February 2, 2005, Introduced by Senators BROWN, BISHOP, GEORGE, SANBORN and CROPSEY and referred to the Committee on Technology and Energy.
A bill to prohibit certain conduct relating to computer
software, including spyware, and the unauthorized collection and
use of information from computers; to prescribe the powers and
duties of certain state agencies and officers; and to provide
remedies.
THE PEOPLE OF THE STATE OF MICHIGAN ENACT:
Sec. 1. This act shall be known and may be cited as the
"spyware control act".
Sec. 2. (1) As used in this act:
(a) "Context-based triggering mechanism" means a software-
based trigger or program residing on a computer that displays an
advertisement based on either of the following:
(i) The internet website being accessed by the computer.
(ii) The contents or characteristics of the internet website
being accessed by the computer.
(b) "Department" means the department of labor and economic
growth.
(c) "Internet" means that term as defined in 47 USC 230.
(d) "Protected information" means 1 or more of the following:
(i) The internet websites accessed with the computer.
(ii) The contents or characteristics of the internet websites
accessed with the computer.
(iii) Personal information entered or revealed during the
operation of the computer, including all of the following:
(A) An individual's first and last name whether given at birth
or adoption, assumed, or legally changed.
(B) The street name, city or town, or zip code of an
individual's home or physical address.
(C) An electronic mail address.
(D) A telephone number.
(E) A social security number.
(F) Any personal identification number.
(G) A credit card number.
(H) An access code associated with a credit card.
(I) A date of birth, birth certificate number, or place of
birth.
(J) A password or access code.
(iv) Information submitted by way of forms on an internet
website.
(e) Except as provided in subsection (2), "spyware" means
software residing on a computer that collects protected information
and does 1 or both of the following:
(i) Sends protected information to a remote computer or server.
(ii) In response to protected information, displays or causes
to be displayed an advertisement to which 1 or more of the
following apply:
(A) The advertisement does not clearly identify the full legal
name of the entity responsible for delivering the advertisement.
(B) The advertisement uses a federally registered trademark as
a trigger for the display of the advertisement by a person other
than the trademark owner, an authorized agent or licensee of the
trademark owner, or a recognized internet search engine.
(C) The advertisement uses a triggering mechanism to display
the advertisement based on the internet websites accessed by the
computer.
(D) The advertisement is displayed using a context-based
triggering mechanism and the advertisement partially or wholly
covers or obscures paid advertising or other content on a website
in a manner that interferes with the computer user's ability to
view the website.
(f) "User" means a computer owner or a person who accesses an
internet website.
(2) Notwithstanding subsection (1), the following are not
spyware:
(a) Software designed and installed solely to diagnose or
resolve technical difficulties.
(b) Software or data that solely reports to an internet
website information previously stored by the internet website on
the computer, including 1 or more of the following:
(i) Cookies.
(ii) HTML code.
(iii) Java scripts.
(c) A computer operating system.
(d) Software to which both of the following apply:
(i) At the time of or after installation of the software but
before the software does any of the actions described in subsection
(1)(d), the computer user is provided with all of the following and
the agreement of the user to all of the following is obtained:
(A) A license agreement for the software that is presented in
full and written in plain English.
(B) A notice of the collection of each specific type of
information to be transmitted as a result of the software
installation.
(C) A clear and representative full-size example of each type
of advertisement that may be delivered as a result of the software
installation.
(D) A truthful statement of the frequency with which each type
of advertisement may be delivered as a result of the software
installation.
(E) For each type of advertisement delivered as a result of
the software installation, a clear description of a method by which
a user may distinguish the advertisement by its appearance from an
advertisement generated by other software services.
(ii) The computer user is provided with a method to quickly and
easily, using obvious, standard, usual, and ordinary methods,
disable and remove the software from the computer with no other
effect on the nonaffiliated parts of the computer.
Sec. 3. (1) A person shall not do any of the following:
(a) Install spyware on another person's computer.
(b) Cause spyware to be installed on another person's
computer.
(c) Use a context-based triggering mechanism to display an
advertisement that partially or wholly covers or obscures paid
advertising or other content on an internet website in a way that
interferes with a user's ability to view the internet.
(2) It is not a defense to an action for a violation of this
section that a user may remove or hide spyware or an advertisement.
Sec. 4. (1) An action against a person for a violation of this
act may be brought by any of the following who is adversely
affected by the violation:
(a) A user.
(b) An internet website owner or registrant.
(c) A trademark or copyright owner.
(d) An authorized advertiser on an internet website.
(2) In an action under subsection (1), a person may obtain 1
or both of the following:
(a) An injunction to prohibit further violations of this act.
(b) The greater of the following:
(i) Actual damages.
(ii) Ten thousand dollars for each separate violation of this
act.
(iii) For a knowing violation of this act, 3 times whichever
amount described in subparagraph (i) or (ii) is larger.
(3) For purposes of this section, each instance of obtaining
access to user information and each display of an advertisement is
a separate violation of this act.
Sec. 5. (1) This act does not authorize a person to file an
action for a violation of this act against an internet service
provider for the routine transmission of any of the following:
(a) Security information.
(b) Information that contains an advertisement in violation of
this act.
(2) A person shall not file a class action under this act.
Sec. 6. The department shall do all of the following:
(a) Establish procedures by which a person may report a
violation of this act to the department by either of the following:
(i) An internet website maintained by the department.
(ii) A toll-free telephone number.
(b) Review this act on an annual basis and recommend in
writing to the committees of the senate and house of
representatives having primary jurisdiction over technology issues
any amendments to this act that are considered appropriate by the
department based on that review.