SB0137 95TH GENERAL ASSEMBLY

95TH GENERAL ASSEMBLY State of Illinois 2007 and 2008
SB0137

Introduced 1/31/2007, by Sen. Ira I. Silverstein

SYNOPSIS AS INTRODUCED:

New Act

Creates the Anti-Phishing Act. Makes it unlawful for a person, by means of a Web page, e-mail message, or otherwise through use of the Internet, to solicit, request, or take any action to induce another person to provide identifying information by representing oneself to be a business without the authority or approval of the business. Provides that a person who is engaged in the business of providing Internet access service to the public, owns a Web page, or owns a trademark and is adversely affected by a violation may bring an action to recover the greater of actual damages or $500,000. Provides that an individual who is adversely affected by a violation may bring an action against a person who has directly violated the Act to enjoin further violations of the Act and to recover the greater of 3 times the amount of actual damages or $5,000 per violation. Provides that the Attorney General or a State's Attorney may bring an action against a person who violates or is in violation of the Act to enjoin further violations and to recover a civil penalty of up to $2,500 per violation. Provides that a court may increase the recoverable damages to an amount up to 3 times the damages otherwise recoverable if the defendant has engaged in a pattern and practice of violating the Act and award costs of suit and attorney's fees to a prevailing plaintiff. Provides that these remedies do not preclude the seeking of remedies, including criminal remedies, under any other applicable provision of law. Provides that multiple violations resulting from any single action or conduct shall constitute one violation.

LRB095 06387 WGH 26484 b

A BILL FOR

SB0137

LRB095 06387 WGH 26484 b

1 AN ACT concerning the Internet.

2 Be it enacted by the People of the State of Illinois,

3 represented in the General Assembly:

4 Section 1. Short title. This Act may be cited as the

5 Anti-Phishing Act.

6 Section 5. Definitions. As used in this Act:

7 "Electronic mail message" means a message sent to a unique

8 destination, commonly expressed as a string of characters,

9 consisting of a unique user name or mailbox (commonly referred

10 to as the "local part") and a reference to an Internet domain

11 (commonly referred to as the "domain part"), whether or not

12 displayed, to which an electronic message can be sent or

13 delivered.

14 "Identifying information" means, with respect to an

15 individual, any of the following:

16 (1) Social security number.

17 (2) Driver's license number.

18 (3) Bank account number.

19 (4) Credit card or debit card number.

20 (5) Personal identification number (PIN).

21 (6) Automated or electronic signature.

22 (7) Unique biometric data.

23 (8) Account password.

SB0137

- 2 -

LRB095 06387 WGH 26484 b

1 (9) Any other piece of information that can be used to

2 access an individual's financial accounts or to obtain

3 goods or services.

4 "Internet" means the global information system that is

5 logically linked together by a globally unique address space

6 based on the Internet Protocol (IP), or its subsequent

7 extensions, and that is able to support communications using

8 the Transmission Control Protocol/Internet Protocol (TCP/IP)

9 suite, or its subsequent extensions, or other IP-compatible

10 protocols, and that provides, uses, or makes accessible, either

11 publicly or privately, high level services layered on the

12 communications and related infrastructure.

13 "Web page" means a location that has a single uniform

14 resource locator or other single location with respect to the

15 Internet.

16 Section 10. Prohibitions. It is unlawful for any person, by

17 means of a Web page, electronic mail message, or otherwise

18 through use of the Internet, to solicit, request, or take any

19 action to induce another person to provide identifying

20 information by representing himself, herself, or itself to be a

21 business without the authority or approval of the business.

22 Section 15. Actions.

23 (a) The following persons may bring an action against a

24 person who violates or is in violation of Section 10:

SB0137

- 3 -

LRB095 06387 WGH 26484 b

1 (1) A person who (A) is engaged in the business of

2 providing Internet access service to the public, owns a Web

3 page, or owns a trademark, and (B) is adversely affected by

4 a violation of Section 10.

5 An action brought under this paragraph may seek to

6 recover the greater of actual damages or $500,000.

7 (2) An individual who is adversely affected by a

8 violation of Section 10 may bring an action, but only

9 against a person who has directly violated Section 10.

10 An action brought under this paragraph may seek to

11 enjoin further violations of Section 10 and to recover the

12 greater of 3 times the amount of actual damages or $5,000

13 per violation.

14 (b) The Attorney General or a State's Attorney may bring an

15 action against a person who violates or is in violation of

16 Section 10 to enjoin further violations of Section 10 and to

17 recover a civil penalty of up to $2,500 per violation.

18 (c) In an action pursuant to this Section, a court may, in

19 addition, do either or both of the following:

20 (1) Increase the recoverable damages to an amount up to

21 3 times the damages otherwise recoverable under subsection

22 (a) in cases in which the defendant has engaged in a

23 pattern and practice of violating Section 10.

24 (2) Award costs of suit and reasonable attorney's fees

25 to a prevailing plaintiff.

26 (d) The remedies provided in this Section do not preclude

SB0137

- 4 -

LRB095 06387 WGH 26484 b

1 the seeking of remedies, including criminal remedies, under any

2 other applicable provision of law.

3 (e) For purposes of paragraph (1) of subsection (a),

4 multiple violations of Section 10 resulting from any single

5 action or conduct shall constitute one violation.