Bill Text: PA SB299 | 2009-2010 | Regular Session | Introduced


Bill Title: Providing for the offense of phishing.

Spectrum: Slight Partisan Bill (Republican 17-9)

Status: (Engrossed - Dead) 2009-08-06 - Re-referred to APPROPRIATIONS [SB299 Detail]

Download: Pennsylvania-2009-SB299-Introduced.html

  

 

    

PRINTER'S NO.  298

  

THE GENERAL ASSEMBLY OF PENNSYLVANIA

  

SENATE BILL

 

No.

299

Session of

2009

  

  

INTRODUCED BY CORMAN, WONDERLING, BAKER, BROWNE, ERICKSON, ALLOWAY, BRUBAKER, GORDNER, ORIE, FONTANA, KASUNIC, LOGAN, O'PAKE, PIPPY, STACK, STOUT, TARTAGLIONE, WILLIAMS, RAFFERTY, ROBBINS, TOMLINSON, WAUGH, D. WHITE, M. WHITE AND WARD, FEBRUARY 20, 2009

  

  

REFERRED TO COMMUNICATIONS AND TECHNOLOGY, FEBRUARY 20, 2009  

  

  

  

AN ACT

  

1

Amending Title 18 (Crimes and Offenses) of the Pennsylvania

2

Consolidated Statutes, providing for the offense of phishing.

3

The General Assembly of the Commonwealth of Pennsylvania

4

hereby enacts as follows:

5

Section 1.  Chapter 76 of Title 18 of the Pennsylvania

6

Consolidated Statutes is amended by adding a subchapter to read:

7

SUBCHAPTER F

8

PHISHING

9

Sec.

10

7671.  Definitions.

11

7672.  Phishing.

12

7673.  Protection from liability.

13

7674.  Civil relief.

14

§ 7671.  Definitions.

15

The following words and phrases when used in this subchapter

16

shall have the meanings given to them in this section unless the

 


1

context clearly indicates otherwise:

2

"Communication."  A message conveyed by oral, written or

3

electronic means, including telephone, electronic mail,

4

Internet, facsimile, telex, wireless communication, web page or

5

similar transmission.

6

"Identifying information."  Any document, photographic,

7

pictorial or computer image of another person, or any fact used

8

to establish identity, including any of the following:

9

(1)  Name.

10

(2)  Birth date.

11

(3)  Social Security number.

12

(4)  Driver's license number or nondriver governmental

13

identification number.

14

(5)  Telephone number.

15

(6)  Checking or savings account number.

16

(7)  Student identification number.

17

(8)  Employee or payroll number.

18

(9)  Electronic signature.

19

"Interactive computer service."  An information service or

20

system that enables computer access by multiple users to a

21

computer server, including specifically a service or system that

22

provides access to the Internet or to software services

23

available on a server, and such systems operated or services

24

offered by a library or educational institution.

25

"Legitimate business."  A business that is registered to do

26

business under the law of any jurisdiction.

27

"Web page."  A location, with respect to the Internet

28

website, that has a single uniform resource locator or other

29

single location with respect to the Internet.

30

§ 7672.  Phishing.

- 2 -

 


1

(a)  Offense of phishing.--A person commits the offense of

2

phishing under the following circumstances if the person, with

3

the intent to defraud or injure another or with the knowledge

4

that a fraud is being facilitated or that an injury is being

5

perpetrated by another person:

6

(1)  (i)  makes a communication requesting or soliciting

7

a person to provide identifying information under false

8

pretenses by or on behalf of a legitimate business,

9

without the authority or approval of the business; and

10

(ii)  receives identifying information pursuant to

11

the action taken under subparagraph (i); or

12

(2)  sells or distributes any identifying information

13

obtained under paragraph (1).

14

(b)  Venue.--An offense committed under this section may be

15

deemed to have been committed at any of the following locations:

16

(1)  The place where a person possessed, obtained or used

17

the identifying information of another person under false

18

pretenses.

19

(2)  The residence of the person whose identifying

20

information has been obtained or used under false pretenses.

21

(3)  The business or employment address of the person

22

whose identifying information has been obtained or used under

23

false pretenses if the identifying information at issue is

24

associated with the person's business or employment.

25

(c)  Grading.--A violation of subsection (a)(1) shall be

26

graded as a felony of the third degree. A violation of

27

subsection (a)(2) shall be graded as a felony of the second

28

degree.

29

(d)  Concurrent jurisdiction to prosecute.--In addition to

30

the authority conferred upon the Attorney General by the act of

- 3 -

 


1

October 15, 1980 (P.L.950, No.164), known as the Commonwealth 

2

Attorneys Act, the Attorney General shall have the authority to

3

investigate and to institute criminal proceedings for any

4

violation of this section or any series of violations involving

5

more than one county of this Commonwealth or another state. No

6

person charged with a violation of this section by the Attorney

7

General shall have standing to challenge the authority of the

8

Attorney General to investigate or prosecute the case, and, if

9

the challenge is made, the challenge shall be dismissed and no

10

relief shall be made available in the courts of this

11

Commonwealth to the person making this challenge.

12

§ 7673.  Protection from liability.

13

No interactive computer service provider may be held liable

14

under any provision of the laws of this Commonwealth or of one

15

of its political subdivisions for removing or disabling access

16

to content that resides on an Internet website or other online

17

location controlled or operated by the provider which the

18

provider believes in good faith is used to engage in a violation

19

of this subchapter.

20

§ 7674.  Civil relief.

21

(a)  Civil action.--An interactive computer service provider

22

and a legitimate business shall each have a civil cause of

23

action against any person who utilizes the interactive computer

24

service to make a communication under false pretenses by or on

25

behalf of the business, without the authority of the business,

26

for the purpose of requesting or soliciting a person to provide

27

identifying information.

28

(b)  Civil remedies.--A person permitted to bring a civil

29

action under this section may do any of the following:

30

(1)  Seek injunctive relief to restrain a person from

- 4 -

 


1

continuing the violation.

2

(2)  Recover damages in an amount equal to the greater of

3

the following:

4

(i)  Actual damages arising from the violation.

5

(ii)  Statutory damages, as determined by the court,

6

of not more than $100,000 for each violation of the same

7

nature.

8

(c)  Treble damages.--The court may increase an award of

9

actual damages in an action brought under this section to an

10

amount not to exceed three times the actual damages sustained if

11

the court finds that the violations have occurred with a

12

frequency as to constitute a pattern or practice.

13

(d)  Attorney fees.--A person who prevails in an action filed

14

under this section shall be entitled to recover reasonable

15

attorneys fees and court costs.

16

(e)  Venue.--An action under this section may be brought:

17

(1)  At the residence or principal place of business of a

18

person who receives a communication.

19

(2)  At the principal place of business of the

20

interactive computer service.

21

(3)  At such other location as provided for by the

22

Pennsylvania Rules of Civil Procedure.

23

Section 2.  This act shall take effect in 60 days.

- 5 -

 


feedback