New Hampshire Anti-Spyware Law
New Hampshire has enacted an anti-Spyware law. (House Bill 47)
The law is effective immediately.
The law provides that: "A person or entity conducting business in this state, who is not an authorized user, shall not knowingly cause a computer program or spyware to be copied onto the computer of a consumer and use the program or spyware to do any of the following:
I. Take control, through intentionally deceptive means, of the consumer’s computer by doing any of the following:
(a) Transmitting or relaying commercial electronic mail or a computer virus from the consumer’s computer, where the transmission or relaying is initiated by a person other than an authorized user and without the authorization of an authorized user.
(b) Accessing or using the consumer’s modem or Internet service for the purpose of causing damage to the consumer’s computer or causing an authorized user to incur unauthorized financial charges.
(c) Using the consumer’s computer as part of an activity performed by a group of computers for the purpose of causing damage to another computer, including launching a denial of service attack.
(d) Opening multiple, sequential, stand-alone advertisements in the consumer’s Internet browser with knowledge that a reasonable computer user cannot close the advertisements without turning off the computer or closing the consumer’s Internet browser.
II. Modifying, through intentionally deceptive means, any of the following settings related to the computer’s access to, or use of, the Internet:
(a) The page that appears when an authorized user launches an Internet browser or similar program used to access and navigate the Internet.
(b) The default provider the authorized user uses to access or search the Internet.
(c) The authorized user’s list of bookmarks used to access Web pages.
(d) An authorized user’s security or other settings that protect information about the authorized user, for the purpose of stealing personal information of, or causing harm to, an authorized user.
(e) The security settings of the computer for the purpose of causing damage to one or more computers.
III. Collecting personal information through intentionally deceptive means, such as through the use of a keystroke logging function, and transferring that information from the computer to another person.
IV. Preventing, through intentionally deceptive means, an authorized user’s reasonable efforts to block the installation of, or to disable, software by doing any of the following:
(a) Presenting an authorized user with an option to decline installation of software such that, when the option is selected, the installation nevertheless proceeds.
(b) Falsely representing that software has been disabled.
(c) Causing software that the authorized user has properly removed or disabled to automatically reinstall or reactivate on the computer without the authorization of an authorized user.
V. Intentionally misrepresenting that software will be uninstalled or disabled by an authorized user’s action, with knowledge that the software will not be uninstalled or disabled.
VI. Inducing, through deceptive means, an authorized user to install a software component onto the computer, including deceptively misrepresenting that installing software is necessary for security or privacy reasons or in order to open, view, or play a particular type of content.
VII. Deceptively installing and executing on the computer one or more additional computer software components with the intent of causing an authorized user to use the components in a way that violates any other provision of this section.
VIII. Through intentionally deceptive means, removing, disabling, or rendering inoperative a security, antispyware, or antivirus technology installed on the computer.
The law defines “Advertisement” to mean:
"a communication, the primary purpose of which is the commercial promotion of a commercial product or service, including content on an Internet website operated for a commercial purpose."
The law defines “ Spyware” to mean:
Software residing on a computer that:
(1) Employs a user’s Internet connection in the background, via a backchannel, without his or her knowledge or explicit permission.
(2) Sends information about the computer’s usage to a remote computer or server; or displays or causes to be displayed an advertisement in response to the computer’s usage.
(3) Sends or causes to be sent personal information residing on the computer to a remote computer or server.
“Spyware” does not include any of the following:
(1) Software designed and installed primarily to prevent, diagnose, or resolve technical difficulties, to protect the security of the user’s computer, or to detect or prevent fraudulent activities.
(2) Software or data that solely report to an Internet website information stored by the Internet website on the user’s computer, including cookies, HTML code, or Java Scripts.
(3) Software that provides the user with the capability to search the Internet.
(4) Software installed with the consent of an authorized user whose primary purpose is to prevent access to Internet content that is inappropriate for minors.
The law is effective immediately.
The law provides that: "A person or entity conducting business in this state, who is not an authorized user, shall not knowingly cause a computer program or spyware to be copied onto the computer of a consumer and use the program or spyware to do any of the following:
I. Take control, through intentionally deceptive means, of the consumer’s computer by doing any of the following:
(a) Transmitting or relaying commercial electronic mail or a computer virus from the consumer’s computer, where the transmission or relaying is initiated by a person other than an authorized user and without the authorization of an authorized user.
(b) Accessing or using the consumer’s modem or Internet service for the purpose of causing damage to the consumer’s computer or causing an authorized user to incur unauthorized financial charges.
(c) Using the consumer’s computer as part of an activity performed by a group of computers for the purpose of causing damage to another computer, including launching a denial of service attack.
(d) Opening multiple, sequential, stand-alone advertisements in the consumer’s Internet browser with knowledge that a reasonable computer user cannot close the advertisements without turning off the computer or closing the consumer’s Internet browser.
II. Modifying, through intentionally deceptive means, any of the following settings related to the computer’s access to, or use of, the Internet:
(a) The page that appears when an authorized user launches an Internet browser or similar program used to access and navigate the Internet.
(b) The default provider the authorized user uses to access or search the Internet.
(c) The authorized user’s list of bookmarks used to access Web pages.
(d) An authorized user’s security or other settings that protect information about the authorized user, for the purpose of stealing personal information of, or causing harm to, an authorized user.
(e) The security settings of the computer for the purpose of causing damage to one or more computers.
III. Collecting personal information through intentionally deceptive means, such as through the use of a keystroke logging function, and transferring that information from the computer to another person.
IV. Preventing, through intentionally deceptive means, an authorized user’s reasonable efforts to block the installation of, or to disable, software by doing any of the following:
(a) Presenting an authorized user with an option to decline installation of software such that, when the option is selected, the installation nevertheless proceeds.
(b) Falsely representing that software has been disabled.
(c) Causing software that the authorized user has properly removed or disabled to automatically reinstall or reactivate on the computer without the authorization of an authorized user.
V. Intentionally misrepresenting that software will be uninstalled or disabled by an authorized user’s action, with knowledge that the software will not be uninstalled or disabled.
VI. Inducing, through deceptive means, an authorized user to install a software component onto the computer, including deceptively misrepresenting that installing software is necessary for security or privacy reasons or in order to open, view, or play a particular type of content.
VII. Deceptively installing and executing on the computer one or more additional computer software components with the intent of causing an authorized user to use the components in a way that violates any other provision of this section.
VIII. Through intentionally deceptive means, removing, disabling, or rendering inoperative a security, antispyware, or antivirus technology installed on the computer.
The law defines “Advertisement” to mean:
"a communication, the primary purpose of which is the commercial promotion of a commercial product or service, including content on an Internet website operated for a commercial purpose."
The law defines “ Spyware” to mean:
Software residing on a computer that:
(1) Employs a user’s Internet connection in the background, via a backchannel, without his or her knowledge or explicit permission.
(2) Sends information about the computer’s usage to a remote computer or server; or displays or causes to be displayed an advertisement in response to the computer’s usage.
(3) Sends or causes to be sent personal information residing on the computer to a remote computer or server.
“Spyware” does not include any of the following:
(1) Software designed and installed primarily to prevent, diagnose, or resolve technical difficulties, to protect the security of the user’s computer, or to detect or prevent fraudulent activities.
(2) Software or data that solely report to an Internet website information stored by the Internet website on the user’s computer, including cookies, HTML code, or Java Scripts.
(3) Software that provides the user with the capability to search the Internet.
(4) Software installed with the consent of an authorized user whose primary purpose is to prevent access to Internet content that is inappropriate for minors.
0 Comments:
Post a Comment
<< Home