What is My Recourse If Someone Forwards My Email to Another Computer?

07/02/2009 - Category:Internet - Hacking - State: GA #17307

Full Question:

What can I do if someone broke into my email and forwarded mails to their email address?

Answer:

The law surrounding the unauthorized access of computer and internet information is evolving, and state or federal laws may apply. If the unauthorized access of information is obtained from an individual’s computer, the common-law tort of invasion of privacy may provide a civil remedy.

RESTATEMENT (SECOND) OF TORTS, §652B (1977) provides:

“One who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another, or his private affairs or concerns, is subject to liability to the other for the invasion of his privacy, if the intrusion would be highly offensive to a reasonable person.”

If interstate commerce is involved, federal laws such as the Computer Fraud and Abuse Act (CFAA), may apply.

The most common civil causes of action under the CFAA are brought under either:

1. 18 U.S.C. 1030(a)(2)(C), which requires a showing that a person

(1) "intentionally,"
(2) accessed a computer,
(3) "without authorization" or "exceeded authorized access,"
(4) and obtained information from any "protected computer,"3
(5) if the conduct involved an interstate or foreign communication;

2. 18 U.S.C. 1030(a)(4) which requires a showing that a person has

(1) "knowingly and with intent to defraud,"
(2) accessed a "protected computer,"
(3) "without authorization," and thus
(4) has furthered the intended fraudulent conduct and obtained "anything of value"; or

3. 18 U.S.C. 1030(a)(5) which requires a showing that a person

(1) "knowingly,"
(2) caused transmission of a program, information, code or command and,
(3) as a result, "intentionally"
(4) caused damage,
(5) "without authorization,"
(6) to a "protected computer," or
(7) "intentionally,"
(8) accessed a "protected computer,"
(9) "without authorization," and
(10) caused damage" and "loss" aggregating at least $5,000.00.

Please see the following GA statutes to determine applicability:

16-9-93. (a) Computer theft. Any person who uses a computer or....

(a) Computer theft. Any person who uses a computer or computer network with knowledge that such use is without authority and with the intention of:

(1) Taking or appropriating any property of another, whether or not with the intention of depriving the owner of possession;

(2) Obtaining property by any deceitful means or artful practice; or

(3) Converting property to such person's use in violation of an agreement or other known legal obligation to make a specified application or disposition of such property shall be guilty of the crime of computer theft.

(b) Computer Trespass. Any person who uses a computer or computer network with knowledge that such use is without authority and with the intention of:

(1) Deleting or in any way removing, either temporarily or permanently, any computer program or data from a computer or computer network;

(2) Obstructing, interrupting, or in any way interfering with the use of a computer program or data; or

(3) Altering, damaging, or in any way causing the malfunction of a computer, computer network, or computer program, regardless of how long the alteration, damage, or malfunction persists shall be guilty of the crime of computer trespass.

(c) Computer Invasion of Privacy. Any person who uses a computer or computer network with the intention of examining any employment, medical, salary, credit, or any other financial or personal data relating to any other person with knowledge that such examination is without authority shall be guilty of the crime of computer invasion of privacy.

(d) Computer Forgery. Any person who creates, alters, or deletes any data contained in any computer or computer network, who, if such person had created, altered, or deleted a tangible document or instrument would have committed forgery under Article 1 of this chapter, shall be guilty of the crime of computer forgery. The absence of a tangible writing directly created or altered by the offender shall not be a defense to the crime of computer forgery if a creation, alteration, or deletion of data was involved in lieu of a tangible document or instrument.

(e) Computer Password Disclosure. Any person who discloses a number, code, password, or other means of access to a computer or computer network knowing that such disclosure is without authority and which results in damages (including the fair market value of any services used and victim expenditure) to the owner of the computer or computer network in excess of $500.00 shall be guilty of the crime of computer password disclosure.

(f) Article not Exclusive. The provisions of this article shall not be construed to preclude the applicability of any other law which presently applies or may in the future apply to any transaction or course of conduct which violates this article.

(g) Civil Relief; Damages.

(1) Any person whose property or person is injured by reason of a violation of any provision of this article may sue therefor and recover for any damages sustained and the costs of suit. Without limiting the generality of the term, "damages" shall include loss of profits and victim expenditure.

(2) At the request of any party to an action brought pursuant to this Code section, the court shall by reasonable means conduct all legal proceedings in such a way as to protect the secrecy and security of any computer, computer network, data, or computer program involved in order to prevent possible recurrence of the same or a similar act by another person and to protect any trade secrets of any party.

(3) The provisions of this article shall not be construed to limit any person's right to pursue any additional civil remedy otherwise allowed by law.

(4) A civil action under this Code section must be brought within four years after the violation is discovered or by exercise of reasonable diligence should have been discovered. For purposes of this article, a continuing violation of any one subsection of this Code section by any person constitutes a single violation by such person.

(h) Criminal Penalties.

(1) Any person convicted of the crime of computer theft, computer trespass, computer invasion of privacy, or computer forgery shall be fined not more than $50,000.00 or imprisoned not more than 15 years, or both.

(2) Any person convicted of computer password disclosure shall be fined not more than $5,000.00 or incarcerated for a period not to exceed one year, or both.

16-9-93.1. (a) It shall be unlawful for any person, any organization, or any....

(a) It shall be unlawful for any person, any organization, or any representative of any organization knowingly to transmit any data through a computer network or over the transmission facilities or through the network facilities of a local telephone network for the purpose of setting up, maintaining, operating, or exchanging data with an electronic mailbox, home page, or any other electronic information storage bank or point of access to electronic information if such data uses any individual name, trade name, registered trademark, logo, legal or official seal, or copyrighted symbol to falsely identify the person, organization, or representative transmitting such data or which would falsely state or imply that such person, organization, or representative has permission or is legally authorized to use such trade name, registered trademark, logo, legal or official seal, or copyrighted symbol for such purpose when such permission or authorization has not been obtained; provided, however, that no telecommunications company or Internet access provider shall violate this Code section solely as a result of carrying or transmitting such data for its customers.

(b) Any person violating subsection (a) of this Code section shall be guilty of a misdemeanor.

(c) Nothing in this Code section shall be construed to limit an aggrieved party's right to pursue a civil action for equitable or monetary relief, or both, for actions which violate this Code section.

16-9-152. (a) It shall be illegal for a person or entity that is not an....

(a) It shall be illegal for a person or entity that is not an authorized user, as defined in Code Section 16-9-151, of a computer in this state to knowingly, willfully, or with conscious indifference or disregard cause computer software to be copied onto such computer and use the software to do any of the following:

(1) Modify, through intentionally deceptive means, any of the following settings related to the computer's access to, or use of, the Internet:

(A) The page that appears when an authorized user launches an Internet browser or similar software program used to access and navigate the Internet;

(B) The default provider or web proxy the authorized user uses to access or search the Internet; or

(C) The authorized user's list of bookmarks used to access web pages;

(2) Collect, through intentionally deceptive means, personally identifiable information that meets any of the following criteria:

(A) It is collected through the use of a keystroke-logging function that records all keystrokes made by an authorized user who uses the computer and transfers that information from the computer to another person;

(B) It includes all or substantially all of the websites visited by an authorized user, other than websites of the provider of the software, if the computer software was installed in a manner designed to conceal from all authorized users of the computer the fact that the software is being installed; or

(C) It is a data element described in subparagraph (B), (C), or (D) of paragraph (12) of Code Section 16-9-151, or in division (12)(E)(i) or (12)(E)(ii) of Code Section 16-9-151, that is extracted from the consumer's or business entity's computer hard drive for a purpose wholly unrelated to any of the purposes of the software or service described to an authorized user;

(3) Prevent, without the authorization of an authorized user, through intentionally deceptive means, an authorized user's reasonable efforts to block the installation of, or to disable, software, by causing software that the authorized user has properly removed or disabled to automatically reinstall or reactivate on the computer without the authorization of an authorized user;

(4) Intentionally misrepresent that software will be uninstalled or disabled by an authorized user's action, with knowledge that the software will not be so uninstalled or disabled; or

(5) Through intentionally deceptive means, remove, disable, or render inoperative security, antispyware, or antivirus software installed on the computer.

(b) Nothing in this Code section shall apply to any monitoring of, or interaction with, a user's Internet or other network connection or service, or a protected computer, by a telecommunications carrier, cable operator, computer hardware or software provider, or provider of information service or interactive computer service for network or computer security purposes, diagnostics, technical support, repair, network management, network maintenance, authorized updates of software or system firmware, authorized remote system management, or detection or prevention of the unauthorized use of or fraudulent or other illegal activities in connection with a network, service, or computer software, including scanning for and removing software proscribed under this article.

16-9-109.1. (a) As used in this part, the term:

(a) As used in this part, the term:

(1) "Electronic mail message" means a message sent to a unique destination, commonly expressed as a string of characters, consisting of a unique user name or mailbox, commonly referred to as the "local part," and a reference to an Internet domain, commonly referred to as the "domain part," whether or not displayed, to which an electronic message can be sent or delivered.

(2) "Employer" includes a business entity's officers, directors, parent corporation, subsidiaries, affiliates, and other corporate entities under common ownership or control within a business enterprise.

(3) "Identifying information" means, with respect to an individual, any of the following:

(A) Social security number;
(B) Driver's license number;
(C) Bank account number;
(D) Credit card or debit card number;
(E) Personal identification number or PIN;
(F) Automated or electronic signature;
(G) Unique biometric data;
(H) Account password; or
(I) Any other piece of information that can be used to access an individual's financial accounts or to obtain goods or services.

(4) "Internet" shall have the meaning set forth in paragraph (10) of Code Section 16-9-151.

(5) "Web page" means a location that has a single uniform resource locator or other single location with respect to the Internet.

(b)

(1) It shall be unlawful for any person with intent to defraud, by means of a web page, electronic mail message, or otherwise through use of the Internet, to solicit, request, or take any action to induce another person to provide identifying information by representing himself, herself, or itself to be a business without the authority or approval of such business.

(2) It shall be unlawful for any person, with actual knowledge, conscious avoidance of actual knowledge, or willfully, to possess with intent to use in a fraudulent manner, sell, or distribute any identifying information obtained in violation of paragraph (1) of this subsection.

(c) Any person who intentionally violates subsection (b) of this Code section shall be guilty of a felony and shall be punished by imprisonment for not less than one nor more than 20 years, a fine of not less than $1,000.00 nor more than $500,000.00, or both.

(d)

(1) No employer shall be held criminally liable under this Code section as a result of any actions taken:

(A) With respect to computer equipment used by its employees, contractors, subcontractors, agents, leased employees, or other staff which the employer owns, leases, or otherwise makes available or allows to be connected to the employer's network or other computer facilities when such equipment is used for an illegal purpose without the employer's knowledge, consent, or approval; or

(B) By employees, contractors, subcontractors, agents, leased employees, or other staff who misuse an employer's computer equipment for an illegal purpose without the employer's knowledge, consent, or approval.

(2) No person shall be held criminally liable under this Code section when its protected computers, computer equipment, or software product has been used by unauthorized users to violate this Code section without such person's knowledge, consent, or approval.

(e) This Code section shall not apply to a telecommunications provider's or Internet service provider's good faith transmission or routing of, or intermediate temporary storing or caching of, identifying information.

(f) No provider of an interactive computer service may be held liable in a civil action under any law of this state, or any of its political subdivisions, for removing or disabling access to content on an Internet website or other online location controlled or operated by such provider, when such provider believes in good faith that such content has been used to engage in a violation of this part.

Please see the information at the following links:

http://definitions.uslegal.com/c/computer-hacking/
http://definitions.uslegal.com/w/wiretapping/
http://definitions.uslegal.com/i/internet-law/
http://definitions.uslegal.com/i/invasion-of-privacy/
http://lawdigest.uslegal.com/criminal-laws/computer-crimes/7093/
http://lawdigest.uslegal.com/internet/internet-crime/7270/
http://lawdigest.uslegal.com/internet/internet-privacy/7272/

07/02/2009 - Category: Hacking - State: GA #17307

See more Questions in the Hacking Category