| |
|
| |
| THE GENERAL ASSEMBLY OF PENNSYLVANIA |
| |
| SENATE BILL |
|
| |
| |
| INTRODUCED BY CORMAN, WONDERLING, BAKER, BROWNE, ERICKSON, ALLOWAY, BRUBAKER, GORDNER, ORIE, FONTANA, KASUNIC, LOGAN, O'PAKE, PIPPY, STACK, STOUT, TARTAGLIONE, WILLIAMS, RAFFERTY, ROBBINS, TOMLINSON, WAUGH, D. WHITE, M. WHITE AND WARD, FEBRUARY 20, 2009 |
| |
| |
| REFERRED TO COMMUNICATIONS AND TECHNOLOGY, FEBRUARY 20, 2009 |
| |
| |
| |
| AN ACT |
| |
1 | Amending Title 18 (Crimes and Offenses) of the Pennsylvania |
2 | Consolidated Statutes, providing for the offense of phishing. |
3 | The General Assembly of the Commonwealth of Pennsylvania |
4 | hereby enacts as follows: |
5 | Section 1. Chapter 76 of Title 18 of the Pennsylvania |
6 | Consolidated Statutes is amended by adding a subchapter to read: |
7 | SUBCHAPTER F |
8 | PHISHING |
9 | Sec. |
10 | 7671. Definitions. |
11 | 7672. Phishing. |
12 | 7673. Protection from liability. |
13 | 7674. Civil relief. |
14 | § 7671. Definitions. |
15 | The following words and phrases when used in this subchapter |
16 | shall have the meanings given to them in this section unless the |
|
1 | context clearly indicates otherwise: |
2 | "Communication." A message conveyed by oral, written or |
3 | electronic means, including telephone, electronic mail, |
4 | Internet, facsimile, telex, wireless communication, web page or |
5 | similar transmission. |
6 | "Identifying information." Any document, photographic, |
7 | pictorial or computer image of another person, or any fact used |
8 | to establish identity, including any of the following: |
9 | (1) Name. |
10 | (2) Birth date. |
11 | (3) Social Security number. |
12 | (4) Driver's license number or nondriver governmental |
13 | identification number. |
14 | (5) Telephone number. |
15 | (6) Checking or savings account number. |
16 | (7) Student identification number. |
17 | (8) Employee or payroll number. |
18 | (9) Electronic signature. |
19 | "Interactive computer service." An information service or |
20 | system that enables computer access by multiple users to a |
21 | computer server, including specifically a service or system that |
22 | provides access to the Internet or to software services |
23 | available on a server, and such systems operated or services |
24 | offered by a library or educational institution. |
25 | "Legitimate business." A business that is registered to do |
26 | business under the law of any jurisdiction. |
27 | "Web page." A location, with respect to the Internet |
28 | website, that has a single uniform resource locator or other |
29 | single location with respect to the Internet. |
30 | § 7672. Phishing. |
|
1 | (a) Offense of phishing.--A person commits the offense of |
2 | phishing under the following circumstances if the person, with |
3 | the intent to defraud or injure another or with the knowledge |
4 | that a fraud is being facilitated or that an injury is being |
5 | perpetrated by another person: |
6 | (1) (i) makes a communication requesting or soliciting |
7 | a person to provide identifying information under false |
8 | pretenses by or on behalf of a legitimate business, |
9 | without the authority or approval of the business; and |
10 | (ii) receives identifying information pursuant to |
11 | the action taken under subparagraph (i); or |
12 | (2) sells or distributes any identifying information |
13 | obtained under paragraph (1). |
14 | (b) Venue.--An offense committed under this section may be |
15 | deemed to have been committed at any of the following locations: |
16 | (1) The place where a person possessed, obtained or used |
17 | the identifying information of another person under false |
18 | pretenses. |
19 | (2) The residence of the person whose identifying |
20 | information has been obtained or used under false pretenses. |
21 | (3) The business or employment address of the person |
22 | whose identifying information has been obtained or used under |
23 | false pretenses if the identifying information at issue is |
24 | associated with the person's business or employment. |
25 | (c) Grading.--A violation of subsection (a)(1) shall be |
26 | graded as a felony of the third degree. A violation of |
27 | subsection (a)(2) shall be graded as a felony of the second |
28 | degree. |
29 | (d) Concurrent jurisdiction to prosecute.--In addition to |
30 | the authority conferred upon the Attorney General by the act of |
|
1 | October 15, 1980 (P.L.950, No.164), known as the Commonwealth |
2 | Attorneys Act, the Attorney General shall have the authority to |
3 | investigate and to institute criminal proceedings for any |
4 | violation of this section or any series of violations involving |
5 | more than one county of this Commonwealth or another state. No |
6 | person charged with a violation of this section by the Attorney |
7 | General shall have standing to challenge the authority of the |
8 | Attorney General to investigate or prosecute the case, and, if |
9 | the challenge is made, the challenge shall be dismissed and no |
10 | relief shall be made available in the courts of this |
11 | Commonwealth to the person making this challenge. |
12 | § 7673. Protection from liability. |
13 | No interactive computer service provider may be held liable |
14 | under any provision of the laws of this Commonwealth or of one |
15 | of its political subdivisions for removing or disabling access |
16 | to content that resides on an Internet website or other online |
17 | location controlled or operated by the provider which the |
18 | provider believes in good faith is used to engage in a violation |
19 | of this subchapter. |
20 | § 7674. Civil relief. |
21 | (a) Civil action.--An interactive computer service provider |
22 | and a legitimate business shall each have a civil cause of |
23 | action against any person who utilizes the interactive computer |
24 | service to make a communication under false pretenses by or on |
25 | behalf of the business, without the authority of the business, |
26 | for the purpose of requesting or soliciting a person to provide |
27 | identifying information. |
28 | (b) Civil remedies.--A person permitted to bring a civil |
29 | action under this section may do any of the following: |
30 | (1) Seek injunctive relief to restrain a person from |
|
1 | continuing the violation. |
2 | (2) Recover damages in an amount equal to the greater of |
3 | the following: |
4 | (i) Actual damages arising from the violation. |
5 | (ii) Statutory damages, as determined by the court, |
6 | of not more than $100,000 for each violation of the same |
7 | nature. |
8 | (c) Treble damages.--The court may increase an award of |
9 | actual damages in an action brought under this section to an |
10 | amount not to exceed three times the actual damages sustained if |
11 | the court finds that the violations have occurred with a |
12 | frequency as to constitute a pattern or practice. |
13 | (d) Attorney fees.--A person who prevails in an action filed |
14 | under this section shall be entitled to recover reasonable |
15 | attorneys fees and court costs. |
16 | (e) Venue.--An action under this section may be brought: |
17 | (1) At the residence or principal place of business of a |
18 | person who receives a communication. |
19 | (2) At the principal place of business of the |
20 | interactive computer service. |
21 | (3) At such other location as provided for by the |
22 | Pennsylvania Rules of Civil Procedure. |
23 | Section 2. This act shall take effect in 60 days. |
|