102ND GENERAL ASSEMBLY
State of Illinois
2021 and 2022
SB3440

 

Introduced 1/18/2022, by Sen. John Connor

 

SYNOPSIS AS INTRODUCED:
 
720 ILCS 5/17-51  was 720 ILCS 5/16D-3
720 ILCS 5/17-52  was 720 ILCS 5/16D-4

    Amends the Criminal Code of 2012. Provides that a person also commits computer tampering when he or she knowingly and without the authorization of a computer's owner or in excess of the authority granted to him or her intentionally introduces ransomware onto a computer, computer system, or computer network. Provides that a violation is a Class 4 felony for a first offense and a Class 3 felony for a second or subsequent offense. Provides that a person also commits aggravated computer tampering when he or she commits computer tampering (rather than computer tampering by accessing or causing to be accessed a computer or any part thereof, a computer network, or a program or data, and damaging or destroying the computer or altering, deleting, or removing a computer program or data) and he or she knowingly causes disruption of or interference with vital services or operations of a health care provider or creates a probability of death or bodily harm to one or more individuals (rather than creates a strong probability of death or great bodily harm to one or more individuals). Defines "ransomware", "health care provider", and "health care facility".


LRB102 21323 RLC 30435 b

CORRECTIONAL BUDGET AND IMPACT NOTE ACT MAY APPLY

 

 

A BILL FOR

 

SB3440LRB102 21323 RLC 30435 b

1    AN ACT concerning criminal law.
 
2    Be it enacted by the People of the State of Illinois,
3represented in the General Assembly:
 
4    Section 5. The Criminal Code of 2012 is amended by
5changing Sections 17-51 and 17-52 as follows:
 
6    (720 ILCS 5/17-51)  (was 720 ILCS 5/16D-3)
7    Sec. 17-51. Computer tampering.
8    (a) A person commits computer tampering when he or she
9knowingly and without the authorization of a computer's owner
10or in excess of the authority granted to him or her:
11        (1) Accesses or causes to be accessed a computer or
12    any part thereof, a computer network, or a program or
13    data;
14        (2) Accesses or causes to be accessed a computer or
15    any part thereof, a computer network, or a program or
16    data, and obtains data or services;
17        (3) Accesses or causes to be accessed a computer or
18    any part thereof, a computer network, or a program or
19    data, and damages or destroys the computer or alters,
20    deletes, or removes a computer program or data;
21        (4) Inserts or attempts to insert a program into a
22    computer or computer program knowing or having reason to
23    know that such program contains information or commands

 

 

SB3440- 2 -LRB102 21323 RLC 30435 b

1    that will or may:
2            (A) damage or destroy that computer, or any other
3        computer subsequently accessing or being accessed by
4        that computer;
5            (B) alter, delete, or remove a computer program or
6        data from that computer, or any other computer program
7        or data in a computer subsequently accessing or being
8        accessed by that computer; or
9            (C) cause loss to the users of that computer or the
10        users of a computer which accesses or which is
11        accessed by such program; or
12        (5) Falsifies or forges electronic mail transmission
13    information or other routing information in any manner in
14    connection with the transmission of unsolicited bulk
15    electronic mail through or into the computer network of an
16    electronic mail service provider or its subscribers; or .
17        (6) Intentionally introduces ransomware onto a
18    computer, computer system, or computer network.
19    (a-5) Distributing software to falsify routing
20information. It is unlawful for any person knowingly to sell,
21give, or otherwise distribute or possess with the intent to
22sell, give, or distribute software which:
23        (1) is primarily designed or produced for the purpose
24    of facilitating or enabling the falsification of
25    electronic mail transmission information or other routing
26    information;

 

 

SB3440- 3 -LRB102 21323 RLC 30435 b

1        (2) has only a limited commercially significant
2    purpose or use other than to facilitate or enable the
3    falsification of electronic mail transmission information
4    or other routing information; or
5        (3) is marketed by that person or another acting in
6    concert with that person with that person's knowledge for
7    use in facilitating or enabling the falsification of
8    electronic mail transmission information or other routing
9    information.
10    (a-10) For purposes of subsection (a), accessing a
11computer network is deemed to be with the authorization of a
12computer's owner if:
13        (1) the owner authorizes patrons, customers, or guests
14    to access the computer network and the person accessing
15    the computer network is an authorized patron, customer, or
16    guest and complies with all terms or conditions for use of
17    the computer network that are imposed by the owner;
18        (2) the owner authorizes the public to access the
19    computer network and the person accessing the computer
20    network complies with all terms or conditions for use of
21    the computer network that are imposed by the owner; or
22        (3) the person accesses the computer network in
23    compliance with the Revised Uniform Fiduciary Access to
24    Digital Assets Act (2015).
25    (b) Sentence.
26        (1) A person who commits computer tampering as set

 

 

SB3440- 4 -LRB102 21323 RLC 30435 b

1    forth in subdivision (a)(1) or (a)(5) or subsection (a-5)
2    of this Section is guilty of a Class B misdemeanor.
3        (2) A person who commits computer tampering as set
4    forth in subdivision (a)(2) of this Section is guilty of a
5    Class A misdemeanor and a Class 4 felony for the second or
6    subsequent offense.
7        (3) A person who commits computer tampering as set
8    forth in subdivision (a)(3), or (a)(4), or (a)(6) of this
9    Section is guilty of a Class 4 felony and a Class 3 felony
10    for the second or subsequent offense.
11        (4) If an injury arises from the transmission of
12    unsolicited bulk electronic mail, the injured person,
13    other than an electronic mail service provider, may also
14    recover attorney's fees and costs, and may elect, in lieu
15    of actual damages, to recover the lesser of $10 for each
16    unsolicited bulk electronic mail message transmitted in
17    violation of this Section, or $25,000 per day. The injured
18    person shall not have a cause of action against the
19    electronic mail service provider that merely transmits the
20    unsolicited bulk electronic mail over its computer
21    network.
22        (5) If an injury arises from the transmission of
23    unsolicited bulk electronic mail, an injured electronic
24    mail service provider may also recover attorney's fees and
25    costs, and may elect, in lieu of actual damages, to
26    recover the greater of $10 for each unsolicited electronic

 

 

SB3440- 5 -LRB102 21323 RLC 30435 b

1    mail advertisement transmitted in violation of this
2    Section, or $25,000 per day.
3        (6) The provisions of this Section shall not be
4    construed to limit any person's right to pursue any
5    additional civil remedy otherwise allowed by law.
6    (c) Whoever suffers loss by reason of a violation of
7subdivision (a)(4) of this Section may, in a civil action
8against the violator, obtain appropriate relief. In a civil
9action under this Section, the court may award to the
10prevailing party reasonable attorney's fees and other
11litigation expenses.
12    (d) As used in this Section, "ransomware" means a computer
13contaminant or lock that restricts access by an unauthorized
14person to a computer, computer system, or computer network or
15any data in a computer, computer system, or computer network
16under circumstances in which a person demands money, property,
17or a service to remove the computer contaminant or lock,
18restore access to the computer, computer system, computer
19network, or data, or otherwise remediate the impact of the
20computer contaminant or lock.
21(Source: P.A. 99-775, eff. 8-12-16.)
 
22    (720 ILCS 5/17-52)  (was 720 ILCS 5/16D-4)
23    Sec. 17-52. Aggravated computer tampering.
24    (a) A person commits aggravated computer tampering when he
25or she commits computer tampering as set forth in subsection

 

 

SB3440- 6 -LRB102 21323 RLC 30435 b

1(a) paragraph (a)(3) of Section 17-51 and he or she knowingly:
2        (1) causes disruption of or interference with vital
3    services or operations of State or local government, or a
4    public utility,or a health care provider; or
5        (2) creates a strong probability of death or great
6    bodily harm to one or more individuals.
7    (b) Sentence.
8        (1) A person who commits aggravated computer tampering
9    as set forth in paragraph (a)(1) of this Section is guilty
10    of a Class 3 felony.
11        (2) A person who commits aggravated computer tampering
12    as set forth in paragraph (a)(2) of this Section is guilty
13    of a Class 2 felony.
14    (c) In this Section:
15    "Health care facility" means a type of health care
16provider commonly known by a wide variety of titles,
17including, but not limited to, a hospital, medical center,
18nursing home, rehabilitation center, long term or tertiary
19care facility, physician office, or other facility established
20to administer health care in its ordinary course of business
21or practice.
22    "Health care provider" means a person who is licensed,
23certified, or otherwise authorized or permitted by the law of
24this State to administer health care in the ordinary course of
25business or practice of a profession, including, but not
26limited to, a physician, nurse, health care facility, or any

 

 

SB3440- 7 -LRB102 21323 RLC 30435 b

1employee, officer, director, agent, or person under contract
2with such a person.
3(Source: P.A. 96-1551, eff. 7-1-11.)