This legislation establishes prohibitions against circumventing online retail control measures designed to manage inventory and enforce purchasing limits. Specifically, it makes it unlawful for any person to use security measure bypasses, access control systems, or other technological means to circumvent these controls on internet websites or online services. The bill also prohibits the sale or offer for sale of any product or service obtained in violation of these circumvention prohibitions, particularly if the seller participated directly, had control over the conduct, or knew or should have known the product was acquired illicitly. The bill includes an exception for activities related to investigating or enforcing violations of this section, as well as for legitimate security research aimed at identifying flaws and vulnerabilities to advance computer system security or develop security products. Violations of these provisions are to be treated as unfair or deceptive acts or practices under the Federal Trade Commission Act. The Federal Trade Commission (FTC) is granted authority to enforce this section, utilizing its existing powers, jurisdiction, and duties as outlined in the FTC Act. Furthermore, the legislation empowers State attorneys general to bring civil actions on behalf of their residents as parens patriae. These actions can seek injunctions against further violations, compel compliance, and obtain damages or restitution for affected consumers. States are generally required to notify the FTC before initiating such actions, and the FTC retains the right to intervene in any State-led civil action. However, if the FTC has already initiated its own civil or administrative action regarding a violation, a State attorney general may not bring a parallel action against the same defendant for that specific violation.