WHAT IS BREACH OF COMPUTER SECURITY IN TEXAS?
The Texas law against breach of computer security prohibits accessing another’s computer, computer network, or computer system without consent, or with the intent to defraud or harm another in an attempt to alter, damage, or delete data on another’s computer.
- What is an example of breach of computer security? The default Class B misdemeanor breach of computer security without consent occurs when merely accesses another’s computer, computer network, or computer system without authorization.For example, in Muhammed v. State, the defendant was a student at the University of Houston, and was caught accessing the student accounts of several students. She was convicted, and argued on appeal the State failed to prove she did so without the victim’s consent. A campus police officer who suspected the defendant of accessing student accounts without authorization saw the defendant browsing the victim’s student email account.The appellate court affirmed. The jury could infer the defendant knew she lacked the victim’s consent to access his emails, because the victim testified he did not know the defendant, and did not permit her access.
WHAT IS THE BREACH OF COMPUTER SECURITY LAW IN TEXAS?
Tex. Penal Code § 33.02. BREACH OF COMPUTER SECURITY.
(a) A person commits an offense if the person knowingly accesses a computer, computer network, or computer system without the effective consent of the owner.
(b) An offense under Subsection (a) is a Class B misdemeanor, except that the offense is a state jail felony if:
(1) the defendant has been previously convicted two or more times of an offense under this chapter; or
(2) the computer, computer network, or computer system is owned by the government or a critical infrastructure facility.
(b-1) A person commits an offense if, with the intent to defraud or harm another or alter, damage, or delete property, the person knowingly accesses:
(1) a computer, computer network, or computer system without the effective consent of the owner; or
(2) a computer, computer network, or computer system:
(A) that is owned by:
(i) the government; or
(ii) a business or other commercial entity engaged in a business activity;
(B) in violation of:
(i) a clear and conspicuous prohibition by the owner of the computer, computer network, or computer system; or
(ii) a contractual agreement to which the person has expressly agreed; and
(C) with the intent to obtain or use a file, data, or proprietary information stored in the computer, network, or system to defraud or harm another or alter, damage, or delete property.
(b-2) An offense under Subsection (b-1) is:
(1) a Class C misdemeanor if the aggregate amount involved is less than $100;
(2) a Class B misdemeanor if the aggregate amount involved is $100 or more but less than $750;
(3) a Class A misdemeanor if the aggregate amount involved is $750 or more but less than $2,500;
(4) a state jail felony if the aggregate amount involved is $2,500 or more but less than $30,000;
(5) a felony of the third degree if the aggregate amount involved is $30,000 or more but less than $150,000;
(6) a felony of the second degree if:
(A) the aggregate amount involved is $150,000 or more but less than $300,000;
(B) the aggregate amount involved is any amount less than $300,000 and the computer, computer network, or computer system is owned by the government or a critical infrastructure facility; or
(C) the actor obtains the identifying information of another by accessing only one computer, computer network, or computer system; or
(7) a felony of the first degree if:
(A) the aggregate amount involved is $300,000 or more; or
(B) the actor obtains the identifying information of another by accessing more than one computer, computer network, or computer system.
(c) When benefits are obtained, a victim is defrauded or harmed, or property is altered, damaged, or deleted in violation of this section, whether or not in a single incident, the conduct may be considered as one offense and the value of the benefits obtained and of the losses incurred because of the fraud, harm, or alteration, damage, or deletion of property may be aggregated in determining the grade of the offense.
(d) A person who is subject to prosecution under this section and any other section of this code may be prosecuted under either or both sections.
(e) It is a defense to prosecution under this section that the person acted with the intent to facilitate a lawful seizure or search of, or lawful access to, a computer, computer network, or computer system for a legitimate law enforcement purpose.
(f) It is a defense to prosecution under Subsection (b-1)(2) that the actor’s conduct consisted solely of action taken pursuant to a contract that was entered into with the owner of the computer, computer network, or computer system for the purpose of assessing the security of the computer, network, or system or providing other security-related services.
Tex. Penal Code § 33.03. DEFENSES.
It is an affirmative defense to prosecution under Section 33.02 or 33.022 that the actor was an officer, employee, or agent of a communication common carrier or electric utility and committed the proscribed act or acts in the course of employment while engaged in an activity that is a necessary incident to the rendition of service or to the protection of the rights or property of the communication common carrier or electric utility.
WHAT IS THE PENALTY CLASS FOR BREACH OF COMPUTER SECURITY IN TEXAS?
The penalty category for breach of computer security depends on the manner in which the offense is committed, whether the person intended to defraud or harm another, and the aggregate amount of property altered, damaged, or deleted.
- Class C misdemeanor, punishable by up to a $500 fine, if:
- the aggregate amount involved is less than $100;
- Class B misdemeanor, punishable by up to 180 days in jail, if:
- the aggregate amount involved is $100 or more but less than $750; or
- the person accesses another’s computer, computer network, or computer system without consent, but causes no monetary damage, and had no intent to defraud or harm;
- Class A misdemeanor, punishable by up to one year in jail, if:
- the aggregate amount involved is $750 or more but less than $2,500;
- State jail felony, punishable by 180 days to two years in a state jail facility, if:
- the aggregate amount involved is $2,500 or more but less than $30,000; or
- the person accesses a computer, computer network, or computer system owned by a government or critical infrastructure facility without consent (but causes no monetary damage, and lacks the intent to defraud or harm);
- the person has been convicted two or more times of a “computer crime” under Texas Penal Code Chapter 33;
- Third degree felony, punishable by two to ten years in prison, if:
- the aggregate amount involved is $30,000 or more but less than $150,000;
- Second degree felony, punishable by two to 20 years in prison, if:
- the aggregate amount involved is $150,000 or more but less than $300,000;
- the person accesses a computer, computer network, or computer system owned by the government or critical infrastructure facility with the intent to harm or defraud another, in an aggregate amount of less than $300,000;
- First degree felony, punishable by five to 99 years in prison, if:
- the aggregate amount involved is $300,000 or more; or
- the person obtains another’s identifying information by accessing more than one computer, computer network, or computer system.
Texas Penal Code Section 12.501 increases the offense to the next highest penalty category if committed against a public servant, a member of the public servant’s family or household, or property owned or controlled by a public servant, in retaliation for or on account of the public servant’s status.
WHAT IS THE PUNISHMENT RANGE FOR BREACH OF COMPUTER SECURITY IN TEXAS?
The punishment range for breach of computer security depends on the conduct, and aggregate amount of monetary damage caused by the breach.
- First degree felony (accessing multiple computers to obtain identifying information, or the aggregate amount is over $300,000):
- five to 99 years or life in prison, maximum $10,000 fine;
- Second degree felony (aggregate amount is $150,000 or more but less than $300,000, or the breach of a government-owned computer or one owned by a critical infrastructure facility caused less than $300,000 in damage):
- two to 20 years in prison, maximum $10,000 fine;
- Third degree felony (aggregate amount is $30,000 or more but less than $150,000):
- two to ten years in prison, maximum $10,000 fine;
- State jail felony (aggregate amount is $2,500 or more but less than $30,000, or there is no damage or intent to defraud or harm but the person breached a computer owned by the government or critical infrastructure facility, or has been convicted two or more times of a computer crime):
- 180 days to two years in a state jail facility, maximum $10,000 fine;
- Class A misdemeanor (aggregate amount is $750 or more but less than $2,500):
- up to one year in jail, maximum $4,000 fine;
- Class B misdemeanor (aggregate amount is $100 or more but less than $750, or the person breaches another’s computer without causing any damage):
- up to 180 days in jail, maximum $2,000 fine;
- Class C misdemeanor (aggregate amount is less than $100):
- maximum $500 fine.
WHAT ARE THE PENALTIES FOR BREACH OF COMPUTER SECURITY IN TEXAS?
A person charged with breach of computer security may be eligible for probation after a conviction, or deferred adjudication without a conviction. If charged with a first degree, second degree, or third degree felony, the period of community supervision may not exceed ten years.
A person charged with breach of computer security as a state jail felony may be placed on community supervision for a period between two and five years, with the possibility of extending supervision for up to ten years.
The period of community supervision for Class A and Class B misdemeanor breach of computer security charges may not exceed two years, and a person may be placed on deferred adjudication for up to 180 days if charged with a Class C misdemeanor.
WHAT ARE THE DEFENSES TO BREACH OF COMPUTER SECURITY IN TEXAS?
The statute provides two defenses for breach of computer security, in addition to the affirmative defense articulated in Penal Code Section 33.03.
It is an affirmative defense to breach of computer security if the person was an officer, employee, or agent of a communication common carrier or electric utility, and committed the alleged breach:
- in the course of employment; and
- the activity was necessary to:
- render services; or
- protect the rights or property of the communication common carrier or electric utility.
A person accused of breaching a government-owned computer, computer network, or computer system may also raise a statutorily-authorized defense if the person’s conduct was pursuant to a contract that was entered into with the owner for the purpose of providing security-related services.
- Is a breach of computer security illegal if it is for a legitimate law enforcement purpose? It is a defense to breach of computer security if the person acted with the intent to facilitate a lawful seizure or search of, or lawful access to, a computer, computer network, or computer system for a legitimate law enforcement purpose.In State v. Ruiz, students at a private high school reported the defendant, a substitute teacher, was taking photos up female students’ skirts. The principal confronted the defendant, who admitted he had a problem. The principal searched the defendant’s phone, and found upskirt photos of students.The defendant moved to suppress the photos, arguing they were illegally seized in violation of Texas Code of Criminal Procedure article 38.23 because the principal committed a breach of computer security. The appellate courts disagreed, holding the defendant failed to show the principal was not acting facilitating a legitimate law enforcement purpose.
WHAT IS THE STATUTE OF LIMITATIONS FOR BREACH OF COMPUTER SECURITY IN TEXAS?
The limitation period for breach of computer security categorized as a misdemeanor is two years. If breach of computer security is classified as a felony, the limitation period is three years.
BREACH OF COMPUTER SECURITY IN TEXAS
Breach of computer security is accessing another’s computer data without permission. The offense category increases based on the severity of the conduct, whether the victim is a private person, the government, or critical infrastructure facility, and whether the breach caused damage.
TEXAS BREACH OF COMPUTER SECURITY COURT CASES
The case law regarding breach of computer security in Texas is most commonly seen in the context of possession of child pornography charges.
- In Salinas v. State, the defendant dropped off his car for repairs. While the mechanics were running computer diagnostics inside the vehicle, they found a USB not connected to anything, but plugged it into a computer with hopes it had music on it. They saw child porn, and reported it to police.The defendant was convicted of possession of child pornography, but argued the mechanics committed a breach of computer security so the images on the USB should have been suppressed. The appellate court disagreed, holding the thumb drive was not a computer because it was not connected to a device.
- In Kane v. State, the defendant, a university student, left his flash drive in a classroom computer. The IT director opened the drive in an attempt to find its owner, and found child pornography. The defendant was convicted of possession of child pornography, but argued on appeal the contents of the flash drive should have been suppressed as seized in violation of Penal Code 33.02.The appellate court affirmed the conviction, holding the IT director examined an unmarked and unlocked flash drive left in a common-use computer facility, so she had effective consent to access the flash drive.
