, copies,
or makes use of any data from a computer, computer system,
or computer network, or takes or copies any supporting
documentation, whether existing or residing internal or
external to a computer, computer system, or computer
network;
c) Knowingly and without permission uses or causes to be
used computer services;
d) Knowingly accesses and without permission adds, alters,
damages, deletes, or destroys any data, computer software,
or computer programs which reside or exist internal or
external to a computer, computer system, or computer
network;
e) Knowingly and without permission disrupts or causes the
disruption of computer services or denies or causes the
denial of computer services to an authorized user of a
computer, computer system, or computer network;
�
AB 1604
Page 3
f) Knowingly and without permission provides or assists in
providing a means of accessing a computer, computer system,
or computer network in violation of this section;
g) Knowingly and without permission accesses or causes to
be accessed any computer, computer system, or computer
network;
h) Knowingly introduces any computer contaminant into any
computer, computer system, or computer network; and
i) Knowingly and without permission uses the Internet
domain name of another individual, corporation, or entity
in connection with the sending of one or more electronic
mail messages, and thereby damages or causes damage to a
computer, computer system, or computer network. �Penal
Code Section 502(c) and (d).]
3)Excludes from criminal liability for committing any of the
above listed activities a person who acts within the scope of
his or her lawful employment or a person acting outside of his
or her lawful employment, provided that the employee's
activities do not cause an injury as defined or the value of
supplies or computer services does not exceed an accumulated
total of $250. �Penal Code Section 502(h).]
4)States that every person who, intentionally and without the
consent of all parties to a confidential communication, by
means of any electronic amplifying or recording device,
eavesdrops upon or records the confidential communication,
whether the communication is carried on among the parties in
the presence of one another or by means of a telegraph,
telephone, or other device, except a radio, shall be punished
by a fine not exceeding $2,500, or imprisonment in the county
jail not exceeding one year, or in the state prison, or by
both that fine and imprisonment. If the person has been
previously convicted of a crime related to wiretapping and
eavesdropping as specified, the person shall be punished by a
fine not exceeding $10,000, by imprisonment in the county jail
not exceeding one year, or in the state prison, or by both
that fine and imprisonment. �Penal Code Section 631(a).]
5)Provides that every person who, intentionally and without the
consent of all parties to a confidential communication, by
means of any electronic amplifying or recording device,
�
AB 1604
Page 4
eavesdrops upon or records the confidential communication,
whether the communication is carried on among the parties in
the presence of one another or by means of a telegraph,
telephone, or other device, except a radio, shall be punished
by a fine not exceeding $2,500, or imprisonment in the county
jail not exceeding one year, or in the state prison, or by
both that fine and imprisonment. If the person has previously
been convicted of a crime related to wiretapping and
eavesdropping as specified, the person shall be punished by a
fine not exceeding $10,000, by imprisonment in the county jail
not exceeding one year, or in the state prison, or by both
that fine and imprisonment. �Penal Code Section 632(a).]
6)States that any person who trespasses on property for the
purpose of committing any act, or attempting to commit any
act, in violation of laws related to wiretapping and
eavesdropping, shall be punished by a fine not exceeding
$2,500, by imprisonment in the county jail not exceeding one
year or in the state prison, or by both that fine and
imprisonment. If the person has previously been convicted of
a crime related to wiretapping and eavesdropping, the person
shall be punished by a fine not exceeding $10,000, by
imprisonment in the county jail not exceeding one year or in
the state prison, or by both that fine and imprisonment.
(Penal Code Section 634.)
FISCAL EFFECT : Unknown
COMMENTS :
1)Author's Statement : According to the author, "This is a
common sense bill that protects individuals who use a variety
of products that are designed to assist them in the recovery
of their stolen electronic goods."
2)Background : According to information provided by the author,
"Currently a consumer has access to a variety of products that
are designed to assist in the recovery of electronic goods if
they are stolen or lost. The products range from 'lojack for
computers,' to any 'remote desktop' application, or 'mobile
me' application. All of these products share the ability to
remotely access a computer or cellular device. When a
computer or cellular device is stolen, the lawful owner has
the ability to track the location of the stolen device, delete
or recover files stored on it, or monitor in real time what is
�
AB 1604
Page 5
occurring on it. As a practical matter, monitoring in real
time is the most efficient way of determining the identity and
location of the individual in possession of the stolen item.
"California residents are violating California laws by using
these commercially available software programs to recover
their stolen systems. In short they are violating wiretap and
confidential communication statutes and may be subject to
criminal and civil penalties. (See Pen. Code, section 631
(wiretapping) and 632 (recording confidential communication).
"Unlike California law, federal law has a safe harbor provision
that allows an owner of a computer to monitor a trespassers
communications (individual using the stolen computer). (See 18
U.S.C. section 2511(2)(i).)
"Purpose of this bill is to include a 'safe harbor' provision
that allows an owner of a computer to monitor a trespassers
communications. This bill would also allow law enforcement
the ability to assist the victim and use evidence of the
trespassers communications in court."
3)Privacy Issues :
a) Existing Privacy Laws : This bill specifies that the
interception of an electronic transmission (e-mail) is to
be used solely for the recovery of a stolen computer
system. Anti-theft products such as "Prey Project" and
"GadgetTrak" allow the owner of a laptop or smartphone to
track down the location of their laptop or smartphone and
to remotely take screen shots and photographs of activity
on their devices. While these features may be helpful in
gathering information regarding a computer thief, they go
beyond merely locating a stolen or lost laptop for recovery
purposes. These features allow access into contents on the
computer and any Internet sites visited by the user,
including e-mails. In a recent federal case involving
federal wiretapping laws and a "Lojack for Laptops" device,
the district court made a crucial distinction stating, "It
is one thing to cause a stolen computer to report its IP
�Internet Protocol] address or its geographical location in
an effort to track it down. It is something entirely
different to violate federal wiretapping laws by
intercepting the electronic communications of the person
using the stolen laptop." �Clements-Jeffrey v. City of
�
AB 1604
Page 6
Springfield (S.D. Ohio 2011) 810 F. Supp. 2d 857, 874.]
A person, unaware that the laptop is stolen, may use the
laptop to perform everyday tasks such as accessing bank
records or medical records. Allowing the owner of the
laptop to take screen shots or photographs and view other
contents violates existing privacy laws such as federal
laws that protect bank records and medical records.
b) Legitimate Expectation to Privacy : This bill states
that a computer trespasser has no reasonable expectation of
privacy in communications made to, from or through the
computer system. While a person who steals a computer has
no legitimate expectation of privacy to the contents of its
hard drive (United States v. Caymen (9th Cir. 2005) 404
F.3d 1196, 1201), there are instances where an innocent
purchaser may be in possession of a stolen laptop. An
innocent purchaser, unlike a thief, has a legitimate
expectation of privacy. Whether a person knew or should
have known that the item in their possession was stolen is
a question of fact for a jury to determine.
(Clements-Jeffrey v. City of Springfield, supra, 404 F.3d
at p. 866.)
4)Argument in Support : According to the Department of Justice ,
"Currently a consumer has access to a variety of products that
are designed to assist in the recovery of electronic goods if
they are stolen or lost. . . When a computer or cellular
device is stolen, the lawful owner has the ability to track
the location of the stolen device, delete or recover files
stored on it, or monitor in real time what is occurring on it.
As a practical matter, monitoring in real time is the most
efficient way of determining the identity and the location of
the individual in possession of the stolen item.
"Unfortunately, California residents are violating California
laws by using these commercially available software programs
to recover their stolen systems. In short, they are violating
wiretap and confidentiality communication statutes and may be
subject to criminal and civil penalties. . . This legislation
will update our law to include a "safe harbor" provision that
allows an owner of a computer to monitor a trespassers
communication."
5)Argument in Opposition : According to Electronic Frontier
�
AB 1604
Page 7
Foundation , "Location data is sensitive information, and
should be zealously protected. Earlier this year, the United
States Supreme Court issued its landmark opinion in United
States v. Jones, which reiterated that the Fourth Amendment
protects against prolonged warrantless tracking and
surveillance. While the ramifications of that case are only
beginning to work their way through the judicial system, it is
clear that at a minimum, there is a growing recognition for
the need to safeguard against unnecessary tracking and
surveillance conducted without a search warrant.
"Permitting the use of applications that track a cell phone's
location is one thing; but authorizing the ability to capture
all electronic communications, including content (emails, text
messages, social media postings), is a dramatic expansion of
the law, and more than what is reasonably necessary for the
bill to accomplish its goal of aiding the recovery of stolen
electronic devices. And while the thief of an electronic
device may not have any privacy rights in this context, anyone
they communicate with who is unaware that the device is stolen
still maintains their expectation to privacy in the
confidentiality of their communications. The proposed text of
AB 1604 does not take this privacy right into account."
REGISTERED SUPPORT / OPPOSITION :
Support
California Attorney General's Office (Sponsor)
TechNet
Opposition
American Civil Liberties Union
Electronic Frontier Foundation
Analysis Prepared by : Stella Choe / PUB. S. / (916) 319-3744