AN ACT CONCERNING ENFORCEMENT OF ELECTRONIC MAIL PHISHING AND IDENTITY THEFT LAWS.

Be it enacted by the Senate and House of Representatives in General Assembly convened:

Section 1. Section 53-454 of the general statutes is repealed and the following is substituted in lieu thereof (Effective October 1, 2007):

(a) For purposes of this section:

(1) "Electronic mail message" means a message sent to a unique destination that consists of a unique user name or mailbox and a reference to an Internet domain, whether or not displayed, to which such message can be sent or delivered.

(2) "Identifying information" means specific details that can be used to access a person's financial accounts or to obtain goods or services, including, but not limited to, such person's Social Security number, driver's license number, bank account number, credit or debit card number, personal identification number, automated or electronic signature, unique biometric data or account password.

(b) No person shall, by means of an Internet web page, electronic mail message or otherwise using the Internet, solicit, request or take any action to induce another person to provide identifying information by representing that the person, either directly or by implication, is an on-line Internet business, without the authority or approval of such on-line Internet business. The Attorney General may issue subpoenas or interrogatories requiring production of evidence or testimony concerning a violation of this subsection. The Attorney General may apply to the Superior Court to enforce any subpoena or interrogatories issued pursuant to this subsection.

(c) The Attorney General or any person aggrieved by a violation of subsection (b) of this section may file a civil action in Superior Court to enforce the provisions of this section and to enjoin further violations of this section. The Attorney General or such aggrieved person may recover actual damages or twenty-five thousand dollars, whichever is greater, for each violation of subsection (b) of this section.

(d) In a civil action under subsection (c) of this section, the court may increase the damage award to an amount equal to not more than three times the award provided in said subsection (c) if the court determines that the defendant has engaged in a pattern and practice of violating subsection (b) of this section.

(e) An interactive computer service provider shall not be held liable or found in violation of this section for identifying, removing or disabling access to an Internet web page or other on-line location that such provider believes in good faith is being used to engage in a violation of this section.

(f) A violation of subsection (b) of this section shall be a class D felony. Multiple violations resulting from a single action or act shall constitute one violation for the purposes of this subsection.

Sec. 2. Section 53-388a of the general statutes is repealed and the following is substituted in lieu thereof (Effective October 1, 2007):

(a) As used in this section:

(1) "Scanning device" means a scanner, reader or any other electronic device that is used to access, read, scan, obtain, memorize or temporarily or permanently store information encoded on a computer chip or a magnetic strip or stripe of a payment card.

(2) "Reencoder" means an electronic device that places encoded information from a computer chip or a magnetic strip or stripe of a payment card onto a computer chip or a magnetic strip or stripe of a different payment card or any electronic medium that allows an authorized transaction to occur.

(3) "Payment card" means a credit card, charge card, debit card or any other card that is issued to an authorized card user and that allows the user to obtain, purchase or receive goods, services, money or anything else of value from a merchant.

(4) "Merchant" means a person who receives, from an authorized user of a payment card or from someone the person reasonably believes to be such an authorized user, a payment card or information from a payment card or what the person reasonably believes to be a payment card or information from a payment card, as an instrument for obtaining, purchasing or receiving goods, services, money or anything else of value from the person.

(b) No person shall use a scanning device to access, read, obtain, memorize or temporarily or permanently store information encoded on a computer chip or a magnetic strip or stripe of a payment card without the permission of the authorized user of the payment card and with the intent to defraud the authorized user, the issuer of the authorized user's payment card or a merchant.

(c) No person shall use a reencoder to place information encoded on a computer chip or a magnetic strip or stripe of a payment card onto a computer chip or a magnetic strip or stripe of a different card without the permission of the authorized user of the card from which the information is being reencoded and with the intent to defraud the authorized user, the issuer of the authorized user's payment card or a merchant.

(d) The Attorney General may issue subpoenas or interrogatories requiring production of evidence or testimony concerning a violation of this subsection. The Attorney General may apply to the Superior Court to enforce any subpoena or interrogatories issued pursuant to this subsection. The Attorney General may institute a civil proceeding in Superior Court against any person who violates subsection (b) or (c) of this section.

(e) Any person who violates the provisions of subsection (b) or (c) of this section shall be fined not more than ten thousand dollars and imprisoned not less than one year or more than ten years, or both.

(f) No person shall possess a scanning device or reencoder under circumstances manifesting an intent to use the same in the commission of a violation of subsection (b) or (c) of this section.

(g) Any person who violates subsection (f) of this section shall be guilty of a class A misdemeanor.

Statement of Purpose:

To provide the Attorney General with investigatory authority regarding electronic mail phishing and identity theft statutes.

[Proposed deletions are enclosed in brackets. Proposed additions are indicated by underline, except that when the entire text of a bill or resolution or a section of a bill or resolution is new, it is not underlined.]