Happy New Year, Californians!
In addition to a brand new year, you’ve got a brand new anti-spyware law!
The new law, signed in September by Governor Schwarzenneger, took effect on January 1st, and makes it illegal to install software which takes control of another’s computer without their knowledge, and has been read as covering both spyware and adware.
Called the “Consumer Protection Against Spyware Act”, the law also requires companies to disclose up front whether something of theirs will install spyware on a user’s computer.
It also puts some control in the hands of the users, as it allows them to sue for up to $1,000 per incident. While it’s unlikely that a user is going to run out and retain a lawyer for $1,000, individuals have had some success filing lawsuits in small claims court under similar anti-spam statutes.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
For those of you who are legalphiles, here is the relevant portion of the new law:
A person or entity that is not an authorized user, as
defined in Section 22947.1, shall not, with actual knowledge, with
conscious avoidance of actual knowledge, or willfully, cause computer
software to be copied onto the computer of a consumer in this state
and use the software to do any of the following:
(a) Modify, through intentionally deceptive means, any of the
following settings related to the computer’s access to, or use of,
the Internet:
(1) The page that appears when an authorized user launches an
Internet browser or similar software program used to access and
navigate the Internet.
(2) The default provider or Web proxy the authorized user uses to
access or search the Internet.
(3) The authorized user’s list of bookmarks used to access Web
pages.
(b) Collect, through intentionally deceptive means, personally
identifiable information that meets any of the following criteria:
(1) It is collected through the use of a keystroke-logging
function that records all keystrokes made by an authorized user who
uses the computer and transfers that information from the computer to
another person.
(2) It includes all or substantially all of the Web sites visited
by an authorized user, other than Web sites of the provider of the
software, if the computer software was installed in a manner designed
to conceal from all authorized users of the computer the fact that
the software is being installed.
(3) It is a data element described in paragraph (2), (3), or (4)
of subdivision (k) of Section 22947.1, or in subparagraph (A) or (B)
of paragraph (5) of subdivision (k) of Section 22947.1, that is
extracted from the consumer’s computer hard drive for a purpose
wholly unrelated to any of the purposes of the software or service
described to an authorized user.
(c) Prevent, without the authorization of an authorized user,
through intentionally deceptive means, an authorized user’s
reasonable efforts to block the installation of, or to disable,
software, by causing software that the authorized user has properly
removed or disabled to automatically reinstall or reactivate on the
computer without the authorization of an authorized user.
(d) Intentionally misrepresent that software will be uninstalled
or disabled by an authorized user’s action, with knowledge that the
software will not be so uninstalled or disabled.
(e) Through intentionally deceptive means, remove, disable, or
render inoperative security, antispyware, or antivirus software
installed on the computer.
22947.3. A person or entity that is not an authorized user, as
defined in Section 22947.1, shall not, with actual knowledge, with
conscious avoidance of actual knowledge, or willfully, cause computer
software to be copied onto the computer of a consumer in this state
and use the software to do any of the following:
(a) Take control of the consumer’s computer by doing any of the
following:
(1) Transmitting or relaying commercial electronic mail or a
computer virus from the consumer’s computer, where the transmission
or relaying is initiated by a person other than the authorized user
and without the authorization of an authorized user.
(2) Accessing or using the consumer’s modem or Internet service
for the purpose of causing damage to the consumer’s computer or of
causing an authorized user to incur financial charges for a service
that is not authorized by an authorized user.
(3) Using the consumer’s computer as part of an activity performed
by a group of computers for the purpose of causing damage to another
computer, including, but not limited to, launching a denial of
service attack.
(4) Opening multiple, sequential, stand-alone advertisements in
the consumer’s Internet browser without the authorization of an
authorized user and with knowledge that a reasonable computer user
cannot close the advertisements without turning off the computer or
closing the consumer’s Internet browser.
(b) Modify any of the following settings related to the computer’s
access to, or use of, the Internet:
(1) An authorized user’s security or other settings that protect
information about the authorized user for the purpose of stealing
personal information of an authorized user.
(2) The security settings of the computer for the purpose of
causing damage to one or more computers.
(c) Prevent, without the authorization of an authorized user, an
authorized user’s reasonable efforts to block the installation of, or
to disable, software, by doing any of the following:
(1) Presenting the authorized user with an option to decline
installation of software with knowledge that, when the option is
selected by the authorized user, the installation nevertheless
proceeds.
(2) Falsely representing that software has been disabled.
(d) Nothing in this section shall apply to any monitoring of, or
interaction with, a subscriber’s Internet or other network connection
or service, or a protected computer, by a telecommunications
carrier, cable operator, computer hardware or software provider, or
provider of information service or interactive computer service for
network or computer security purposes, diagnostics, technical
support, repair, authorized updates of software or system firmware,
authorized remote system management, or detection or prevention of
the unauthorized use of or fraudulent or other illegal activities in
connection with a network, service, or computer software, including
scanning for and removing software proscribed under this chapter.
22947.4. (a) A person or entity, who is not an authorized user,
as defined in Section 22947.1, shall not do any of the following with
regard to the computer of a consumer in this state:
(1) Induce an authorized user to install a software component onto
the computer by intentionally misrepresenting that installing
software is necessary for security or privacy reasons or in order to
open, view, or play a particular type of content.
(2) Deceptively causing the copying and execution on the computer
of a computer software component with the intent of causing an
authorized user to use the component in a way that violates any other
provision of this section.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
