BILL ANALYSIS
Senate Research Center S.B. 28
By: Zaffirini
AUTHOR'S / SPONSOR'S STATEMENT OF INTENT
Currently, botnets are not prohibited from being used. A bot is defined as computer software that operates as an agent for a user or another computer program or simulates a human activity. Botnets are a collection of compromised computers used to perpetuate cybercrime.
S.B. 327, 79th Legislature, Regular Session, 2005, prohibited a person or entity from knowingly installing spyware, which allows a third party to read keystrokes, or provide computer software containing spyware to any computer in Texas; and provided civil penalties for knowingly installing spyware, as well as a cause of action for victims.
S.B. 28 amends current law relating to the use of a computer for an unauthorized purpose and provides a civil penalty.
RULEMAKING AUTHORITY
This bill does not expressly grant any additional rulemaking authority to a state officer, institution, or agency.
SECTION BY SECTION ANALYSIS
SECTION 1. Amends Section 324.002, Business & Commerce Code, as effective April 1, 2009, by adding Subdivisions (1-a) and (9), to define "botnet" and "zombie."
SECTION 2. Amends Section 324.003(a), Business & Commerce Code, as effective April 1, 2009, to include Section 324.055 as a section that does not apply to a telecommunications carrier, cable operator, computer hardware or software provider, or provider of information service or interactive computer service that monitors or has interaction with a subscriber's Internet or other network connection or service or a protected computer for certain purposes.
SECTION 3. Amends Section 324.005, Business & Commerce Code, as effective April 1, 2009, to include Section 324.055 as a section that a person knowingly violates if the person performs certain acts.
SECTION 4. Amends Subchapter B, Chapter 324, Business & Commerce Code, as effective April 1, 2009, by adding Section 324.055, as follows:
Sec. 324.055. New heading: UNAUTHORIZED CREATION OF, ACCESS TO, OR USE OF ZOMBIES OR BOTNETS; PRIVATE ACTION. (a) Defines "Internet service provider" and "person" in this section.
(b) Prohibits a person who is not the owner or operator of the computer from knowingly causing or offering to cause a computer to become a zombie or part of a botnet.
(c) Prohibits a person from knowingly creating, having created, using, or offering to use a zombie or botnet for certain uses that the computer owner or operator has not authorized.
(d) Prohibits a person from purchasing, renting, or otherwise gaining control of a zombie or botnet created by another person, or selling, leasing, offering for sale or lease, or otherwise providing to another person access to or use of a zombie or botnet.
(e) Authorizes certain persons to bring a civil action against a person who violates this section.
(f) Authorizes a person bringing action under this section, for each violation, to seek injunctive relief to restrain a violator from continuing the violation; recover damages in an amount equal to the greater of certain amounts, subject to Subsection (g); or obtain both injunctive relief and damages.
(g) Authorizes the court to increase an award of damages, statutory or otherwise, in an action brought under this section to an amount not to exceed three times the applicable damages if the court finds that the violations have occurred with such a frequency as to constitute a pattern or practice.
(h) Entitles a plaintiff who prevails in an action brought under this section to recover court costs and reasonable attorney's and expert's fees, and other reasonable litigation costs.
(i) Provides that a remedy authorized by this section is not exclusive but is in addition to any other procedure or remedy provided for by other statutory or common law.
(j) Provides that nothing in this section may be construed to impose liability on the following persons with respect to a violation of this section committed by another person: an Internet service provider; a provider of interactive computer service, as defined by Section 230, Communications Act of 1934 (47 U.S.C. Section 230); a telecommunications provider, as defined by Section 51.002 (Definitions), Utilities Code; or a video service provider or cable service provider, as defined by Section 66.002 (Definitions), Utilities Code.
SECTION 5. Amends Section 324.101(a), Business & Commerce Code, as effective April 1, 2009, to authorize any of certain persons, if adversely affected by the violation, to bring a civil action against a person who violates Sections 324.051, 324.052, 324.053, or 324.054.
SECTION 6. Makes application of this Act prospective.
SECTION 7. Effective date: September 1, 2009.