CALIFORNIA
CALIFORNIA PENAL CODE
TITLE 13. Crimes Against Property
CHAPTER 5. Larceny
502. Computer crimes
(a) It is the intent of the Legislature in enacting this section to expand the degree of protection
afforded to individuals, businesses, and governmental agencies from tampering, interference, damage, and
unauthorized access to lawfully created computer data and computer systems. The Legislature finds and
declares that the proliferation of computer technology has resulted in a concomitant proliferation of
computer crime and other forms of unauthorized access to computers, computer systems, and computer
data.
The Legislature further finds and declares that protection of the integrity of all types and forms of
lawfully created computers, computer systems, and computer data is vital to the protection of the privacy
of individuals as well as to the well-being of financial institutions, business concerns, governmental
agencies, and others within this state that lawfully utilize those computers, computer systems, and data.
(b) For the purposes of this section, the following terms have the following meanings:
(1) "Access" means to gain entry to, instruct, or communicate with the logical, arithmetical,
or memory function resources of a computer, computer system, or computer network.
(2) "Computer network" means any system which provides communications between one
or more computer systems and input/output devices including, but not limited to, display terminals and
printers connected by telecommunication facilities.
(3) "Computer program or software" means a set of instructions or statements, and related
data, that when executed in actual or modified form, cause a computer, computer system, or computer
network to perform specified functions.
(4) "Computer services" includes, but is not limited to, computer time, data processing, or
storage functions, or other uses of a computer, computer system, or computer network.
(5) "Computer system" means a device or collection of devices, including support devices
and excluding calculators which are not programmable and capable of being used in conjunction with
external files, one or more of which contain computer programs, electronic instructions, input data, and
output data, that performs functions including, but not limited to, logic, arithmetic, data storage and
retrieval, communication, and control. (6) "Data"
means a representation of information, knowledge, facts, concepts, computer software, computer programs
or instructions. Data may be in any form, in storage media, or as stored in the memory of the computer
or in transit or presented on a display device.
(7) "Supporting documentation" includes, but is not limited to, all information, in any form,
pertaining to the design, construction, classification, implementation, use, or modification of a computer,
computer system, computer network, computer program, or computer software, which information is not
generally available to the public and is necessary for the operation of a computer, computer system,
computer network, computer program, or computer software.
(8) "Injury" means any alteration, deletion, damage, or destruction of a computer system,
computer network, computer program, or data caused by the access.
(9) "Victim expenditure" means any expenditure reasonably and necessarily incurred by
the owner or lessee to verify that a computer system, computer network, computer program, or data was
or was not altered, deleted, damaged, or destroyed by the access.
(10) "Computer contaminant" means any set of computer instructions that are designed
to modify, damage, destroy, record, or transmit information within a computer, computer system, or
computer network without the intent or permission of the owner of the information. They include, but are
not limited to, a group of computer instructions commonly called viruses or worms, which are
self-replicating or self-propagating and are designed to contaminate other computer programs or computer
data, consume computer resources, modify, destroy, record, or transmit data, or in some other fashion
usurp the normal operation of the computer, computer system, or computer network.
(c) Except as provided in subdivision (h), any person who commits any of the following acts is guilty
of a public offense:
(1) Knowingly accesses and without permission alters, damages, deletes, destroys, or
otherwise uses any data, computer, computer system, or computer network in order to either
(A) devise or execute any scheme or artifice to
defraud, deceive, or extort, or
(B) wrongfully control or obtain money, property, or data.
(2) Knowingly accesses and without permission takes, copies, or makes use of any data
from a computer, computer system, or computer network, or takes or copies any supporting
documentation, whether existing or residing internal or external to a computer, computer system, or
computer network.
(3) Knowingly and without permission uses or causes to be used computer services.
(4) Knowingly accesses and without permission adds, alters, damages, deletes, or destroys
any data, computer software, or computer programs which reside or exist internal or external to a
computer, computer system, or computer network.
(5) Knowingly and without permission disrupts or causes the disruption of computer
services or denies or causes the denial of computer services to an authorized user of a computer, computer
system, or computer network.
(6) Knowingly and without permission provides or assists in providing a means of accessing
a computer, computer system, or computer network in violation of this section.
(7) Knowingly and without permission accesses or causes to be accessed any computer,
computer system, or computer network.
(8) Knowingly introduces any computer contaminant into any computer, computer system,
or computer network.
(d) (1) Any person who violates any of the provisions of paragraph (1), (2), (4), or (5) of
subdivision (c) is punishable by a fine not exceeding ten thousand dollars ($ 10,000), or by imprisonment
in the state prison for 16 months, or two or three years, or by both that fine and imprisonment, or by a
fine not exceeding five thousand dollars ($ 5,000), or by imprisonment in the county jail not exceeding one
year, or by both that fine and imprisonment.
(2) Any person who violates paragraph (3) of subdivision (c) is punishable as follows:
(A) For the first violation which does not result in injury, and where the value of
the computer services used does not exceed four hundred dollars ($ 400), by a fine not exceeding five
thousand dollars ($ 5,000), or by imprisonment in the county jail not exceeding one year, or by both that
fine and imprisonment.
(B) For any violation which results in a victim expenditure in an amount greater
than five thousand dollars ($ 5,000) or in an injury, or if the value of the computer services used exceeds
four hundred dollars ($ 400), or for any second or subsequent violation, by a fine not exceeding ten
thousand dollars ($ 10,000), or by imprisonment in the state prison for 16 months, or two or three years,
or by both that fine and imprisonment, or by a fine not exceeding five thousand dollars ($ 5,000), or by
imprisonment in the county jail not exceeding one year, or by both that fine and imprisonment.
(3) Any person who violates paragraph (6), (7), or (8) of subdivision (c) is punishable as
follows:
(A) For a first violation which does not result in injury, an infraction punishable
by a fine not exceeding two hundred fifty dollars ($ 250).
(B) For any violation which results in a victim expenditure in an amount not
greater than five thousand dollars ($ 5,000), or for a second or subsequent violation, by a fine not
exceeding five thousand dollars ($ 5,000), or by imprisonment in the county jail not exceeding one year,
or by both that fine and imprisonment.
(C) For any violation which results in a victim expenditure in an amount greater
than five thousand dollars ($ 5,000), by a fine not exceeding ten thousand dollars ($ 10,000), or by
imprisonment in the state prison for 16 months, or two or three years, or by both that fine and
imprisonment, or by a fine not exceeding five thousand dollars ($ 5,000), or by imprisonment in the county
jail not exceeding one year, or by both that fine and imprisonment.
(e) (1) In addition to any other civil remedy available, the owner or lessee of the computer,
computer system, computer network, computer program, or data may bring a civil action against any
person convicted under this section for compensatory damages, including any expenditure reasonably and
necessarily incurred by the owner or lessee to verify that a computer system, computer network, computer
program, or data was or was not altered, damaged, or deleted by the access. For the purposes of actions
authorized by this subdivision, the conduct of an unemancipated minor shall be imputed to the parent or
legal guardian having control or custody of the minor, pursuant to the provisions of Section 1714.1 of the
Civil Code.
(2) In any action brought pursuant to this subdivision the court may award reasonable
attorney's fees to a prevailing party.
(3) A community college, state university, or academic institution accredited in this state
is required to include computer-related crimes as a specific violation of college or university student
conduct policies and regulations that may subject a student to disciplinary sanctions up to and including
dismissal from the academic institution. This paragraph shall not apply to the University of California
unless the Board of Regents adopts a resolution to that effect.
(f) This section shall not be construed to preclude the applicability of any other provision of the
criminal law of this state which applies or may apply to any transaction, nor shall it make illegal any
employee labor relations activities that are within the scope and protection of state or federal labor laws.
(g) Any computer, computer system, computer network, or any software or data, owned by the
defendant, which is used during the commission of any public offense described in subdivision (c) or any
computer, owned by the defendant, which is used as a repository for the storage of software or data
illegally obtained in violation of subdivision (c) shall be subject to forfeiture, as specified in Section 502.01.
(h) (1) Subdivision (c) does not apply to any person who accesses his or her employer's
computer system, computer network, computer program, or data when acting within the scope of his or
her lawful employment.
(2) Paragraph (3) of subdivision (c) does not apply to any employee who accesses or uses
his or her employer's computer system, computer network, computer program, or data when acting outside
the scope of his or her lawful employment, so long as the employee's activities do not cause an injury, as
defined in paragraph (8) of subdivision (b), to the employer or another, or so long as the value of supplies
and computer services, as defined in paragraph (4) of subdivision (b), which are used do not exceed an
accumulated total of one hundred dollars ($ 100).
(i) No activity exempted from prosecution under paragraph (2) of subdivision (h) which incidentally
violates paragraph (2), (4), or (7) of subdivision (c) shall be prosecuted under those paragraphs.
(j) For purposes of bringing a civil or a criminal action under this section, a person who causes, by
any means, the access of a computer, computer system, or computer network in one jurisdiction from
another jurisdiction is deemed to have personally accessed the computer, computer system, or computer
network in each jurisdiction.
(k) In determining the terms and conditions applicable to a person convicted of a violation of this
section the court shall consider the following:
(1) The court shall consider prohibitions on access to and use of computers.
(2) Except as otherwise required by law, the court shall consider alternate sentencing,
including community service, if the defendant shows remorse and recognition of the wrongdoing, and an
inclination not to repeat the offense.
More California
Law