BILL ANALYSIS
|
Senate Research Center |
|
|
|
|
|
|
|
|
|
AUTHOR'S / SPONSOR'S STATEMENT OF INTENT
Observers note that a breach of computer security offense is a Class B misdemeanor when there is no proof of actual monetary damages. It is further noted that there also is no enhanced punishment for committing this offense when monetary damages are not incurred or evidenced. A breach of computer security, as interested parties note, may include obtaining personal identifiers from a computer system, which is often a precursor to the crime of identity theft, obtaining access to credit card sales logs or employment applications, and obtaining access to a governmental computer network. In addition, the parties note that it is difficult to prove the amount of actual monetary damages immediately resulting from a network intrusion.
H.B. 3396 seeks to address this issue by providing enhanced penalties for breach of computer security offenses that involve computers owned by the government or certain public and private utilities considered to be critical infrastructure facilities.
H.B. 3396 amends current law relating to the prosecution of and punishment for the offense of breach of computer security.
RULEMAKING AUTHORITY
SECTION BY SECTION ANALYSIS
SECTION 1. Amends Section 33.01, Penal Code, by adding Subdivisions (10-a) and (14-a) to define "critical infrastructure facility" and "identifying information."
SECTION 2. Amends Section 33.02, Penal Code, by amending Subsections (b) and (d) and adding Subsections (b-1), (b-2), and (e), as follows:
(b) Provides that an offense under Subsection (a) (relating to an offense committed by knowingly accessing a computer, computer network, or computer system without the effective consent of the owner), rather than an offense under this section, is a Class B misdemeanor, except that the offense is a state jail felony if:
(1) the defendant has been previously convicted two or more times of an offense under this chapter; or
(2) the computer, computer network, or computer system is owned by the government or a critical infrastructure facility.
(b-1) Creates this subsection from existing text. Provides that a person commits an offense if with the intent to obtain a benefit, defraud or harm another, or alter, damage, or delete property, the person knowingly accesses a computer, computer network, or computer system without the effective consent of the owner. Makes nonsubstantive changes.
(b-2) Creates this subsection from existing text. Provides that an offense under Subsection (b-1) is:
(1) a felony of the third degree if the aggregate amount involved is less than $100,000;
(2) a felony of the second degree if:
(A) the aggregate amount involved is $100,000 or more but less than $200,000;
(B) the aggregate amount involved is any amount less than $200,000 and the computer, computer network, or computer system is owned by the government or a critical infrastructure facility; or
(C) the actor obtains the identifying information of another by accessing only one computer, computer network, or computer system; or
(3) a felony of the first degree if:
(A) the aggregate amount involved is $200,000 or more; or
(B) the actor obtains the identifying information of another by accessing more than one computer, computer network, or computer system.
(d) Authorizes a person who is subject, rather than his subject, to prosecution under this section and any other section of this code to be prosecuted under either or both sections.
(e) Provides that it is a defense to prosecution under this section that the person acted with the intent to facilitate a lawful seizure or search of, or lawful access to, a computer, computer network, or computer system for a legitimate law enforcement purpose.
SECTION 3. Makes application of this Act prospective.
SECTION 4. Effective date: September 1, 2011.