PRODUCT OF: THE CALIFORNIA STATE SENATE GOPHER SERVICE
As/Of October 27, 1993
CALIFORNIA PENAL CODE SECTION 502
502.
(a) It is the intent of the Legislature in enacting this section to expand
the degree of protection afforded to individuals, businesses, and govern-
mental agencies from tampering, interference, damage, and unauthorized ac-
cess to lawfully created computer data and computer systems. The Legis-
lature finds and declares that the proliferation of computer technology has
resulted in a concomitant proliferation of computer crime and other forms of
unauthorized access to computers, computer systems, and computer data.
The Legislature further finds and declares that protection of the integrity
of all types and forms of lawfully created computers, computer systems, and
computer data is vital to the protection of the privacy of individuals as
well as to the well-being of financial institutions, business concerns, gov-
ernmental agencies, and others within this state that lawfully utilize
those computers, computer systems, and data.
(b) For the purposes of this section, the following terms have the following
meanings:
(1) "Access" means to gain entry to, instruct, or communicate with the
logical, arithmetical, or memory function resources of a computer, com-
puter system, or computer network.
(2) "Computer network" means any system which provides communications be-
tween one or more computer systems and input/output devices including,
but not limited to, display terminals and printers connected by telecom-
munication facilities.
(3) "Computer program or software" means a set of instructions or state-
ments, and related data, that when executed in actual or modified form,
cause a computer, computer system, or computer network to perform speci-
fied functions.
(4) "Computer services" includes, but is not limited to, computer time, data
processing, or storage functions, or other uses of a computer, computer
system, or computer network.
(5) "Computer system" means a device or collection of devices, including
support devices and excluding calculators which are not programmable and
capable of being used in conjunction with external files, one or more of
which contain computer programs, electronic instructions, input data, and
output data, that performs functions including, but not limited to,
logic, arithmetic, data storage and retrieval, communication, and
control.
(6) "Data" means a representation of information, knowledge, facts, con-
cepts, computer software, computer programs or instructions. Data may be
in any form, in storage media, or as stored in the memory of the computer
or in transit or presented on a display device.
(7) "Supporting documentation" includes, but is not limited to, all informa-
tion, in any form, pertaining to the design, construction, classifica-
tion, implementation, use, or modification of a computer, computer sys-
tem, computer network, computer program, or computer software, which in-
formation is not generally available to the public and is necessary for
the operation of a computer, computer system, computer network, computer
program, or computer software.
(8) "Injury" means any alteration, deletion, damage, or destruction of a
computer system, computer network, computer program, or data caused by
the access.
(9) "Victim expenditure" means any expenditure reasonably and necessarily
incurred by the owner or lessee to verify that a computer system, com-
puter network, computer program, or data was or was not altered, deleted,
damaged, or destroyed by the access.
(10) "Computer contaminant" means any set of computer instructions that are
designed to modify, damage, destroy, record, or transmit information with-
in a computer, computer system, or computer network without the intent or
permission of the owner of the information. They include, but are not
limited to, a group of computer instructions commonly called viruses or
worms, which are self-replicating or self-propagating and are designed to
contaminate other computer programs or computer data, consume computer
resources, modify, destroy, record, or transmit data, or in some other
fashion usurp the normal operation of the computer, computer system, or
computer network.
(c) Except as provided in subdivision (h), any person who commits any of the
following acts is guilty of a public offense:
(1) Knowingly accesses and without permission alters, damages, deletes,
destroys, or otherwise uses any data, computer, computer system, or com-
puter network in order to either (A) devise or execute any scheme or arti-
fice to defraud, deceive, or extort, or (B) wrongfully control or obtain
money, property, or data.
(2) Knowingly accesses and without permission takes, copies, or makes use of
any data from a computer, computer system, or computer network, or takes
or copies any supporting documentation, whether existing or residing in-
ternal or external to a computer, computer system, or computer network.
(3) Knowingly and without permission uses or causes to be used computer ser-
vices.
(4) Knowingly accesses and without permission adds, alters, damages, de-
letes, or destroys any data, computer software, or computer programs which
reside or exist internal or external to a computer, computer system, or
computer network.
(5) Knowingly and without permission disrupts or causes the disruption of
computer services or denies or causes the denial of computer services to
an authorized user of a computer, computer system, or computer network.
(6) Knowingly and without permission provides or assists in providing a
means of accessing a computer, computer system, or computer network in
violation of this section.
(7) Knowingly and without permission accesses or causes to be accessed any
computer, computer system, or computer network.
(8) Knowingly introduces any computer contaminant into any computer, com-
puter system, or computer network.
(d)
(1) Any person who violates any of the provisions of paragraph (1), (2),
(4), or (5) of subdivision (c) is punishable by a fine not exceeding ten
thousand dollars ($10,000), or by imprisonment in the state prison for 16
months, or two or three years, or by both that fine and imprisonment, or
by a fine not exceeding five thousand dollars ($5,000), or by imprison-
ment in the county jail not exceeding one year, or by both that fine and
imprisonment.
(2) Any person who violates paragraph (3) of subdivision (c) is punishable
as follows:
(A) For the first violation which does not result in injury, and where the
value of the computer services used does not exceed four hundred dollars
($400), by a fine not exceeding five thousand dollars ($5,000), or by
imprisonment in the county jail not exceeding one year, or by both that
fine and imprisonment.
(B) For any violation which results in a victim expenditure in an amount
greater than five thousand dollars ($5,000) or in an injury, or if the
value of the computer services used exceeds four hundred dollars($400),
or for any second or subsequent violation, by a fine not exceeding ten
thousand dollars ($10,000), or by imprisonment in the state prison for
16 months, or two or three years, or by both that fine and imprison-
ment, or by a fine not exceeding five thousand dollars ($5,000), or by
imprisonment in the county jail not exceeding one year, or by both that
fine and imprisonment.
(3) Any person who violates paragraph (6), (7), or (8) of subdivision (c) is
punishable as follows:
(A) For a first violation which does not result in injury, an infraction
punishable by a fine not exceeding two hundred fifty dollars ($250).
(B) For any violation which results in a victim expenditure in an amount
not greater than five thousand dollars ($5,000), or for a second or sub-
sequent violation, by a fine not exceeding five thousand dollars
($5,000), or by imprisonment in the county jail not exceeding one year,
or by both that fine and imprisonment.
(C) For any violation which results in a victim expenditure in an amount
greater than five thousand dollars ($5,000), by a fine not exceeding ten
thousand dollars ($10,000), or by imprisonment in the state prison for
16 months, or two or three years, or by both that fine and imprison-
ment, or by a fine not exceeding five thousand dollars ($5,000), or by
imprisonment in the county jail not exceeding one year, or by both that
fine and imprisonment.
(e)
(1) In addition to any other civil remedy available, the owner or lessee
of the computer, computer system, computer network, computer program, or
data may bring a civil action against any person convicted under this sec-
tion for compensatory damages, including any expenditure reasonably and
necessarily incurred by the owner or lessee to verify that a computer sys-
tem, computer network, computer program, or data was or was not altered,
damaged, or deleted by the access. For the purposes of actions authorized
by this subdivision, the conduct of an unemancipated minor shall be imput-
ed to the parent or legal guardian having control or custody of the minor,
pursuant to the provisions of Section 1714.1 of the Civil Code.
(2) In any action brought pursuant to this subdivision the court may award
reasonable attorney's fees to a prevailing party.
(3) A community college, state university, or academic institution accredit-
ed in this state is required to include computer-related crimes as a spe-
cific violation of college or university student conduct policies and reg-
ulations that may subject a student to disciplinary sanctions up to and
including dismissal from the academic institution. This paragraph shall
not apply to the University of California unless the Board of Regents
adopts a resolution to that effect.
(f) This section shall not be construed to preclude the applicability of any
other provision of the criminal law of this state which applies or may ap-
ply to any transaction, nor shall it make illegal any employee labor rela-
tions activities that are within the scope and protection of state or fed-
eral labor laws.
(g) Any computer, computer system, computer network, or any software or
data, owned by the defendant, which is used during the commission of any
public offense described in subdivision (c) or any computer, owned by the
defendant, which is used as a repository for the storage of software or data
illegally obtained in violation of subdivision (c) shall be subject to for-
feiture, as specified in Section 502.01.
(h)
(1) Subdivision (c) does not apply to any person who accesses his or her
employer's computer system, computer network, computer program, or data
when acting within the scope of his or her lawful employment.
(2) Paragraph (3) of subdivision (c) does not apply to any employee who
accesses or uses his or her employer's computer system, computer network,
computer program, or data when acting outside the scope of his or her law-
ful employment, so long as the employee's activities do not cause an in-
jury, as defined in paragraph (8) of subdivision (b), to the employer or
another, or so long as the value of supplies and computer services, as
defined in paragraph (4) of subdivision (b), which are used do not exceed
an accumulated total of one hundred dollars ($100).
(i) No activity exempted from prosecution under paragraph (2) of subdivision
(h) which incidentally violates paragraph (2), (4), or (7) of subdivision
(c) shall be prosecuted under those paragraphs.
(j) For purposes of bringing a civil or a criminal action under this section,
a person who causes, by any means, the access of a computer, computer sys-
tem, or computer network in one jurisdiction from another jurisdiction is
deemed to have personally accessed the computer, computer system, or com-
puter network in each jurisdiction.
(k) In determining the terms and conditions applicable to a person convicted
of a violation of this section the court shall consider the following:
(1) The court shall consider prohibitions on access to and use of computers.
(2) Except as otherwise required by law, the court shall consider alternate
sentencing, including community service, if the defendant shows remorse
and recognition of the wrongdoing, and an inclination not to repeat the
offense.
(Amended by Stats. 1989, Ch. 1357, Sec. 1.3.)
(Problems/Comments, mail to:
[email protected])
