359-H:2 Prohibited Conduct. –
A person or entity conducting business in this state, who is not an authorized user, shall not knowingly cause a computer program or spyware to be copied onto the computer of a consumer and use the program or spyware to do any of the following:
I. Take control, through intentionally deceptive means, of the consumer's computer by doing any of the following:
(a) Transmitting or relaying commercial electronic mail or a computer virus from the consumer's computer, where the transmission or relaying is initiated by a person other than an authorized user and without the authorization of an authorized user.
(b) Accessing or using the consumer's modem or Internet service for the purpose of causing damage to the consumer's computer or causing an authorized user to incur unauthorized financial charges.
(c) Using the consumer's computer as part of an activity performed by a group of computers for the purpose of causing damage to another computer, including launching a denial of service attack.
(d) Opening multiple, sequential, stand-alone advertisements in the consumer's Internet browser with knowledge that a reasonable computer user cannot close the advertisements without turning off the computer or closing the consumer's Internet browser.
II. Modifying, through intentionally deceptive means, any of the following settings related to the computer's access to, or use of, the Internet:
(a) The page that appears when an authorized user launches an Internet browser or similar program used to access and navigate the Internet.
(b) The default provider the authorized user uses to access or search the Internet.
(c) The authorized user's list of bookmarks used to access Web pages.
(d) An authorized user's security or other settings that protect information about the authorized user, for the purpose of stealing personal information of, or causing harm to, an authorized user.
(e) The security settings of the computer for the purpose of causing damage to one or more computers.
III. Collecting personal information through intentionally deceptive means, such as through the use of a keystroke logging function, and transferring that information from the computer to another person.
IV. Preventing, through intentionally deceptive means, an authorized user's reasonable efforts to block the installation of, or to disable, software by doing any of the following:
(a) Presenting an authorized user with an option to decline installation of software such that, when the option is selected, the installation nevertheless proceeds.
(b) Falsely representing that software has been disabled.
(c) Causing software that the authorized user has properly removed or disabled to automatically reinstall or reactivate on the computer without the authorization of an authorized user.
V. Intentionally misrepresenting that software will be uninstalled or disabled by an authorized user's action, with knowledge that the software will not be uninstalled or disabled.
VI. Inducing, through deceptive means, an authorized user to install a software component onto the computer, including deceptively misrepresenting that installing software is necessary for security or privacy reasons or in order to open, view, or play a particular type of content.
VII. Deceptively installing and executing on the computer one or more additional computer software components with the intent of causing an authorized user to use the components in a way that violates any other provision of this section.
VIII. Through intentionally deceptive means, removing, disabling, or rendering inoperative a security, antispyware, or antivirus technology installed on the computer.