September 8, 2004, Introduced by Senators BROWN, BISHOP, TOY and BIRKHOLZ and referred to the Committee on Judiciary.
A bill to prohibit certain conduct relating to computer
spyware and the unauthorized collection and use of information
from computers; to prescribe the powers and duties of certain
state agencies and officers; and to provide remedies.
THE PEOPLE OF THE STATE OF MICHIGAN ENACT:
1 Sec. 1. This act shall be known and may be cited as the
2 "spyware control act".
3 Sec. 2. (1) As used in this act:
4 (a) "Context-based triggering mechanism" means a
5 software-based trigger or program residing on a computer that
6 displays an advertisement based on either of the following:
7 (i) The internet website being accessed by the computer.
8 (ii) The contents or characteristics of the internet website
9 being accessed by the computer.
10 (b) "Department" means the department of labor and economic
1 growth.
2 (c) "Internet" means that term as defined in 47 USC 230.
3 (d) Except as provided in subsection (2), "spyware" means
4 software residing on a computer that collects protected
5 information and does 1 or both of the following:
6 (i) Sends protected information to a remote computer or
7 server.
8 (ii) In response to protected information, displays or causes
9 to be displayed an advertisement to which 1 or more of the
10 following apply:
11 (A) The advertisement does not clearly identify the full
12 legal name of the entity responsible for delivering the
13 advertisement.
14 (B) The advertisement uses a federally registered trademark
15 as a trigger for the display of the advertisement by a person
16 other than the trademark owner, an authorized agent or licensee
17 of the trademark owner, or a recognized internet search engine.
18 (C) The advertisement uses a triggering mechanism to display
19 the advertisement based on the internet websites accessed by the
20 computer.
21 (D) The advertisement is displayed using a context-based
22 triggering mechanism and the advertisement partially or wholly
23 covers or obscures paid advertising or other content on a website
24 in a manner that interferes with the computer user's ability to
25 view the website.
26 (e) "Protected information" means 1 or more of the
27 following:
1 (i) The internet websites accessed with the computer.
2 (ii) The contents or characteristics of the internet websites
3 accessed with the computer.
4 (iii) Personal information entered or revealed during the
5 operation of the computer, including all of the following:
6 (A) An individual's first and last name whether given at
7 birth or adoption, assumed, or legally changed.
8 (B) The street name, city or town, or zip code of an
9 individual's home or physical address.
10 (C) An electronic mail address.
11 (D) A telephone number.
12 (E) A social security number.
13 (F) Any personal identification number.
14 (G) A credit card number.
15 (H) An access code associated with a credit card.
16 (I) A date of birth, birth certificate number, or place of
17 birth.
18 (J) A password or access code.
19 (iv) Information submitted by way of forms on an internet
20 website.
21 (f) "User" means a computer owner or a person who accesses an
22 internet website.
23 (2) Notwithstanding subsection (1), the following are not
24 spyware:
25 (a) Software designed and installed solely to diagnose or
26 resolve technical difficulties.
27 (b) Software or data that solely reports to an internet
1 website information previously stored by the internet website on
2 the computer, including 1 or more of the following:
3 (i) Cookies.
4 (ii) HTML code.
5 (iii) Java scripts.
6 (c) A computer operating system.
7 (d) Software to which both of the following apply:
8 (i) At the time of or after installation of the software but
9 before the software does any of the actions described in
10 subsection (1)(d), the computer user is provided with all of the
11 following and the agreement of the user to all of the following
12 is obtained:
13 (A) A license agreement for the software that is presented in
14 full and written in plain English.
15 (B) A notice of the collection of each specific type of
16 information to be transmitted as a result of the software
17 installation.
18 (C) A clear and representative full-size example of each type
19 of advertisement that may be delivered as a result of the
20 software installation.
21 (D) A truthful statement of the frequency with which each
22 type of advertisement may be delivered as a result of the
23 software installation.
24 (E) For each type of advertisement delivered as a result of
25 the software installation, a clear description of a method by
26 which a user may distinguish the advertisement by its appearance
27 from an advertisement generated by other software services.
1 (ii) The computer user is provided with a method to quickly
2 and easily, using obvious, standard, usual, and ordinary methods,
3 disable and remove the software from the computer with no other
4 effect on the nonaffiliated parts of the computer.
5 Sec. 3. (1) A person shall not do any of the following:
6 (a) Install spyware on another person's computer.
7 (b) Cause spyware to be installed on another person's
8 computer.
9 (c) Use a context-based triggering mechanism to display an
10 advertisement that partially or wholly covers or obscures paid
11 advertising or other content on an internet website in a way that
12 interferes with a user's ability to view the internet.
13 (2) It is not a defense to an action for a violation of this
14 section that a user may remove or hide spyware or an
15 advertisement.
16 Sec. 4. (1) An action against a person for a violation of
17 this act may be brought by any of the following who is adversely
18 affected by the violation:
19 (a) A user.
20 (b) An internet website owner or registrant.
21 (c) A trademark or copyright owner.
22 (d) An authorized advertiser on an internet website.
23 (2) In an action under subsection (1), a person may obtain 1
24 or both of the following:
25 (a) An injunction to prohibit further violations of this
26 act.
27 (b) The greater of the following:
1 (i) Actual damages.
2 (ii) Ten thousand dollars for each separate violation of this
3 act.
4 (iii) For a knowing violation of this act, 3 times whichever
5 amount described in subparagraph (i) or (ii) is larger.
6 (3) For purposes of this section, each instance of obtaining
7 access to user information and each display of an advertisement
8 is a separate violation of this act.
9 Sec. 5. (1) This act does not authorize a person to file an
10 action for a violation of this act against an internet service
11 provider for the routine transmission of any of the following:
12 (a) Security information.
13 (b) Information that contains an advertisement in violation
14 of this act.
15 (2) A person shall not file a class action under this act.
16 Sec. 6. The department shall do all of the following:
17 (a) Establish procedures by which a person may report a
18 violation of this act to the department by either of the
19 following:
20 (i) An internet website maintained by the department.
21 (ii) A toll-free telephone number.
22 (b) Review this act on an annual basis and recommend in
23 writing to the committees of the senate and house of
24 representatives having primary jurisdiction over technology
25 issues any amendments to this act that are considered appropriate
26 by the department based on that review.