ACLU-PA Position: Opposes
SB 563 would amend Chapter 76 of Title 18 by adding a new Subchapter F (Ransomware) that makes the possession, use, sale, threat to use ransomware or inducement of another person to commit one of these acts a crime, authorizes civil actions by victims of a ransomware attack and requires the Office of Administration to study the susceptibility, preparedness and ability to respond on the part of Commonwealth agencies to ransomware attacks.
SB 563 would create a broadly defined new offense under § 7673; four new suboffenses under § 7673 that range from a first-degree misdemeanor to a first-degree felony; and three criminal penalty enhancements.
Many of the activities described in SB 563 could be charged under one or more the offenses currently provided for under Chapter 76: Computer offenses, all of which are graded as third-degree felonies, the same offense grading provided under SB 563:
- § 7611. Unlawful use of computer and other computer crimes.
- § 7612. Disruption of service.
- § 7613. Computer theft.
- § 7614. Unlawful duplication.
- § 7615. Computer trespass.
- § 7616. Distribution of computer virus.
The ACLU-PA, however, does support some important provisions included in the bill, specifically the notification requirements under § 7677 and the requirement to study the susceptibility, preparedness, and ability of commonwealth agencies to respond to ransomware attacks under § 7681, all of which would greatly enhance security protocols and protections for Pennsylvania government and its residents.
Unfortunately, the strength of those provisions cannot outweigh the excessive criminal penalties provided for under the bill.
Check the bill's status here.