General Assembly |
File No. 161 |
February Session, 2006 |
Senate, March 28, 2006
The Committee on General Law reported through SEN. COLAPIETRO of the 31st Dist., Chairperson of the Committee on the part of the Senate, that the substitute bill ought to pass.
AN ACT CONCERNING ELECTRONIC MAIL MESSAGE PHISHING.
Be it enacted by the Senate and House of Representatives in General Assembly convened:
Section 1. (NEW) (Effective October 1, 2006) (a) For purposes of this section:
(1) "Electronic mail message" means a message sent to a unique destination that consists of a unique user name or mailbox and a reference to an Internet domain, whether or not displayed, to which such message can be sent or delivered.
(2) "Identifying information" means specific details that can be used to access a person's financial accounts or to obtain goods or services, including, but not limited to, such person's Social Security number, driver's license number, bank account number, credit or debit card number, personal identification number, automated or electronic signature, unique biometric data or account password.
(b) No person shall, by means of an Internet web page, electronic mail message or otherwise using the Internet, solicit, request or take any action to induce another person to provide identifying information by representing that the person, either directly or by implication, is an on-line Internet business, without the authority or approval of such on-line Internet business.
(c) The Attorney General or any person aggrieved by a violation of subsection (b) of this section may file a civil action in superior court to enforce the provisions of this section and to enjoin further violations of this section. The Attorney General or such aggrieved person may recover actual damages or twenty-five thousand dollars, whichever is greater, for each violation of subsection (b) of this section.
(d) In a civil action under subsection (c) of this section, the court may increase the damage award to an amount equal to not more than three times the award provided in said subsection (c) if the court determines that the defendant has engaged in a pattern and practice of violating subsection (b) of this section.
(e) An interactive computer service provider shall not be held liable or found in violation of this section for identifying, removing or disabling access to an Internet web page or other on-line location that such provider believes in good faith is being used to engage in a violation of this section.
(f) A violation of subsection (b) of this section shall be a class D felony. Multiple violations resulting from a single action or act shall constitute one violation for the purposes of this subsection.
This act shall take effect as follows and shall amend the following sections: | ||
Section 1 |
October 1, 2006 |
New section |
GL |
Joint Favorable Subst. |
The following fiscal impact statement and bill analysis are prepared for the benefit of members of the General Assembly, solely for the purpose of information, summarization, and explanation, and do not represent the intent of the General Assembly or either House thereof for any purpose:
OFA Fiscal Note
Agency Affected |
Fund-Effect |
FY 07 $ |
FY 08 $ |
Judicial Dept. |
GF - Revenue Gain |
Potential |
Potential |
Various Criminal Justice Agencies |
GF - Cost |
Potential |
Potential |
Attorney General; Judicial Dept. |
GF - None |
None |
None |
Note: GF=General Fund
Explanation
The bill makes it a crime, punishable by a fine of up to $5,000 and/or five years' imprisonment, for any person to use the Internet or electronic mail messaging to induce another person to provide identifying information by representing that the person is an on-line Internet business, without the authority or approval of such on-line Internet business (electronic mail message phishing). To the extent that offenders are subject to incarceration or probation supervision in the community as a result of the bill, a potential cost to criminal justice agencies exists. On average, it costs the state $2,150 to supervise an offender on probation in the community as compared to $35,040 to incarcerate the offender (note that both figures include fringe benefits). There is a potential revenue gain associated with criminal fines.
The bill authorizes the Attorney General to bring a civil action to enforce the provisions of the bill. As this provision is permissive, it is anticipated that any such enforcement measures could be accommodated within budgeted resources.
The bill grants any person aggrieved by a violation of the bill permission to bring a civil action in superior court to recover actual damages or $25,000, whichever is greater, for each violation, and provides for the awarding of punitive damages. The number of civil cases resulting from this provision is anticipated to be small relative to the overall caseload of the Judicial Department and therefore could be accommodated within budgeted resources.
The Out Years
Agency Affected |
Fund-Effect |
FY 09 $ |
FY 10 $ |
FY 11 $ |
Judicial Dept. |
GF - Revenue Gain |
Potential |
Potential |
Potential |
Various Criminal Justice Agencies |
GF - Cost |
Potential |
Potential |
Potential |
Attorney General; Judicial Dept. |
GF - None |
None |
None |
None |
Note: GF=General Fund
OLR Bill Analysis
AN ACT CONCERNING ELECTRONIC MAIL MESSAGE PHISHING.
This bill prohibits using the Internet or an e-mail message to solicit or induce another to provide identifying information by pretending to be an on-line Internet business without the business's authorization.
The bill authorizes the attorney general or anyone aggrieved by a violation to sue to enforce it and restrain further violations. The court may award actual damages or $25,000, whichever is greater, for each violation. It may triple the damage award if it determines that the defendant has engaged in a pattern and practice of violations.
Under the bill, an Internet service provider is not liable for identifying, removing, or disabling access to a web page or other on-line location that it believes in good faith is being used to violate the prohibition.
A violation is also a class D felony, punishable by one to five years imprisonment, a fine of up to $5,000, or both. Multiple violations committed in the course of a single act constitute a single violation for purposes of the criminal penalty.
EFFECTIVE DATE: October 1, 2006
DEFINITIONS
E-Mail Messages
The bill defines “e-mail message” as a message sent to a unique destination consisting of a unique user name or mailbox and a reference to an Internet domain, whether or not displayed, to which the message can be sent.
Identifying Information
The bill defines “identifying information” as specific details that can be used to access a person's financial accounts or to obtain goods or services. It can include a Social Security number, driver's license number, bank account number, credit or debit card number, personal identification number, automated or electronic signature, unique biometric data, or account password.
BACKGROUND
Related Bill
HB 5596 prohibits the same conduct. It permits a court to award the greater of actual damages or $500,000 for each violation and has similar criminal penalty. It does not provide immunity to an Internet service provider when it identifies, removes, or disables access to a web page or on-line location that it believes in good faith is being used to violate the prohibition.
COMMITTEE ACTION
General Law Committee
Joint Favorable Substitute
Yea |
15 |
Nay |
0 |
(03/14/2006) |