SENATE BILL No. 151

 

 

February 2, 2005, Introduced by Senators BROWN, BISHOP, GEORGE, SANBORN and CROPSEY and referred to the Committee on Technology and Energy.

 

 

 

 

 

 

     A bill to prohibit certain conduct relating to computer

 

software, including spyware, and the unauthorized collection and

 

use of information from computers; to prescribe the powers and

 

duties of certain state agencies and officers; and to provide

 

remedies.

 

THE PEOPLE OF THE STATE OF MICHIGAN ENACT:

 

     Sec. 1. This act shall be known and may be cited as the

 

"spyware control act".

 

     Sec. 2. (1) As used in this act:

 

     (a) "Context-based triggering mechanism" means a software-

 

based trigger or program residing on a computer that displays an

 


advertisement based on either of the following:

 

     (i) The internet website being accessed by the computer.

 

     (ii) The contents or characteristics of the internet website

 

being accessed by the computer.

 

     (b) "Department" means the department of labor and economic

 

growth.

 

     (c) "Internet" means that term as defined in 47 USC 230.

 

     (d) "Protected information" means 1 or more of the following:

 

     (i) The internet websites accessed with the computer.

 

     (ii) The contents or characteristics of the internet websites

 

accessed with the computer.

 

     (iii) Personal information entered or revealed during the

 

operation of the computer, including all of the following:

 

     (A) An individual's first and last name whether given at birth

 

or adoption, assumed, or legally changed.

 

     (B) The street name, city or town, or zip code of an

 

individual's home or physical address.

 

     (C) An electronic mail address.

 

     (D) A telephone number.

 

     (E) A social security number.

 

     (F) Any personal identification number.

 

     (G) A credit card number.

 

     (H) An access code associated with a credit card.

 

     (I) A date of birth, birth certificate number, or place of

 

birth.

 

     (J) A password or access code.

 

     (iv) Information submitted by way of forms on an internet

 


website.

 

     (e) Except as provided in subsection (2), "spyware" means

 

software residing on a computer that collects protected information

 

and does 1 or both of the following:

 

     (i) Sends protected information to a remote computer or server.

 

     (ii) In response to protected information, displays or causes

 

to be displayed an advertisement to which 1 or more of the

 

following apply:

 

     (A) The advertisement does not clearly identify the full legal

 

name of the entity responsible for delivering the advertisement.

 

     (B) The advertisement uses a federally registered trademark as

 

a trigger for the display of the advertisement by a person other

 

than the trademark owner, an authorized agent or licensee of the

 

trademark owner, or a recognized internet search engine.

 

     (C) The advertisement uses a triggering mechanism to display

 

the advertisement based on the internet websites accessed by the

 

computer.

 

     (D) The advertisement is displayed using a context-based

 

triggering mechanism and the advertisement partially or wholly

 

covers or obscures paid advertising or other content on a website

 

in a manner that interferes with the computer user's ability to

 

view the website.

 

     (f) "User" means a computer owner or a person who accesses an

 

internet website.

 

     (2) Notwithstanding subsection (1), the following are not

 

spyware:

 

     (a) Software designed and installed solely to diagnose or

 


resolve technical difficulties.

 

     (b) Software or data that solely reports to an internet

 

website information previously stored by the internet website on

 

the computer, including 1 or more of the following:

 

     (i) Cookies.

 

     (ii) HTML code.

 

     (iii) Java scripts.

 

     (c) A computer operating system.

 

     (d) Software to which both of the following apply:

 

     (i) At the time of or after installation of the software but

 

before the software does any of the actions described in subsection

 

(1)(d), the computer user is provided with all of the following and

 

the agreement of the user to all of the following is obtained:

 

     (A) A license agreement for the software that is presented in

 

full and written in plain English.

 

     (B) A notice of the collection of each specific type of

 

information to be transmitted as a result of the software

 

installation.

 

     (C) A clear and representative full-size example of each type

 

of advertisement that may be delivered as a result of the software

 

installation.

 

     (D) A truthful statement of the frequency with which each type

 

of advertisement may be delivered as a result of the software

 

installation.

 

     (E) For each type of advertisement delivered as a result of

 

the software installation, a clear description of a method by which

 

a user may distinguish the advertisement by its appearance from an

 


advertisement generated by other software services.

 

     (ii) The computer user is provided with a method to quickly and

 

easily, using obvious, standard, usual, and ordinary methods,

 

disable and remove the software from the computer with no other

 

effect on the nonaffiliated parts of the computer.

 

     Sec. 3. (1) A person shall not do any of the following:

 

     (a) Install spyware on another person's computer.

 

     (b) Cause spyware to be installed on another person's

 

computer.

 

     (c) Use a context-based triggering mechanism to display an

 

advertisement that partially or wholly covers or obscures paid

 

advertising or other content on an internet website in a way that

 

interferes with a user's ability to view the internet.

 

     (2) It is not a defense to an action for a violation of this

 

section that a user may remove or hide spyware or an advertisement.

 

     Sec. 4. (1) An action against a person for a violation of this

 

act may be brought by any of the following who is adversely

 

affected by the violation:

 

     (a) A user.

 

     (b) An internet website owner or registrant.

 

     (c) A trademark or copyright owner.

 

     (d) An authorized advertiser on an internet website.

 

     (2) In an action under subsection (1), a person may obtain 1

 

or both of the following:

 

     (a) An injunction to prohibit further violations of this act.

 

     (b) The greater of the following:

 

     (i) Actual damages.

 


     (ii) Ten thousand dollars for each separate violation of this

 

act.

 

     (iii) For a knowing violation of this act, 3 times whichever

 

amount described in subparagraph (i) or (ii) is larger.

 

     (3) For purposes of this section, each instance of obtaining

 

access to user information and each display of an advertisement is

 

a separate violation of this act.

 

     Sec. 5. (1) This act does not authorize a person to file an

 

action for a violation of this act against an internet service

 

provider for the routine transmission of any of the following:

 

     (a) Security information.

 

     (b) Information that contains an advertisement in violation of

 

this act.

 

     (2) A person shall not file a class action under this act.

 

     Sec. 6. The department shall do all of the following:

 

     (a) Establish procedures by which a person may report a

 

violation of this act to the department by either of the following:

 

     (i) An internet website maintained by the department.

 

     (ii) A toll-free telephone number.

 

     (b) Review this act on an annual basis and recommend in

 

writing to the committees of the senate and house of

 

representatives having primary jurisdiction over technology issues

 

any amendments to this act that are considered appropriate by the

 

department based on that review.