BILL ANALYSIS

 

 

Senate Research Center                                                                                                          S.B. 28

81R723 CLG-D                                                                                                              By: Zaffirini

                                                                                                                        Business & Commerce

                                                                                                                                            3/29/2009

                                                                                                                                              As Filed

 

 

AUTHOR'S / SPONSOR'S STATEMENT OF INTENT

 

Currently, botnets are not prohibited from being used.  A bot is defined as computer software that operates as an agent for a user or another computer program or simulates a human activity.  Botnets are a collection of compromised computers used to perpetuate cybercrime.

 

S.B. 327, 79th Legislature, Regular Session, 2005, prohibited a person or entity from knowingly installing spyware, which allows a third party to read keystrokes, or provide computer software containing spyware to any computer in Texas; and provided civil penalties for knowingly installing spyware, as well as a cause of action for victims.

 

As proposed, S.B. 28 adds botnets to the list of prohibited actions using a computer.  The bill authorizes civil penalties for using a botnet, including a cause of action for victims, and authorizes the attorney general to seek injunctive relief and recovery of damages of $100,000 per violation.

 

RULEMAKING AUTHORITY

 

This bill does not expressly grant any additional rulemaking authority to a state officer, institution, or agency.

 

SECTION BY SECTION ANALYSIS

 

SECTION 1.  Amends Section 324.002, Business & Commerce Code, as effective April 1, 2009, by adding Subdivisions (1-a) and (9), to define "botnet" and "zombie."

 

SECTION 2.  Amends Section 324.003(a), Business & Commerce Code, as effective April 1, 2009, to include Section 324.055 as a section that does not apply to a telecommunications carrier, cable operator, computer hardware or software provider, or provider of information service or interactive computer service that monitors or has interaction with a subscriber's Internet or other network connection or service or a protected computer for certain purposes.

 

SECTION 3.  Amends Section 324.005, Business & Commerce Code, as effective April 1, 2009, to include Section 324.055 as a section that a person knowingly violates if the person performs certain acts.

 

SECTION 4.  Amends Subchapter B, Chapter 324, Business & Commerce Code, as effective April 1, 2009, by adding Section 324.055, as follows:

 

Sec. 324.055.  UNAUTHORIZED CREATION, ACCESS TO, OR USE OF ZOMBIES OR BOTNETS; PRIVATE ACTION.  (a)  Prohibits a person other than the owner or operator of the computer from knowingly causing or offering to cause a computer to become a zombie or part of a botnet.

 

(b)  Prohibits a person from knowingly creating, using, or offering to use a zombie or botnet for certain uses that the computer owner or operator has not authorized.

 

(c)  Prohibits a person from purchasing, renting, or otherwise gaining control of a zombie or botnet created by another person, or selling, leasing, offering for sale or lease, or otherwise providing to another person access to or use of a zombie or botnet.

 

(d)  Prohibits a person from providing substantial assistance or support to another person knowing that the other person is engaged in an act or practice that violates this section.

 

(e)  Authorizes certain persons to bring a civil action against a person who violates this section.

 

(f)  Authorizes a person bringing action under this section to obtain injunctive relief that restrains the violator from continuing the violation; damages in an amount  equal to the greater of  certain amounts, subject to Subsection (g); or both injunctive relief and damages.

 

(g)  Authorizes the court to increase an award of damages, statutory or otherwise, in an action brought under this section to an amount not to exceed three times the applicable damages if the court finds that the violation has reoccurred with sufficient frequency to constitute a pattern or practice.

 

(h)  Entitles a plaintiff who prevails in an action brought under this section to recover court and costs and reasonable attorney's and expert's fees, and other reasonable litigation costs.

 

(i)  Provides that a remedy authorized by this section is not exclusive but is in addition to any other procedure or remedy provided by other statutory or common law.

 

SECTION 5.  Amends Section 324.101(a), Business & Commerce Code, as effective April 1, 2009, to authorize any of certain persons, if adversely affected by the violation, to bring a civil action against a person who violates a provision of this chapter other than Section 324.055.

 

SECTION 6.  Makes application of this Act prospective.

 

SECTION 7.  Effective date:  September 1, 2009.