Bill Text


Bill PDF |Add To My Favorites | print page

SB-1137 Computer crimes: ransomware.(2015-2016)

SHARE THIS: share this bill in Facebook share this bill in Twitter
SB1137:v93#DOCUMENT

Senate Bill No. 1137
CHAPTER 725

An act to amend Section 523 of the Penal Code, relating to computer crimes.

[ Approved by Governor  September 27, 2016. Filed with Secretary of State  September 27, 2016. ]

LEGISLATIVE COUNSEL'S DIGEST


SB 1137, Hertzberg. Computer crimes: ransomware.
Existing law establishes various crimes relating to computer services and systems, including, but not limited to, knowingly introducing a computer contaminant, as defined. Existing law makes a violation of those crimes punishable by specified fines or terms of imprisonment, or by both those fines and imprisonment.
Existing law defines extortion as obtaining the property of another, with his or her consent, induced by a wrongful use of force or fear. Existing law makes extortion a crime, punishable by imprisonment in a county jail for 2, 3, or 4 years.
This bill would define ransomware as a computer contaminant or lock placed or introduced without authorization into a computer, computer system, or computer network that restricts access by an authorized person to the computer, computer system, computer network, or any data therein under circumstances in which the person responsible for the placement or introduction of the ransomware demands payment of money or other consideration to remove the computer contaminant, restore access to the computer, computer system, computer network, or data, or otherwise remediate the impact of the computer contaminant or lock. The bill would provide that a person is responsible for placing or introducing ransomware into a computer, computer system, or computer network if the person directly places or introduces the ransomware or directs or induces another person do so, with the intent of demanding payment or other consideration to remove the ransomware, restore access, or otherwise remediate the impact of the ransomware. The bill would provide that a person who, with intent to extort money or other consideration from another, introduces ransomware into any computer, computer system, or computer network is punishable as if that money or other consideration were actually obtained by means of the ransomware. By expanding the scope of a crime, this bill would create a state-mandated local program.
The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.
This bill would provide that no reimbursement is required by this act for a specified reason.
Vote: MAJORITY   Appropriation: NO   Fiscal Committee: YES   Local Program: YES  

The people of the State of California do enact as follows:


SECTION 1.

 Section 523 of the Penal Code is amended to read:

523.
 (a) Every person who, with intent to extort any money or other property from another, sends or delivers to any person any letter or other writing, whether subscribed or not, expressing or implying, or adapted to imply, any threat such as is specified in Section 519 is punishable in the same manner as if such money or property were actually obtained by means of such threat.
(b) (1) Every person who, with intent to extort money or other consideration from another, introduces ransomware into any computer, computer system, or computer network is punishable pursuant to Section 520 in the same manner as if such money or other consideration were actually obtained by means of the ransomware.
(2) Prosecution pursuant to this subdivision does not prohibit or limit prosecution under any other law.
(c) (1) “Ransomware” means a computer contaminant, as defined in Section 502, or lock placed or introduced without authorization into a computer, computer system, or computer network that restricts access by an authorized person to the computer, computer system, computer network, or any data therein under circumstances in which the person responsible for the placement or introduction of the ransomware demands payment of money or other consideration to remove the computer contaminant, restore access to the computer, computer system, computer network, or data, or otherwise remediate the impact of the computer contaminant or lock.
(2) A person is responsible for placing or introducing ransomware into a computer, computer system, or computer network if the person directly places or introduces the ransomware or directs or induces another person to do so, with the intent of demanding payment or other consideration to remove the ransomware, restore access, or otherwise remediate the impact of the ransomware.

SEC. 2.

 No reimbursement is required by this act pursuant to Section 6 of Article XIII B of the California Constitution because the only costs that may be incurred by a local agency or school district will be incurred because this act creates a new crime or infraction, eliminates a crime or infraction, or changes the penalty for a crime or infraction, within the meaning of Section 17556 of the Government Code, or changes the definition of a crime within the meaning of Section 6 of Article XIII B of the California Constitution.