July 21, 2010, Introduced by Rep. Robert Jones and referred to the Committee on Judiciary.
A bill to create the electronic mail fraud regulatory act; to
prohibit certain conduct used to obtain identifying information; to
prescribe the powers and duties of certain state and local
officials; and to provide penalties and remedies.
THE PEOPLE OF THE STATE OF MICHIGAN ENACT:
Sec. 1. This act shall be known and may be cited as the
"electronic mail fraud regulatory act".
Sec. 2. As used in this act:
(a) "Ascertainable loss" means an identifiable deprivation,
detriment, or injury arising from identity theft or from any
unfair, misleading, or deceptive act or practice even when the
precise amount of the loss is not known. Whenever a violation of
this act has occurred, an ascertainable loss is presumed to exist.
(b) "Department" means the department of energy, labor, and
economic growth.
(c) "Electronic mail message" means a message sent to a unique
destination, commonly expressed as a string of characters,
consisting of a unique user name or mailbox, commonly referred to
as the "local part", and a reference to an internet domain,
commonly referred to as the "domain part", whether or not
displayed, to which an electronic message can be sent or delivered.
(d) "Identification documents" means any card, certificate, or
document that identifies or purports to identify the bearer of that
document, whether or not intended for use as identification, and
includes, but is not limited to, any document purporting to be a
driver license or enhanced driver license, a state personal
identification card or enhanced personal identification card, a
birth certificate, a marriage certificate, a divorce certificate, a
passport, an immigration document, a social security card, an
employee identification card, any card issued by the government to
provide benefits of any sort, a health care benefit card, or a
health benefit organization, insurance company, or managed care
organization card for the purpose of identifying a person eligible
for services.
(e) "Identifying information" means, with respect to an
individual, any of the following:
(i) A social security number.
(ii) A driver license number.
(iii) A bank account number.
(iv) A credit card or debit card number.
(v) A personal identification number (PIN).
(vi) Any biometric data.
(vii) Any private medical information (PMI).
(viii) Fingerprints.
(ix) An account password.
(x) Any other piece of information that can be used to access
an individual's financial accounts or obtain identification, act as
identification, or obtain goods or services.
(f) "Internet" means the global information system that is
logically linked together by a globally unique address space based
on the internet protocol (IP), or its subsequent extensions, and
that is able to support communications using the transmission
control protocol/internet protocol (TCP/IP) suite, or its
subsequent extensions, or other IP-compatible protocols, and that
provides, uses, or makes accessible, either publicly or privately,
high-level services layered on communications and related
infrastructure.
(g) "Person" means an individual, governmental agency,
partnership, corporation, trust, estate, incorporated or
unincorporated association, and any other legal or commercial
entity however organized.
(h) "Webpage" means a location that has a single uniform
resource locator or other single location with respect to the
internet.
Sec. 3. (1) A person shall not represent himself or herself,
either directly or by implication, to be another person, through
the use of the internet, electronic mail messages, or any other
electronic means, including wireless communication, to solicit,
request, or take any action to induce a person in this state to
provide identifying information or identification documents.
(2) A person shall not, with the intent to defraud, for that
person's own use or the use of a third person, or to sell or
distribute the information to another, do or attempt to do any of
the following:
(a) Fraudulently obtain, record, or access identifying
information that would assist in accessing financial resources,
obtaining identification documents, or obtaining benefits of that
other person.
(b) Obtain goods or services through the use of identifying
information of that other person.
(c) Obtain identification documents in that other person's
name.
(3) A person shall not, with the intent to defraud, do any of
the following:
(a) Knowingly duplicate or mimic all or any portion of the
website or webpage.
(b) Direct or redirect to an electronic mail message from the
IP address of a person to any other IP address.
(c) Use any trademark, logo, name, or copyright of another
person on a webpage.
(d) Create an apparent but false link to a webpage of a person
that is directed or redirected to a webpage or IP address other
than that of the person represented.
Sec. 4. (1) The following people may bring an action against a
person who violates or is in violation of section 3:
(a) A person who meets the following criteria:
(i) Is engaged in the business of providing internet access
service to the public, owns a webpage, or owns a trademark.
(ii) Suffers ascertainable loss by a violation of section 3. An
action brought under this subparagraph may seek to recover actual
damages or $500,000.00, whichever is greater.
(b) A person other than a person described in subdivision (a)
who suffers an ascertainable loss by a violation of section 3, but
only against a person who has directly violated section 3. An
action brought under this subdivision may seek to enjoin further
violations of section 3 and to recover 3 times the amount of actual
damages or $5,000.00, per violation, whichever is greater.
(2) The attorney general or a county prosecuting attorney may
bring an action against a person who violates section 3 to enjoin
further violations of section 3 and to recover a civil fine of not
more than $2,500.00 per violation.
(3) In an action under this act, a court may, in addition, do
1 or more of the following:
(a) Increase the recoverable damages to an amount up to 3
times the damages otherwise recoverable under subsection (1) in
cases in which the defendant has established a pattern and practice
of violating section 3.
(b) Award costs of the suit and reasonable attorney fees to a
prevailing plaintiff.
(4) The remedies provided in this act do not preclude the
seeking of remedies, including criminal remedies, under any other
applicable provision of the law.
(5) For purposes of subsection (2), multiple violations of
section 3 resulting from any single action or conduct constitute a
single violation.
(6) No provider of an interactive computer service may be held
liable under this act for identifying, removing, or disabling
access to content that resides on an internet webpage or other
online location that the provider believes in good faith is used to
engage in a violation of this act.
Sec. 5. A violation of this act is considered to be an unfair
or deceptive act or practice affecting trade or commerce and is
subject to the penalties and remedies set forth in the Michigan
consumer protection act, 1976 PA 331, MCL 445.901 to 445.922, in
addition to the penalties and remedies set forth in this act. If
the department has reason to believe that any person has violated
any provision of this act, the attorney general, at the request of
the department, may institute a proceeding under this act.