Iowa Code 715.9 – Ransomware prohibition
Current as of: 2024 | Check for updates
|
Other versions
Terms Used In Iowa Code 715.9
- Conviction: A judgement of guilt against a criminal defendant.
- Damages: Money paid by defendants to successful plaintiffs in civil cases to compensate the plaintiffs for their injuries.
- following: when used by way of reference to a chapter or other part of a statute mean the next preceding or next following chapter or other part. See Iowa Code 4.1
- Jurisdiction: (1) The legal authority of a court to hear and decide a case. Concurrent jurisdiction exists when two courts have simultaneous responsibility for the same case. (2) The geographic area over which the court has authority to decide cases.
- person: means individual, corporation, limited liability company, government or governmental subdivision or agency, business trust, estate, trust, partnership or association, or any other legal entity. See Iowa Code 4.1
- state: when applied to the different parts of the United States, includes the District of Columbia and the territories, and the words "United States" may include the said district and territories. See Iowa Code 4.1
715.9 Ransomware prohibition.
1. A person shall not intentionally, willfully, and without authorization do any of the
following:
a. Access, attempt to access, cause to be accessed, or exceed the person’s authorized access to all or a part of a computer network, computer control language, computer, computer software, computer system, or computer database.
b. Copy, attempt to copy, possess, or attempt to possess the contents of all or part of a computer database accessed in violation of paragraph “”a””.
2. A person shall not commit an act prohibited in subsection 1 with the intent to do any of the following:
a. Cause the malfunction or interruption of the operation of all or any part of a computer, computer network, computer control language, computer software, computer system, computer service, or computer data.
b. Alter, damage, or destroy all or any part of data or a computer program stored, maintained, or produced by a computer, computer network, computer software, computer system, computer service, or computer database.
3. A person shall not intentionally, willfully, and without authorization do any of the following:
a. Possess, identify, or attempt to identify a valid computer access code.
b. Publicize or distribute a valid computer access code to an unauthorized person.
4. A person shall not commit an act prohibited under this section with the intent to interrupt or impair the functioning of any of the following:
a. The state.
b. A service, device, or system related to the production, transmission, delivery, or storage of electricity or natural gas in the state that is owned, operated, or controlled by a person other than a public utility as defined in chapter 476.
c. A service provided in the state by a public utility as defined in § 476.1, subsection
2.
d. A hospital or health care facility as defined in § 135C.1.
e. A public elementary or secondary school, community college, or area education agency
under the supervision of the department of education.
f. A city, city utility, or city service.
g. An authority as defined in § 330A.2.
5. This section shall not apply to the use of ransomware for research purposes by a person who has a bona fide scientific, educational, governmental, testing, news, or other similar justification for possessing ransomware. However, a person shall not knowingly possess ransomware with the intent to use the ransomware for the purpose of introduction into the computer, computer network, or computer system of another person without the authorization of the other person.
6. A person who has suffered a specific and direct injury because of a violation of this section may bring a civil action in a court of competent jurisdiction.
a. In an action under this subsection, the court may award actual damages, reasonable attorney fees, and court costs.
b. A conviction for an offense under this section is not a prerequisite for the filing of a civil action.
2023 Acts, ch 77, §7
NEW section
1. A person shall not intentionally, willfully, and without authorization do any of the
following:
a. Access, attempt to access, cause to be accessed, or exceed the person’s authorized access to all or a part of a computer network, computer control language, computer, computer software, computer system, or computer database.
b. Copy, attempt to copy, possess, or attempt to possess the contents of all or part of a computer database accessed in violation of paragraph “”a””.
2. A person shall not commit an act prohibited in subsection 1 with the intent to do any of the following:
a. Cause the malfunction or interruption of the operation of all or any part of a computer, computer network, computer control language, computer software, computer system, computer service, or computer data.
b. Alter, damage, or destroy all or any part of data or a computer program stored, maintained, or produced by a computer, computer network, computer software, computer system, computer service, or computer database.
3. A person shall not intentionally, willfully, and without authorization do any of the following:
a. Possess, identify, or attempt to identify a valid computer access code.
b. Publicize or distribute a valid computer access code to an unauthorized person.
4. A person shall not commit an act prohibited under this section with the intent to interrupt or impair the functioning of any of the following:
a. The state.
b. A service, device, or system related to the production, transmission, delivery, or storage of electricity or natural gas in the state that is owned, operated, or controlled by a person other than a public utility as defined in chapter 476.
c. A service provided in the state by a public utility as defined in § 476.1, subsection
2.
d. A hospital or health care facility as defined in § 135C.1.
e. A public elementary or secondary school, community college, or area education agency
under the supervision of the department of education.
f. A city, city utility, or city service.
g. An authority as defined in § 330A.2.
5. This section shall not apply to the use of ransomware for research purposes by a person who has a bona fide scientific, educational, governmental, testing, news, or other similar justification for possessing ransomware. However, a person shall not knowingly possess ransomware with the intent to use the ransomware for the purpose of introduction into the computer, computer network, or computer system of another person without the authorization of the other person.
6. A person who has suffered a specific and direct injury because of a violation of this section may bring a civil action in a court of competent jurisdiction.
a. In an action under this subsection, the court may award actual damages, reasonable attorney fees, and court costs.
b. A conviction for an offense under this section is not a prerequisite for the filing of a civil action.
2023 Acts, ch 77, §7
NEW section