CONNECTICUT

TITLE 52. CIVIL ACTIONS
CHAPTER 925. STATUTORY RIGHTS OF ACTION AND DEFENSES

52-570b. Action for computer-related offenses

      (a) Any aggrieved person who has reason to believe that any other person has been engaged, is

          engaged or is about to engage in an alleged violation of any provision of section 53a-251 may bring an

          action against such person and may apply to the superior court for: 



             (1) An order temporarily or permanently restraining and enjoining the commencement or

                 continuance of such act or acts; 



             (2) an order directing restitution; or 



             (3) an order directing the appointment of a receiver. Subject to making due provisions for

                 the rights of innocent persons, a receiver shall have the power to sue for, collect, receive and take into his

                 possession any property which belongs to the person who is alleged to have violated any provision of

                 section 53a-251 and which may have been derived by, been used in or aided in any manner such alleged

                 violation. Such property shall include goods and chattels, rights and credits, moneys and effects, books,

                 records, documents, papers, choses in action, bills, notes and property of every description including all

                 computer system equipment and data, and including property with which such property has been

                 commingled if it cannot be identified in kind because of such commingling. The receiver shall also have the

                 power to sell, convey and assign all of the foregoing and hold and dispose of the proceeds thereof under

                 the direction of the court. Any person who has suffered damages as a result of an alleged violation of any

                 provision of section 53a-251, and submits proof to the satisfaction of the court that he has in fact been

                 damaged, may participate with general creditors in the distribution of the assets to the extent he has

                 sustained out-of-pocket losses. The court shall have jurisdiction of all questions arising in such proceedings

                 and may make such orders and judgments therein as may be required.



      (b) The court may award the relief applied for or such other relief as it may deem appropriate in

          equity.



      (c) Independent of or in conjunction with an action under subsection (a) of this section, any person

          who suffers any injury to person, business or property may bring an action for damages against a person

          who is alleged to have violated any provision of section 53a-251. The aggrieved person shall recover actual

          damages and damages for unjust enrichment not taken into account in computing damages for actual loss,

          and treble damages where there has been a showing of wilful and malicious conduct.



      (d) Proof of pecuniary loss is not required to establish actual damages in connection with an alleged

          violation of subsection (e) of section 53a-251 arising from misuse of private personal data.



      (e) In any civil action brought under this section, the court shall award to any aggrieved person

          who prevails, reasonable costs and reasonable attorney's fees.                                                         

      (f) The filing of a criminal action against a person is not a prerequisite to the bringing of a civil

          action under this section against such person.



      (g) A civil action may be brought under this section against the state or any political subdivision

          thereof and the defense of governmental immunity shall not be available in any such action. The rights and

          liability of the state or any political subdivision thereof in each such action shall be coextensive with and

          shall equal the rights and liability of private persons in like circumstances.(h) No civil action under

          this section may be brought but within three years from the date the alleged violation of section 53a-251

          is discovered or should have been discovered by the exercise of reasonable diligence.

TITLE 53a. PENAL CODE

CHAPTER 952. PENAL CODE: OFFENSES PART XXII. COMPUTER-RELATED OFFENSES

53a-250. Definitions For the purposes of this part and section 52-570b:

            

             (1) "Access" means to instruct, communicate with, store data in or retrieve data from a

                  computer, computer system or computer network.



             (2) "Computer" means a programmable, electronic device capable of accepting and

                  processing data.



             (3) "Computer network" means 



                   (A) a set of related devices connected to a computer by communications facilities,

                       or 



                   (B) a complex of two or more computers, including related devices, connected by

                       communications facilities.



             (4) "Computer program" means a set of instructions, statements or related data that, in

                  actual or modified form, is capable of causing a computer or computer system to perform specified

                  functions.



             (5) "Computer services" includes, but is not limited to, computer access, data processing

                  and data storage.



             (6) "Computer software" means one or more computer programs, existing in any form, or

                  any associated operational procedures, manuals or other documentation.



             (7) "Computer system" means a computer, its software, related equipment, communications

                  facilities, if any, and includes computer networks.



             (8) "Data" means information of any kind in any form, including computer software.



             (9) "Person" means a natural person, corporation, trust, partnership, incorporated or

                  unincorporated association and any other legal or governmental entity, including any state or municipal

                  entity or public official.



             (10)"Private personal data" means data concerning a natural person which a reasonable

                  person would want to keep private and which is protectable under law.



             (11)"Property" means anything of value, including data.

53a-251. Computer crime

      (a)  Defined. A person commits computer crime when he violates any of the provisions of this

                section.



      (b)  Unauthorized access to a computer system.    (1) A person is guilty of the

           computer crime of unauthorized access to a computer system when, knowing that he is not authorized to

           do so, he accesses or causes to be accessed any computer system without authorization.(2)

           It shall be an affirmative defense to a prosecution for unauthorized access to a computer system that:(A)

           The person reasonably believed that the owner of the computer system, or a person empowered to license

           access thereto, had authorized him to access;     (B) the person reasonably believed that

           the owner of the computer system, or a person empowered to license access thereto, would have

           authorized him to access without payment of any consideration; or    (C) the person

           reasonably could not have known that his access was unauthorized.    



      (c)  Theft of computer services. A person is guilty of the computer crime of theft of computer

           services when he accesses or causes to be accessed or otherwise uses or causes to be used a computer

           system with the intent to obtain unauthorized computer services.



      (d)  Interruption of computer services. A person is guilty of the computer crime of interruption

           of computer services when he, without authorization, intentionally or recklessly disrupts or degrades or

           causes the disruption or degradation of computer services or denies or causes the denial of computer

           services to an authorized user of a computer system.



      (e)  Misuse of computer system information. A person is guilty of the computer crime of misuse

           of computer system information when:        (1) As a result of his accessing or causing to be

           accessed a computer system, he intentionally makes or causes to be made an unauthorized display, use,

           disclosure or copy, in any form, of data residing in, communicated by or produced by a computer system;

           or           (2) he intentionally or recklessly and without authorization 



                   (A) alters, deletes, tampers with, damages, destroys or takes data intended for use

                       by a computer system, whether residing within or external to a computer system, or(B)

                       intercepts or adds data to data residing within a computer system; or(3) he knowingly receives

                       or retains data obtained in violation of subdivision (1) or (2) of this subsection; or(4) he uses

                       or discloses any data he knows or believes was obtained in violation of subdivision (1) or (2) of this

                       subsection.



      (f)  Destruction of computer equipment. A person is guilty of the computer crime of destruction

           of computer equipment when he, without authorization, intentionally or recklessly tampers with, takes,

           transfers, conceals, alters, damages or destroys any equipment used in a computer system or intentionally

           or recklessly causes any of the foregoing to occur.

53a-252. Computer crime in the first degree: Class B felony

      (a) A person is guilty of computer crime in the first degree when he commits computer crime as

          defined in section 53a-251 and the damage to or the value of the property or computer services exceeds

          ten thousand dollars.



      (b) Computer crime in the first degree is a class B felony.

53a-253. Computer crime in the second degree: Class C felony

      (a) A person is guilty of computer crime in the second degree when he commits computer crime

          as defined in section 53a-251 and the damage to or the value of the property or computer services exceeds

          five thousand dollars.



      (b) Computer crime in the second degree is a class C felony.

53a-254. Computer crime in the third degree: Class D felony

      (a) A person is guilty of computer crime in the third degree when he commits computer crime as

               defined in section 53a-251 and        (1) the damage to or the value of the property or computer

               services exceeds one thousand dollars or    (2) he recklessly engages in conduct which creates

               a risk of serious physical injury to another person.



      (b) Computer crime in the third degree is a class D felony.

53a-255. Computer crime in the fourth degree: Class A misdemeanor

      (a) A person is guilty of computer crime in the fourth degree when he commits computer crime

               as defined in section 53a-251 and the damage to or the value of the property or computer services exceeds

               five hundred dollars.



      (b) Computer crime in the fourth degree is a class A misdemeanor.

53a-256. Computer crime in the fifth degree: Class B misdemeanor

      (a) A person is guilty of computer crime in the fifth degree when he commits computer crime as

               defined in section 53a-251 and the damage to or the value of the property or computer services, if any, is

               five hundred dollars or less.



      (b) Computer crime in the fifth degree is a class B misdemeanor.

53a-257. Alternative fine based on defendant's gain

           If a person has gained money, property or services or other consideration through the commission

           of any offense under section 53a-251, upon conviction thereof the court, in lieu of imposing a fine, may

           sentence the defendant to pay an amount, fixed by the court, not to exceed double the amount of the

           defendant's gain from the commission of such offense. In such case the court shall make a finding as to

           the amount of the defendant's gain from the offense and, if the record does not contain sufficient evidence

           to support such a finding, the court may conduct a hearing upon the issue. For the purpose of this section,

           "gain" means the amount of money or the value of property or computer services or other consideration

           derived.

53a-258. Determination of degree of crime

           Amounts included in violations of section 53a-251 committed pursuant to one scheme or course of

           conduct, whether from the same person or several persons, may be aggregated in determining the degree

           of the crime.

53a-259. Value of property or computer services

      (a) For the purposes of this part and section 52-570b, the value of property or computer services

          shall be: 



             (1) The market value of the property or computer services at the time of the violation; or 



             (2) if the property or computer services are unrecoverable, damaged or destroyed as a

                 result of a violation of section 53a-251, the cost of reproducing or replacing the property or computer

                 services at the time of the violation.



      (b) When the value of the property or computer services or damage thereto cannot be satisfactorily

          ascertained, the value shall be deemed to be two hundred fifty dollars.



      (c) Notwithstanding the provisions of this section, the value of private personal data shall be

          deemed to be one thousand five hundred dollars.

53a-260. Location of offense

      (a) In any prosecution for a violation of section 53a-251, the offense shall be deemed to have been

          committed in the town in which the act occurred or in which the computer system or part thereof involved

          in the violation was located.



      (b) In any prosecution for a violation of section 53a-251 based upon more than one act in violation

          thereof, the offense shall be deemed to have been committed in any of the towns in which any of the acts

          occurred or in which a computer system or part thereof involved in a violation was located.

53a-261. Jurisdiction

           If any act performed in furtherance of the offenses set out in section 53a-251 occurs in this state

           or if any computer system or part thereof accessed in violation of section 53a-251 is located in this state,

           the offense shall be deemed to have occurred in this state.