Thursday, May 29, 2008

If Joe Freeloader Checks His Email over an Open Wifi Connection, Is He a Felon? A Survey of State Computer Crime Law

This post was researched for the academic purpose of contrasting state legal approaches to authorized access, and their potential applicability to use of open WiFi networks. I seek to get at least a superficial answer to the following made up fictitious scenario:

Joe Freeloader stumbles upon an open WAP and seeks to use the Internet connection in order to engaged in some benign activity such as checking email. There is no malicious intent and no use of the network that interferes with or degrades the network.

Has Joe Freeloader violated state law? Is he a felon headed for the can? Who has the burden regarding information that network access is restricted; is the burden on the network user (aka Joe Freeloader) to acquire information that access is restricted - or is the burden on the network owner to provide notice of restricted access?

The outcome of the state legal analysis appears to fall into three buckets:

  • The network user (Joe Freeloader) must know that access is unauthorized for access to be criminal (burden is on the network owner to provide notice).
    • The laws frequently state "an individual knowingly accesses a computer network without authorization." Here "knowingly" modifies "accesses a computer network" and "without authorization." It would therefore be a defense on the part of Joe Freeloader that he simply did not know whether there was a restriction or not. For the conditions of the statute to be satisfied, the individual has to affirmatively have actual knowledge that network access is restricted.
    • This creates a burden on the network owner to provide notice if network access is restricted.
    • This is consistent with the law of trespass to real property which requires the property owner to provide notice.
    • Some states place a burden on the network owner to secure a network that has restricted access. Other states place a burden on the network owner to provide actual or constructive notice that network access is restricted.
    • This category is marked as Burden on Network Owner
  • No applicable law
    • Many state laws require malicious intent or harm to the network.
    • As my factual scenario assumes no malicious intent and no harm to the network, these laws are not applicable - and no further provision of the statute was found that covers our made up fictitious situation.
      • Text in red is the additional requirement that makes the statute "not applicable."
    • Where the only relevant law curtails only malicious behavior, it could be supposed that access to an open WAP that poses no network interference is permissible. But this is merely conjecture.
  • Unauthorized access is prohibited (burden is on the network user to obtain information (to know) that access is authorized)
    • These state laws do not impose a "knowledge" condition. Access to a network is prohibited "without authorization" regardless of what the individual knows.
    • Where statutes frequently contain the important conjunction and read "an individual knowingly accesses a computer network and without authorization." These are two independent conditions; "knowingly" does not modify "without authorization" as above and therefore the network user cannot argue, "Well, I did not know it was not authorized."

One clear take away is that, in most states, it is not clear from a plain reading of the statute whether an individual using an open WAP to check email (and for no nefarious reason) is in violation of the law.

NB This chart is an academic exercise to contrast differing approaches to our made up fictitious legal scenario and explore how an effective law might be constructed. This chart does not provide legal answers or advice. Nor is this chart guaranteed to be an accurate reflection of the law of individual states; this chart does not explore state caselaw interpretation of statutory law nor legislative history. This list is by no means exhaustive, accurate, nor up to date. See disclaimer. This is just an exercise of sound and fury. If you know of better information that can improve this chart, drop CT a note.

State Statute (emphasis added) [Editor's comments] Open Network?

Alabama

Alabama Code Title 13A Article 5 Alabama Computer Crime Act. Section 13A-8-100 Short title.

Section 13A-8-102

Offenses against intellectual property.

(a) Whoever willfully, knowingly, and without authorization or without reasonable grounds to believe that he or she has such authorization, attempts or achieves access, communication, examination, or modification of data, computer programs, or supporting documentation residing or existing internal or external to a computer, computer system, or computer network commits an offense against intellectual property.

(b) Whoever willfully, knowingly, and without authorization or without reasonable grounds to believe that he or she has such authorization, destroys data, computer programs, or supporting documentation residing or existing internal or external to a computer, computer system, or computer network commits an offense against intellectual property.

(c) Whoever willfully, knowingly, and without authorization or without reasonable grounds to believe that he or she has such authorization, discloses, uses, or takes data, computer programs, or supporting documentation residing or existing internal or external to a computer, computer system, or computer network commits an offense against intellectual property.
Not Applicable

Alaska

Alaska Statutes Sec. 11.46.200. Theft of services.

(a) A person commits theft of services if. (3) the person obtains the use of computer time, a computer system, a computer program, a computer network, or any part of a computer system or network, with reckless disregard that the use by that person is unauthorized .

Sec. 11.46.484. Criminal mischief in the fourth degree.

(a) A person commits the crime of criminal mischief in the fourth degree if, having no right to do so or any reasonable ground to believe the person has such a right. (3) the person knowingly accesses a computer, computer system, computer program, computer network, or part of a computer system or network;

Sec. 11.46.740. Criminal use of computer.

(a) A person commits the offense of criminal use of a computer if, having no right to do so or any reasonable ground to believe the person has such a right, the person knowingly accesses, causes to be accessed, or exceeds the person's authorized access to a computer, computer system, computer program, computer network, or any part of a computer system or network, and, as a result of or in the course of that access,

(1) obtains information concerning a person;

(2) introduces false information into a computer, computer system, computer program, or computer network with the intent to damage or enhance the data record or the financial reputation of a person;

(3) introduces false information into a computer, computer system, computer program, or computer network and, with criminal negligence, damages or enhances the data record or the financial reputation of a person;

(4) obtains proprietary information of another person;

(5) obtains information that is only available to the public for a fee;

(6) introduces instructions, a computer program, or other information that tampers with, disrupts, disables, or destroys a computer, computer system, computer program, computer network, or any part of a computer system or network; or

(7) encrypts or decrypts data.

(b) In this section, "proprietary information" means scientific, technical, or commercial information, including a design, process, procedure, customer list, supplier list, or customer records that the holder of the information has not made available to the public.

(c) Criminal use of a computer is a class C felony.

[This turns on the definition of "reckless disregard" - however, as this appears to impose the burden on the network user who either has or lacks this recklessness, it goes in the "Burden on the Network User" bucket]

Burden on network user
Arizona

Ariz. Rev. Stat.

§ 13-2301(E) Definitions

§ 13-2316 Computer Tampering, Venue, Forfeiture, Classification

A. A person who acts without authority or who exceeds authorization of use commits computer tampering by:

1. Accessing, altering, damaging or destroying any computer, computer system or network, or any part of a computer, computer system or network, with the intent to devise or execute any scheme or artifice to defraud or deceive, or to control property or services by means of false or fraudulent pretenses, representations or promises.

2. Knowingly altering, damaging, deleting or destroying computer programs or data.

3. Knowingly introducing a computer contaminant into any computer, computer system or network.

4. Recklessly disrupting or causing the disruption of computer, computer system or network services or denying or causing the denial of computer or network services to any authorized user of a computer, computer system or network.

5. Recklessly using a computer, computer system or network to engage in a scheme or course of conduct that is directed at another person and that seriously alarms, torments, threatens or terrorizes the person. For the purposes of this paragraph, the conduct must both:

(a) Cause a reasonable person to suffer substantial emotional distress.

(b) Serve no legitimate purpose.

6. Preventing a computer user from exiting a site, computer system or network-connected location in order to compel the user's computer to continue communicating with, connecting to or displaying the content of the service, site or system.

7. Knowingly obtaining any information that is required by law to be kept confidential or any records that are not public records by accessing any computer, computer system or network that is operated by this state, a political subdivision of this state or a medical institution.

8. Knowingly accessing any computer, computer system or network or any computer software, program or data that is contained in a computer, computer system or network.

Not Applicable
Arkansas

Ark. Code

5-41-104. Computer trespass.

(a) A person commits computer trespass if the person intentionally and without authorization accesses, alters, deletes, damages, destroys, or disrupts any computer, computer system, computer network, computer program, or data.

(b) Computer trespass is a:

(1) Class C misdemeanor if it is a first violation that does not cause any loss or damage;

(2) Class B misdemeanor if it is a:

(A) Second or subsequent violation that does not cause any loss or damage; or

(B) Violation that causes loss or damage of less than five hundred dollars ($500);

(3) Class A misdemeanor if it is a violation that causes loss or damage of five hundred dollars ($500) or more, but less than two thousand five hundred dollars ($2,500); and

(4) Class D felony if it is a violation that causes loss or damage of two thousand five hundred dollars ($2,500) or more.

Burden on Network User
California

CAL. PENAL CODE § 502 (c) Except as provided in subdivision (h), any person who commits any of the following acts is guilty of a public offense:

  • (1) Knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network in order to either (A) devise or execute any scheme or artifice to defraud, deceive, or extort, or (B) wrongfully control or obtain money, property, or data.
  • (2) Knowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external to a computer, computer system, or computer network.
  • (3) Knowingly and without permission uses or causes to be used computer services.
  • (4) Knowingly accesses and without permission adds, alters, damages, deletes, or destroys any data, computer software, or computer programs which reside or exist internal or external to a computer, computer system, or computer network.
  • (5) Knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network.
  • (6) Knowingly and without permission provides or assists in providing a means of accessing a computer, computer system, or computer network in violation of this section.
  • (7) Knowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network.
  • (8) Knowingly introduces any computer contaminant into any computer, computer system, or computer network.
  • (9) Knowingly and without permission uses the Internet domain name of another individual, corporation, or entity in connection with the sending of one or more electronic mail messages, and thereby damages or causes damage to a computer, computer system, or computer network.
Burden on Network User
Colorado

COLO. REV. STAT. § 18-5.5-102

(1) A person commits computer crime if the person knowingly:

  • (a) Accesses a computer, computer network, or computer system or any part thereof without authorization; exceeds authorized access to a computer, computer network, or computer system or any part thereof; or uses a computer, computer network, or computer system or any part thereof without authorization or in excess of authorized access; or
  • (b) Accesses any computer, computer network, or computer system, or any part thereof for the purpose of devising or executing any scheme or artifice to defraud; or
  • (c) Accesses any computer, computer network, or computer system, or any part thereof to obtain, by means of false or fraudulent pretenses, representations, or promises, money; property; services; passwords or similar information through which a computer, computer network, or computer system or any part thereof may be accessed; or other thing of value; or
  • (d) Accesses any computer, computer network, or computer system, or any part thereof to commit theft; or
  • (e) Without authorization or in excess of authorized access alters, damages, interrupts, or causes the interruption or impairment of the proper functioning of, or causes any damage to, any computer, computer network, computer system, computer software, program, application, documentation, or data contained in such computer, computer network, or computer system or any part thereof; or
  • (f) Causes the transmission of a computer program, software, information, code, data, or command by means of a computer, computer network, or computer system or any part thereof with the intent to cause damage to or to cause the interruption or impairment of the proper functioning of or that actually causes damage to or the interruption or impairment of the proper functioning of any computer, computer network, computer system, or part thereof.

18-5.5-101. Definitions. (1) "Authorization" means the express consent of a person which may include an employee's job description to use said person's computer, computer network, computer program, computer software, computer system, property, or services as those terms are defined in this section.

Burden on Network Owner
Connecticut

CONN. GEN. STAT. Sec. 53a-251. Computer crime.

(a) Defined. A person commits computer crime when he violates any of the provisions of this section.

(b) Unauthorized access to a computer system.

(1) A person is guilty of the computer crime of unauthorized access to a computer system when, knowing that he is not authorized to do so, he accesses or causes to be accessed any computer system without authorization.

(2) It shall be an affirmative defense to a prosecution for unauthorized access to a computer system that: (A) The person reasonably believed that the owner of the computer system, or a person empowered to license access thereto, had authorized him to access; (B) the person reasonably believed that the owner of the computer system, or a person empowered to license access thereto, would have authorized him to access without payment of any consideration; or (C) the person reasonably could not have known that his access was unauthorized.

(c) Theft of computer services. A person is guilty of the computer crime of theft of computer services when he accesses or causes to be accessed or otherwise uses or causes to be used a computer system with the intent to obtain unauthorized computer services.

Burden on Network Owner
Delaware

Del. Code § 932. Unauthorized access.

A person is guilty of the computer crime of unauthorized access to a computer system when, knowing that the person is not authorized to do so, the person accesses or causes to be accessed any computer system without authorization.

§ 933. Theft of computer services.

A person is guilty of the computer crime of theft of computer services when the person accesses or causes to be accessed or otherwise uses or causes to be used a computer system with the intent to obtain unauthorized computer services, computer software or data. (64 Del. Laws, c. 438, § 1; 70 Del. Laws, c. 186, § 1.)

§ 934. Interruption of computer services.

A person is guilty of the computer crime of interruption of computer services when that person, without authorization, intentionally or recklessly disrupts or degrades or causes the disruption or degradation of computer services or denies or causes the denial of computer services to an authorized user of a computer system. (64 Del. Laws, c. 438, § 1.)

§ 935. Misuse of computer system information.

A person is guilty of the computer crime of misuse of computer system information when:

(1) As a result of accessing or causing to be accessed a computer system, the person intentionally makes or causes to be made an unauthorized display, use, disclosure or copy, in any form, of data residing in, communicated by or produced by a computer system;

(2) That person intentionally or recklessly and without authorization:

a. Alters, deletes, tampers with, damages, destroys or takes data intended for use by a computer system, whether residing within or external to a computer system; or

b. Interrupts or adds data to data residing within a computer system;

(3) That person knowingly receives or retains data obtained in violation of paragraph (1) or (2) of this section; or

(4) That person uses or discloses any data which that person knows or believes was obtained in violation of paragraph (1) or (2) of this section. (64 Del. Laws, c. 438, § 1; 70 Del. Laws, c. 186, § 1.)

§ 936. Destruction of computer equipment.

A person is guilty of the computer crime of destruction of computer equipment when that person, without authorization, intentionally or recklessly tampers with, takes, transfers, conceals, alters, damages or destroys any equipment used in a computer system or intentionally or recklessly causes any of the foregoing to occur. (64 Del. Laws, c. 438, § 1.)

§ 937. Unrequested or unauthorized electronic mail or use of network or software to cause same.

A person is guilty of the computer crime of unrequested or unauthorized electronic mail:

(1) When that person, without authorization, intentionally or recklessly distributes any unsolicited bulk commercial electronic mail (commercial E-mail) to any receiving address or account under the control of any authorized user of a computer system. This section shall not apply to electronic mail that is sent between human beings, or when the individual has requested said information. This section shall not apply to the transmission of electronic mail from an organization to its members or where there is a preexisting business relationship. No Internet/interactive service provider shall be liable for merely transmitting an unsolicited, bulk commercial electronic mail message in its network. No Internet/interactive service provider shall be held liable for any action voluntarily taken in good faith to block the receipt or transmission through its service of any unsolicited, bulk electronic mail which it believes is, or will be, sent in violation to disconnect or terminate the service of any person that is in violation of this article; or

(2) When a person uses a computer or computer network without authority with the intent to: Falsify or forge electronic mail transmission information in any manner in connection with the transmission of unsolicited bulk electronic mail through or into the computer network of an electronic mail service provider or its subscribers; or

(3) When a person sells, gives or otherwise distributes or possesses with the intent to sell, give or distribute software which:

a. Is primarily designed or produced for the purpose of facilitating or enabling the falsification of electronic mail transmission information or other routing information;

b. Has only limited commercially significant purpose or use other than to facilitate or enable the falsification of electronic mail transmission information or other routing information; or

c. Is marketed by that person or another acting in concert with that person's knowledge for use in facilitating or enabling the falsification of electronic mail transmission information or other routing information.

(4) For the purposes of this section, conduct occurring outside of the State shall be sufficient to constitute this offense if such conduct is within the terms of § 204 of this title, or if the receiving address or account was under the control of any authorized user of a computer system who was located in Delaware at the time the authorized user received the electronic mail or communication and the defendant was aware of circumstances which rendered the presence of such authorized user in Delaware a reasonable possibility. (72 Del. Laws, c. 135, § 1; 70 Del. Laws, c. 186, § 1.)

§ 938. Failure to promptly cease electronic communication upon request.

(a) A person is guilty of the computer crime of failure to promptly cease electronic communication upon request when that person intentionally, recklessly or negligently, fails to stop sending commercial electronic mail to any receiving address or account under the control of any authorized user of a computer system after being requested to do so. All commercial electronic mail sent to any receiving address within the State shall have information to the recipient on how to unsubscribe or stop further receipt of commercial electronic mail from the sender.

(b) For the purposes of this section, conduct occurring outside of the State shall be sufficient to constitute this offense if such conduct is within the terms of § 204 of this title, or if the receiving address or account was under the control of any authorized user of a computer system who was located in Delaware at the time the authorized user received the electronic mail or communication and the defendant was aware of circumstances which rendered the presence of such authorized user in Delaware a reasonable possibility.

§ 939. Penalties.

(a) A person committing any of the crimes described in §§ 932-938 of this title is guilty in the first degree when the damage to or the value of the property or computer services affected exceeds $10,000.

Computer crime in the first degree is a class D felony.

(b) A person committing any of the crimes described in §§ 932-938 of this title is guilty in the second degree when the damage to or the value of the property or computer services affected exceeds $5,000.

Computer crime in the second degree is a class E felony.

(c) A person committing any of the crimes described in §§ 932-938 of this title is guilty in the third degree when:

(1) The damage to or the value of the property or computer services affected exceeds $1,000; or

(2) That person engages in conduct which creates a risk of serious physical injury to another person.

Computer crime in the third degree is a class F felony.

(d) A person committing any of the crimes described in §§ 932-938 of this title is guilty in the fourth degree when the damage to or the value of the property or computer services affected exceeds $500.

Computer crime in the fourth degree is a class G felony.

(e) A person committing any of the crimes described in §§ 932-938 of this title is guilty in the fifth degree when the damage to or the value of the property or computer services, if any, is $500 or less.

Computer crime in the fifth degree is a class A misdemeanor.

(f) Any person gaining money, property services or other consideration through the commission of any offense under this subpart, upon conviction, in lieu of having a fine imposed, may be sentenced by the court to pay an amount, fixed by the court, not to exceed double the amount of the defendant's gain from the commission of such offense. In such case, the court shall make a finding as to the amount of the defendant's gain from the offense and, if the record does not contain sufficient evidence to support such a finding, the court may conduct a hearing upon the issue. For the purpose of this section, "gain" means the amount of money or the value of property or computer services or other consideration derived.

(g) Amounts included in violations of this subpart committed pursuant to 1 scheme or course of conduct, whether from the same person or several persons, may be aggregated in determining the degree of the crime.

(h) For the purposes of this subpart, the value of property or computer services shall be:

(1) The market value of the property or computer services at the time of the violation; or

(2) If the property or computer services are unrecoverable, damaged or destroyed as a result of a violation of this subpart, the cost of reproducing or replacing the property or computer services at the time of the violation.

When the value of the property or computer services or damage thereto cannot be satisfactorily ascertained, the value shall be deemed to be $250.

(i) Notwithstanding this section, the value of private personal data shall be deemed to be $500.

Burden on Network Owner
District of Columbia
None Found
Not Applicable
Florida

FLA. STAT. § 815.06

(1) Whoever willfully, knowingly, and without authorization:

  • (a) Accesses or causes to be accessed any computer, computer system, or computer network;
  • (b) Disrupts or denies or causes the denial of computer system services to an authorized user of such computer system services, which, in whole or part, is owned by, under contract to, or operated for, on behalf of, or in conjunction with another;
  • (c) Destroys, takes, injures, or damages equipment or supplies used or intended to be used in a computer, computer system, or computer network;
  • (d) Destroys, injures, or damages any computer, computer system, or computer network; or
  • (e) Introduces any computer contaminant into any computer, computer system, or computer network,

    commits an offense against computer users.
Burden on network user
Georgia

GA. CODE

§ 16-9-92 (18) "Without authority" includes the use of a computer or computer network in a manner that exceeds any right or permission granted by the owner of the computer or computer network.

§ 16-9-93. Computer crimes defined; exclusivity of article; civil remedies; criminal penalties

(a) Computer theft. Any person who uses a computer or computer network with knowledge that such use is without authority and with the intention of:

(1) Taking or appropriating any property of another, whether or not with the intention of depriving the owner of possession;
(2) Obtaining property by any deceitful means or artful practice; or
(3) Converting property to such person's use in violation of an agreement or other known legal obligation to make a specified application or disposition of such property

shall be guilty of the crime of computer theft.

(b) Computer Trespass. Any person who uses a computer or computer network with knowledge that such use is without authority and with the intention of:

(1) Deleting or in any way removing, either temporarily or permanently, any computer program or data from a computer or computer network;
(2) Obstructing, interrupting, or in any way interfering with the use of a computer program or data; or
(3) Altering, damaging, or in any way causing the malfunction of a computer, computer network, or computer program, regardless of how long the alteration, damage, or malfunction persists

shall be guilty of the crime of computer trespass.

Not Applicable
Hawaii

HAW. REV. STAT. §708-890 Definitions. As used in this part, unless the context otherwise requires:

"Access" means to gain entry to, instruct, communicate with, store data in, retrieve data from, or otherwise make use of any resources of a computer, computer system, or computer network.
. . . . .
"Without authorization" means without the permission of or in excess of the permission of an owner, lessor, or rightful user or someone licensed or privileged by an owner, lessor, or rightful user to grant the permission.

[§708-891] Computer fraud in the first degree.

(1) A person commits the offense of computer fraud in the first degree if the person knowingly, and with intent to defraud, accesses a computer without authorization and, by means of such conduct, obtains or exerts control over the property of another.

(2) In a prosecution for computer fraud in the first degree, it is a defense that the object of the fraud and the property obtained consists only of the use of the computer and the value of such use is not more than $300 in any one-year period.

(3) Computer fraud in the first degree is a class B felony. [L 2001, c 33, pt of §1]

[§708-891.5] Computer fraud in the second degree.

(1) A person commits the offense of computer fraud in the second degree if the person knowingly, and with the intent to defraud, transfers, or otherwise disposes of, to another, or obtains control of, with the intent to transfer or dispose of, any password or similar information through which a computer, computer system, or computer network may be accessed.

(2) Computer fraud in the second degree is a class C felony.

Not Applicable
Idaho

Idaho Code title 18-2202. COMPUTER CRIME.

(1) Any person who knowingly accesses, attempts to access or uses, or attempts to use any computer, computer system, computer network, or any part thereof for the purpose of: devising or executing any scheme or artifice to defraud; obtaining money, property, or services by means of false or fraudulent pretenses, representations, or promises; or committing theft; commits computer crime.

(2) Any person who knowingly and without authorization alters, damages, or destroys any computer, computer system, or computer network described in section 18-2201, Idaho Code, or any computer software, program, documentation, or data contained in such computer, computer system, or computer network commits computer crime.

(3) Any person who knowingly and without authorization uses, accesses, or attempts to access any computer, computer system, or computer network described in section 18-2201, Idaho Code, or any computer software, program, documentation or data contained in such computer, computer system, or computer network, commits computer crime.

(4) A violation of the provisions of subsections (1) or (2) of this section shall be a felony. A violation of the provisions of subsection (3) of this section shall be a misdemeanor.

Burden on Network User
Illinois

Illinois Compiled Statutes 720 ILCS 5/16D-3 Computer Tampering

(a) A person commits the offense of computer tampering when he knowingly and without the authorization of a computer's owner, as defined in Section 15-2 of this Code, or in excess of the authority granted to him:

(1) Accesses or causes to be accessed a computer or any part thereof, a computer network, or a program or data;

(2) Accesses or causes to be accessed a computer or any part thereof, a computer network, or a program or data, and obtains data or services;

(3) Accesses or causes to be accessed a computer or any part thereof, a computer network, or a program or data, and damages or destroys the computer or alters, deletes or removes a computer program or data;

(4) Inserts or attempts to insert a "program" into a computer or computer program knowing or having reason to believe that such "program" contains information or commands that will or may damage or destroy that computer, or any other computer subsequently accessing or being accessed by that computer, or that will or may alter, delete or remove a computer program or data from that computer, or any other computer program or data in a computer subsequently accessing or being accessed by that computer, or that will or may cause loss to the users of that computer or the users of a computer which accesses or which is accessed by such "program";

(5) Falsifies or forges electronic mail transmission information or other routing information in any manner in connection with the transmission of unsolicited bulk electronic mail through or into the computer network of an electronic mail service provider or its subscribers;

. . . . .

(a-10) For purposes of subsection (a), accessing a computer network is deemed to be with the authorization of a computer's owner if:

(1) the owner authorizes patrons, customers, or guests to access the computer network and the person accessing the computer network is an authorized patron, customer, or guest and complies with all terms or conditions for use of the computer network that are imposed by the owner; or

(2) the owner authorizes the public to access the computer network and the person accessing the computer network complies with all terms or conditions for use of the computer network that are imposed by the owner.

[One of the few statutes that anticipates network access as a service offered to patrons - specifically addressing the Wifi Cafe or Wifi in a hotel type situation - this statute still appears to place the burden on the user to ascertain knowledge that the user is authorized]]

Burden on Network User
Indiana

Indiana Code IC 35-43-2-3

(b) A person who knowingly or intentionally accesses:
(1) a computer system;
(2) a computer network; or
(3) any part of a computer system or computer network;
without the consent of the owner of the computer system or computer network, or the consent of the owner's licensee, commits computer trespass, a Class A misdemeanor.

["Knowingly" does not modify "without consent"]

Burden on Network User
Iowa

Iowa Code § 716.6B Unauthorized computer access - penalties - civil cause of action.

1. A person who knowingly and without authorization accesses a computer, computer system, or computer network commits the following:

a. An aggravated misdemeanor if computer data is accessed that contains a confidential record, as defined in section 22.7 , operational or support data of a public utility, as defined in section 476.1 , operational or support data of a rural water district incorporated pursuant to chapter 357A or 504 , operational or support data of a municipal utility organized pursuant to chapter 388 or 389 , operational or support data of a public airport, or a trade secret, as defined in section 550.2 .

b. A serious misdemeanor if computer data is copied, altered, or deleted.

c. A simple misdemeanor for any access which is not an aggravated or serious misdemeanor.

Burden on Network Owner
Kansas

Kansas Statute 21-3755

(b) (1) Computer crime is:

(A) Intentionally and without authorization accessing and damaging, modifying, altering, destroying, copying, disclosing or taking possession of a computer, computer system, computer network or any other property;

(B) using a computer, computer system, computer network or any other property for the purpose of devising or executing a scheme or artifice with the intent to defraud or for the purpose of obtaining money, property, services or any other thing of value by means of false or fraudulent pretense or representation; or

(C) intentionally exceeding the limits of authorization and damaging, modifying, altering, destroying, copying, disclosing or taking possession of a computer, computer system, computer network or any other property.

(2) Computer crime is a severity level 8, nonperson felony.

Not Applicable
Kentucky

Kentucky Revised Statute 434.845 Unlawful access to a computer in the first degree.

(1) A person is guilty of unlawful access to a computer in the first degree when he or she, without the effective consent of the owner, knowingly and willfully, directly or indirectly accesses, causes to be accessed, or attempts to access any computer software, computer program, data, computer, computer system, computer network, or any part thereof, for the purpose of:

(a) Devising or executing any scheme or artifice to defraud; or

(b) Obtaining money, property, or services for themselves or another by means of false or fraudulent pretenses, representations, or promises.

(2) Unlawful access to a computer in the first degree is a Class C felony

434.850 Unlawful access to a computer in the second degree.

(1) A person is guilty of unlawful access to a computer in the second degree when he or she, without the effective consent of the owner, knowingly and willfully, directly or indirectly accesses, causes to be accessed, or attempts to access any computer software, computer program, data, computer, computer system, computer network, or any part thereof, which results in the loss or damage of three hundred dollars ($300) or more.

(2) Unlawful access to a computer in the second degree is a Class D felony

434.851 Unlawful access in the third degree.

(1) A person is guilty of unlawful access in the third degree when he or she, without the effective consent of the owner, knowingly and willfully, directly or indirectly accesses, causes to be accessed, or attempts to access any computer software, computer program, data, computer, computer system, computer network, or any part thereof, which results in the loss or damage of less than three hundred dollars ($300).

(2) Unlawful access to a computer in the third degree is a Class A misdemeanor

434.853 Unlawful access in the fourth degree.

(1) A person is guilty of unlawful access in the fourth degree when he or she, without the effective consent of the owner, knowingly and willfully, directly or indirectly accesses, causes to be accessed, or attempts to access any computer software, computer program, data, computer, computer system, computer network, or any part thereof, which does not result in loss or damage.

(2) Unlawful access to a computer in the fourth degree is a Class B misdemeanor.

Burden on the Network User
Louisiana

Louisiana Revised Statutes § 14: 73.5. Computer fraud

A. Computer fraud is the accessing or causing to be accessed of any computer, computer system, computer network, or any part thereof with the intent to:

(1) Defraud; or

(2) Obtain money, property, or services by means of false or fraudulent conduct, practices, or representations, or through the fraudulent alteration, deletion, or insertion of programs or data.

B. Whoever commits computer fraud shall be fined not more than ten thousand dollars, or imprisoned with or without hard labor for not more than five years, or both.

§14:73.7. Computer tampering

A. Computer tampering is the intentional commission of any of the actions enumerated in this Subsection when that action is taken knowingly and without the authorization of the owner of a computer:

(1) Accessing or causing to be accessed a computer or any part of a computer or any program or data contained within a computer.

(2) Copying or otherwise obtaining any program or data contained within a computer.

(3) Damaging or destroying a computer, or altering, deleting, or removing any program or data contained within a computer, or eliminating or reducing the ability of the owner of the computer to access or utilize the computer or any program or data contained within the computer.

(4) Introducing or attempting to introduce any electronic information of any kind and in any form into one or more computers, either directly or indirectly, and either simultaneously or sequentially, with the intention of damaging or destroying a computer, or altering, deleting, or removing any program or data contained within a computer, or eliminating or reducing the ability of the owner of the computer to access or utilize the computer or any program or data contained within the computer.

B. For purposes of this Section:

(1) Actions which are taken without authorization include actions which intentionally exceed the limits of authorization.

(2) If an owner of a computer has established a confidential or proprietary code which is required in order to access a computer, and that code has not been issued to a person, and that person uses that code to access that computer or to cause that computer to be accessed, that action creates a rebuttable presumption that the action was taken without authorization or intentionally exceeded the limits of authorization.

(3) The vital services or operations of the state, or of any parish, municipality, or other local governing authority, or of any utility company are the services or operations which are necessary to protect the public health, safety, and welfare, and include but are not limited to: law enforcement; fire protection; emergency services; health care; transportation; communications; drainage; sewerage; and utilities, including water, electricity, and natural gas and other forms of energy.

C. Whoever commits the crime of computer tampering as defined in Paragraphs (A)(1) and (2) of this Section shall be fined not more than five hundred dollars or imprisoned for not more that six months, or both.

D. Whoever commits the crime of computer tampering as defined in Paragraphs (A)(3) and (4) of this Section shall be fined not more than ten thousand dollars or imprisoned, with or without hard labor, for not more that five years, or both.

E. Whoever violates the crime of computer tampering as defined in Paragraphs (A)(3) and (4) of this Section with the intention of disrupting the vital services or operations of the state, or of any parish, municipality, or other local governing authority, or of any utility company, or with the intention of causing death or great bodily harm to one or more persons, shall be fined not more than ten thousand dollars or imprisoned at hard labor for not more that fifteen years, or both.

Burden on network user
Maine

ME. REV. STAT. tit. 17-A, § 431(11) " "Not authorized" and "unauthorized" mean not having consent or permission of the owner, or person licensed or authorized by the owner to grant consent or permission, to access or use any computer resource, or accessing or using any computer resource in a manner exceeding the consent or permission. "

§432. Criminal invasion of computer privacy

    1. A person is guilty of criminal invasion of computer privacy if the person intentionally accesses any computer resource knowing that the person is not authorized to do so.

    2. Criminal invasion of computer privacy is a Class D crime.

Burden on network owner
Maryland

Maryland Code § 7-302. Unauthorized access to computers and related material. (c) Prohibited.-

(1) A person may not intentionally, willfully, and without authorization access, attempt to access, cause to be accessed, or exceed the person's authorized access to all or part of a computer network, computer control language, computer, computer software, computer system, computer services, or computer database.

(2) A person may not commit an act prohibited by paragraph (1) of this subsection with the intent to:

(i) cause the malfunction or interrupt the operation of all or any part of a computer, computer network, computer control language, computer software, computer system, computer services, or computer data; or

(ii) alter, damage, or destroy all or any part of data or a computer program stored, maintained, or produced by a computer, computer network, computer software, computer system, computer services, or computer database.

(3) A person may not intentionally, willfully, and without authorization:

(i) possess, identify, or attempt to identify a valid access code; or

(ii) publicize or distribute a valid access code to an unauthorized person.

Burden on the network user
Massachusetts

MASS. GEN. LAWS Ch. 266 Crimes Against Property, Sec. 120F Unauthorized access to computer system; penalties

"Whoever, without authorization, knowingly accesses a computer system by any means, or after gaining access to a computer system by any means knows that such access is not authorized and fails to terminate such access, shall be punished by imprisonment in the house of correction for not more than thirty days or by a fine of not more than one thousand dollars, or both.

"The requirement of a password or other authentication to gain access shall constitute notice that access is limited to authorized users."

Burden on network owner
Michigan
Michigan Law 752.794 Prohibited access to computer program, computer, computer system, or computer network.

Sec. 4. A person shall not intentionally access or cause access to be made to a computer program, computer, computer system, or computer network to devise or execute a scheme or artifice with the intent to defraud or to obtain money, property, or a service by a false or fraudulent pretense, representation, or promise.

752.795 Prohibited conduct.

Sec. 5.

A person shall not intentionally and without authorization or by exceeding valid authorization do any of the following:

(a) Access or cause access to be made to a computer program, computer, computer system, or computer network to acquire, alter, damage, delete, or destroy property or otherwise use the service of a computer program, computer, computer system, or computer network.

(b) Insert or attach or knowingly create the opportunity for an unknowing and unwanted insertion or attachment of a set of instructions or a computer program into a computer program, computer, computer system, or computer network, that is intended to acquire, alter, damage, delete, disrupt, or destroy property or otherwise use the services of a computer program, computer, computer system, or computer network. This subdivision does not prohibit conduct protected under section 5 of article I of the state constitution of 1963 or under the first amendment of the constitution of the United States.

Burden on network user
Minnesota

MINN. STAT. § 609.87 "Subd. 2a. Authorization. "Authorization" means with the permission of the owner of the computer, computer system, computer network, computer software, or other property.
Authorization may be limited by the owner by:

(1) giving the user actual notice orally or in writing;
(2) posting a written notice in a prominent location adjacent to the computer being used; or
(3) using a notice displayed on or announced by the computer being used."

§ 609.891 Subd. 1 " Subdivision 1. Crime. A person is guilty of unauthorized computer access if the person intentionally and without authorization attempts to or does penetrate a computer security system. "

[While the definition of "authorization" sets forth how the network owner may provide notice of limited authorization, "may" is permissive not obligatory - the network owner could limit authorization in other ways, or not at all. If it were obligatory (ie "must") then the burden would be on the network owner. This statute reads as if this is a really warm suggestion on how notice of limited authorization could be provided.]]

Burden on Network User
Mississippi

Mississippi Code § 97-45-1

§ 97-45-3. Computer fraud; penalties.

(1) Computer fraud is the accessing or causing to be accessed of any computer, computer system, computer network or any part thereof with the intent to:

(a) Defraud;

(b) Obtain money, property or services by means of false or fraudulent conduct, practices or representations; or through the false or fraudulent alteration, deletion or insertion of programs or data; or

(c) Insert or attach or knowingly create the opportunity for an unknowing and unwanted insertion or attachment of a set of instructions or a computer program into a computer program, computer, computer system, or computer network, that is intended to acquire, alter, damage, delete, disrupt, or destroy property or otherwise use the services of a computer program, computer, computer system or computer network.

Not applicable
Missouri
Tampering with computer users, penalties.

Missouri Code § 569.099. 1. A person commits the crime of tampering with computer users if he knowingly and without authorization or without reasonable grounds to believe that he has such authorization:

(1) Accesses or causes to be accessed any computer, computer system, or computer network; or

(2) Denies or causes the denial of computer system services to an authorized user of such computer system services, which, in whole or in part, is owned by, under contract to, or operated for, or on behalf of, or in conjunction with another.

2. The offense of tampering with computer users is a class A misdemeanor unless the offense is committed for the purpose of devising or executing any scheme or artifice to defraud or to obtain any property, the value of which is five hundred dollars or more, in which case tampering with computer users is a class D felony.

Burden on network user
Montana

Montana Code § 45-6-311. Unlawful use of a computer. (1) A person commits the offense of unlawful use of a computer if the person knowingly or purposely:

(a) obtains the use of any computer, computer system, or computer network without consent of the owner;

(b) alters or destroys or causes another to alter or destroy a computer program or computer software without consent of the owner; or

(c) obtains the use of or alters or destroys a computer, computer system, computer network, or any part thereof as part of a deception for the purpose of obtaining money, property, or computer services from the owner of the computer, computer system, computer network, or part thereof or from any other person.

(2) A person convicted of the offense of unlawful use of a computer involving property not exceeding $1,000 in value shall be fined not to exceed $1,000 or be imprisoned in the county jail for a term not to exceed 6 months, or both. A person convicted of the offense of unlawful use of a computer involving property exceeding $1,000 in value shall be fined not more than 2 1/2 times the value of the property used, altered, destroyed, or obtained or be imprisoned in the state prison for a term not to exceed 10 years, or both.

Burden on the network owner
Nebraska

NEB. REV. STAT. § 28-1343.01. Unauthorized computer access; penalty.

(1) A person commits the offense of unauthorized computer access if the person intentionally and without authority penetrates a computer security system.

(2) A person who violates subsection (1) of this section in a manner that creates a grave risk of causing the death of a person shall be guilty of a Class IV felony.

(3) A person who violates subsection (1) of this section in a manner that creates a risk to public health and safety shall be guilty of a Class I misdemeanor.

(4) A person who violates subsection (1) of this section in a manner that compromises the security of data shall be guilty of a Class II misdemeanor.

Burden on network user
Nevada

NRS 205.477 Unlawful interference with or denial of access to or use of computers; unlawful use or access of computers; affirmative defense.

1. Except as otherwise provided in subsections 3 and 4, a person who knowingly, willfully and without authorization interferes with, denies or causes the denial of access to or use of a computer, system or network to a person who has the duty and right to use it is guilty of a misdemeanor.

2. Except as otherwise provided in subsections 3 and 4, a person who knowingly, willfully and without authorization uses, causes the use of, accesses, attempts to gain access to or causes access to be gained to a computer, system, network, telecommunications device, telecommunications service or information service is guilty of a misdemeanor.

3. If the violation of any provision of this section:

(a) Was committed to devise or execute a scheme to defraud or illegally obtain property;

(b) Caused response costs, loss, injury or other damage in excess of $500; or

(c) Caused an interruption or impairment of a public service, including, without limitation, a governmental operation, a system of public communication or transportation or a supply of water, gas or electricity,

the person is guilty of a category C felony and shall be punished as provided in NRS 193.130 , and may be further punished by a fine of not more than $100,000. In addition to any other penalty, the court shall order the person to pay restitution.

4. It is an affirmative defense to a charge made pursuant to this section that at the time of the alleged offense the defendant reasonably believed that:

(a) He was authorized to use or access the computer, system, network, telecommunications device, telecommunications service or information service and such use or access by the defendant was within the scope of that authorization; or

(b) The owner or other person authorized to give consent would authorize the defendant to use or access the computer, system, network, telecommunications device, telecommunications service or information service.

5. A defendant who intends to offer an affirmative defense described in subsection 4 at a trial or preliminary hearing must, not less than 14 days before the trial or hearing or at such other time as the court may direct, file and serve on the prosecuting attorney a written notice of that intent.

Burden on network user
New Hampshire

N.H. REV. STAT. Chapt. 638 § 638:16 II ""Authorization'' means the express or implied consent given by a person to another to access or use said person's computer, computer network, computer program, computer software, password, identifying code, or personal identification number.

§ 638:17 I. A person is guilty of the computer crime of unauthorized access to a computer or computer network when, knowing that the person is not authorized to do so, he or she knowingly accesses or causes to be accessed any computer or computer network without authorization. It shall be an affirmative defense to a prosecution for unauthorized access to a computer or computer network that:

(a) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, had authorized him or her to access; or

(b) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, would have authorized the person to access without payment of any consideration; or

(c) The person reasonably could not have known that his or her access was unauthorized.

Burden on Network Owner
New Jersey

N.J. STAT. § 2C:20-23(q) "Authorization" means permission, authority or consent given by a person who possesses lawful authority to grant such permission, authority or consent to another person to access, operate, use, obtain, take, copy, alter, damage or destroy a computer, computer network, computer system, computer equipment, computer software, computer program, computer storage medium, or data. An actor has authorization if a reasonable person would believe that the act was authorized.

2C:20-25 Computer criminal activity; degree of crime; sentencing.

4. A person is guilty of computer criminal activity if the person purposely or knowingly and without authorization, or in excess of authorization:

a. Accesses any data, data base, computer storage medium, computer program, computer software, computer equipment, computer, computer system or computer network;

b. Alters, damages or destroys any data, data base, computer, computer storage medium, computer program, computer software, computer system or computer network, or denies, disrupts or impairs computer services, including access to any part of the Internet, that are available to any other user of the computer services;

c. Accesses or attempts to access any data, data base, computer, computer storage medium, computer program, computer software, computer equipment, computer system or computer network for the purpose of executing a scheme to defraud, or to obtain services, property, personal identifying information, or money, from the owner of a computer or any third party;

d. (Deleted by amendment, P.L.2003, c.39).

e. Obtains, takes, copies or uses any data, data base, computer program, computer software, personal identifying information, or other information stored in a computer, computer network, computer system, computer equipment or computer storage medium; or

f. Accesses and recklessly alters, damages or destroys any data, data base, computer, computer storage medium, computer program, computer software, computer equipment, computer system or computer network.

g. A violation of subsection a. of this section is a crime of the third degree. A violation of subsection b. is a crime of the second degree. A violation of subsection c. is a crime of the third degree, except that it is a crime of the second degree if the value of the services, property, personal identifying information, or money obtained or sought to be obtained exceeds $5,000. A violation of subsection e. is a crime of the third degree, except that it is a crime of the second degree if the data, data base, computer program, computer software, or information:

(1) is or contains personal identifying information, medical diagnoses, treatments or other medical information concerning an identifiable person;

(2) is or contains governmental records or other information that is protected from disclosure by law, court order or rule of court; or

(3) has a value exceeding $5,000.

Burden on Network User

New Mexico

New Mexico Statute

30-45-5. Unauthorized computer use.

A person who knowingly, willfully and without authorization, or having obtained authorization, uses the opportunity the authorization provides for purposes to which the authorization does not extend, directly or indirectly accesses, uses, takes, transfers, conceals, obtains, copies or retains possession of any computer, computer network, computer property, computer service, computer system or any part thereof, when the:

A. damage to the computer property or computer service has a value of two hundred fifty dollars ($250) or less, is guilty of a petty misdemeanor;

B. damage to the computer property or computer service has a value of more than two hundred fifty dollars ($250) but not more than five hundred dollars ($500), is guilty of a misdemeanor;

C. damage to the computer property or computer service has a value of more than five hundred dollars ($500) but not more than two thousand five hundred dollars ($2,500), is guilty of a fourth degree felony;

D. damage to the computer property or computer service has a value of more than two thousand five hundred dollars ($2,500) but not more than twenty thousand dollars ($20,000), is guilty of a third degree felony; or

E. damage to the computer property or computer service has a value of more than twenty thousand dollars ($20,000), is guilty of a second degree felony.

Burden on Network User
New York

NY State Penal Code § 156.00(8) "Without authorization" means to use or to access a computer, computer service or computer network without the permission of the owner or lessor or someone licensed or privileged by the owner or lessor where such person knew that his or her use or access was without permission or after actual notice to such person that such use or access was without permission. It shall also mean the access of a computer service by a person without permission where such person knew that such access was without permission or after actual notice to such person, that such access was without permission. Proof that such person used or accessed a computer, computer service or computer network through the knowing use of a set of instructions, code or computer program that bypasses, defrauds or otherwise circumvents a security measure installed or used with the user's authorization on the computer, computer service or computer network shall be presumptive evidence that such person used or accessed such computer, computer service or computer network without authorization.

§ 156.05 Unauthorized use of a computer. A person is guilty of unauthorized use of a computer when he or she knowingly uses, causes to be used, or accesses a computer, computer service, or computer network without authorization. Unauthorized use of a computer is a class A misdemeanor.

People v. Angeles, 180 Misc. 2d 146, 148–49 (N.Y. Crim. Ct. 1999) "The statute, however, on its face does not make criminal the mere use or accessing of a computer system without permission or authority. The Legislature has imposed the additional requirement that the computer be “equipped or programmed with any device or coding system, a function of which is to prevent the unauthorized use of [the] computer or computer system. The legislative history of the statute makes clear that this requirement was included on the ground that “[s]uch protective devices" provide the first line of defense against unauthorized intrusion into a computer system.”
Burden on network owner
North Carolina

North Carolina Statutes § 14-454 . Accessing computers.

(a) It is unlawful to willfully, directly or indirectly, access or cause to be accessed any computer, computer program, computer system, computer network, or any part thereof, for the purpose of :

(1) Devising or executing any scheme or artifice to defraud, unless the object of the scheme or artifice is to obtain educational testing material, a false educational testing score, or a false academic or vocational grade, or

(2) Obtaining property or services other than educational testing material, a false educational testing score, or a false academic or vocational grade for a person, by means of false or fraudulent pretenses, representations or promises.

A violation of this subsection is a Class G felony if the fraudulent scheme or artifice results in damage of more than one thousand dollars ($1,000), or if the property or services obtained are worth more than one thousand dollars ($1,000). Any other violation of this subsection is a Class 1 misdemeanor.

(b) Any person who willfully and without authorization , directly or indirectly, accesses or causes to be accessed any computer, computer program, computer system, or computer network for any purpose other than those set forth in subsection (a) above, is guilty of a Class 1 misdemeanor.

(c) For the purpose of this section, the phrase "access or cause to be accessed" includes introducing, directly or indirectly, a computer program (including a self-replicating or a self-propagating computer program) into a computer, computer program, computer system, or computer network.

§ 14-453 . Definitions.

As used in this Article, unless the context clearly requires otherwise, the following terms have the meanings specified:

(1a) "Authorization" means having the consent or permission of the owner, or of the person licensed or authorized by the owner to grant consent or permission to access a computer, computer system, or computer network in a manner not exceeding the consent or permission.
Burden on network user
North Dakota

North Dakota Code 12.1-06.1-08 . Computer fraud - Computer crime - Classification - Penalty.

1. A person commits computer fraud by gaining or attempting to gain access to , altering, damaging, modifying, copying, disclosing, taking possession of, or destroying any computer, computer system, computer network , or any part of the computer, system, or network, without authorization , and with the intent to devise or execute any scheme or artifice to defraud, deceive, prevent the authorized use of, or control property or services by means of false or fraudulent pretenses, representations, or promises. A person who commits computer fraud is guilty of a class C felony.

2. A person commits computer crime by intentionally and either in excess of authorization given or without authorization gaining or attempting to gain access to , altering, damaging, modifying, copying, disclosing, taking possession of, introducing a computer contaminant into, destroying, or preventing the authorized use of any computer, computer system, or computer network , or any computer software, program, or data contained in the computer, computer system, or computer network. A person who commits computer crime is guilty of a class A misdemeanor.

3. In addition to any other remedy available, the owner or lessee of a computer, computer system, computer network, or any part of the computer, computer system, or computer network may bring a civil action for damages, restitution, and attorney's fees for damages incurred as a result of the violation of this section.
Burden on network user
Ohio

OHIO REV. CODE Chapt 2913

§ 2913.04

(B) No person, in any manner and by any means, including, but not limited to, computer hacking, shall knowingly gain access to, attempt to gain access to, or cause access to be gained to any computer, computer system, computer network, cable service, cable system, telecommunications device, telecommunications service, or information service without the consent of, or beyond the scope of the express or implied consent of, the owner of the computer, computer system, computer network, cable service, cable system, telecommunications device, telecommunications service, or information service or other person authorized to give consent .

(D) "The affirmative defenses contained in division (C) of section 2913.03 of the Revised Code are affirmative defenses to a charge under this section."

§ 2913.03

(C) The following are affirmative defenses to a charge under this section:

    (1) At the time of the alleged offense, the actor, though mistaken, reasonably believed that the actor was authorized to use or operate the property.

    (2) At the time of the alleged offense, the actor reasonably believed that the owner or person empowered to give consent would authorize the actor to use or operate the property.

Burden on Network User
Oklahoma

Oklahoma §21 -1953. Prohibited acts.

A. It shall be unlawful to:

1. Willfully, and without authorization , gain or attempt to gain access to and damage, modify, alter, delete, destroy, copy, make use of , disclose or take possession of a computer, computer system, computer network or any other property;

2. Use a computer, computer system, computer network or any other property as hereinbefore defined for the purpose of devising or executing a scheme or artifice with the intent to defraud, deceive, extort or for the purpose of controlling or obtaining money, property, services or other thing of value by means of a false or fraudulent pretense or representation;

3. Willfully exceed the limits of authorization and damage, modify, alter, destroy, copy, delete, disclose or take possession of a computer, computer system, computer network or any other property;

4. Willfully and without authorization , gain or attempt to gain access to a computer, computer system, computer network or any other property;

5. Willfully and without authorization use or cause to be used computer services ;

6. Willfully and without authorization disrupt or cause the disruption of computer services or deny or cause the denial of access or other computer services to an authorized user of a computer, computer system or computer network;

7. Willfully and without authorization provide or assist in providing a means of accessing a computer, computer system or computer network in violation of this section;

8. Willfully use a computer, computer system, or computer network to annoy, abuse, threaten, or harass another person; and

9. Willfully use a computer, computer system, or computer network to put another person in fear of physical harm or death.

B. Any person convicted of violating paragraph 1, 2, 3, 6, 7 or 9 of subsection A of this section shall be guilty of a felony punishable as provided in Section 1955 of this title.

C. Any person convicted of violating paragraph 4, 5 or 8 of subsection A of this section shall be guilty of a misdemeanor.

Burden on network user
Oregon

Oregon 164 .377 Computer crime

(2) Any person commits computer crime who knowingly accesses, attempts to access or uses, or attempts to use, any computer, computer system, computer network or any part thereof for the purpose of:

(a) Devising or executing any scheme or artifice to defraud;

(b) Obtaining money, property or services by means of false or fraudulent pretenses, representations or promises; or

(c) Committing theft, including, but not limited to, theft of proprietary information.

(3) Any person who knowingly and without authorization alters, damages or destroys any computer, computer system, computer network, or any computer software, program, documentation or data contained in such computer, computer system or computer network, commits computer crime.

(4) Any person who knowingly and without authorization uses, accesses or attempts to access any computer, computer system, computer network , or any computer software, program, documentation or data contained in such computer, computer system or computer network, commits computer crime.

Burden on network user
Pennsylvania

Pennsylvania Statute Title 18 § 3933 . Unlawful use of computer.

(a) Offense defined.-- A person commits the offense of unlawful use of a computer if he, whether in person, electronically or through the intentional distribution of a computer virus:

  1. accesses , exceeds authorization to access, alters, damages or destroys any computer, computer system, computer network , computer software, computer program or data base or any part thereof, with the intent : to interrupt the normal functioning of an organization or to devise or execute any scheme or artifice to defraud or deceive or control property or services by means of false or fraudulent pretenses, representations or promises;
  2. intentionally and without authorization accesses , alters, interferes with the operation of, damages or destroys any computer, computer system, computer network , computer software, computer program or computer data base or any part thereof;
  3. intentionally or knowingly and without authorization gives or publishes a password, identifying code, personal identification number or other confidential information about a computer, computer system, computer network or data base.
intentionally or knowingly engages in a scheme or artifice, including, but not limited to, a denial of service attack, upon any computer, computer system, computer network, computer software, computer program, computer server or data base or any part thereof that is designed to block, impede or deny the access of information or initiation or completion of any sale or transaction by users of that computer, computer system, computer network, computer software, computer program, computer server or data base or any part thereof.
Burden on network user
Rhode Island

§ 11-52-1 Definitions (15) (v) A person is "without authority" when: (A) he or she has no right or permission of the owner to use a computer, or, he or she uses a computer in a manner exceeding his or her right or permission or (B) he or she uses an Internet service e-mail system offered by a Rhode Island based Internet service provider in contravention of the authority granted by or in violation of the policies set by the Internet service provider.

§ 11-52-3 Intentional access, alteration, damage, or destruction. - Whoever, intentionally, without authorization, and for fraudulent or other illegal purposes, directly or indirectly, accesses, alters, damages, or destroys any computer, computer system, computer network, computer software, computer program, or data contained in a computer, computer system, computer program, or computer network shall be guilty of a felony and shall be subject to the penalties set forth in § 11-52-5.

Not Applicable
South Carolina

S.C. CODE § 16-16-10(l) "Unauthorized access" means access of a computer, computer system, or computer network not explicitly or implicitly authorized by the appropriate principal of the computer, computer system, or computer network.

16-16-20 (1) It is unlawful for a person to wilfully, knowingly, maliciously, and without authorization or for an unauthorized purpose to:

(a) directly or indirectly access or cause to be accessed a computer, computer system, or computer network for the purpose of:

(i) devising or executing a scheme or artifice to defraud;
(ii) obtaining money, property, or services by means of false or fraudulent pretenses, representations, promises; or
(iii) committing any other crime.

(b) alter, damage, destroy, or modify a computer, computer system, computer network, computer software, computer program, or data contained in that computer, computer system, computer program, or computer network or introduce a computer contaminant into that computer, computer system, computer program, or computer network.

Not Applicable
South Dakota

43-43B-1. Unlawful uses of computer system. A person is guilty of unlawful use of a computer system, software, or data if the person:

(1) Knowingly obtains the use of, accesses or exceeds authorized access to, a computer system, or any part thereof, without the consent of the owner;
(2) Knowingly obtains the use of, accesses, or exceeds authorized access to, a computer system, or any part thereof, without the consent of the owner, and the access or use includes access to confidential data or material;
(3) Knowingly copies or obtains information from a computer system, or compromises any security controls for the computer system, or uses or discloses to another, or attempts to use or disclose to another, the numbers, codes, passwords, or other means of access to a computer system without the consent of the owner;
(4) Knowingly disrupts, denies, or inhibits access to software or data without the consent of the owner;
(5) Knowingly disrupts, denies, or inhibits access to a computer system, without consent of the owner;
(6) Knowingly modifies, changes, or alters software or data, without the consent of the owner;
(7) Knowingly obtains use of, alters, accesses, or exceeds authorized access to, destroys, disables, or inhibits access to a computer system, as part of a deception for the purpose of obtaining money, property, or services from the owner of a computer system, or any third party;
(8) Knowingly destroys or disables a computer system, without consent of the owner; or
(9) Knowingly destroys or disables software or computer data, without consent of the owner.

Burden on Network User
Tennessee

Tennessee Code § 39-14-601. Part definitions.

- As used in this part, unless the context otherwise requires:

(1) "Access" means to approach, instruct, communicate, or connect with, store data in, retrieve or intercept data from, or otherwise make use of any resources of a computer, computer system, or computer network, or information exchanged from any communication between computers or authorized computer users and electronic, electromagnetic, electrochemical, acoustic, mechanical, or other means;

(2) "Authorization" means any and all forms of consent, including both implicit and explicit consent;

Tennessee Code § 39-14-602. Violations - Penalties. - (b) Whoever intentionally and without authorization, directly or indirectly: (1) Accesses any computer, computer system, or computer network commits a Class C misdemeanor. Operating a computer network in such a way as to allow anonymous access to that network shall constitute implicit consent to access under this part;

Burden on Network Owner
Texas

Title 7 Chapter 33

Sec. 33.02. BREACH OF COMPUTER SECURITY. (a) A person commits an offense if the person knowingly accesses a computer, computer network, or computer system without the effective consent of the owner.

Sec. 33.01. DEFINITIONS

(12) "Effective consent" includes consent by a person legally authorized to act for the owner. Consent is not effective if:

(A) induced by deception, as defined by Section 31.01, or induced by coercion;

(B) given by a person the actor knows is not legally authorized to act for the owner;

(C) given by a person who by reason of youth, mental disease or defect, or intoxication is known by the actor to be unable to make reasonable property dispositions;

(D) given solely to detect the commission of an offense; or

(E) used for a purpose other than that for which the consent was given.

Burden on network owner
Utah

76-6-703 . Computer crimes and penalties.

(2) (a) Except as provided in Subsection (2)(b), a person who intentionally or knowingly and without authorization gains or attempts to gain access to a computer, computer network, computer property, or computer system under circumstances not otherwise constituting an offense under this section is guilty of a class B misdemeanor.

76-6-702 . Definitions.
As used in this part:

(1) "Access" means to directly or indirectly use, attempt to use, instruct, communicate with, cause input to, cause output from, or otherwise make use of any resources of a computer, computer system, computer network, or any means of communication with any of them.

(2) "Authorization" means having the express or implied consent or permission of the owner, or of the person authorized by the owner to give consent or permission to access a computer, computer system, or computer network in a manner not exceeding the consent or permission.

Burden on Network User
Vermont

§ 4102. Unauthorized access

A person who knowingly and intentionally and without lawful authority, accesses any computer, computer system, computer network, computer software, computer program, or data contained in such computer, computer system, computer program, or computer network shall be imprisoned not more than six months or fined not more than $500.00, or both. (Added 1999, No. 35, § 1.)

Burden on Network User
Virginia

§ 18.2-152.3 . Computer fraud; penalty.

Any person who uses a computer or computer network, without authority and:

1. Obtains property or services by false pretenses;

2. Embezzles or commits larceny; or

3. Converts the property of another;

is guilty of the crime of computer fraud.

If the value of the property or services obtained is $200 or more, the crime of computer fraud shall be punishable as a Class 5 felony. Where the value of the property or services obtained is less than $200, the crime of computer fraud shall be punishable as a Class 1 misdemeanor.

§ 18.2-152.6 . Theft of computer services; penalties.

Any person who willfully obtains computer services without authority is guilty of the crime of theft of computer services, which shall be punishable as a Class 1 misdemeanor. If the theft of computer services is valued at $2,500 or more, he is guilty of a Class 6 felony.

[What does "willfully" mean?]

Burden on Network Owner
Washington

RCW 9A.52.110 Computer trespass in the first degree.

(1) A person is guilty of computer trespass in the first degree if the person, without authorization, intentionally gains access to a computer system or electronic database of another; and

(a) The access is made with the intent to commit another crime; or

(b) The violation involves a computer or database maintained by a government agency.

(2) Computer trespass in the first degree is a class C felony.

RCW 9A.52.120 Computer trespass in the second degree.

(1) A person is guilty of computer trespass in the second degree if the person, without authorization, intentionally gains access to a computer system or electronic database of another under circumstances not constituting the offense in the first degree.

(2) Computer trespass in the second degree is a gross misdemeanor.

Burden on Network User
West Virginia

W. VA. CODE §61-3C-3. Definitions.
As used in this article, unless the context clearly indicates otherwise:

(a) "Access" means to instruct, communicate with, store data in, retrieve data from, intercept data from or otherwise make use of any computer, computer network, computer program, computer software, computer data or other computer resources.

(b) "Authorization" means the express or implied consent given by a person to another to access or use said person's computer, computer network, computer program, computer software, computer system, password, identifying code or personal identification number.

§61-3C-4. Computer fraud; access to Legislature computer; criminal penalties.
(a) Any person who, knowingly and willfully, directly or indirectly, accesses or causes to be accessed any computer, computer services or computer network for the purpose of

(1) executing any scheme or artifice to defraud or

(2) obtaining money, property or services by means of fraudulent pretenses, representations or promises is guilty of a felony, and, upon conviction thereof, shall be fined not more than ten thousand dollars or imprisoned in the penitentiary for not more than ten years, or both fined and imprisoned.

Not Applicable
Wisconsin

Wisconsin Statutes 943.70 (3) Offenses against computers, computer equipment or supplies.

(a) Whoever willfully, knowingly and without authorization does any of the following may be penalized as provided in par. (b) :

2. Destroys, uses, takes or damages a computer, computer system, computer network or equipment or supplies used or intended to be used in a computer, computer system or computer network.

Burden on Network User
Wyoming

Wyoming Statute 6-3-502. Crimes against intellectual property; penalties.

(a) A person commits a crime against intellectual property if he knowingly and without authorization:

(i) Modifies data, programs or supporting documentation residing or existing internal or external to a computer, computer system or computer network;

(ii) Destroys data, programs or supporting documentation residing or existing internal or external to a computer, computer system or computer network;

(iii) Discloses or takes data, programs, or supporting documentation having a value of more than seven hundred fifty dollars ($750.00) and which is a trade secret or is confidential, as provided by law, residing or existing internal or external to a computer, computer system or computer network.

(b) A crime against intellectual property is:

(i) A felony punishable by imprisonment for not more than three (3) years, a fine of not more than three thousand dollars ($3,000.00), or both, except as provided in paragraph (ii) of this subsection;

(ii) A felony punishable by imprisonment for not more than ten (10) years, a fine of not more than ten thousand dollars ($10,000.00), or both, if the crime is committed with the intention of devising or executing a scheme or artifice to defraud or to obtain property.

Not Applicable