| |
| |
| |
|
|
AN ACT
|
|
|
relating to cybercrime; creating criminal offenses. |
|
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
|
SECTION 1. This Act may be cited as the Texas Cybercrime |
|
|
Act. |
|
|
SECTION 2. Section 33.01, Penal Code, is amended by |
|
|
amending Subdivision (2) and adding Subdivisions (11-a), (13-a), |
|
|
(13-b), (13-c), and (15-a) to read as follows: |
|
|
(2) "Aggregate amount" means the amount of: |
|
|
(A) any direct or indirect loss incurred by a |
|
|
victim, including the value of money, property, or service stolen, |
|
|
appropriated, or rendered unrecoverable by the offense; or |
|
|
(B) any expenditure required by the victim to: |
|
|
(i) determine whether data or [verify that] |
|
|
a computer, computer network, computer program, or computer system |
|
|
was [not] altered, acquired, appropriated, damaged, deleted, or |
|
|
disrupted by the offense; or |
|
|
(ii) attempt to restore, recover, or |
|
|
replace any data altered, acquired, appropriated, damaged, |
|
|
deleted, or disrupted. |
|
|
(11-a) "Decryption," "decrypt," or "decrypted" means |
|
|
the decoding of encrypted communications or information, whether by |
|
|
use of a decryption key, by breaking an encryption formula or |
|
|
algorithm, or by the interference with a person's use of an |
|
|
encryption service in a manner that causes information or |
|
|
communications to be stored or transmitted without encryption. |
|
|
(13-a) "Encrypted private information" means |
|
|
encrypted data, documents, wire or electronic communications, or |
|
|
other information stored on a computer or computer system, whether |
|
|
in the possession of the owner or a provider of an electronic |
|
|
communications service or a remote computing service, and which has |
|
|
not been accessible to the public. |
|
|
(13-b) "Encryption," "encrypt," or "encrypted" means |
|
|
the encoding of data, documents, wire or electronic communications, |
|
|
or other information, using mathematical formulas or algorithms in |
|
|
order to preserve the confidentiality, integrity, or authenticity |
|
|
of, and prevent unauthorized access to, such information. |
|
|
(13-c) "Encryption service" means a computing |
|
|
service, a computer device, computer software, or technology with |
|
|
encryption capabilities, and includes any subsequent version of or |
|
|
update to an encryption service. |
|
|
(15-a) "Privileged information" means: |
|
|
(A) protected health information, as that term is |
|
|
defined by Section 182.002, Health and Safety Code; |
|
|
(B) information that is subject to the |
|
|
attorney-client privilege; or |
|
|
(C) information that is subject to the |
|
|
accountant-client privilege under Section 901.457, Occupations |
|
|
Code, or other law, if the information is on a computer, computer |
|
|
network, or computer system owned by a person possessing a license |
|
|
issued under Subchapter H, Chapter 901, Occupations Code. |
|
|
SECTION 3. Chapter 33, Penal Code, is amended by adding |
|
|
Sections 33.022, 33.023, and 33.024 to read as follows: |
|
|
Sec. 33.022. ELECTRONIC ACCESS INTERFERENCE. (a) A |
|
|
person, other than a network provider or online service provider |
|
|
acting for a legitimate business purpose, commits an offense if the |
|
|
person intentionally interrupts or suspends access to a computer |
|
|
system or computer network without the effective consent of the |
|
|
owner. |
|
|
(b) An offense under this section is a third degree felony. |
|
|
(c) It is a defense to prosecution under this section that |
|
|
the person acted with the intent to facilitate a lawful seizure or |
|
|
search of, or lawful access to, a computer, computer network, or |
|
|
computer system for a legitimate law enforcement purpose. |
|
|
Sec. 33.023. ELECTRONIC DATA TAMPERING. (a) In this |
|
|
section, "ransomware" means a computer contaminant or lock that |
|
|
restricts access by an unauthorized person to a computer, computer |
|
|
system, or computer network or any data in a computer, computer |
|
|
system, or computer network under circumstances in which a person |
|
|
demands money, property, or a service to remove the computer |
|
|
contaminant or lock, restore access to the computer, computer |
|
|
system, computer network, or data, or otherwise remediate the |
|
|
impact of the computer contaminant or lock. |
|
|
(b) A person commits an offense if the person intentionally |
|
|
alters data as it transmits between two computers in a computer |
|
|
network or computer system through deception and without a |
|
|
legitimate business purpose. |
|
|
(c) A person commits an offense if the person intentionally |
|
|
introduces ransomware onto a computer, computer network, or |
|
|
computer system through deception and without a legitimate business |
|
|
purpose. |
| |
|
|
(d) Subject to Subsections (d-1) and (d-2), an offense under |
|
|
this section is a Class C misdemeanor. |
|
|
(d-1) Subject to Subsection (d-2), if it is shown on the |
|
|
trial of the offense that the defendant acted with the intent to |
|
|
defraud or harm another, an offense under this section is: |
|
|
(1) a Class C misdemeanor if the aggregate amount |
|
|
involved is less than $100 or cannot be determined; |
|
|
(2) a Class B misdemeanor if the aggregate amount |
|
|
involved is $100 or more but less than $750; |
|
|
(3) a Class A misdemeanor if the aggregate amount |
|
|
involved is $750 or more but less than $2,500; |
|
|
(4) a state jail felony if the aggregate amount |
|
|
involved is $2,500 or more but less than $30,000; |
|
|
(5) a felony of the third degree if the aggregate |
|
|
amount involved is $30,000 or more but less than $150,000; |
|
|
(6) a felony of the second degree if the aggregate |
|
|
amount involved is $150,000 or more but less than $300,000; and |
|
|
(7) a felony of the first degree if the aggregate |
|
|
amount involved is $300,000 or more. |
|
|
(d-2) If it is shown on the trial of the offense that the |
|
|
defendant knowingly restricted a victim's access to privileged |
|
|
information, an offense under this section is: |
|
|
(1) a state jail felony if the value of the aggregate |
|
|
amount involved is less than $2,500; |
|
|
(2) a felony of the third degree if: |
|
|
(A) the value of the aggregate amount involved is |
|
|
$2,500 or more but less than $30,000; or |
|
|
(B) a client or patient of a victim suffered harm |
|
|
attributable to the offense; |
|
|
(3) a felony of the second degree if: |
|
|
(A) the value of the aggregate amount involved is |
|
|
$30,000 or more but less than $150,000; or |
|
|
(B) a client or patient of a victim suffered |
|
|
bodily injury attributable to the offense; and |
|
|
(4) a felony of the first degree if: |
|
|
(A) the value of the aggregate amount involved is |
|
|
$150,000 or more; or |
|
|
(B) a client or patient of a victim suffered |
|
|
serious bodily injury or death attributable to the offense. |
|
|
(e) When benefits are obtained, a victim is defrauded or |
|
|
harmed, or property is altered, appropriated, damaged, or deleted |
|
|
in violation of this section, whether or not in a single incident, |
|
|
the conduct may be considered as one offense and the value of the |
|
|
benefits obtained and of the losses incurred because of the fraud, |
|
|
harm, or alteration, appropriation, damage, or deletion of property |
|
|
may be aggregated in determining the grade of the offense. |
|
|
(f) A person who is subject to prosecution under this |
|
|
section and any other section of this code may be prosecuted under |
|
|
either or both sections. |
|
|
(g) Software is not ransomware for the purposes of this |
|
|
section if the software restricts access to data because: |
|
|
(1) authentication is required to upgrade or access |
|
|
purchased content; or |
|
|
(2) access to subscription content has been blocked |
|
|
for nonpayment. |
|
|
Sec. 33.024. UNLAWFUL DECRYPTION. (a) A person commits an |
|
|
offense if the person intentionally decrypts encrypted private |
|
|
information through deception and without a legitimate business |
|
|
purpose. |
|
|
(b) Subject to Subsections (b-1) and (b-2), an offense under |
|
|
this section is a Class C misdemeanor. |
|
|
(b-1) Subject to Subsection (b-2), if it is shown on the |
|
|
trial of the offense that the defendant acted with the intent to |
|
|
defraud or harm another, an offense under this section is: |
|
|
(1) a Class C misdemeanor if the value of the aggregate |
|
|
amount involved is less than $100 or cannot be determined; |
|
|
(2) a Class B misdemeanor if the value of the aggregate |
|
|
amount involved is $100 or more but less than $750; |
|
|
(3) a Class A misdemeanor if the value of the aggregate |
|
|
amount involved is $750 or more but less than $2,500; |
|
|
(4) a state jail felony if the value of the aggregate |
|
|
amount involved is $2,500 or more but less than $30,000; |
|
|
(5) a felony of the third degree if the value of the |
|
|
aggregate amount involved is $30,000 or more but less than |
|
|
$150,000; |
|
|
(6) a felony of the second degree if the value of the |
|
|
aggregate amount involved is $150,000 or more but less than |
|
|
$300,000; and |
|
|
(7) a felony of the first degree if the value of the |
|
|
aggregate amount involved is $300,000 or more. |
|
|
(b-2) If it is shown on the trial of the offense that the |
|
|
defendant knowingly decrypted privileged information, an offense |
|
|
under this section is: |
|
|
(1) a state jail felony if the value of the aggregate |
|
|
amount involved is less than $2,500; |
|
|
(2) a felony of the third degree if: |
|
|
(A) the value of the aggregate amount involved is |
|
|
$2,500 or more but less than $30,000; or |
|
|
(B) a client or patient of a victim suffered harm |
|
|
attributable to the offense; |
|
|
(3) a felony of the second degree if: |
|
|
(A) the value of the aggregate amount involved is |
|
|
$30,000 or more but less than $150,000; or |
|
|
(B) a client or patient of a victim suffered |
|
|
bodily injury attributable to the offense; and |
|
|
(4) a felony of the first degree if: |
|
|
(A) the value of the aggregate amount involved is |
|
|
$150,000 or more; or |
|
|
(B) a client or patient of a victim suffered |
|
|
serious bodily injury or death attributable to the offense. |
|
|
(c) It is a defense to prosecution under this section that |
|
|
the actor's conduct was pursuant to an agreement entered into with |
|
|
the owner for the purpose of: |
|
|
(1) assessing or maintaining the security of the |
|
|
information or of a computer, computer network, or computer system; |
|
|
or |
|
|
(2) providing other services related to security. |
|
|
(d) A person who is subject to prosecution under this |
|
|
section and any other section of this code may be prosecuted under |
|
|
either or both sections. |
|
|
SECTION 4. Section 33.03, Penal Code, is amended to read as |
|
|
follows: |
|
|
Sec. 33.03. DEFENSES. It is an affirmative defense to |
|
|
prosecution under Section 33.02 or 33.022 that the actor was an |
|
|
officer, employee, or agent of a communications common carrier or |
|
|
electric utility and committed the proscribed act or acts in the |
|
|
course of employment while engaged in an activity that is a |
|
|
necessary incident to the rendition of service or to the protection |
|
|
of the rights or property of the communications common carrier or |
|
|
electric utility. |
|
|
SECTION 5. The change in law made by this Act applies only |
|
|
to an offense committed on or after the effective date of this Act. |
|
|
An offense committed before the effective date of this Act is |
|
|
governed by the law in effect on the date the offense was committed, |
|
|
and the former law is continued in effect for that purpose. For |
|
|
purposes of this section, an offense was committed before the |
|
|
effective date of this Act if any element of the offense occurred |
|
|
before that date. |
|
|
SECTION 6. This Act takes effect September 1, 2017. |
| |
| |
| |
______________________________ |
______________________________ |
| |
President of the Senate |
Speaker of the House |
| |
| |
|
|
I certify that H.B. No. 9 was passed by the House on April 13, |
|
|
2017, by the following vote: Yeas 139, Nays 0, 2 present, not |
|
|
voting; and that the House concurred in Senate amendments to H.B. |
|
|
No. 9 on May 26, 2017, by the following vote: Yeas 142, Nays 0, 2 |
|
|
present, not voting. |
|
|
|
|
|
______________________________ |
|
|
Chief Clerk of the House |
| |
|
|
I certify that H.B. No. 9 was passed by the Senate, with |
|
|
amendments, on May 24, 2017, by the following vote: Yeas 31, Nays |
|
|
0. |
|
|
|
|
|
______________________________ |
|
|
Secretary of the Senate |
|
|
APPROVED: __________________ |
|
|
Date |
|
|
|
|
|
__________________ |
|
|
Governor |