What is My Recourse If Someone Forwards My Email to Another Computer?

Full Question:

What can I do if someone broke into my email and forwarded mails to their email address?
07/02/2009   |   Category: Internet ยป Hacking   |   State: Georgia   |   #17307

Answer:

The law surrounding the unauthorized access of computer and internet information is evolving, and state or federal laws may apply. If the unauthorized access of information is obtained from an individual’s computer, the common-law tort of invasion of privacy may provide a civil remedy.

RESTATEMENT (SECOND) OF TORTS, §652B (1977) provides:

“One who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another, or his private affairs or concerns, is subject to liability to the other for the invasion of his privacy, if the intrusion would be highly offensive to a reasonable person.”

If interstate commerce is involved, federal laws such as the Computer Fraud and Abuse Act (CFAA), may apply.

The most common civil causes of action under the CFAA are brought under either:

1. 18 U.S.C. 1030(a)(2)(C), which requires a showing that a person

(1) "intentionally,"

(2) accessed a computer,

(3) "without authorization" or "exceeded authorized access,"

(4) and obtained information from any "protected computer,"3

(5) if the conduct involved an interstate or foreign communication;

2. 18 U.S.C. 1030(a)(4) which requires a showing that a person has


(1) "knowingly and with intent to defraud,"

(2) accessed a "protected computer,"

(3) "without authorization," and thus

(4) has furthered the intended fraudulent conduct and obtained "anything of value"; or


3. 18 U.S.C. 1030(a)(5) which requires a showing that a person


(1) "knowingly,"

(2) caused transmission of a program, information, code or command and,

(3) as a result, "intentionally"

(4) caused damage,

(5) "without authorization,"

(6) to a "protected computer," or

(7) "intentionally,"

(8) accessed a "protected computer,"

(9) "without authorization," and

(10) caused damage" and "loss" aggregating at least $5,000.00.

Please see the following GA statutes to determine applicability:

16-9-93. (a) Computer theft. Any person who uses a computer or....

(a) Computer theft. Any person who uses a computer or computer network
with knowledge that such use is without authority and with the intention
of:

(1) Taking or appropriating any property of another, whether or not
with the intention of depriving the owner of possession;

(2) Obtaining property by any deceitful means or artful practice; or

(3) Converting property to such person's use in violation of an
agreement or other known legal obligation to make a specified application
or disposition of such property shall be guilty of the crime of computer
theft.

(b) Computer Trespass. Any person who uses a computer or computer
network with knowledge that such use is without authority and with the
intention of:

(1) Deleting or in any way removing, either temporarily or
permanently, any computer program or data from a computer or computer
network;

(2) Obstructing, interrupting, or in any way interfering with the use
of a computer program or data; or

(3) Altering, damaging, or in any way causing the malfunction of a
computer, computer network, or computer program, regardless of how
long the alteration, damage, or malfunction persists shall be guilty
of the crime of computer trespass.

(c) Computer Invasion of Privacy. Any person who uses a computer or
computer network with the intention of examining any employment,
medical, salary, credit, or any other financial or personal data relating
to any other person with knowledge that such examination is without
authority shall be guilty of the crime of computer invasion of privacy.

(d) Computer Forgery. Any person who creates, alters, or deletes any
data contained in any computer or computer network, who, if such person
had created, altered, or deleted a tangible document or instrument would
have committed forgery under Article 1 of this chapter, shall be guilty
of the crime of computer forgery. The absence of a tangible writing
directly created or altered by the offender shall not be a defense to the
crime of computer forgery if a creation, alteration, or deletion of data
was involved in lieu of a tangible document or instrument.

(e) Computer Password Disclosure. Any person who discloses a number,
code, password, or other means of access to a computer or computer
network knowing that such disclosure is without authority and which
results in damages (including the fair market value of any services used
and victim expenditure) to the owner of the computer or computer network
in excess of $500.00 shall be guilty of the crime of computer password
disclosure.

(f) Article not Exclusive. The provisions of this article shall not be
construed to preclude the applicability of any other law which presently
applies or may in the future apply to any transaction or course of conduct
which violates this article.

(g) Civil Relief; Damages.

(1) Any person whose property or person is injured by reason of a
violation of any provision of this article may sue therefor and recover
for any damages sustained and the costs of suit. Without limiting the
generality of the term, "damages" shall include loss of profits and
victim expenditure.

(2) At the request of any party to an action brought pursuant to this
Code section, the court shall by reasonable means conduct all legal
proceedings in such a way as to protect the secrecy and security of
any computer, computer network, data, or computer program involved in
order to prevent possible recurrence of the same or a similar act by
another person and to protect any trade secrets of any party.

(3) The provisions of this article shall not be construed to limit any
person's right to pursue any additional civil remedy otherwise allowed
by law.

(4) A civil action under this Code section must be brought within four
years after the violation is discovered or by exercise of reasonable
diligence should have been discovered. For purposes of this article, a
continuing violation of any one subsection of this Code section by any
person constitutes a single violation by such person.

(h) Criminal Penalties.

(1) Any person convicted of the crime of computer theft, computer
trespass, computer invasion of privacy, or computer forgery shall be
fined not more than $50,000.00 or imprisoned not more than 15 years,
or both.

(2) Any person convicted of computer password disclosure shall be
fined not more than $5,000.00 or incarcerated for a period not to
exceed one year, or both.

16-9-93.1. (a) It shall be unlawful for any person, any organization, or
any....

(a) It shall be unlawful for any person, any organization, or any
representative of any organization knowingly to transmit any data through
a computer network or over the transmission facilities or through the
network facilities of a local telephone network for the purpose of
setting up, maintaining, operating, or exchanging data with an electronic
mailbox, home page, or any other electronic information storage bank or
point of access to electronic information if such data uses any individual
name, trade name, registered trademark, logo, legal or official seal, or
copyrighted symbol to falsely identify the person, organization, or
representative transmitting such data or which would falsely state or
imply that such person, organization, or representative has permission or
is legally authorized to use such trade name, registered trademark,
logo, legal or official seal, or copyrighted symbol for such purpose when
such permission or authorization has not been obtained; provided,
however, that no telecommunications company or Internet access provider
shall violate this Code section solely as a result of carrying or
transmitting such data for its customers.

(b) Any person violating subsection (a) of this Code section shall be
guilty of a misdemeanor.

(c) Nothing in this Code section shall be construed to limit an
aggrieved party's right to pursue a civil action for equitable or
monetary relief, or both, for actions which violate this Code section.

16-9-152. (a) It shall be illegal for a person or entity that is not an....

(a) It shall be illegal for a person or entity that is not an
authorized user, as defined in Code Section 16-9-151, of a computer in
this state to knowingly, willfully, or with conscious indifference or
disregard cause computer software to be copied onto such computer and use
the software to do any of the following:

(1) Modify, through intentionally deceptive means, any of the following
settings related to the computer's access to, or use of, the Internet:

(A) The page that appears when an authorized user launches an Internet
browser or similar software program used to access and navigate the
Internet;

(B) The default provider or web proxy the authorized user uses to
access or search the Internet; or

(C) The authorized user's list of bookmarks used to access web pages;

(2) Collect, through intentionally deceptive means, personally
identifiable information that meets any of the following criteria:

(A) It is collected through the use of a keystroke-logging function
that records all keystrokes made by an authorized user who uses the
computer and transfers that information from the computer to another
person;

(B) It includes all or substantially all of the websites visited by an
authorized user, other than websites of the provider of the software,
if the computer software was installed in a manner designed to conceal
from all authorized users of the computer the fact that the software
is being installed; or

(C) It is a data element described in subparagraph (B), (C), or (D) of
paragraph (12) of Code Section 16-9-151, or in division (12)(E)(i) or
(12)(E)(ii) of Code Section 16-9-151, that is extracted from the
consumer's or business entity's computer hard drive for a purpose
wholly unrelated to any of the purposes of the software or service
described to an authorized user;

(3) Prevent, without the authorization of an authorized user, through
intentionally deceptive means, an authorized user's reasonable efforts
to block the installation of, or to disable, software, by causing
software that the authorized user has properly removed or disabled to
automatically reinstall or reactivate on the computer without the
authorization of an authorized user;

(4) Intentionally misrepresent that software will be uninstalled or
disabled by an authorized user's action, with knowledge that the
software will not be so uninstalled or disabled; or

(5) Through intentionally deceptive means, remove, disable, or render
inoperative security, antispyware, or antivirus software installed on
the computer.

(b) Nothing in this Code section shall apply to any monitoring of, or
interaction with, a user's Internet or other network connection or
service, or a protected computer, by a telecommunications carrier, cable
operator, computer hardware or software provider, or provider of
information service or interactive computer service for network or
computer security purposes, diagnostics, technical support, repair,
network management, network maintenance, authorized updates of software
or system firmware, authorized remote system management, or detection or
prevention of the unauthorized use of or fraudulent or other illegal
activities in connection with a network, service, or computer software,
including scanning for and removing software proscribed under this
article.

16-9-109.1. (a) As used in this part, the term:

(a) As used in this part, the term:

(1) "Electronic mail message" means a message sent to a unique
destination, commonly expressed as a string of characters, consisting of
a unique user name or mailbox, commonly referred to as the "local part,"
and a reference to an Internet domain, commonly referred to as the
"domain part," whether or not displayed, to which an electronic message
can be sent or delivered.

(2) "Employer" includes a business entity's officers, directors, parent
corporation, subsidiaries, affiliates, and other corporate entities
under common ownership or control within a business enterprise.

(3) "Identifying information" means, with respect to an individual, any
of the following:

(A) Social security number;


(B) Driver's license number;


(C) Bank account number;


(D) Credit card or debit card number;


(E) Personal identification number or PIN;


(F) Automated or electronic signature;


(G) Unique biometric data;


(H) Account password; or


(I) Any other piece of information that can be used to access an
individual's financial accounts or to obtain goods or services.

(4) "Internet" shall have the meaning set forth in paragraph (10) of
Code Section 16-9-151.

(5) "Web page" means a location that has a single uniform resource
locator or other single location with respect to the Internet.

(b)
(1) It shall be unlawful for any person with intent to defraud, by
means of a web page, electronic mail message, or otherwise through use
of the Internet, to solicit, request, or take any action to induce
another person to provide identifying information by representing
himself, herself, or itself to be a business without the authority or
approval of such business.

(2) It shall be unlawful for any person, with actual knowledge,
conscious avoidance of actual knowledge, or willfully, to possess with
intent to use in a fraudulent manner, sell, or distribute any identifying
information obtained in violation of paragraph (1) of this subsection.

(c) Any person who intentionally violates subsection (b) of this Code
section shall be guilty of a felony and shall be punished by imprisonment
for not less than one nor more than 20 years, a fine of not less than
$1,000.00 nor more than $500,000.00, or both.

(d)
(1) No employer shall be held criminally liable under this Code
section as a result of any actions taken:

(A) With respect to computer equipment used by its employees,
contractors, subcontractors, agents, leased employees, or other staff
which the employer owns, leases, or otherwise makes available or allows
to be connected to the employer's network or other computer facilities
when such equipment is used for an illegal purpose without the employer's
knowledge, consent, or approval; or

(B) By employees, contractors, subcontractors, agents, leased
employees, or other staff who misuse an employer's computer equipment for
an illegal purpose without the employer's knowledge, consent, or
approval.

(2) No person shall be held criminally liable under this Code section
when its protected computers, computer equipment, or software product has
been used by unauthorized users to violate this Code section without such
person's knowledge, consent, or approval.

(e) This Code section shall not apply to a telecommunications
provider's or Internet service provider's good faith transmission or
routing of, or intermediate temporary storing or caching of, identifying
information.

(f) No provider of an interactive computer service may be held liable
in a civil action under any law of this state, or any of its political
subdivisions, for removing or disabling access to content on an Internet
website or other online location controlled or operated by such provider,
when such provider believes in good faith that such content has been
used to engage in a violation of this part.