BILL NUMBER: AB 1629 AMENDED
BILL TEXT
AMENDED IN SENATE JUNE 29, 1998
AMENDED IN SENATE JUNE 11, 1998
AMENDED IN ASSEMBLY MAY 14, 1998
AMENDED IN ASSEMBLY APRIL 21, 1998
AMENDED IN ASSEMBLY APRIL 14, 1998
AMENDED IN ASSEMBLY MARCH 12, 1998
INTRODUCED BY Assembly Members Miller and Cunneen
(Coauthors: Assembly Members Alquist, Baldwin, Bordonaro,
Campbell, Frusetta, Leach, Lempert, Morrissey, and Runner)
JANUARY 5, 1998
An act to add Section 17538.45 to the Business and Professions
Code, and to amend Section 502 of the Penal Code, relating to
electronic mail.
LEGISLATIVE COUNSEL'S DIGEST
AB 1629, as amended, Miller. Electronic mail.
(1) Existing law prohibits a person conducting business in this
state from faxing unsolicited advertising material, unless certain
conditions are satisfied.
This bill would also prohibit a registered user of an electronic
mail service provider, as defined, from using or causing to be used
the provider's equipment in violation of the provider's published
policy prohibiting or restricting the use of its equipment for the
initiation of unsolicited electronic mail advertisements. It would
also prohibit any individual, corporation, or other entity from using
or causing to be used, by initiating an unsolicited electronic mail
advertisement, an electronic mail service provider's equipment in
violation of the provider's published policy prohibiting or
restricting the use of its equipment to deliver unsolicited
electronic mail advertisements to its registered users. It would
authorize any electronic mail service provider whose published policy
is violated as provided in these provisions to bring, in addition to
any other action available under law, a civil action to recover
damages, as specified, and would provide that the prevailing party in
that action shall be entitled to recover reasonable attorney's fees,
as specified.
(2) Existing law provides for the regulation of advertising and
provides that any violation of those provisions is a crime.
This bill, by creating additional prohibitions with regard to
advertising, would expand the scope of an existing crime, thereby
imposing a state-mandated local program.
(3) Existing law makes it a crime to knowingly and without
permission tamper with, interfere with, damage, or gain unlawful
access to certain computers, computer systems, and computer data.
This bill would, in addition, make it a crime to knowingly and
without permission use the Internet domain name, as defined, of
another individual, corporation, or entity in connection with the
sending of one or more electronic mail messages. By creating a new
crime, this bill would impose a state-mandated local program.
(4) The California Constitution requires the state to reimburse
local agencies and school districts for certain costs mandated by the
state. Statutory provisions establish procedures for making that
reimbursement.
This bill would provide that no reimbursement is required by this
act for a specified reason.
Vote: majority. Appropriation: no. Fiscal committee: yes.
State-mandated local program: yes.
THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:
SECTION 1. Section 17538.45 is added to the Business and
Professions Code, to read:
17538.45. (a) For purposes of this section, the following words
have the following meanings:
(1) "Electronic mail advertisement" means any electronic mail
message, the principal purpose of which is to promote, directly or
indirectly, the sale or other distribution of goods or services to
the recipient.
(2) "Unsolicited electronic mail advertisement" means any
electronic mail advertisement that meets both of the following
requirements:
(A) It is addressed to a recipient with whom the initiator does
not have an existing business or personal relationship.
(B) It is not sent at the request of or with the express consent
of the recipient.
(3) "Electronic mail service provider" means any business or
organization qualified to do business in California that provides
registered users the ability to send or receive electronic mail
through equipment located in this state and that is an intermediary
in sending or receiving electronic mail.
(4) "Initiation" of an unsolicited electronic mail advertisement
refers to the action by the initial sender of the electronic mail
advertisement. It does not refer to the actions of any intervening
electronic mail service provider that may handle or retransmit the
electronic message.
(5) "Publish" means to do both of the following with respect to
the electronic mail service provider's policy on unsolicited
electronic mail advertisements:
(A) Make that policy available upon request in written form,
including, but not limited to, digital form, at no charge.
(B) Display that policy through an on-line notice on the Internet
home page or other initial screen of the electronic mail service
provider, or a page or screen accessible through a readily accessible
link on the home page or other initial screen of the electronic
mail service provider.
(6) "Registered user" means any individual, corporation, or other
entity that maintains an electronic mail address with an electronic
mail service provider.
(b) No registered user of an electronic mail service provider
shall use or cause to be used that electronic mail service provider's
equipment located in this state in violation of that electronic mail
service provider's published policy prohibiting or restricting the
use of its service or equipment for the initiation of unsolicited
electronic mail advertisements.
(c) No individual, corporation, or other entity shall use or cause
to be used, by initiating an unsolicited electronic mail
advertisement, an electronic mail service provider's equipment
located in this state in violation of that electronic mail service
provider's published policy prohibiting or restricting the use of its
equipment to deliver unsolicited electronic mail advertisements to
its registered users.
(d) An electronic mail service provider shall not be required to
create a policy prohibiting or restricting the use of its equipment
for the initiation or delivery of unsolicited electronic mail
advertisements.
(e) Nothing in this section shall be construed to limit or
restrict the rights of an electronic mail service provider under
Section 230(c)(1) of Title 47 of the United States Code, or any
decision of an electronic mail service provider to permit or to
restrict access to or use of its system, or any exercise of its
editorial function.
(f) (1) In addition to any other action available under law, any
electronic mail service provider whose published policy on
unsolicited electronic mail advertisements is violated as provided in
this section may bring a civil action to recover the actual monetary
loss suffered by that provider by reason of that violation, or
liquidated damages of fifty dollars ($50) for each electronic mail
message initiated or delivered in violation of this section, up to a
maximum of fifteen thousand dollars ($15,000) per day, whichever
amount is greater.
(2) The prevailing party in any action brought under paragraph (1)
shall be entitled to recover reasonable attorney's fees.
(3) In any action brought pursuant to paragraph (1), the
electronic mail service provider shall be required to establish as an
element of its cause of action that its policy on unsolicited
electronic mail advertisements had been published for at least 30
days preceding the alleged violation of that policy.
SEC. 2. Section 502 of the Penal Code is amended to read:
502. (a) It is the intent of the Legislature in enacting this
section to expand the degree of protection afforded to individuals,
businesses, and governmental agencies from tampering, interference,
damage, and unauthorized access to lawfully created computer data and
computer systems. The Legislature finds and declares that the
proliferation of computer technology has resulted in a concomitant
proliferation of computer crime and other forms of unauthorized
access to computers, computer systems, and computer data.
The Legislature further finds and declares that protection of the
integrity of all types and forms of lawfully created computers,
computer systems, and computer data is vital to the protection of the
privacy of individuals as well as to the well-being of financial
institutions, business concerns, governmental agencies, and others
within this state that lawfully utilize those computers, computer
systems, and data.
(b) For the purposes of this section, the following terms have the
following meanings:
(1) "Access" means to gain entry to, instruct, or communicate with
the logical, arithmetical, or memory function resources of a
computer, computer system, or computer network.
(2) "Computer network" means any system that provides
communications between one or more computer systems and input/output
devices including, but not limited to, display terminals and printers
connected by telecommunication facilities.
(3) "Computer program or software" means a set of instructions or
statements, and related data, that when executed in actual or
modified form, cause a computer, computer system, or computer network
to perform specified functions.
(4) "Computer services" includes, but is not limited to, computer
time, data processing, or storage functions, or other uses of a
computer, computer system, or computer network.
(5) "Computer system" means a device or collection of devices,
including support devices and excluding calculators that are not
programmable and capable of being used in conjunction with external
files, one or more of which contain computer programs, electronic
instructions, input data, and output data, that performs functions
including, but not limited to, logic, arithmetic, data storage and
retrieval, communication, and control.
(6) "Data" means a representation of information, knowledge,
facts, concepts, computer software, computer programs or
instructions. Data may be in any form, in storage media, or as
stored in the memory of the computer or in transit or presented on a
display device.
(7) "Supporting documentation" includes, but is not limited to,
all information, in any form, pertaining to the design, construction,
classification, implementation, use, or modification of a computer,
computer system, computer network, computer program, or computer
software, which information is not generally available to the public
and is necessary for the operation of a computer, computer system,
computer network, computer program, or computer software.
(8) "Injury" means any alteration, deletion, damage, or
destruction of a computer system, computer network, computer program,
or data caused by the access.
(9) "Victim expenditure" means any expenditure reasonably and
necessarily incurred by the owner or lessee to verify that a computer
system, computer network, computer program, or data was or was not
altered, deleted, damaged, or destroyed by the access.
(10) "Computer contaminant" means any set of computer instructions
that are designed to modify, damage, destroy, record, or transmit
information within a computer, computer system, or computer network
without the intent or permission of the owner of the information.
They include, but are not limited to, a group of computer
instructions commonly called viruses or worms, that are
self-replicating or self-propagating and are designed to contaminate
other computer programs or computer data, consume computer resources,
modify, destroy, record, or transmit data, or in some other fashion
usurp the normal operation of the computer, computer system, or
computer network.
(11) "Internet domain name" means a globally unique, hierarchical
reference to an Internet host or service, assigned through
centralized Internet naming authorities, comprising a series of
character strings separated by periods, with the rightmost character
string specifying the top of the hierarchy.
(c) Except as provided in subdivision (h), any person who commits
any of the following acts is guilty of a public offense:
(1) Knowingly accesses and without permission alters, damages,
deletes, destroys, or otherwise uses any data, computer, computer
system, or computer network in order to either (A) devise or execute
any scheme or artifice to defraud, deceive, or extort, or (B)
wrongfully control or obtain money, property, or data.
(2) Knowingly accesses and without permission takes, copies, or
makes use of any data from a computer, computer system, or computer
network, or takes or copies any supporting documentation, whether
existing or residing internal or external to a computer, computer
system, or computer network.
(3) Knowingly and without permission uses or causes to be used
computer services.
(4) Knowingly accesses and without permission adds, alters,
damages, deletes, or destroys any data, computer software, or
computer programs which reside or exist internal or external to a
computer, computer system, or computer network.
(5) Knowingly and without permission disrupts or causes the
disruption of computer services or denies or causes the denial of
computer services to an authorized user of a computer, computer
system, or computer network.
(6) Knowingly and without permission provides or assists in
providing a means of accessing a computer, computer system, or
computer network in violation of this section.
(7) Knowingly and without permission accesses or causes to be
accessed any computer, computer system, or computer network.
(8) Knowingly introduces any computer contaminant into any
computer, computer system, or computer network.
(9) Knowingly and without permission uses the Internet domain name
of another individual, corporation, or entity in connection with the
sending of one or more electronic mail messages.
(d) (1) Any person who violates any of the provisions of paragraph
(1), (2), (4), or (5) of subdivision (c) is punishable by a fine not
exceeding ten thousand dollars ($10,000), or by imprisonment in the
state prison for 16 months, or two or three years, or by both that
fine and imprisonment, or by a fine not exceeding five thousand
dollars ($5,000), or by imprisonment in a county jail not exceeding
one year, or by both that fine and imprisonment.
(2) Any person who violates paragraph (3) of subdivision (c) is
punishable as follows:
(A) For the first violation that does not result in injury, and
where the value of the computer services used does not exceed four
hundred dollars ($400), by a fine not exceeding five thousand dollars
($5,000), or by imprisonment in a county jail not exceeding one
year, or by both that fine and imprisonment.
(B) For any violation that results in a victim expenditure in an
amount greater than five thousand dollars ($5,000) or in an injury,
or if the value of the computer services used exceeds four hundred
dollars ($400), or for any second or subsequent violation, by a fine
not exceeding ten thousand dollars ($10,000), or by imprisonment in
the state prison for 16 months, or two or three years, or by both
that fine and imprisonment, or by a fine not exceeding five thousand
dollars ($5,000), or by imprisonment in a county jail not exceeding
one year, or by both that fine and imprisonment.
(3) Any person who violates paragraph (6), (7), (8), or
(9) or (8) of subdivision (c) is punishable as
follows:
(A) For a first violation that does not result in injury, an
infraction punishable by a fine not exceeding two hundred fifty
dollars ($250).
(B) For any violation that results in a victim expenditure in an
amount not greater than five thousand dollars ($5,000), or for a
second or subsequent violation, by a fine not exceeding five thousand
dollars ($5,000), or by imprisonment in a county jail not exceeding
one year, or by both that fine and imprisonment.
(C) For any violation that results in a victim expenditure in an
amount greater than five thousand dollars ($5,000), by a fine not
exceeding ten thousand dollars ($10,000), or by imprisonment in the
state prison for 16 months, or two or three years, or by both that
fine and imprisonment, or by a fine not exceeding five thousand
dollars ($5,000), or by imprisonment in a county jail not exceeding
one year, or by both that fine and imprisonment.
(4) Any person who violates paragraph (9) of subdivision (c) is
punishable as follows:
(A) For a first violation that does not result in injury, an
infraction punishable by a fine not exceeding two hundred fifty
dollars ($250).
(B) For any violation that results in injury, or for a second or
subsequent violation, by a fine not exceeding five thousand dollars
($5,000), or by imprisonment in a county jail not exceeding one year,
or by both that fine and imprisonment.
(e) (1) In addition to any other civil remedy available, the owner
or lessee of the computer, computer system, computer network,
computer program, or data may bring a civil action against any person
convicted under this section for compensatory damages, including any
expenditure reasonably and necessarily incurred by the owner or
lessee to verify that a computer system, computer network, computer
program, or data was or was not altered, damaged, or deleted by the
access. For the purposes of actions authorized by this subdivision,
the conduct of an unemancipated minor shall be imputed to the parent
or legal guardian having control or custody of the minor, pursuant to
the provisions of Section 1714.1 of the Civil Code.
(2) In any action brought pursuant to this subdivision the court
may award reasonable attorney's fees to a prevailing party.
(3) A community college, state university, or academic institution
accredited in this state is required to include computer-related
crimes as a specific violation of college or university student
conduct policies and regulations that may subject a student to
disciplinary sanctions up to and including dismissal from the
academic institution. This paragraph shall not apply to the
University of California unless the Board of Regents adopts a
resolution to that effect.
(f) This section shall not be construed to preclude the
applicability of any other provision of the criminal law of this
state which applies or may apply to any transaction, nor shall it
make illegal any employee labor relations activities that are within
the scope and protection of state or federal labor laws.
(g) Any computer, computer system, computer network, or any
software or data, owned by the defendant, that is used during the
commission of any public offense described in subdivision (c) or any
computer, owned by the defendant, which is used as a repository for
the storage of software or data illegally obtained in violation of
subdivision (c) shall be subject to forfeiture, as specified in
Section 502.01.
(h) (1) Subdivision (c) does not apply to any person who accesses
his or her employer's computer system, computer network, computer
program, or data when acting within the scope of his or her lawful
employment.
(2) Paragraph (3) of subdivision (c) does not apply to any
employee who accesses or uses his or her employer's computer system,
computer network, computer program, or data when acting outside the
scope of his or her lawful employment, so long as the employee's
activities do not cause an injury, as defined in paragraph (8) of
subdivision (b), to the employer or another, or so long as the value
of supplies and computer services, as defined in paragraph (4) of
subdivision (b), which are used do not exceed an accumulated total of
one hundred dollars ($100).
(i) No activity exempted from prosecution under paragraph (2) of
subdivision (h) which incidentally violates paragraph (2), (4), or
(7) of subdivision (c) shall be prosecuted under those paragraphs.
(j) For purposes of bringing a civil or a criminal action under
this section, a person who causes, by any means, the access of a
computer, computer system, or computer network in one jurisdiction
from another jurisdiction is deemed to have personally accessed the
computer, computer system, or computer network in each jurisdiction.
(k) In determining the terms and conditions applicable to a person
convicted of a violation of this section the court shall consider
the following:
(1) The court shall consider prohibitions on access to and use of
computers.
(2) Except as otherwise required by law, the court shall consider
alternate sentencing, including community service, if the defendant
shows remorse and recognition of the wrongdoing, and an inclination
not to repeat the offense.
SEC. 3. No reimbursement is required by this act pursuant to
Section 6 of Article XIIIB of the California Constitution because the
only costs that may be incurred by a local agency or school district
will be incurred because this act creates a new crime or infraction,
eliminates a crime or infraction, or changes the penalty for a crime
or infraction, within the meaning of Section 17556 of the Government
Code, or changes the definition of a crime within the meaning of
Section 6 of Article XIIIB of the California Constitution.
Notwithstanding Section 17580 of the Government Code, unless
otherwise specified, the provisions of this act shall become
operative on the same date that the act takes effect pursuant to the
California Constitution.