ARKANSAS CODE
TITLE 4.  BUSINESS AND COMMERCIAL LAW
SUBTITLE 7.  CONSUMER PROTECTION
CHAPTER 88.  DECEPTIVE TRADE PRACTICES
SUBCHAPTER 6.  UNSOLICITED COMMERCIAL AND
SEXUALLY EXPLICIT ELECTRONIC MAIL PREVENTION ACT
(Added by Act 1019 of 2003, approved April 2, 2003)

4-88-601.   Title.

    This subchapter may be referred to and cited as the "Unsolicited Commercial and Sexually Explicit Electronic Mail Prevention Act".

4-88-602.   Definitions.

    As used in this subchapter:

    (1) "Commercial" means for the purpose of promoting the sale, lease, or exchange of goods, services, or real property;

    (2) "Computer network" means a set of related remotely connected devices and communication facilities, including two (2) or more computers with capability to transmit data through communication facilities;

    (3) "Electronic mail" means an electronic message, file, data, or other information that is transmitted:     (A) Between two (2) or more computers, computer networks, or electronic terminals; or
    (B) Within or between computer networks;

    (4) "Electronic mail address" means a destination, commonly expressed as a string of characters, to which electronic mail may be sent or delivered;

    (5) "Electronic mail service provider" means a person who:     (A) Is an intermediary in the transmission of electronic mail from the sender to the recipient; or
    (B) Provides to end users of electronic mail service the ability to send and receive electronic mail;

    (6) "Harmful to minors" shall have the same meaning as set forth in Arkansas Code § 5-68-501;

    (7) "Interactive computer service" means an information service, system or access software provider that provides or enables computer access by multiple users to a computer server, including specifically a service or system that provides access to the internet and also the systems operated or services offered by libraries or educational institutions;

    (8) "Internet domain name" means a globally unique, hierarchical reference to an Internet host or service, assigned through centralized Internet authorities, comprising a series of character strings separated by periods, with the right-most string specifying the top of the hierarchy;

    (9) “Person” shall mean any individual, corporation, partnership, association, limited liability company, any other form or business association or any combination of them;

    (10) “Pre-existing business relationship” means that there was a business transaction or communication between the initiator and the recipient of a commercial electronic mail message during the five-year period preceding the receipt of that message. A pre-existing business relationship does not exist after a recipient requests to be removed from the distribution list of a sender. If a sender operates through separate lines of business or divisions and holds itself out to the recipient as that particular line of business or division, rather than as the entity of which the line of business or division is a part, then the line of business or the division shall be treated as the sender for purposes of this section.

    (11) "Sexually explicit electronic mail" means a commercial electronic mail that contains material that is harmful to minors or promotes an electronic link to material that is harmful to minors;

    (12) "Unsolicited" means without the recipient's express permission, except commercial electronic mail is not unsolicited if the sender has a preexisting business or personal relationship with the recipient.

    (a) Each person who sends or causes to be sent an unsolicited commercial electronic mail or an unsolicited sexually explicit electronic mail through the intermediary of an electronic mail service provider or to an electronic mail address held by a resident of the state shall:     (1) Conspicuously state in the electronic mail the sender's:     (A) Legal name;
    (B) Correct street address; and
    (C) Valid Internet domain name;     (2) For a sexually explicit electronic mail, include in the electronic mail a subject line that contains “ADV:ADULT” as the first nine characters;
    (3) Provide the recipient a convenient, no-cost mechanism to notify the sender not to send any future electronic mail to the recipient, including:     (A) Return electronic mail to a valid, functioning return electronic address; and
    (B) For a sexually explicit electronic mail and if the sender has a toll-free telephone number, the sender's toll-free telephone number; and     (4) Conspicuously provide in the text of the electronic mail a notice that:     (A) Informs the recipient that the recipient may conveniently and at no cost be excluded from future commercial or sexually explicit electronic mail, as the case may be, from the sender; and
    (B) For a sexually explicit electronic mail and if the sender has a toll-free telephone number, includes the sender's valid, toll-free telephone number that the recipient may call to be excluded from future electronic mail from the sender.

    (b) A commercial electronic mail is not unsolicited if the sender has a preexisting business or personal relationship with the recipient. The sender of a commercial electronic mail of this nature must still include in the electronic mail message the required disclosures set forth in subdivisions (a)(3) and (a)(4) of this subsection and shall remove the recipient from future mailings if requested.

    (c) A person who sends or causes to be sent an unsolicited commercial electronic mail or an unsolicited sexually explicit electronic mail through the intermediary of an electronic mail service provider located in the state or to an electronic mail address held by a resident of the state may not:     (1) Use a third party's Internet domain name in identifying the point of origin or in stating the transmission path of the electronic mail without the third party's consent;
    (2) Misrepresent any information in identifying the point of origin or the transmission path of the electronic mail; or
    (3) Fail to include in the electronic mail the information necessary to identify the point of origin of the electronic mail.

    (d) If the recipient of an unsolicited commercial electronic mail or an unsolicited sexually explicit electronic mail notifies the sender that the recipient does not want to receive future commercial electronic mail or future sexually explicit electronic mail from the sender, the sender may not send that recipient a commercial electronic mail or a sexually explicit electronic mail either directly or through a subsidiary or affiliate. If a recipient has requested to be removed from future mailings, the sender may re-contact the recipient if a pre-existing business relationship has been reestablished or if the recipient has expressly requested to receive future mailings from the sender.

4-88-604.   Interactive computer service/electronic mail service provider authority.

    (a) An interactive computer service or electronic mail service provider may block the receipt or transmission through its service of any bulk electronic mail that it reasonably believes is, or will be, sent in violation of this article.

    (b) An interactive computer service or electronic mail service provider does not violate this section and the injured party shall not have a cause of action against an interactive computer service or mail service provider due to the fact that the interactive computer service or electronic mail service provider:     (1) Is an intermediary between the sender and recipient in the transmission of an e-mail that violates this section; or
    (2) Provides transmission of unsolicited commercial electronic mail messages over the provider's computer network or facilities, or shall be liable for any action it voluntarily takes in good faith to block the receipt or transmission through its service of any electronic mail advertisements that it believes is, or will be, sent in violation of this section.

    (c) An interactive computer service may disconnect or terminate the service of any person that is in violation of this subchapter.

4-88-605.   Criminal penalty.

    (a) A person who violates any requirement of § 4-88-603 with respect to an unsolicited sexually explicit electronic mail is guilty of a class B misdemeanor.

    (b) A person who is found guilty of, or pleads guilty or nolo contendere, to violations of § 4-88-603 is not relieved from civil liability in an action under § 4-88-605.

4-88-606.   Civil action for violation -- Election on damages -- Costs and attorney fees -- Defense.

    (a) For any violation of a provision of this subchapter, an action may be brought by:     (1) A person who received the unsolicited commercial electronic mail or unsolicited sexually explicit electronic mail which violates this subchapter; or
    (2) An electronic mail service provider through whose facilities the unsolicited commercial electronic mail or unsolicited sexually explicit electronic mail was transmitted.

    (b) In each action under subsection (a)(1), a recipient or electronic mail service provider may:     (1) Elect, in lieu of actual damages, to recover the lesser of:     (A) Ten dollars ($10.00) per unsolicited commercial electronic mail or unsolicited sexually explicit electronic mail sent to a previously opted out electronic mail address or transmitted through the electronic mail service provider or otherwise sent in violation of this subchapter; or
    (B) Twenty-five thousand dollars ($25,000) per day the violation occurs.     (2) Each prevailing recipient or electronic mail service provider shall be awarded costs and reasonable attorneys fees.

    (c) It is an affirmative defense to a violation of this section if a person can demonstrate that the sender at the time of the alleged violation had:     (1) Maintained a list of consumers who have notified the person not to send any subsequent commercial electronic messages;
    (2) Established and implemented with due care, reasonable practices and procedures to effectively prevent unsolicited commercial electronic mail messages in violation of this section;
    (3) Trained the sender's personnel in the requirements of this section; and
    (4) Maintained records demonstrating compliance with this section.

4-88-607.   Enforcement of subchapter.

    (a) (1) Any transmission of unsolicited commercial or sexually explicit electronic mail in violation of this subchapter shall constitute an unfair and deceptive act or practice under § 4-88-107.
         (2) All remedies, penalties, and authority granted to the Attorney General under the Arkansas Code § 4-88-101 through § 4-88-113 or this subchapter shall be available to the Attorney General for the enforcement of this subchapter.

    (b) The prosecuting attorneys of the various districts and counties of this state shall also have full authority to enforce the provisions of this subchapter.

    (c) Nothing in the provisions of this subchapter shall prohibit the bringing of a civil action against a violator of this chapter by an individual harmed by a deceptive trade practice.

ARKANSAS CODE
TITLE 5.  CRIMINAL OFFENSES
SUBTITLE 4.  OFFENSES AGAINST PROPERTY
CHAPTER 41.  COMPUTER-RELATED CRIMES
SUBCHAPTER 2.  COMPUTER CRIMES
(Added by Act 1496 of 2001, approved April 13, 2001)

    For purposes of this subchapter:

    (1) "Access" means to intercept, instruct, communicate with, store data in, retrieve from or otherwise make use of any resources of a computer, network, or data;

    (2)(A) "Computer" means an electronic, magnetic, electrochemical, or other high-speed data processing device performing logical, arithmetic, or storage functions and includes any data storage facility or communications facility directly related to or operating in conjunction with the device.
    (B) "Computer" also includes any on-line service, Internet service, local bulletin board, any electronic storage device, including a floppy disk or other magnetic storage device, or any compact disk that has read-only memory and the capacity to store audio, video, or written materials;

    (3)(A) "Computer contaminant" means any data, information, image, program, signal, or sound that is designed or has the capability to:

    (i) Contaminate, corrupt, consume, damage, destroy, disrupt, modify, record, or transmit; or
    (ii) Cause to be contaminated, corrupted, consumed, damaged, destroyed, disrupted, modified, recorded, or transmitted any other data, information, image, program, signal, or sound contained in a computer, system, or network without the knowledge or consent of the person who owns the other data, information, image, program, signal, or sound or the computer, system, or network.

    (B) "Computer contaminant" includes, but is not limited to:

    (i) A virus, worm, or Trojan horse; or
    (ii) Any other similar data, information, image, program, signal, or sound that is designed or has the capability to prevent, impede, delay, or disrupt the normal operation or use of any component, device, equipment, system, or network;

    (4) "Data" means a representation of any form of information, knowledge, facts, concepts, or instructions which is being prepared or has been formally prepared and is intended to be processed, is being processed, or has been processed in a system or network;

    (5) "Encryption" means the use of any protection or disruptive measure, including, without limitation, cryptography, enciphering, encoding, or a computer contaminant to:

    (A) Prevent, impede, delay, or disrupt access to any data, information, image, program, signal, or sound;
    (B) Cause or make any data, information, image, program, signal, or sound unintelligible or unusable; or
    (C) Prevent, impede, delay, or disrupt the normal operation or use of any component, device, equipment, system, or network;

    (6) "Information service" means a service that is designed or has the capability to generate, process, store, retrieve, convey, emit, transmit, receive, relay, record, or reproduce any data, information, image, program, signal, or sound by means of any component, device, equipment, system, or network, including, but not limited to, by means of:

    (A) A computer, computer system, computer network, modem, or scanner;
    (B) A telephone, cellular phone, satellite phone, pager, personal communications device, or facsimile machine;
    (C) Any type of transmitter or receiver; or
    (D) Any other component, device, equipment, system, or network that uses analog, digital, electronic, electromagnetic, magnetic, or optical technology;

    (7)(A) "Network" means a set of related, remotely connected devices and facilities, including more than one (1) system, with the capability to transmit data among any of the devices and facilities.
    (B) "Network" includes, but is not limited to, a local, regional, or global computer network;

    (8) "Program" means an ordered set of data representing coded instructions or statements which can be executed by a computer and cause the computer to perform one (1) or more tasks;

    (9) "Property" means anything of value and includes a financial instrument, information, electronically produced data, program, and any other tangible or intangible item of value;

    (10) "Provider" means any person who provides an information service;

    (11) "Provider of Internet service" means any provider who provides subscribers with access to the Internet or an electronic mail address, or both; and

    (12) "System" means a set of related equipment, whether or not connected, which is used with or for a computer.

5-41-202.   Unlawful acts regarding computers.

    (a) A person commits an unlawful act regarding a computer if the person knowingly and without authorization:

    (1) Modifies, damages, destroys, discloses, uses, transfers, conceals, takes, retains possession of, copies, obtains or attempts to obtain access to, permits access to or causes to be accessed, or enters data or a program which exists inside or outside a computer, system, or network;
    (2) Modifies, destroys, uses, takes, damages, transfers, conceals, copies, retains possession of, obtains or attempts to obtain access to, permits access to or causes to be accessed, equipment or supplies that are used or intended to be used in a computer, system, or network;
    (3) Destroys, damages, takes, alters, transfers, discloses, conceals, copies, uses, retains possession of, obtains or attempts to obtain access to, permits access to or causes to be accessed, a computer, system, or network;
    (4) Obtains and discloses, publishes, transfers, or uses a device used to access a computer, network, or data; or
    (5) Introduces, causes to be introduced, or attempts to introduce a computer contaminant into a computer, system, or network.

    (b) An unlawful act regarding a computer is a Class A misdemeanor.

    (c) An unlawful act regarding a computer shall be a Class C felony if the act:

    (1) Was committed to devise or execute a scheme to defraud or illegally obtain property;
    (2) Caused damage in excess of five hundred dollars ($500); or
    (3) Caused an interruption or impairment of a public service, including, without limitation, a governmental operation, a system of public communication or transportation, or a supply of water, gas, or electricity.

5-41-203.   Unlawful interference with access to computers -- Unlawful use or access of computers.

    (a)(1) A person commits unlawful interference with access to computers if the person knowingly and without authorization interferes with, denies, or causes the denial of access to or use of a computer, system, or network to a person who has the duty and right to use it.
    (2) Unlawful interference with access to computers is a Class A misdemeanor.

    (b)(1) A person commits unlawful use or access to computers if the person knowingly and without authorization uses, causes the use of, accesses, attempts to gain access to, or causes access to be gained to a computer, system, network, telecommunications device, telecommunications service, or information service.
    (2) Unlawful use or access to computers is a Class A misdemeanor.

    (c) If the violation of subsection (a) or (b) of this section was committed to devise or execute a scheme to defraud or illegally obtain property, the person is guilty of a Class C felony.

    (d)(1) It is an affirmative defense to a charge made pursuant to this section that at the time of the alleged offense the person reasonably believed that:

    (A) The person was authorized to use or access the computer, system, network, telecommunications device, telecommunications service, or information service and the use or access by the person was within the scope of that authorization; or
    (B) The owner or other person authorized to give consent would authorize the person to use or access the computer, system, network, telecommunications device, telecommunications service, or information service.

    (2) A person who intends to offer an affirmative defense provided in subdivision (d)(1) of this section at a trial or preliminary hearing shall file and serve on the prosecuting attorney a notice of that intent not fewer than fourteen (14) calendar days before the trial or hearing or at such other time as the court may direct.

5-41-204.   Unlawful use of encryption.

    (a) A person commits unlawful use of encryption if the person knowingly uses or attempts to use encryption, directly or indirectly, to:

    (1) Commit, facilitate, further, or promote any criminal offense;
    (2) Aid, assist, or encourage another person to commit any criminal offense;
    (3) Conceal the commission of any criminal offense;
    (4) Conceal or protect the identity of a person who has committed any criminal offense; or
    (5) Delay, hinder, or obstruct the administration of the law.

    (b) A person who violates any provision of this section commits a criminal offense that is separate and distinct from any other criminal offense and may be prosecuted and convicted pursuant to this section whether or not the person or any other person is or has been prosecuted or convicted for any other criminal offense arising out of the same facts as the violation of this section.

    (c)(1) An unlawful use of encryption is a Class D felony if the criminal offense concealed by encryption is a Class Y, Class A, or Class B felony.
    (2) An unlawful use of encryption is a Class A misdemeanor if the criminal offense concealed by encryption is a Class C or Class D felony, or an unclassified felony.
    (3) Any other unlawful use of encryption shall be a misdemeanor classed one (1) degree below the misdemeanor constituted by the criminal offense concealed by encryption.

5-41-205.   Unlawful acts involving electronic mail.

    (a) A person commits an unlawful act involving electronic mail if, with the purpose to devise or execute a scheme to defraud or illegally obtain property, the person:

    (1) Knowingly and with the purpose to transmit or cause to be transmitted the item of electronic mail to the electronic mail address of one (1) or more recipients without their knowledge of or consent to the transmission falsifies or forges any data, information, image, program, signal, or sound that:

    (A) Is contained in the header, subject line, or routing instructions of an item of electronic mail; or
    (B) Describes or identifies the sender, source, point of origin, or path of transmission of an item of electronic mail;

    (2) Purposely transmits or causes to be transmitted an item of electronic mail to the electronic mail address of one (1) or more recipients without their knowledge of or consent to the transmission, if the person knows or has reason to know that the item of electronic mail contains or has been generated or formatted with:

    (A) An Internet domain name that is being used without the consent of the person who holds the Internet domain name; or
    (B) Any data, information, image, program, signal, or sound that has been used intentionally in the header, subject line, or routing instructions of the item of electronic mail to falsify or misrepresent:
    (i) The identity of the sender; or
    (ii) The source, point of origin, or path of transmission of the item of electronic mail; or

    (3) Knowingly sells, gives, or otherwise distributes or possesses with the intent to sell, give, or otherwise distribute any data, information, image, program, signal, or sound which is designed or intended to be used to falsify or forge any data, information, image, program, signal, or sound that:

    (A) Is contained in the header, subject line, or routing instructions of an item of electronic mail; or
    (B) Describes or identifies the sender, source, point of origin, or path of transmission of an item of electronic mail.

    (b) Subdivision (a)(2) of this section does not apply to a provider of Internet service who, in the course of providing service, transmits or causes to be transmitted an item of electronic mail on behalf of another person, unless the provider of Internet service is the person who first generates the item of electronic mail.

    (c) An unlawful act involving electronic mail is a Class D felony.

5-41-206.   Computer password disclosure.

    (a) A person commits computer password disclosure if the person purposely and without authorization discloses a number, code, password, or other means of access to a computer or computer network.

    (b) Computer password disclosure is a Class A misdemeanor.

    (c) If the violation of subsection (a) of this section was committed to devise or execute a scheme to defraud or illegally obtain property, the person is guilty of a Class D felony.