I have someone’s password. Is it a computer crime to use it? I figured out someone’s password. Is it a crime to log in? It depends. Both California law and federal law guide whether you could find yourself on the wrong side of the answer.
Computer crime laws are generally aimed at actions that damage, destroy or interfere with computer data or operation. But they also include using or misusing of the data stored on the computer or network. These laws make a broad range of computer activities without permission illegal, such as unauthorized access; computer trespassing; data copying; hacking; installing virus, adware, or spyware; denial of services, and phishing.
Unauthorized access means trespassing into a computer without consent, and retrieving data, storing data, communicating with, intercepting, or changing data or software. Hacking is breaking into a computer system with the intention of maliciously altering, damaging, or disrupting the computer system or networks.
Under the definition of unauthorized access, using someone’s password without consent of the user – or of the network owner – could be committing a criminal act.
In California two major laws apply: the Computer Data Access and Fraud Act (Penal Code § 502); and Senate Bill 2016 S.B. 1137, which makes installing ransomware a standalone crime. California is just one of two states that have specific ransomware statutes.
Under the CDAFA it is a crime to knowingly and without permission:
- alter, damage, delete, destroy or otherwise use any data , computer system or network in order to defraud, extort or wrongfully control or obtain money, property or data.
- take copies, or make use of data or documentation.
- use or cause to be used computer services.
- disrupt or causes to disrupt of computer services or causes the denial of services to an authorized user.
- provide or assists in providing a means of accessing a computer, computer system or computer network.
- introduce any computer contaminant (such as a virus).
- use the Internet domain name or profile of another individual, corporation, or entity in connection to send electronic mail messages or posts that damages or causes damage to a computer, data, or network.
In addition, California Business & Professions Code §§ 22948 to 22948.3, known as the Anti-Phishing Act, include specific laws aimed at using email or web pages to steal personal information. Personal information is defined as:
- Social security number.
- Driver’s license number.
- Bank account number.
- Credit card or debit card number.
- Personal identification number (PIN).
- Automated or electronic signature.
- Unique biometric data.
- Account password.
- Any other piece of information that can be used to access an individual’s financial accounts or to obtain goods or services.
Just because you have you have someone’s password and use it doesn’t mean you are automatically committing a crime. But do beware. Computer crime laws are complex and you can unwittingly cross over into computer crime territory by logging into a computer or network that isn’t your own.
And, just because a network user gives you a password, doesn’t mean the computer service or network owner is granting you permission to access and use their system.
David A. Stein is skilled criminal defense attorney with a track record of obtaining very successful outcomes for his clients. If you have been accused of a crime or need help with any criminal matter, contact our law offices today at (949) 445-0040 for a consultation. Get a no-cost consultation. Call 949-445-0040 today or contact us online by email here.