BILL ANALYSIS ��
AB 1649
Page 1
ASSEMBLY THIRD READING
AB 1649 (Waldron)
As Amended April 1, 2014
Majority vote
PUBLIC SAFETY 7-0 APPROPRIATIONS 17-0
-----------------------------------------------------------------
|Ayes:|Ammiano, Melendez, |Ayes:|Gatto, Bigelow, |
| |Jones-Sawyer, Quirk, | |Bocanegra, Bradford, Ian |
| |Skinner, Stone, Waldron | |Calderon, Campos, |
| | | |Donnelly, Eggman, Gomez, |
| | | |Holden, Jones, Linder, |
| | | |Pan, Quirk, |
| | | |Ridley-Thomas, Wagner, |
| | | |Weber |
-----------------------------------------------------------------
SUMMARY : Specifies the penalties for any person who disrupts or
causes the disruption of, adds, alters, damages, destroys,
provides or assists in providing a means of accessing, or
introduces any computer contaminant into a "government computer
system" or a "public safety infrastructure computer system," as
specified, and changes and adds the definition of specified
terms. Specifically, this bill :
1)Punishes any person who knowingly and without permission
disrupts or causes the disruption of government computer
services or denies or causes the denial of government computer
services to an authorized user of a government computer,
computer system, or computer network by a fine not exceeding
$10,000, by imprisonment pursuant to realignment for 16
months, or two or three years, or by both that fine and
imprisonment, or by a fine not exceeding $5,000, by
imprisonment in a county jail not exceeding one year, or by
both that fine and imprisonment.
2)Punishes any person who knowingly accesses and without
permission adds, alters, damages, deletes, or destroys any
data, computer software, or computer programs which reside or
exist internal or external to a public safety infrastructure
computer system computer, computer system, or computer network
by a fine not exceeding $10,000, by imprisonment pursuant to
realignment for 16 months, or two or three years, or by both
�
AB 1649
Page 2
that fine and imprisonment, or by a fine not exceeding $5,000,
by imprisonment in a county jail not exceeding one year, or by
both that fine and imprisonment.
3)Punishes any person who knowingly and without permission
disrupts or causes the disruption of public safety
infrastructure computer system computer services or denies or
causes the denial of computer services to an authorized user
of a public safety infrastructure computer system computer,
computer system, or computer network by a fine not exceeding
$10,000, by imprisonment pursuant to realignment for 16
months, or two or three years, or by both that fine and
imprisonment, or by a fine not exceeding $5,000, by
imprisonment in a county jail not exceeding one year, or by
both that fine and imprisonment.
4)Punishes any person who knowingly and without permission
provides or assists in providing a means of accessing a
computer, computer system, or public safety infrastructure
computer system computer, computer system, or computer network
as follows:
a) For a first violation that does not result in injury, an
infraction punishable by a fine not exceeding $1,000;
b) For a violation that results in a victim expenditure in
an amount not greater than $5,000, or for a second or
subsequent violation, by a fine not exceeding $5,000, by
imprisonment in a county jail not exceeding one year, or by
both that fine and imprisonment; and
c) For any violation that results in a victim expenditure
in an amount greater than $5,000, by a fine not exceeding
$10,000, by imprisonment pursuant to realignment for 16
months, or two or three years, or by both that fine and
imprisonment, or by a fine not exceeding $5,000, by
imprisonment in a county jail not exceeding one year, or by
both that fine and imprisonment.
5)Punishes any person who knowingly introduces any computer
contaminant into any public safety infrastructure computer
system computer, computer system, or computer network as
follows:
a) For a first violation that does not result in injury, a
�
AB 1649
Page 3
misdemeanor punishable by a fine not exceeding $5,000, by
imprisonment in a county jail not exceeding one year, or by
both that fine and imprisonment; and
b) For any violation that results in injury, or for a
second or subsequent violation, by a fine not exceeding
$10,000, by imprisonment in a county jail not exceeding one
year or by imprisonment pursuant to realignment, or by both
that fine and imprisonment.
6)Adds "cause input to, cause output from, or cause data
processing with" within the meaning of "access."
7)Adds "remote systems" and "mobile devices" within the meaning
of "computer network."
8)Adds "Internet services, electronic mail services, or
electronic message services" within what "computer services"
includes.
9)Defines "government computer system" to mean any computer
system, or part thereof, that is owned, operated, or used by
any federal, state, or local governmental entity.
10)Defines "public safety infrastructure computer system" to
mean any computer system, or part thereof, that is necessary
for the health and safety of the public including computer
systems owned, operated, or used by drinking water and
wastewater treatment facilities, hospitals, emergency service
providers, telecommunication companies, and gas and electric
utility companies.
FISCAL EFFECT : According to the Assembly Appropriations
Committee, negligible state and/or local law enforcement costs
as the offenses targeted by this bill could be charged under
current law.
COMMENTS : According to the author:
AB 1649 would increase protection to government
systems such as websites and phone lines that are
utilized by hospitals, schools, cities, and many other
organizations. This bill would also increase fines for
these escalating crimes and the threat they impose to
�
AB 1649
Page 4
public safety. Cyber criminals often target government
computer systems, resulting in tampering,
interferences, or damages. Numerous incidents have
occurred that have compromised the privacy, safety,
and personal information of many individuals. For
example in 2013, a caller to a San Diego emergency
room threatened the dispatcher that he would paralyze
the hospital's phone service if she didn't pay him the
amount demanded. Shortly after, the emergency room's
phone lines went silent for nearly 48 hours, affecting
the communication services. Recently, another case
arose when a California State University Sacramento
employee website was breached, where Social Security
and Driver's License numbers of 1,800 employees could
have been accessed. These few examples clearly
demonstrate the significance of the rapidly increasing
rate of computer related crimes.
California must keep up with the emerging difficulties
associated with compromised government systems. By
expanding the degree of protection to hospitals,
schools, cities, and many other organizations, along
with individuals' private and personal information
will be safe from unauthorized access.
Please see the policy committee analysis for a full discussion
of this bill.
Analysis Prepared by : Shaun Naidu / PUB. S. / (916) 319-3744
FN: 0003263