GEORGIA STATUTES
Spam/Spyware/Viruses

16-9-101 | 16-9-102 | 16-9-103 | 16-9-108 | 16-9-109 | 16-9-152 | 16-9-153 | 16-9-154 | 15-9-155

§ 16-9-101. Initiation of deceptive commercial e-mail (SPAM)

(1) Where the volume of commercial e-mail transmitted exceeded 10,000 attempted recipients in any 24 hour period;
(2) Where the volume of commercial e-mail transmitted exceeded 100,000 attempted recipients in any 30 day period;
(3) Where the volume of commercial e-mail transmitted exceeded one million attempted recipients in any one-year period;
(4) Where the revenue generated from a specific commercial e-mail exceeded $1,000.00;
(5) Where the total revenue generated from all commercial e-mail transmitted to any e-mail service provider or its subscribers exceeded $50,000.00; or
(6) Where any person knowingly hires, employs, uses, or permits any minor to assist in the transmission of commercial e-mail in violation of Code Section 16-9-101, the person shall be guilty of a felony and punished by a fine of not more than $50,000.00 or by imprisonment of not more than five years, or both.

§ 16-9-108. Investigative and subpoena powers of district attorneys and the Attorney General

(a) In any investigation of a violation of this article or any investigation of a violation of Code Section 16-12-100, 16-12-100.1, 16-12-100.2, 16-5-90, or Article 8 of Chapter 9 of Title 16 involving the use of a computer in furtherance of the act, the Attorney General or any district attorney shall have the power to administer oaths; to call any party to testify under oath at such investigation; to require the attendance of witnesses and the production of books, records, and papers; and to take the depositions of witnesses. The Attorney General or any such district attorney is authorized to issue a subpoena for any witness or a subpoena to compel the production of any books, records, or papers.

(b) In case of refusal to obey a subpoena issued under this Code section to any person and upon application by the Attorney General or district attorney, the superior court in whose jurisdiction the witness is to appear or in which the books, records, or papers are to be produced may issue to that person an order requiring him or her to appear before the court to show cause why he or she should not be held in contempt for refusal to obey the subpoena. Failure to obey a subpoena may be punished by the court as contempt of court.

top

§ 16-9-109. Disclosures by service providers pursuant to investigations

(a) Any law enforcement unit, the Attorney General, or any district attorney who is conducting an investigation of a violation of this article or an investigation of a violation of Code Section 16-12-100, 16-12-100.1, 16-12-100.2, 16-5-90, or Article 8 of Chapter 9 of Title 16 involving the use of a computer in furtherance of the act may require the disclosure by a provider of electronic communication service or remote computing service of the contents of a wire or electronic communication that is in electronic storage in an electronic communications system for 180 days or less pursuant to a search warrant issued under the provisions of Article 2 of Chapter 5 of Title 17 by a court with jurisdiction over the offense under investigation. Such court may require the disclosure by a provider of electronic communication service or remote computing service of the contents of a wire or electronic communication that has been in electronic storage in an electronic communications system for more than 180 days as set forth in subsection (b) of this Code section.

(b)

(1) Any law enforcement unit, the Attorney General, or any district attorney may require a provider of electronic communication service or remote computing service to disclose a record or other information pertaining to a subscriber to or customer of such service, exclusive of the contents of communications, only when any law enforcement unit, the Attorney General, or any district attorney:

(A) Obtains a search warrant as provided in Article 2 of Chapter 5 of Title 17;
(B) Obtains a court order for such disclosure under subsection (c) of this Code section; or
(C) Has the consent of the subscriber or customer to such disclosure.

(2) A provider of electronic communication service or remote computing service shall disclose to any law enforcement unit, the Attorney General, or any district attorney the:

(A) Name;
(B) Address;
(C) Local and long distance telephone connection records, or records of session times and durations;
(D) Length of service, including the start date, and types of service utilized;
(E) Telephone or instrument number or other subscriber number or identity, including
any temporarily assigned network address; and
(F) Means and source of payment for such service, including any credit card or bank account number

of a subscriber to or customer of such service when any law enforcement unit, the Attorney General, or any district attorney uses a subpoena authorized by Code Section 16-9-108 or 45-15-17 or a grand jury or trial subpoena when any law enforcement unit, the Attorney General, or any district attorney complies with paragraph (1) of this subsection.

(3) Any law enforcement unit, the Attorney General, or any district attorney receiving records or information under this subsection shall not be required to provide notice to a subscriber or customer. A provider of electronic communication service or remote computing service shall not disclose to a subscriber or customer the existence of any search warrant or subpoena issued pursuant to this article nor shall a provider of electronic communication service or remote computing service disclose to a subscriber or customer that any records have been requested by or disclosed to any law enforcement unit, the Attorney General, or any district attorney pursuant to this article.

(c) A court order for disclosure issued pursuant to (b) of this Code section may be issued by any superior court with jurisdiction over the offense under investigation and shall only issue such court order for disclosure if any law enforcement unit, the Attorney General, or any district attorney offers specific and articulable facts showing that there are reasonable grounds to believe that the contents of an electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation. A court issuing an order pursuant to this Code section, on a motion made promptly by a provider of electronic communication service or remote computing service, may quash or modify such order, if compliance with such order would be unduly burdensome or oppressive on such provider.

(d)

(1) Any records supplied pursuant to this part shall be accompanied by the affidavit of the custodian or other qualified witness, stating in substance each of the following:

(A) The affiant is the duly authorized custodian of the records or other qualified witness and has authority to certify the records;
(B) The copy is a true copy of all the records described in the subpoena, court order, or search warrant and the records were delivered to the attorney or the attorney's representative;
(C) The records were prepared by the personnel of the business in the ordinary course of business at or near the time of the act, condition, or event;
(D) The sources of information and method and time of preparation were such as to indicate its trustworthiness;
(E) The identity of the records; and
(F) A description of the mode of preparation of the records.

(2) If the business has none or only part of the records described, the custodian or other qualified witness shall so state in the affidavit.

(3) If the original records would be admissible in evidence if the custodian or other qualified witness had been present and testified to the matters stated in the affidavit, the copy of the records shall be admissible in evidence. When more than one person has knowledge of the facts, more than one affidavit shall be attached to the records produced.

(4) No later than 30 days prior to trial, a party intending to offer such evidence produced in compliance with this subsection shall provide written notice of such intentions to the opposing party or parties. A motion opposing the admission of such evidence shall be filed within ten days of the filing of such notice, and the court shall hold a hearing and rule on such motion no later than ten days prior to trial. Failure of a party to file such motion opposing admission prior to trial shall constitute a waiver of objection to such records and affidavit. However, the court, for good cause shown, may grant relief from such waiver.

top

§ 16-9-152. Spyware, browers, hijacks, and other software prohibited

(a) It shall be illegal for a person or entity that is not an authorized user, as defined in Code Section 16-9-151, of a computer in this state to knowingly, willfully, or with conscious indifference or disregard cause computer software to be copied onto such computer and use the software to do any of the following:

(1) Modify, through intentionally deceptive means, any of the following settings related to the computer's access to, or use of, the Internet:

(A) The page that appears when an authorized user launches an Internet browser or
similar software program used to access and navigate the Internet;
(B) The default provider or web proxy the authorized user uses to access or search
the Internet; or
(C) The authorized user's list of bookmarks used to access web pages;

(2) Collect, through intentionally deceptive means, personally identifiable information that meets any of the following criteria:

(A) It is collected through the use of a keystroke-logging function that records all keystrokes made by an authorized user who uses the computer and transfers that information from the computer to another person;
(B) It includes all or substantially all of the websites visited by an authorized user, other than websites of the provider of the software, if the computer software was installed in a manner designed to conceal from all authorized users of the computer the fact that the software is being installed; or
(C) It is a data element described in subparagraph (B), (C), or (D) of paragraph (12) of Code Section 16-9-151, or in division (i) or (ii) of subparagraph (E) of paragraph (12) of Code Section 16-9-151, that is extracted from the consumer's or business entity's computer hard drive for a purpose wholly unrelated to any of the purposes of the software or service described to an authorized user;

(3) Prevent, without the authorization of an authorized user, through intentionally deceptive means, an authorized user's reasonable efforts to block the installation of, or to disable, software, by causing software that the authorized user has properly removed or disabled to automatically reinstall or reactivate on the computer without the authorization of an authorized user;

(4) Intentionally misrepresent that software will be uninstalled or disabled by an authorized user's action, with knowledge that the software will not be so uninstalled or disabled; or

(5) Through intentionally deceptive means, remove, disable, or render inoperative security, antispyware, or antivirus software installed on the computer.

(b) Nothing in this Code section shall apply to any monitoring of, or interaction with, a user's Internet or other network connection or service, or a protected computer, by a telecommunications carrier, cable operator, computer hardware or software provider, or provider of information service or interactive computer service for network or computer security purposes, diagnostics, technical support, repair, network management, network maintenance, authorized updates of software or system firmware, authorized remote system management, or detection or prevention of the unauthorized use of or fraudulent or other illegal activities in connection with a network, service, or computer software, including scanning for and removing software proscribed under this article.

top

§ 16-9-153. E-mail virus distribution, denial of service attacks, and other conduct prohibited

(a) It shall be illegal for a person or entity that is not an authorized user, as defined in Code Section 16-9-151, of a computer in this state to knowingly, willfully, or with conscious indifference or disregard cause computer software to be copied onto such computer and use the software to do any of the following:

(1) Take control of the consumer's or business entity's computer by doing any of the
following:

(A) Transmitting or relaying commercial electronic mail or a computer virus from the
consumer's or business entity's computer, where the transmission or relaying is initiated by a person other than the authorized user and without the authorization of an authorized user;
(B) Accessing or using the consumer's or business entity's modem or Internet service for the purpose of causing damage to the consumer's or business entity's computer or of causing an authorized user or a third party affected by such conduct to incur financial charges for a service that is not authorized by an authorized user;
(C) Using the consumer's or business entity's computer as part of an activity
performed by a group of computers for the purpose of causing damage to another computer, including, but not limited to, launching a denial of service attack; or
(D) Opening multiple, sequential, stand-alone advertisements in the consumer's or business entity's Internet browser without the authorization of an authorized user and with knowledge that a reasonable computer user cannot close the advertisements without turning off the computer or closing the consumer's or business entity's Internet browser;

(2) Modify any of the following settings related to the computer's access to, or use of, the Internet:

(A) An authorized user's security or other settings that protect information about
the authorized user for the purpose of stealing personal information of an authorized user; or
(B) The security settings of the computer for the purpose of causing damage to
one or more computers; or

(3) Prevent, without the authorization of an authorized user, an authorized user's reasonable efforts to block the installation of, or to disable, software, by doing any of the following:

(A) Presenting the authorized user with an option to decline installation of
software with knowledge that, when the option is selected by the authorized user, the installation nevertheless proceeds; or
(B) Falsely representing that software has been disabled.

(b) Nothing in this Code section shall apply to any monitoring of, or interaction with, a user's Internet or other network connection or service, or a protected computer, by a telecommunications carrier, cable operator, computer hardware or software provider, or provider of information service or interactive computer service for network or computer security purposes, diagnostics, technical support, repair, network management, network maintenance, authorized updates of software or system firmware, authorized remote system management, or detection or prevention of the unauthorized use of or fraudulent or other illegal activities in connection with a network, service, or computer software, including scanning for and removing software proscribed under this article.

top

§ 16-9-154. Inducement to install, copy, or execute software through misrepresentation prohibited

(a) It shall be illegal for a person or entity that is not an authorized user, as defined in Code Section 16-9-151, of a computer in this state to do any of the following with regard to such computer:

(1) Induce an authorized user to install a software component onto the computer by
intentionally misrepresenting that installing software is necessary for security or privacy reasons or in order to open, view, or play a particular type of content; or
(2) Deceptively causing the copying and execution on the computer of a computer
software component with the intent of causing an authorized user to use the component in a way that violates any other provision of this Code section.

(b) Nothing in this Code section shall apply to any monitoring of, or interaction with, a user's Internet or other network connection or service, or a protected computer, by a telecommunications carrier, cable operator, computer hardware or software provider, or provider of information service or interactive computer service for network or computer security purposes, diagnostics, technical support, repair, network management, network maintenance, authorized updates of software or system firmware, authorized remote system management, or detection or prevention of the unauthorized use of or fraudulent or other illegal activities in connection with a network, service, or computer software, including scanning for and removing software proscribed under this article.

top

§ 16-9-155. Penalties

(a) Any person who violates the provisions of paragraph (2) of Code Section 16-9-152, subparagraph (A), (B), or (C) of paragraph (1) of subsection (a) of Code Section 16-9-153, or paragraph (2) of subsection (a) of Code Section 16-9-153 shall be guilty of a felony and, upon conviction thereof, shall be sentenced to imprisonment for not less than one nor more than ten years or a fine of not more than $3 million, or both.

(b) The Attorney General may bring a civil action against any person violating this article to enforce the penalties for the violation and may recover any or all of the following:

(1) A civil penalty of up to $100.00 per violation of this article, or up to $100,000.00 for a pattern or practice of such violations;
(2) Costs and reasonable attorney's fees; and
(3) An order to enjoin the violation.

(c) In the case of a violation of subparagraph (B) of paragraph (1) of subsection (a) of Code Section 16-9-153 that causes a telecommunications carrier to incur costs for the origination, transport, or termination of a call triggered using the modem of a customer of such telecommunications carrier as a result of such violation, the telecommunications carrier may bring a civil action against the violator to recover any or all of the following:

(1) The charges such carrier is obligated to pay to another carrier or to an information
service provider as a result of the violation, including, but not limited to, charges for the origination, transport or termination of the call;
(2) Costs of handling customer inquiries or complaints with respect to amounts billed for
such calls;
(3) Costs and reasonable attorney's fees; and
(4) An order to enjoin the violation.

(d) An Internet service provider or software company that expends resources in good faith assisting consumers or business entities harmed by a violation of this chapter, or a trademark owner whose mark is used to deceive consumers or business entities in violation of this chapter, may enforce the violation and may recover any or all of the following:

(1)(A) Statutory damages of not more than $100.00 per violation of this article, or up to $1
million for a pattern or practice of such violations;
(2) Costs and reasonable attorney's fees; and
(3) An order to enjoin the violation.

top