Full Text of SB3440 102nd General Assembly
SB3440 102ND GENERAL ASSEMBLY |
| | 102ND GENERAL ASSEMBLY
State of Illinois
2021 and 2022 SB3440 Introduced 1/18/2022, by Sen. John Connor SYNOPSIS AS INTRODUCED: |
|
720 ILCS 5/17-51 | was 720 ILCS 5/16D-3 |
720 ILCS 5/17-52 | was 720 ILCS 5/16D-4 |
|
Amends the Criminal Code of 2012. Provides that a person also commits computer tampering when he or she knowingly and without the authorization of a
computer's owner or in excess of
the authority granted to him or her intentionally introduces ransomware onto a computer, computer system, or computer network. Provides that a violation is a Class 4 felony
for a first offense and a Class 3 felony for a second or subsequent offense. Provides that a person also commits
aggravated computer tampering when he or she commits computer
tampering (rather than computer tampering by accessing or causing to be accessed a computer or any
part thereof, a computer network, or a program or data, and damaging or destroying the computer or
altering, deleting, or removing a computer program or data) and he or she knowingly causes disruption of or interference with vital
services or operations of
a health care provider or creates a probability of death or bodily harm to one or
more individuals (rather than creates a strong probability of death or great bodily harm to one or
more individuals). Defines "ransomware", "health care provider", and "health care facility".
|
| |
| | | CORRECTIONAL BUDGET AND IMPACT NOTE ACT MAY APPLY | |
| | A BILL FOR |
|
| | | SB3440 | | LRB102 21323 RLC 30435 b |
|
| 1 | | AN ACT concerning criminal law.
| 2 | | Be it enacted by the People of the State of Illinois,
| 3 | | represented in the General Assembly:
| 4 | | Section 5. The Criminal Code of 2012 is amended by | 5 | | changing Sections 17-51 and 17-52 as follows:
| 6 | | (720 ILCS 5/17-51) (was 720 ILCS 5/16D-3)
| 7 | | Sec. 17-51. Computer tampering.
| 8 | | (a) A person commits
computer tampering when he or she | 9 | | knowingly and without the authorization of a
computer's owner | 10 | | or in excess of
the authority granted to him or her:
| 11 | | (1) Accesses or causes to be accessed a computer or | 12 | | any part thereof, a computer network, or
a program or | 13 | | data;
| 14 | | (2) Accesses or causes to be accessed a computer or | 15 | | any part thereof, a computer network, or
a program or | 16 | | data, and obtains data or services;
| 17 | | (3) Accesses or causes to be accessed a computer or | 18 | | any
part thereof, a computer network, or a program or | 19 | | data, and damages or destroys the computer or
alters, | 20 | | deletes, or removes a computer program or data;
| 21 | | (4) Inserts or attempts to insert a program into a | 22 | | computer or
computer program knowing or having reason to | 23 | | know that such program contains
information or commands |
| | | SB3440 | - 2 - | LRB102 21323 RLC 30435 b |
|
| 1 | | that will or may: | 2 | | (A) damage or destroy that computer,
or any other | 3 | | computer subsequently accessing or being accessed by | 4 | | that
computer; | 5 | | (B) alter, delete, or remove a computer program or
| 6 | | data from that computer, or any other computer program | 7 | | or data in a
computer subsequently accessing or being | 8 | | accessed by that computer; or | 9 | | (C) cause loss to the users of that computer or the | 10 | | users of a
computer which accesses or which is | 11 | | accessed by such program; or
| 12 | | (5) Falsifies or forges electronic mail transmission | 13 | | information or
other
routing information in any manner in | 14 | | connection with the transmission of
unsolicited bulk | 15 | | electronic mail through or into the computer network of an
| 16 | | electronic mail service provider or its subscribers ; or .
| 17 | | (6) Intentionally introduces ransomware onto a | 18 | | computer, computer system, or computer network. | 19 | | (a-5) Distributing software to falsify routing | 20 | | information. It is unlawful for any person knowingly to sell, | 21 | | give, or
otherwise
distribute or possess with the intent to | 22 | | sell, give, or distribute software
which:
| 23 | | (1) is primarily designed or produced for the purpose | 24 | | of facilitating or
enabling the falsification of | 25 | | electronic mail transmission information or
other routing | 26 | | information; |
| | | SB3440 | - 3 - | LRB102 21323 RLC 30435 b |
|
| 1 | | (2) has only a limited commercially significant
| 2 | | purpose or use other than to facilitate or enable the | 3 | | falsification of
electronic
mail transmission information | 4 | | or other routing information; or | 5 | | (3) is
marketed by that person or another acting in | 6 | | concert with that person with
that person's knowledge for | 7 | | use in facilitating or enabling the falsification
of
| 8 | | electronic mail transmission information or other routing | 9 | | information.
| 10 | | (a-10) For purposes of subsection (a), accessing a | 11 | | computer network is deemed to be with the authorization of a
| 12 | | computer's owner if: | 13 | | (1) the owner authorizes patrons, customers, or guests | 14 | | to access the computer network and the person accessing | 15 | | the computer network is an authorized patron, customer, or | 16 | | guest and complies with all terms or conditions for use of | 17 | | the computer network that are imposed by the owner; | 18 | | (2) the owner authorizes the public to access the | 19 | | computer network and the person accessing the computer | 20 | | network complies with all terms or conditions for use of | 21 | | the computer network that are imposed by the owner; or | 22 | | (3) the person accesses the computer network in | 23 | | compliance with the Revised Uniform Fiduciary Access to | 24 | | Digital Assets Act (2015).
| 25 | | (b) Sentence.
| 26 | | (1) A person who commits computer
tampering as set |
| | | SB3440 | - 4 - | LRB102 21323 RLC 30435 b |
|
| 1 | | forth in subdivision (a)(1) or (a)(5) or subsection (a-5) | 2 | | of this
Section is guilty
of a Class B misdemeanor.
| 3 | | (2) A person who commits computer tampering as set | 4 | | forth
in subdivision (a)(2) of this Section is guilty of a | 5 | | Class A misdemeanor
and a Class 4 felony for the second or | 6 | | subsequent offense.
| 7 | | (3) A person who commits computer tampering as set | 8 | | forth
in subdivision (a)(3) , or (a)(4) , or (a)(6) of this | 9 | | Section is guilty of a Class 4 felony
and a Class 3 felony | 10 | | for the second or subsequent offense.
| 11 | | (4) If an injury arises from the transmission of | 12 | | unsolicited bulk
electronic
mail, the injured person, | 13 | | other than an electronic mail service
provider, may also | 14 | | recover attorney's fees and costs, and may elect, in lieu | 15 | | of
actual damages, to recover the lesser of $10 for each | 16 | | unsolicited
bulk electronic mail message transmitted in | 17 | | violation of this Section, or
$25,000 per day. The injured | 18 | | person shall not have a cause of action
against the | 19 | | electronic mail service provider that merely transmits the
| 20 | | unsolicited bulk electronic mail over its computer | 21 | | network.
| 22 | | (5) If an injury arises from the transmission of | 23 | | unsolicited bulk
electronic
mail,
an injured electronic | 24 | | mail service provider may also recover
attorney's fees and | 25 | | costs, and may elect, in lieu of actual damages, to | 26 | | recover
the greater of $10 for each unsolicited electronic |
| | | SB3440 | - 5 - | LRB102 21323 RLC 30435 b |
|
| 1 | | mail
advertisement transmitted in violation of this | 2 | | Section, or $25,000 per day.
| 3 | | (6) The provisions of this Section shall not be | 4 | | construed to limit any
person's
right to pursue any | 5 | | additional civil remedy otherwise allowed by law.
| 6 | | (c) Whoever suffers loss by reason of a violation of | 7 | | subdivision (a)(4)
of this Section may, in a civil action | 8 | | against the violator, obtain
appropriate relief. In
a civil | 9 | | action under this Section, the court may award to the | 10 | | prevailing
party reasonable attorney's fees and other | 11 | | litigation expenses.
| 12 | | (d) As used in this Section, "ransomware" means a computer | 13 | | contaminant or lock that restricts access by an unauthorized | 14 | | person to a computer, computer system, or computer network or | 15 | | any data in a computer, computer system, or computer network | 16 | | under circumstances in which a person demands money, property, | 17 | | or a service to remove the computer contaminant or lock, | 18 | | restore access to the computer, computer system, computer | 19 | | network, or data, or otherwise remediate the impact of the | 20 | | computer contaminant or lock. | 21 | | (Source: P.A. 99-775, eff. 8-12-16.)
| 22 | | (720 ILCS 5/17-52) (was 720 ILCS 5/16D-4)
| 23 | | Sec. 17-52. Aggravated computer tampering. | 24 | | (a) A person commits
aggravated computer tampering when he | 25 | | or she commits computer
tampering as set forth in subsection |
| | | SB3440 | - 6 - | LRB102 21323 RLC 30435 b |
|
| 1 | | (a) paragraph (a)(3) of Section 17-51 and he or she knowingly:
| 2 | | (1) causes disruption of or interference with vital
| 3 | | services or operations of
State or local government , or a | 4 | | public utility ,or a health care provider ; or
| 5 | | (2) creates a strong probability of death or great | 6 | | bodily harm to one or
more individuals.
| 7 | | (b) Sentence. | 8 | | (1) A person who commits aggravated
computer tampering | 9 | | as set forth in paragraph (a)(1) of this Section is
guilty | 10 | | of a Class 3 felony.
| 11 | | (2) A person who commits aggravated computer tampering | 12 | | as
set forth in paragraph (a)(2) of this Section is guilty | 13 | | of a Class 2 felony.
| 14 | | (c) In this Section: | 15 | | "Health care facility" means a type of health care | 16 | | provider commonly known by a wide variety of titles, | 17 | | including, but not limited to, a hospital, medical center, | 18 | | nursing home, rehabilitation center, long term or tertiary | 19 | | care facility, physician office, or other facility established | 20 | | to administer health care in its ordinary course of business | 21 | | or practice. | 22 | | "Health care provider" means a person who is licensed, | 23 | | certified, or otherwise authorized or permitted by the law of | 24 | | this State to administer health care in the ordinary course of | 25 | | business or practice of a profession, including, but not | 26 | | limited to, a physician, nurse, health care facility, or any |
| | | SB3440 | - 7 - | LRB102 21323 RLC 30435 b |
|
| 1 | | employee, officer, director, agent, or person under contract | 2 | | with such a person. | 3 | | (Source: P.A. 96-1551, eff. 7-1-11 .)
|
|