2017 -- S 0592 | |
======== | |
LC001243 | |
======== | |
STATE OF RHODE ISLAND | |
IN GENERAL ASSEMBLY | |
JANUARY SESSION, A.D. 2017 | |
____________ | |
A N A C T | |
RELATING TO CRIMINAL OFFENSES - COMPUTER CRIME | |
| |
Introduced By: Senators Lombardi, McCaffrey, Archambault, Jabour, and Conley | |
Date Introduced: March 15, 2017 | |
Referred To: Senate Judiciary | |
(Attorney General) | |
It is enacted by the General Assembly as follows: | |
1 | SECTION 1. Section 11-52-1 of the General Laws in Chapter 11-52 entitled "Computer |
2 | Crime" is hereby amended to read as follows: |
3 | 11-52-1. Definitions. |
4 | As used in this chapter: |
5 | (1) "Access" means to approach, instruct, communicate with, store data in, enter data in, |
6 | retrieve data from, or otherwise make use of any resources of, a computer, computer system, or |
7 | computer network. |
8 | (2) "Computer" means an electronic, magnetic, optical, hydraulic or organic device or |
9 | group of devices which, pursuant to a computer program, to human instruction, or to permanent |
10 | instructions contained in the device or group of devices, can automatically perform computer |
11 | operations with or on computer data and can communicate the results to another computer or to a |
12 | person. The term "computer" includes any connected or directly related device, equipment, or |
13 | facility which enables the computer to store, retrieve or communicate computer programs, |
14 | computer data or the results of computer operations to or from a person, another computer or |
15 | another device. |
16 | (3) "Computer data" means any representation of information, knowledge, facts, |
17 | concepts, or instructions which is being prepared or has been prepared and is intended to be |
18 | processed, is being processed, or has been processed in a computer or computer network. |
19 | "Computer data" may be in any form, whether readable only by a computer or only by a human |
| |
1 | or by either, including, but not limited to, computer printouts, magnetic storage media, punched |
2 | cards, or data stored internally in the memory of the computer. |
3 | (4) "Computer network" means a set of related, remotely connected devices and any |
4 | communications facilities including more than one computer with the capability to transmit data |
5 | among them through the communications facilities. |
6 | (5) "Computer operation" means arithmetic, logical, monitoring, storage or retrieval |
7 | functions and any combination of them, and includes, but is not limited to, communication with, |
8 | storage of data to, or retrieval of data from any device or human hand manipulation of electronic |
9 | or magnetic impulses. A "computer operation" for a particular computer may also be any function |
10 | for which that computer was generally designed. |
11 | (6) "Computer program" means a series of instructions or statements or related data that, |
12 | in actual or modified form, is capable of causing a computer or a computer system to perform |
13 | specified functions in a form acceptable to a computer, which permits the functioning of a |
14 | computer system in a manner designed to provide appropriate products from the computer |
15 | systems. |
16 | (7) "Computer services" includes computer time or services, data processing services, |
17 | Internet service providers' networks and facilities located in the state or information or data stored |
18 | in connection with them. |
19 | (8) "Computer software" means a set of computer programs, procedures, and associated |
20 | documentation concerned with the operation of a computer, computer program or computer |
21 | network. |
22 | (9) "Computer system" means a set of related, connected or unconnected, computer |
23 | equipment, devices, and software. |
24 | (10) "Confidential information" means computer data of a business, nonprofit, or |
25 | government entity that is protected from disclosure on a computer, computer program, computer |
26 | system or computer network and that the computer, computer program, computer system or |
27 | computer network does not transmit or disclose unless initiated by, or with the permission of, the |
28 | owner of such computer, computer program, computer system or computer network. |
29 | (10)(11) "Data" means any representation of information, knowledge, facts, concepts, or |
30 | instructions which are being prepared or have been prepared and are intended to be entered, |
31 | processed, or stored, are being entered, processed, or stored or have been entered, processed, or |
32 | stored in a computer, computer system, or computer network. |
33 | (11)(12) "Electronic mail service provider" means any business or organization qualified |
34 | to do business in the state of Rhode Island that provides registered users the ability to send or |
| LC001243 - Page 2 of 6 |
1 | receive electronic mail through equipment located in this state and that is an intermediary in |
2 | sending or receiving electronic mail. |
3 | (12)(13) "Financial instrument" includes, but is not limited to, any check, draft, warrant, |
4 | money order, note, certificate of deposit, letter of credit, bill of exchange, credit or debit card |
5 | transaction authorization mechanism, marketable security, or any computerized representation of |
6 | any of these. |
7 | (13)(14) "Owner" means an owner or lessee of a computer or a computer network or an |
8 | owner, lessee, or licensee of computer data, computer programs, or computer software. |
9 | (14)(15) "Person" shall include any individual, partnership, association, corporation or |
10 | joint venture. |
11 | (15)(16) "Property" includes, but is not limited to: |
12 | (i) Real property; |
13 | (ii) Computers and computer networks; |
14 | (iii) Financial instruments, computer data, computer programs, computer software and all |
15 | other personal property regardless of whether they are: |
16 | (A) Tangible or intangible; |
17 | (B) In a format readable by humans or by a computer; |
18 | (C) In transit between computers or within a computer network or between any devices |
19 | which comprise a computer; or |
20 | (D) Located on any paper or in any device on which it is stored by a computer or by a |
21 | human; and |
22 | (E) Computer services. |
23 | (iv) A person "uses" a computer or computer network when he or she: |
24 | (A) Attempts to cause or causes a computer or computer network to perform or to stop |
25 | performing computer operations; |
26 | (B) Attempts to cause or causes the withholding or denial of the use of a computer, |
27 | computer network, computer program, computer data or computer software to another user; or |
28 | (C) Attempts to cause or causes another person to put false information into a computer. |
29 | (v) A person is "without authority" when: (A) he or she has no right or permission of the |
30 | owner to use a computer, or, he or she uses a computer in a manner exceeding his or her right or |
31 | permission or (B) he or she uses an Internet service e-mail system offered by a Rhode Island |
32 | based Internet service provider in contravention of the authority granted by or in violation of the |
33 | policies set by the Internet service provider. |
34 | (vi) Transmission of electronic mail from an organization to its members shall not be |
| LC001243 - Page 3 of 6 |
1 | deemed to be unsolicited bulk electronic mail. |
2 | (16)(17) "Services" includes, but is not limited to, computer time, data processing, and |
3 | storage functions. |
4 | (17)(18) "Source document" means an original document or record which forms the basis |
5 | of every electronic entry put into a computer, computer system, or computer network. |
6 | (19) "White hat security research" means accessing a computer, computer system, |
7 | computer network, computer software, computer program or data contained in a computer, |
8 | computer system, computer program, or computer network, solely for purposes of good faith |
9 | testing, investigation, identification, and/or correction of a security flaw or vulnerability, where |
10 | such activity is carried out, and where the information derived from the activity is used, primarily |
11 | to promote security or safety. |
12 | SECTION 2. Chapter 11-52 of the General Laws entitled "Computer Crime" is hereby |
13 | amended by adding the following section thereto: |
14 | 11-52-3.1. Unauthorized access to confidential information. |
15 | (a) Whoever intentionally, without authority, directly or indirectly accesses a computer, |
16 | computer program, computer system, or computer network with the intent to either view, obtain, |
17 | copy, or download any confidential information contained in or stored on such computer, |
18 | computer program, computer system, or computer network, shall be guilty of a felony and shall |
19 | be subject to the penalties set forth in §11-52-5. |
20 | (b) Nothing in this section shall apply to any monitoring of, or interaction with, a user or |
21 | subscriber’s Internet or other network connection or service, or a computer, computer program, |
22 | computer system, or computer network or computer data, by a telecommunications carrier, cable |
23 | operator, white hat security researcher, computer hardware or software provider, or provider of |
24 | information service or interactive computer service for purposes related to: network or computer |
25 | security, diagnostics, technical support, repair, advertising, authorized updates of software or |
26 | system firmware, authorized remote system management, providing, operating, or improving a |
27 | service used, requested, or authorized by an individual, or detection or prevention of the |
28 | unauthorized use of or fraudulent or other illegal activities in connection with a network, service, |
29 | or computer software. |
30 | SECTION 3. Nothing in this act may be construed to provide a basis for a private right |
31 | of action against an interactive computer service, as defined in 47 U.S.C. §230, or a |
32 | telecommunications carrier as used by another person to violate this act, for content provided by |
33 | such person or by another information content provider. |
| LC001243 - Page 4 of 6 |
1 | SECTION 4. This act shall take effect upon passage. |
======== | |
LC001243 | |
======== | |
| LC001243 - Page 5 of 6 |
EXPLANATION | |
BY THE LEGISLATIVE COUNCIL | |
OF | |
A N A C T | |
RELATING TO CRIMINAL OFFENSES - COMPUTER CRIME | |
*** | |
1 | This act would prohibit unauthorized access to confidential information from a computer, |
2 | computer program, computer system, or computer network with the intent to either view, obtain, |
3 | copy, or download any confidential information. Violations would be a felony. |
4 | This act would take effect upon passage. |
======== | |
LC001243 | |
======== | |
| LC001243 - Page 6 of 6 |