S.22.2-65: Go Phish Act (PASSED)

[fhtagn]

GO PHISH ACT

TITLE I: DEFINITIONS

1. As used in this Act:

A. Entity includes corporations, business trusts, estates, partnerships, limited partnerships, limited liability partnerships, limited liability companies, associations, organizations, joint ventures, governments, governmental subdivisions, agencies, or instrumentalities, or any other legal entity, whether for profit or not-for-profit.

B. Individual means a natural person.

C. Identifying information means any information that can be used to access an individual’s financial accounts or to obtain goods and services, including, but not limited to: address, birth date, Social Security number, driver’s license number, non-driver governmental identification number, telephone number, bank account number, student identification, credit or debit card number, personal identification number, unique biometric data, employee or payroll number, automated or electronic signature, computer image, photograph, screen name or password.  The term does not include information that is lawfully obtained from publicly available information, or from Federal, Regional, State, or local government records lawfully made available to the general public.

D. False pretenses means the representation of a fact or circumstance which is not true and is calculated to mislead.

E. Phishing means making any communication under false pretenses purporting to be by or on behalf of a legitimate business or entity, without the authority or approval of the business or entity to induce, request, or solicit any person to provide identifying information or property.

F. Pharming means creating or operating a webpage that represents itself as belonging to or being associated with a legitimate business or entity, without the authority or approval of such business or entity, and that may induce any user of the Internet to provide identifying information or property; or altering a setting on a user’s computer or similar device or software program through which the user may search the Internet and thereby causes any user of the Internet to view a communication that represents itself as belonging to or being associated with a legitimate business, which message has been created or is operated without the authority or approval of such legitimate business and induces, requests or solicits any user of the Internet to provide identifying information or property.

G. Web page means a location that has a single uniform resource locator (URL) with respect to the World Wide Web or another location that can be accessed on the Internet.

TITLE II: PHISHING AND PHARMING

1. It shall be a felony punishable by imprisonment for no more than five (5) years, a fine of no more than $25,000.00, and restitution, for any person to engage in phishing or pharming in the Southern Region.

2. No Internet registrar or Internet service provider may be held liable under any provision of the laws of this Region or of any State or political subdivision in this Region for removing or disabling access to an Internet domain name controlled or operated by such registrar or by such provider or to content that resides on an Internet website or other online location controlled or operated by such provider and that such provider believes in good faith is used to engage in a violation of this act.

3. The following persons may bring a civil action against a person who violates this act:

A. an Internet service provider who is adversely affected by the violation;

B. an owner of a web page, computer server, or a trademark that is used without authorization in the violation; or

C. the Attorney General.

4. A person permitted to bring a civil action may obtain either actual damages for a violation of this Act or a civil penalty not to exceed $150,000 per violation of this act.

5. A violation of this Act by a state-chartered or licensed financial institution shall be enforceable exclusively by the financial institution’s primary regulator.

6. This Act shall apply to the discovery of phishing or pharming incident that occurs on or after the effective date of this section. This act does not apply to a telecommunications provider’s or Internet service provider’s good faith transmission or routing of, or intermediate temporary storing or caching of, identifying information.

TITLE III: ENACTMENT

1.This act shall take effect thirty (30) days after the date of passage.

Sponsor: fhtagn

[Mr. Reactionary]

This criminalizes phishing for personal info.

[fhtagn]

If there are no more comments, I move we proceed to a vote. 24 hours for objections.

[fhtagn]

A final vote on this bill is now open for 72 hours, or until 24 hours after this has enough votes to pass or fail, or until everybody votes, whichever occurs soonest.

[reagente]

aye

[UlmerFudd]

aye

[fhtagn]

Aye

[fhtagn]

This has enough votes to pass. 24 hours to vote/change your vote, or until everyone has voted, whichever happens soonest

[RFayette]

Aye

[President Punxsutawney Phil]

Aye
clever title!

[fhtagn]

The bill now passes and awaits gubernatorial action.

Aye: 5
Nay:0
Present: 0
Not voting: 0

GO PHISH ACT

TITLE I: DEFINITIONS

1. As used in this Act:

A. Entity includes corporations, business trusts, estates, partnerships, limited partnerships, limited liability partnerships, limited liability companies, associations, organizations, joint ventures, governments, governmental subdivisions, agencies, or instrumentalities, or any other legal entity, whether for profit or not-for-profit.

B. Individual means a natural person.

C. Identifying information means any information that can be used to access an individual’s financial accounts or to obtain goods and services, including, but not limited to: address, birth date, Social Security number, driver’s license number, non-driver governmental identification number, telephone number, bank account number, student identification, credit or debit card number, personal identification number, unique biometric data, employee or payroll number, automated or electronic signature, computer image, photograph, screen name or password.  The term does not include information that is lawfully obtained from publicly available information, or from Federal, Regional, State, or local government records lawfully made available to the general public.

D. False pretenses means the representation of a fact or circumstance which is not true and is calculated to mislead.

E. Phishing means making any communication under false pretenses purporting to be by or on behalf of a legitimate business or entity, without the authority or approval of the business or entity to induce, request, or solicit any person to provide identifying information or property.

F. Pharming means creating or operating a webpage that represents itself as belonging to or being associated with a legitimate business or entity, without the authority or approval of such business or entity, and that may induce any user of the Internet to provide identifying information or property; or altering a setting on a user’s computer or similar device or software program through which the user may search the Internet and thereby causes any user of the Internet to view a communication that represents itself as belonging to or being associated with a legitimate business, which message has been created or is operated without the authority or approval of such legitimate business and induces, requests or solicits any user of the Internet to provide identifying information or property.

G. Web page means a location that has a single uniform resource locator (URL) with respect to the World Wide Web or another location that can be accessed on the Internet.

TITLE II: PHISHING AND PHARMING

1. It shall be a felony punishable by imprisonment for no more than five (5) years, a fine of no more than $25,000.00, and restitution, for any person to engage in phishing or pharming in the Southern Region.

2. No Internet registrar or Internet service provider may be held liable under any provision of the laws of this Region or of any State or political subdivision in this Region for removing or disabling access to an Internet domain name controlled or operated by such registrar or by such provider or to content that resides on an Internet website or other online location controlled or operated by such provider and that such provider believes in good faith is used to engage in a violation of this act.

3. The following persons may bring a civil action against a person who violates this act:

A. an Internet service provider who is adversely affected by the violation;

B. an owner of a web page, computer server, or a trademark that is used without authorization in the violation; or

C. the Attorney General.

4. A person permitted to bring a civil action may obtain either actual damages for a violation of this Act or a civil penalty not to exceed $150,000 per violation of this act.

5. A violation of this Act by a state-chartered or licensed financial institution shall be enforceable exclusively by the financial institution’s primary regulator.

6. This Act shall apply to the discovery of phishing or pharming incident that occurs on or after the effective date of this section. This act does not apply to a telecommunications provider’s or Internet service provider’s good faith transmission or routing of, or intermediate temporary storing or caching of, identifying information.

TITLE III: ENACTMENT

1.This act shall take effect thirty (30) days after the date of passage.