What Are The Penalties in Virginia for Computer Hacking?

Full Question:

If an individual is convicted of spying by computer, what is the likely punishment for first offense?
08/28/2009   |   Category: Internet ยป Hacking   |   State: Virginia   |   #18308

Answer:

The answer will depend on the charges and all the facts and circumstances involved. Hacking is the deliberate and unauthorized access, use, disclosure, and/or taking of electronic data on a computer and is covered under federal and varied state criminal statutes. The computer crime of hacking is committed when a person willfully, knowingly, and without authorization or without reasonable grounds to believe that he or she has such authorization, attempts or achieves access, communication, examination, or modification of data, computer programs, or supporting documentation residing or existing internal or external to a computer, computer system, or computer network. Hacking may also occur when a person willfully, knowingly, and without authorization or without reasonable grounds to believe that he or she has such authorization, destroys data, computer programs, or supporting documentation residing or existing internal or external to a computer, computer system, or computer network. Besides the destruction of such data, hacking may also be defined to include the disclosure, use or taking of the data.

There is a common-law tort of invasion of privacy, which may be pursued when a person obtains information in a way considered “highly offensive to a reasonable person.” This common-law tort may exist even if the action is not prohibited by the state computer crimes statutes.

RESTATEMENT (SECOND) OF TORTS, §652B (1977) provides:

“One who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another, or his private affairs or concerns, is subject to liability to the other for the invasion of his privacy, if the intrusion would be highly offensive to a reasonable person.”

If interstate commerce is involved, federal laws in the. the Computer Fraud and Abuse Act (CFAA), may apply.

The most common civil causes of action under the CFAA are brought under either:

1. 18 U.S.C. 1030(a)(2)(C), which requires a showing that a person
(1) "intentionally,"
(2) accessed a computer,
(3) "without authorization" or "exceeded authorized access,"
(4) and obtained information from any "protected computer,"3
(5) if the conduct involved an interstate or foreign communication;
2. 18 U.S.C. 1030(a)(4) which requires a showing that a person has
(1) "knowingly and with intent to defraud,"
(2) accessed a "protected computer,"
(3) "without authorization," and thus
(4) has furthered the intended fraudulent conduct and obtained "anything of value"; or
3. 18 U.S.C. 1030(a)(5) which requires a showing that a person
(1) "knowingly,"
(2) caused transmission of a program, information, code or command and,
(3) as a result, "intentionally"
(4) caused damage,
(5) "without authorization,"
(6) to a "protected computer," or
(7) "intentionally,"
(8) accessed a "protected computer,"
(9) "without authorization," and
(10) caused damage" and "loss" aggregating at least $5,000.00.
In Bunnell v. Motion Picture Association of America , the plaintiff's complaint alleged misappropriation of trade secrets, conversion, unfair competition, violations of the Computer Fraud and Abuse Act (CFAA), tortious interference with a business expectancy, and sought injunctive relief and damages.

Please see the following VA statutes to determine applicability:

§ 18.2-152.4. Computer trespass; penalty.

A. It shall be unlawful for any person, with malicious
intent, to:

1. Temporarily or permanently remove, halt, or otherwise
disable any computer data, computer programs or computer
software from a computer or computer network;

2. Cause a computer to malfunction, regardless of how long
the malfunction persists;

3. Alter, disable, or erase any computer data, computer
programs or computer software;

4. Effect the creation or alteration of a financial
instrument or of an electronic transfer of funds;

5. Use a computer or computer network to cause physical
injury to the property of another;

6. Use a computer or computer network to make or cause to be
made an unauthorized copy, in any form, including, but not
limited to, any printed or electronic form of computer data,
computer programs or computer software residing in,
communicated by, or produced by a computer or computer
network;

7. [Repealed.]

8. Install or cause to be installed, or collect information
through, computer software that records all or a majority of
the keystrokes made on the computer of another without the
computer owner's authorization; or

9. Install or cause to be installed on the computer of
another, computer software for the purpose of (i) taking
control of that computer so that it can cause damage to
another computer or (ii) disabling or disrupting the ability
of the computer to share or transmit instructions or data to
other computers or to any related computer equipment or
devices, including but not limited to printers, scanners, or
fax machines.

B. Any person who violates this section is guilty of
computer trespass, which shall be a Class 1 misdemeanor. If
there is damage to the property of another valued at $1,000
or more caused by such person's act in violation of this
section, the offense shall be a Class 6 felony. If a person
installs or causes to be installed computer software in
violation of this section on more than five computers of
another, the offense shall be a Class 6 felony. If a person
violates subdivision A 8, the offense shall be a Class 6
felony.

C. Nothing in this section shall be construed to interfere
with or prohibit terms or conditions in a contract or
license related to computers, computer data, computer
networks, computer operations, computer programs, computer
services, or computer software or to create any liability by
reason of terms or conditions adopted by, or technical
measures implemented by, a Virginia-based electronic mail
service provider to prevent the transmission of unsolicited
electronic mail in violation of this article. Nothing in
this section shall be construed to prohibit the monitoring
of computer usage of, the otherwise lawful copying of data
of, or the denial of computer or Internet access to a minor
by a parent or legal guardian of the minor.

§ 18.2-152.5. Computer invasion of privacy; penalties.

A. A person is guilty of the crime of computer invasion of
privacy when he uses a computer or computer network and
intentionally examines without authority any employment,
salary, credit or any other financial or identifying
information, as defined in clauses (iii) through (xiii) of
subsection C of § 18.2-186.3, relating to any other person.
"Examination" under this section requires the offender to
review the information relating to any other person after
the time at which the offender knows or should know that he
is without authority to view the information displayed.

B. The crime of computer invasion of privacy shall be
punishable as a Class 1 misdemeanor.

C. Any person who violates this section after having been
previously convicted of a violation of this section or any
substantially similar laws of any other state or of the
United States is guilty of a Class 6 felony.

D. Any person who violates this section and sells or
distributes such information to another is guilty of a
Class 6 felony.

E. Any person who violates this section and uses such
information in the commission of another crime is guilty of
a Class 6 felony.

F. This section shall not apply to any person collecting
information that is reasonably needed to (i) protect the
security of a computer, computer service, or computer
business, or to facilitate diagnostics or repair in
connection with such computer, computer service, or computer
business or (ii) determine whether the computer user is
licensed or authorized to use specific computer software or
a specific computer service.

§ 18.2-152.7. Personal trespass by computer; penalty.

A. A person is guilty of the crime of personal trespass by
computer when he uses a computer or computer network to cause
physical injury to an individual.

B. If committed maliciously, the crime of personal trespass
by computer shall be punishable as a Class 3 felony. If such
act is done unlawfully but not maliciously, the crime of
personal trespass by computer shall be punishable as a
Class 6 felony.

§ 18.2-152.7:1. Harassment by computer; penalty.

If any person, with the intent to coerce, intimidate, or harass any
person, shall use a computer or computer network to communicate obscene,
vulgar, profane, lewd, lascivious, or indecent language, or make any
suggestion or proposal of an obscene nature, or threaten any illegal or
immoral act, he shall be guilty of a Class 1 misdemeanor.


§ 18.2-152.5:1. Using a computer to gather identifying
information; penalties.

A. It is unlawful for any person, other than a
law-enforcement officer, as defined in § 9.1-101, and acting
in the performance of his official duties, to use a computer
to obtain, access, or record, through the use of material
artifice, trickery or deception, any identifying information,
as defined in clauses (iii) through (xiii) of subsection C of
§ 18.2-186.3. Any person who violates this section is
guilty of a Class 6 felony.

B. Any person who violates this section and sells or
distributes such information to another is guilty of a
Class 5 felony.

C. Any person who violates this section and uses such
information in the commission of another crime is guilty of
a Class 5 felony.

§ 18.2-152.12. Civil relief; damages.

A. Any person whose property or person is injured by reason
of a violation of any provision of this article or by any
act of computer trespass set forth in subdivisions A 1
through A 6 of § 18.2-152.4 regardless of whether such act
is committed with malicious intent may sue therefor and
recover for any damages sustained and the costs of suit.
Without limiting the generality of the term, "damages" shall
include loss of profits.

B. If the injury under this article arises from the
transmission of unsolicited bulk electronic mail in
contravention of the authority granted by or in violation of
the policies set by the electronic mail service provider
where the defendant has knowledge of the authority or
policies of the EMSP or where the authority or policies of
the EMSP are available on the electronic mail service
provider's website, the injured person, other than an
electronic mail service provider, may also recover
attorneys' fees and costs, and may elect, in lieu of actual
damages, to recover the lesser of $10 for each and every
unsolicited bulk electronic mail message transmitted in
violation of this article, or $25,000 per day. The injured
person shall not have a cause of action against the
electronic mail service provider that merely transmits the
unsolicited bulk electronic mail over its computer network.
Transmission of electronic mail from an organization to its
members shall not be deemed to be unsolicited bulk
electronic mail.

C. If the injury under this article arises from the
transmission of unsolicited bulk electronic mail in
contravention of the authority granted by or in violation of
the policies set by the electronic mail service provider
where the defendant has knowledge of the authority or
policies of the EMSP or where the authority or policies of
the EMSP are available on the electronic mail service
provider's website, an injured electronic mail service
provider may also recover attorneys' fees and costs, and may
elect, in lieu of actual damages, to recover $1 for each and
every intended recipient of an unsolicited bulk electronic
mail message where the intended recipient is an end user of
the EMSP or $25,000 for each day an attempt is made to
transmit an unsolicited bulk electronic mail message to an
end user of the EMSP. In calculating the statutory damages
under this provision, the court may adjust the amount
awarded as necessary, but in doing so shall take into
account the number of complaints to the EMSP generated by the
defendant's messages, the defendant's degree of culpability,
the defendant's prior history of such conduct, and the
extent of economic gain resulting from the conduct.
Transmission of electronic mail from an organization to its
members shall not be deemed to be unsolicited bulk
electronic mail.

D. At the request of any party to an action brought pursuant
to this section, the court may, in its discretion, conduct
all legal proceedings in such a way as to protect the secrecy
and security of the computer, computer network, computer
data, computer program and computer software involved in
order to prevent possible recurrence of the same or a similar
act by another person and to protect any trade secrets of any
party and in such a way as to protect the privacy of
nonparties who complain about violations of this section.

E. The provisions of this article shall not be construed to
limit any person's right to pursue any additional civil
remedy otherwise allowed by law.

F. A civil action under this section must be commenced
before expiration of the time period prescribed in
§ 8.01-40.1. In actions alleging injury arising from the
transmission of unsolicited bulk electronic mail, personal
jurisdiction may be exercised pursuant to § 8.01-328.1.