The definitions in this section apply throughout this chapter unless the context clearly requires otherwise.
(1) "Advertisement" means a communication, the primary purpose of which is the commercial promotion of a commercial product or service, including a communication on an internet web site that is operated for a commercial purpose.
(2) "Computer software" means a sequence of instructions written in any programming language that is executed on a computer. "Computer software" does not include computer software that is a web page, or are data components of web pages that are not executable independently of the web page.
(3) "Damage" means any significant impairment to the integrity or availability of data, computer software, a system, or information.
(4) "Deceptive" means: (a) A materially false or fraudulent statement; or (b) a statement or description that omits or misrepresents material information in order to deceive an owner or operator.
(5) "Execute" means the performance of the functions or the carrying out of the instructions of the computer software.
(6) "Internet" means the global information system that is logically linked together by a globally unique address space based on the internet protocol (IP), or its subsequent extensions, and that is able to support communications using the transmission control protocol/internet protocol (TCP/IP) suite, or its subsequent extensions, or other IP-compatible protocols, and that provides, uses, or makes accessible, either publicly or privately, high level services layered on the communications and related infrastructure described in this subsection.
(7) "Owner or operator" means the owner or lessee of a computer, or someone using such computer with the owner's or lessee's authorization. "Owner or operator" does not include any person who owns a computer before the first retail sale of such computer.
(8) "Person" means any individual, partnership, corporation, limited liability company, or other organization, or any combination thereof.
(9) "Personally identifiable information" means any of the following with respect to an individual who is an owner or operator:
(a) First name or first initial in combination with last name;
(b) A home or other physical address including street name;
(c) An electronic mail address;
(d) A credit or debit card number, bank account number, or a password or access code associated with a credit or debit card or bank account;
(e) Social security number, tax identification number, driver's license number, passport number, or any other government-issued identification number; or
(f) Any of the following information in a form that personally identifies an owner or operator:
(i) Account balances;
(ii) Overdraft history; or
(iii) Payment history.
(10) "Procure" means to knowingly, or with conscious avoidance of knowledge, pay or provide other consideration to, or induce, another person to transmit on one's behalf.
(11) "Transmit" means to knowingly, or with conscious avoidance of knowledge, transfer, send, or make available computer software, or any component thereof, via the internet or any other medium, including local area networks of computers, other nonwire transmission, and disc or other data storage device. "Transmit" does not include any action by a person providing:
(a) The internet connection, telephone connection, or other means of transmission capability through which the software was made available;
(b) The storage or hosting of the software program or a web page through which the software was made available, unless the person providing the storage or hosting services knows or reasonably should know there is or will be a violation of this chapter, and participates in or ratifies the actions constituting the violation; or
(c) An information location tool, such as a directory, index reference, pointer, or hypertext link, through which the user of the computer located the software, unless such person receives a direct economic benefit from the execution of such software on the computer.
[2008 c 66 § 1; 2005 c 500 § 1.]
Unlawful activities—Unauthorized transmission of software.
It is unlawful for a person, without the authorization of the owner or operator, to transmit, or procure the transmission of, software to the owner or operator's computer with actual knowledge or conscious avoidance of actual knowledge that the software does any of the following:
(1) Modifies, through deceptive means, settings that control any of the following:
(a) The page that appears when an owner or operator launches an internet browser or similar computer software used to access and navigate the internet;
(b) The default provider or web proxy the owner or operator uses to access or search the internet;
(c) The owner or operator's list of bookmarks used to access web pages; or
(d) The toolbars or buttons of the owner or operator's internet browser or similar computer software used to access and navigate the internet;
(2) Collects, through intentionally deceptive means, personally identifiable information through the use of a keystroke-logging function or through extracting the information from the owner or operator's hard drive;
(3) Prevents, through intentionally deceptive means, an owner or operator's reasonable efforts to block the installation or execution of, or to disable, computer software;
(4) Misrepresents that computer software will be uninstalled or disabled by an owner or operator's action;
(5) Through intentionally deceptive means, removes, disables, or renders inoperative security, antispyware, or antivirus computer software installed on the computer, or through intentionally deceptive means disables the ability of such computer software to update automatically;
(6) Accesses or uses the modem or internet service for such computer to cause damage to the computer or cause an owner or operator to incur financial charges for a service that is not authorized by the owner or operator;
(7) Opens multiple, sequential, stand-alone advertisements in the owner or operator's computer without the authorization of the owner or operator and that a reasonable computer user cannot close without turning off the computer or closing the internet browser;
(8) Uses the owner or operator's computer as part of an activity performed by a group of computers for the purpose of causing damage to another computer or person including, but not limited to, launching a denial of service attack;
(9) Transmits or relays commercial electronic mail or a computer virus from the owner or operator's computer, where the transmission or relaying is initiated by a person other than the owner or operator;
(10) Modifies any of the following settings related to the computer's access to, or use of, the internet:
(a) Settings that protect information about the owner or operator in order to make unauthorized use of the owner or operator's personally identifiable information; or
(b) Security settings in order to cause damage to a computer; or
(11) Prevents an owner or operator's reasonable efforts to block the installation of, or to disable, computer software by doing any of the following:
(a) Presenting the owner or operator with an option to decline installation of computer software and with knowledge or conscious avoidance of knowledge that when the option is selected the installation nevertheless proceeds; or
(b) Falsely representing that computer software has been disabled.
[2008 c 66 § 2; 2005 c 500 § 2.]
Unlawful activities—Installation or execution of software component—Deceptive misrepresentation.
It is unlawful for a person who is not an owner or operator to do any of the following with regard to the owner or operator's computer:
(1) Induce an owner or operator to install a computer software component onto the computer by deceptively misrepresenting the extent to which installing the software is necessary for maintenance, update, or repair of the computer or computer software, for security or privacy reasons, for the proper operation of the computer, in order to open, view, or play a particular type of content; or
(2) Induce an owner or operator to install a computer software component onto the computer by displaying a pop-up, web page, or other message that deceptively misrepresents the source of the message; or
(3) Deceptively cause the execution on the computer of a computer software component that causes the owner or operator to use the component in a manner that violates any other provision of this section.
[2008 c 66 § 3; 2005 c 500 § 4.]
Application and construction of RCW 19.270.020 (5) through (11) or 19.270.040.
(1) Neither RCW 19.270.020
(5) through (11) nor 19.270.040
apply to any monitoring of, or interaction with, a subscriber's internet or other network connection or service, or a computer, by a telecommunications carrier, cable operator, computer hardware or software provider, or provider of information service or interactive computer service for network or computer security purposes, diagnostics, technical support, maintenance, repair, authorized updates of software or system firmware, authorized remote system management, or detection or prevention of the unauthorized use of or fraudulent or other illegal activities in connection with a network, service, or computer software, including scanning for and removing software under this chapter.
(2) This section shall not be construed to provide a defense to liability under the common law or any other state or federal law, nor shall it be construed as an affirmative grant of authority to engage in any of the activities listed in this section.
[2008 c 66 § 4; 2005 c 500 § 5.]
Who may bring an action—Damages—Attorneys' fees—Limit of damages.
(1) In addition to any other remedies provided by this chapter or any other provision of law, the attorney general, or a provider of computer software or owner of a web site or trademark who is adversely affected by reason of a violation of this chapter, and whose action arises directly out of such person's status as a provider or owner, may bring an action against a person who violates this chapter to enjoin further violations and to recover either actual damages or one hundred thousand dollars per violation, whichever is greater.
(2) In an action under subsection (1) of this section, a court may increase the damages up to three times the damages allowed under subsection (1) of this section if the defendant has engaged in a pattern and practice of violating this chapter. The court may also award costs and reasonable attorneys' fees to the prevailing party.
(3) The amount of damages determined under subsection (1) or (2) of this section may not exceed two million dollars.
[2008 c 66 § 5; 2005 c 500 § 6.]
Intent—Chapter preempts local laws.
It is the intent of the legislature that this chapter is a matter of statewide concern. This chapter supersedes and preempts all rules, regulations, codes, ordinances, and other laws adopted by a city, county, city and county, municipality, or local agency regarding spyware and notices to consumers from computer software providers regarding information collection.
[2005 c 500 § 7.]
Chapter 19.86 RCW not affected.
Chapter 500, Laws of 2005 does not add to, contract, alter, or amend any cause of action allowed under chapter 19.86
RCW and does not affect in any way the application of chapter 19.86
RCW to any future case or fact pattern.
[2005 c 500 § 8.]
Severability—2005 c 500.
If any provision of this act or its application to any person or circumstance is held invalid, the remainder of the act or the application of the provision to other persons or circumstances is not affected.
[2005 c 500 § 9.]