[Congressional Bills 108th Congress]
[From the U.S. Government Publishing Office]
[H.R. 4255 Introduced in House (IH)]






108th CONGRESS
  2d Session
                                H. R. 4255

   To prevent deceptive software transmission practices in order to 
  safeguard computer privacy, maintain computer control, and protect 
                           Internet commerce.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                             April 30, 2004

  Mr. Inslee introduced the following bill; which was referred to the 
 Committee on Energy and Commerce, and in addition to the Committee on 
   the Judiciary, for a period to be subsequently determined by the 
  Speaker, in each case for consideration of such provisions as fall 
           within the jurisdiction of the committee concerned

_______________________________________________________________________

                                 A BILL


 
   To prevent deceptive software transmission practices in order to 
  safeguard computer privacy, maintain computer control, and protect 
                           Internet commerce.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Computer Software Privacy and 
Control Act''.

SEC. 2. DEFINITIONS.

    As used in this Act, the following definitions apply:
            (1) The terms ``computer'' and ``protected computer'' have 
        the meanings given such terms in section 1030(e) of title 18, 
        United States Code.
            (2) The term ``computer software'' means a sequence of 
        instructions written in any programming language that is stored 
        or executed on a computer. Such term shall not include computer 
        software that is a Web page, or data components of Web pages 
        that are not executable independently of the Web page.
            (3) The term ``disable'', with regards to computer 
        software, or a component thereof, means to permanently prevent 
        such software or component from executing any of the functions 
        described in section 3 that such software is otherwise capable 
        of executing, unless the owner or operator of a protected 
        computer takes a subsequent affirmative action to enable the 
        execution of such functions.
            (4) The terms ``execute'', ``execution'', and 
        ``executable'', when used with respect to computer software, 
        refer to the performance of the functions or the carrying out 
        of the instructions of the computer software.
            (5) The term ``first retail sale'' means the first sale of 
        a computer, for a purpose other than resale, after the 
        manufacture, production, or importation of the computer. For 
        purposes of this paragraph, the lease of a computer shall be 
        considered a sale of the computer at retail.
            (6) The term ``Internet'' has the meaning given such term 
        in section 1302(6) of the Children's Online Privacy Protection 
        Act of 1998 (15 U.S.C. 6501(6)).
            (7) The term ``owner or operator'', with respect to a 
        protected computer, shall not include any person who owns a 
        computer prior to the first retail sale of such computer.
            (8) The term ``person'' has the meaning given that term in 
        section 1030(e)(12) of title 18, United States Code.
            (9) The term ``personal information'' means--
                    (A) a first and last name;
                    (B) a home or other physical address including 
                street name;
                    (C) an electronic mail address;
                    (D) a telephone number;
                    (E) a Social Security number;
                    (F) a credit card or bank account number or any 
                password or access code associated with a credit card 
                or bank account; and
                    (G) a birth certificate number.
            (10) The term ``removal utility'' means a means by which 
        the owner or operator of a protected computer can remove, 
        delete, or disable computer software, or a component thereof.
            (11) The term ``transmit'' means to transfer, send, or make 
        available computer software, or any component thereof, via the 
        Internet or any other medium, including local area networks of 
        computers, other non-wire transmission, and disc or other data 
        storage device, for the purpose of or resulting in an economic 
        benefit to the person transferring, sending, or making 
        available such computer software, or component thereof, derived 
        from the transmission or execution of such software, or 
        component thereof. Such term shall not include any action by a 
        person providing--
                    (A) the Internet connection, telephone connection, 
                or other means of transmission capability such as a 
                compact disk or digital video disk through which the 
                software was made available;
                    (B) the storage or hosting of the software program 
                or an Internet Web page through which the software was 
                made available; or
                    (C) an information location tool, such as a 
                directory, index, reference, pointer, or hypertext 
                link, through which the user of the computer located 
                the software,
        unless such person receives a direct economic benefit from the 
        execution of such software on the protected computer.
            (12) The term ``Web page'' means a location that has a 
        single Uniform Resource Locator with respect to the World Wide 
        Web or other single location with respect to the Internet.

SEC. 3. UNFAIR AND DECEPTIVE ACTS AND PRACTICES IN THE TRANSMISSION OF 
              COMPUTER SOFTWARE.

    (a) Deceptive Acts Prohibited.--It is unlawful for any person 
knowingly to transmit to a protected computer owned or operated by 
another person, or transmit to a protected computer prior to the first 
retail sale of such computer, any computer software, or any component 
thereof, that--
            (1) collects personal information about an owner or 
        operator of that protected computer and transfers such 
        information to any person other than such owner or operator;
            (2) monitors or analyzes the content of the Internet web 
        pages accessed by an owner or operator of such computer and 
        transfers information regarding the accessing of such web pages 
        to any person other than such owner or operator; or
            (3) modifies default computer settings or computer settings 
        previously selected by the owner or operator of that computer 
        that affect--
                    (A) the Web page that is first displayed by 
                computer software used to access and navigate the 
                Internet, such as an Internet browser;
                    (B) Internet connection settings, the modification 
                of which can result in financial charges to the owner 
                or operator without the owner or operator's knowledge; 
                or
                    (C) the actions or operations of any service 
                offered by a provider of a service used to search the 
                Internet, or files and data stored on the protected 
                computer,
unless, before the execution of the functions described in paragraphs 
(1) through (3), notice of such functions is provided to, and consent 
to such execution is obtained from, such owner or operator, and such 
software, or component thereof, includes a removal utility.
    (b) Requirements for Advertising Software.--
            (1) Notice and consent.--It is unlawful for any person 
        knowingly to transmit to a protected computer owned or operated 
        by another person, or transmit to a protected computer prior to 
        the first retail sale of such computer, any computer software, 
        or any component thereof, that includes a function to deliver 
        or display advertisements, unless, before the execution of such 
        function, notice of such function is provided to, and the 
        consent to such execution is obtained from, such owner or 
        operator, and such software, or component thereof, includes a 
        removal utility.
            (2) Software displayed as a web page.--The requirements of 
        paragraph (1) shall apply to computer software containing a 
        function to deliver advertisements displayed as a Web page or 
        by other means, but shall not include software that is a Web 
        page or a component of a Web page.
    (c) Knowledge Requirement.--For purposes of this section, the term 
``knowingly'', used with respect to transmitting computer software, or 
a component thereof, means that the person transmitting has actual 
knowledge that the software or component transmitted has the capacity 
to execute any of the functions described in this section.
    (d) Notice and Consent Requirements.--
            (1) Notice.--The notice required under subsections (a) and 
        (b)--
                    (A) shall not be materially false or misleading; 
                and
                    (B) shall include a description of and directions 
                for the removal utility, or instructions for the 
                removal, deletion, or disabling of the software, or 
                component thereof.
            (2) Consent.--The consent required under subsections (a) 
        and (b) shall be contiguous to the notice required under such 
        subsections, such that the owner or operator of the protected 
        computer may reasonably understand the function or functions to 
        which such consent is granted.
            (3) Definition.--For purposes of this subsection, the term 
        ``materially false or misleading notice'' includes--
                    (A) a failure to describe any of the functions 
                requiring notice; and
                    (B) an unauthorized material modification to or 
                obstruction of a notice, description, or warning 
                provided by computer software previously stored or 
                executed on the protected computer.

SEC. 4. ENFORCEMENT.

    (a) Federal Trade Commission.--
            (1) Unfair or deceptive act or practice.--A violation of 
        this Act shall be treated as a violation of a rule defining an 
        unfair or deceptive act or practice prescribed under section 
        18(a) of the Federal Trade Commission Act (15 U.S.C. 57a(a)).
            (2) Actions by the commission.--The Federal Trade 
        Commission shall enforce this Act in the same manner, by the 
        same means, and with the same jurisdiction, powers, and duties 
        as though all applicable terms and provisions of the Federal 
        Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated 
        into and made a part of this Act.
    (b) Criminal Penalties.--
            (1) In general.--Section 1030(a) of title 18, United States 
        Code, is amended--
                    (A) by inserting ``or'' at the end of paragraph 
                (7); and
                    (B) by adding at the end the following:
            ``(8) knowingly causes the transmission of a program, 
        information, code, or command with the intent to obtain access 
        without authorization or exceeding authorized access to a 
        protected computer by means of a knowingly and materially false 
        or misleading notice or description of function, effect, or 
        origin of such computer software;''.
            (2) Definitions.--Section 1030(e) of title 18, United 
        States Code, is amended--
                    (A) in paragraph (6)--
                            (i) by inserting ``, or to obtain further 
                        access to or control over the computer'' after 
                        ``in the computer''; and
                            (ii) by striking ``or alter'' and inserting 
                        ``, alter, access, or control''; and
                    (B) by adding at the end the following:
            ``(13) The term `knowingly and materially false or 
        misleading notice or description' includes a knowing and 
        material omission regarding function of program, information, 
        code, or command that provides access to or control over a 
        protected computer.''.
            (3) Penalties.--Section 1030(c)(3) of title 18, United 
        States Code is amended--
                    (A) in subparagraph (A), by striking ``or (a)(7)'' 
                and inserting ``(a)(7), or (a)(8)''; and
                    (B) in subparagraph (B), by striking ``or (a)(7)'' 
                and inserting ``(a)(7), or (a)(8)''.
    (c) State Action.--
            (1) In general.--In any case in which the attorney general 
        of a State has reason to believe that an interest of the 
        residents of that State has been or is threatened or adversely 
        affected by a violation of section 3 of this Act, the State may 
        bring a civil action on behalf of the residents of the State in 
        a district court of the United States of appropriate 
        jurisdiction to--
                    (A) enjoin that practice;
                    (B) enforce compliance with this Act; or
                    (C) obtain damages, restitution, or other 
                compensation on behalf of residents of the State.
            (2) Notice.--
                    (A) In general.--Before filing an action under 
                paragraph (1), the attorney general of the State 
                involved shall provide to the Federal Trade 
                Commission--
                            (i) written notice of that action; and
                            (ii) a copy of the complaint for that 
                        action.
                    (B) Exemption.--Subparagraph (A) shall not apply 
                with respect to the filing of an action by an attorney 
                general of a State under this subsection, if the 
                attorney general determines that it is not feasible to 
                provide the notice described in that subparagraph 
                before filing of the action. In such case, the attorney 
                general of a State shall provide notice and a copy of 
                the complaint to the Federal Trade Commission at the 
                same time as the attorney general files the action.
            (3) Intervention by federal trade commission.--
                    (A) In general.--On receiving notice under 
                paragraph (2), the Federal Trade Commission shall have 
                the right to intervene in the action that is the 
                subject of the notice.
                    (B) Effect of intervention.--If the Federal Trade 
                Commission intervenes in an action under subparagraph 
                (A), it shall have the right--
                            (i) to be heard with respect to any matter 
                        that arises in that action; and
                            (ii) to file a petition for appeal.
            (4) Construction.--For purposes of bringing any civil 
        action under paragraph (1), nothing in this Act shall be 
        construed to prevent an attorney general of a State from 
        exercising the powers conferred on the attorney general by the 
        laws of that State to--
                    (A) conduct investigations;
                    (B) administer oaths or affirmations; or
                    (C) compel the attendance of witnesses or the 
                production of documentary and other evidence.
            (5) Preemption.--In any case in which an action is 
        instituted by or on behalf of the Commission for a violation of 
        section 3, no State may, during the pendency of that action, 
        institute an action under paragraph (1) against any defendant 
        named in the complaint in that action.
            (6) Service of process.--In an action brought under 
        paragraph (1), process may be served in any district in which 
        the defendant--
                    (A) is an inhabitant; or
                    (B) may be found.

SEC. 5. EFFECT ON OTHER LAWS.

     This Act supersedes any statute, regulation, or rule of a State or 
political subdivision of a State that expressly regulates the 
transmission of computer software similar to that described in section 
3.

SEC. 6. LAW ENFORCEMENT REPORTING REQUIREMENTS.

    (a) Semiannual Reports to Congress on Transmission of Computer 
Software for Surveillance Activities.--Not later than 1 year after the 
date of enactment of this Act, and every 6 months thereafter, the 
Attorney General shall transmit to the Committees on the Judiciary of 
the Senate and of the House of Representatives a report concerning any 
warrant, order, or extension of an order applied for by law enforcement 
agencies of the Department of Justice, whose implementation involved 
the transmission or execution of computer software on a protected 
computer to record computer activity or intercept any wire, oral, or 
electronic communications. Such reports shall include information 
concerning--
            (1) the type of warrant, order, or extension of an order 
        applied for;
            (2) the information sought by the warrant, period of 
        interceptions authorized by the order, and the number and 
        duration of any extensions of the warrant or order;
            (3) the offense specified in the application, warrant, 
        order, or extension of an order;
            (4) the identity of the applying investigative or law 
        enforcement officer and agency making the application and the 
        person authorizing the application;
            (5) the nature of the facilities from which or place where 
        activities were to be recorded or communications were to be 
        intercepted;
            (6) a general description of the recordings or 
        interceptions made under such order or extension, including--
                    (A) the approximate nature and frequency of 
                incriminating activities recorded or communications 
                intercepted;
                    (B) the approximate nature and frequency of other 
                activities recorded or communications intercepted;
                    (C) the approximate number of persons whose 
                activities were recorded or communications were 
                intercepted;
                    (D) the number of warrants or orders in which 
                encryption was encountered and whether such encryption 
                prevented law enforcement from obtaining access to any 
                information pursuant to such warrant or the plain text 
                of communications intercepted pursuant to such order; 
                and
                    (E) the approximate nature, amount, and cost of the 
                manpower and other resources used in the recordings or 
                interceptions;
            (7) the number of arrests resulting from recordings or 
        interceptions made under such warrant, order, or extension of 
        an order, and the offenses for which arrests were made;
            (8) the number of trials resulting from such recordings or 
        interceptions;
            (9) the number of motions to suppress made with respect to 
        such recordings or interceptions, and the number of such 
        motions granted or denied;
            (10) the number of convictions resulting from such 
        recordings or interceptions and the offenses for which the 
        convictions were obtained, and a general assessment of the 
        importance of the recordings or interceptions; and
            (11) the specific persons authorizing the use of such 
        computer software in the implementation of such warrant, order, 
        or extension of an order.
                                 <all>