Computer Crimes Defined; Exclusivity of Article; Civil Remedies; Criminal Penalties

  1. Law
  2. Georgia Code
  3. Crimes and Offenses
  4. Forgery and Fraudulent Practices
  5. Computer Systems Protection
  6. Computer Crimes
  7. Computer Crimes Defined; Exclusivity of Article; Civil Remedies; Criminal Penalties

Checkout our iOS App for a better way to browser and research.

  1. Computer theft. Any person who uses a computer or computer network with knowledge that such use is without authority and with the intention of:
    1. Taking or appropriating any property of another, whether or not with the intention of depriving the owner of possession;
    2. Obtaining property by any deceitful means or artful practice; or
    3. Converting property to such person's use in violation of an agreement or other known legal obligation to make a specified application or disposition of such property

      shall be guilty of the crime of computer theft.

  2. Computer Trespass. Any person who uses a computer or computer network with knowledge that such use is without authority and with the intention of:
    1. Deleting or in any way removing, either temporarily or permanently, any computer program or data from a computer or computer network;
    2. Obstructing, interrupting, or in any way interfering with the use of a computer program or data; or
    3. Altering, damaging, or in any way causing the malfunction of a computer, computer network, or computer program, regardless of how long the alteration, damage, or malfunction persists

      shall be guilty of the crime of computer trespass.

  3. Computer Invasion of Privacy. Any person who uses a computer or computer network with the intention of examining any employment, medical, salary, credit, or any other financial or personal data relating to any other person with knowledge that such examination is without authority shall be guilty of the crime of computer invasion of privacy.
  4. Computer Forgery. Any person who creates, alters, or deletes any data contained in any computer or computer network, who, if such person had created, altered, or deleted a tangible document or instrument would have committed forgery under Article 1 of this chapter, shall be guilty of the crime of computer forgery.The absence of a tangible writing directly created or altered by the offender shall not be a defense to the crime of computer forgery if a creation, alteration, or deletion of data was involved in lieu of a tangible document or instrument.
  5. Computer Password Disclosure. Any person who discloses a number, code, password, or other means of access to a computer or computer network knowing that such disclosure is without authority and which results in damages (including the fair market value of any services used and victim expenditure) to the owner of the computer or computer network in excess of $500.00 shall be guilty of the crime of computer password disclosure.
  6. Article not Exclusive. The provisions of this article shall not be construed to preclude the applicability of any other law which presently applies or may in the future apply to any transaction or course of conduct which violates this article.
  7. Civil Relief; Damages.
    1. Any person whose property or person is injured by reason of a violation of any provision of this article may sue therefor and recover for any damages sustained and the costs of suit. Without limiting the generality of the term, "damages" shall include loss of profits and victim expenditure.
    2. At the request of any party to an action brought pursuant to this Code section, the court shall by reasonable means conduct all legal proceedings in such a way as to protect the secrecy and security of any computer, computer network, data, or computer program involved in order to prevent possible recurrence of the same or a similar act by another person and to protect any trade secrets of any party.
    3. The provisions of this article shall not be construed to limit any person's right to pursue any additional civil remedy otherwise allowed by law.
    4. A civil action under this Code section must be brought within four years after the violation is discovered or by exercise of reasonable diligence should have been discovered.For purposes of this article, a continuing violation of any one subsection of this Code section by any person constitutes a single violation by such person.
  8. Criminal Penalties.
    1. Any person convicted of the crime of computer theft, computer trespass, computer invasion of privacy, or computer forgery shall be fined not more than $50,000.00 or imprisoned not more than 15 years, or both.
    2. Any person convicted of computer password disclosure shall be fined not more than $5,000.00 or incarcerated for a period not to exceed one year, or both.

(Code 1981, §16-9-93, enacted by Ga. L. 1991, p. 1045, § 1.)

Law reviews.

- For article, "Legal Remedies for Computer Abuse," see 21 Ga. St. B.J. 100 (1985). For annual survey of law on labor and employment law, see 62 Mercer L. Rev. 181 (2010). For annual survey on torts, see 64 Mercer L. Rev. 287 (2012).

JUDICIAL DECISIONS

Evidence sufficient to convict.

- Where an employee had the knowledge of the computer system and the access code for the payroll system that gave the employee the opportunity for committing the crime, and the checks were not received by the payees and reflected on their faces that they were cashed, the jury's conclusion that defendant had accessed the system was supportable as a matter of law. Gordon v. State, 206 Ga. App. 450, 425 S.E.2d 906 (1992).

Testimony showing that defendant used a computer owned by the company with the intention of deleting or removing data from that computer was sufficient evidence to allow a reasonable trier of fact to find that a computer trespass had occurred. Fugarino v. State, 243 Ga. App. 268, 531 S.E.2d 187 (2000).

Defendant was properly convicted of computer theft under O.C.G.A. § 16-9-93 because the defendant copied homeowner association data from the computer of the defendant's employer without authority under O.C.G.A. § 16-9-92(18), and the defendant had the intent of appropriating that information for the defendant's own use in the defendant's new business. DuCom v. State, 288 Ga. App. 555, 654 S.E.2d 670 (2007), cert. denied, No. S08C0598, 2008 Ga. LEXIS 383 (Ga. 2008).

Contrary to the defendant's assertion on appeal that the state did not prove intent to appropriate, the state established that by entering passing grades for classes the defendant failed, the defendant appropriated $5,700 of National Guard funds without authority or right for the defendant's exclusive use by eliminating the debt the defendant owed to the National Guard. Countryman v. State, 355 Ga. App. 573, 845 S.E.2d 312 (2020).

Evidence sufficient to convict when employee tampered with supervisor's email.

- Evidence was sufficient to convict the defendant of computer trespass by obstructing and interfering with data from a computer because the defendant, an employee of the city, altered the city's computer network to cause the defendant's supervisor's work incoming email to be copied and forwarded to the defendant's personal, non-official email account; the defendant did not have authority or permission to forward the supervisor's email; and, at the relevant time frame, the defendant was the only city employee besides the supervisor who had the requisite network access to cause the supervisor's email to be forwarded to the defendant, and the defendant did not dispute that the destination account was the defendant's personal account. Kinslow v. State, 353 Ga. App. 839, 839 S.E.2d 660 (2020).

Claim did not state a violation.

- Customer was granted a summary judgment as to a copyright owner's claims of violations of the Georgia Computer Systems Protection Act, O.C.G.A. § 16-9-90 et seq., because the Act was not broad enough to cover the actions alleged in that there was no allegation that an appropriation of the owner's intellectual property was achieved by unauthorized use of a computer under O.C.G.A. § 16-9-93(a) and the owner did not allege that the customer used the owner's name on the Internet for the purpose of falsely identifying itself to make O.C.G.A. § 16-9-93.1 applicable. SCQuARE Int'l, Ltd. v. BBDO Atlanta, Inc., 455 F. Supp. 2d 1347 (N.D. Ga. 2006).

Because the former employer did not allege that the former employees changed the location of the files or otherwise disposed of the files, and the plain language of O.C.G.A. § 16-9-93(b) contemplated a temporary or permanent elimination of files or a temporary or permanent change of the file locations, the employer did not assert a claim for computer trespass under O.C.G.A. § 16-9-93(b). Vurv Tech. LLC v. Kenexa Corp., F. Supp. 2d (N.D. Ga. July 20, 2009).

Trial court did not err in denying a former employee's claims under the Georgia Computer Systems Protection Act, O.C.G.A. § 16-9-93, because the actions of a former employer's president in perusing the employee's email on the computer that the employee used in conducting business for the employer were not taken without authority; the president had authority to inspect the employee's computer pursuant to the computer usage policy contained in the employee manual, which the employee had agreed to abide by when the employee started work with the employer, and the president acted in order to obtain evidence in connection with an investigation of improper employee behavior. Sitton v. Print Direction, Inc., 312 Ga. App. 365, 718 S.E.2d 532 (2011).

Former employee was not guilty of computer theft when the employee accessed clients' tax returns through a client portal, not though the network, using passwords obtained from the clients. Drawdy CPA Servs., P.C. v. N. GA CPA Servs., P.C., 320 Ga. App. 759, 740 S.E.2d 712 (2013).

Opinion testimony related to computer trespass claims was speculative, irrelevant, and unhelpful because the expert's statements indicated only that damage was possible, rather than probable; moreover, claims of computer trespass and computer invasion of privacy failed because the alleged conduct occurred outside Georgia. Krise v. Sei/Aaron's, Inc., F. Supp. 2d (N.D. Ga. Aug. 18, 2017).

Damages for computer trespass.

- Because the collection agency received the applications to run the agency's business from the independent contractor and the independent contractor provided technical support and maintenance services to the collection agency, the collection agency received value in exchange for the money the agency paid to the independent contractor, and the agency's cost of compensating the independent contractor during that time period was not an element of damages that resulted from the independent contractor's computer trespass for which the agency could receive reimbursement. Ware v. Am. Recovery Solution Servs., 324 Ga. App. 187, 749 S.E.2d 775 (2013).

Punitive damages not authorized.

- Georgia Computer Systems Protection Act, O.C.G.A. § 16-9-90 et seq., did not authorize an award of punitive damages as the statement in O.C.G.A. § 16-9-93(g)(1) indicating that a plaintiff may recover "any damages sustained," without more, would not appear to indicate a legislative intent to allow for punitive damages to be recoverable under the statute given that punitive damages are not sustained by a plaintiff but intended to punish, penalize, or deter a defendant. Lyman v. Cellchem International, Inc., 300 Ga. 475, 796 S.E.2d 255 (2017).

Computer trespass.

- Independent contractor committed computer trespass because the independent contractor did not have authorization to use the login and password of the chief financial officer of the collection agency to access the server and to disable an administrative login or alter a program, and the independent contractor's actions first completely shut down the collection agency and then hampered the agency's ability to operate for a significant length of time. Ware v. Am. Recovery Solution Servs., 324 Ga. App. 187, 749 S.E.2d 775 (2013).

Computer invasion of privacy.

- Defendant's motion for new trial was improperly denied as to the computer invasion of privacy charge because counsel was ineffective for failing to object to the first victim's hearsay testimony as the victim's statement about what the victim learned from an online backup system was introduced to prove that the defendant used the victim's computer to access the victim's financial information and constituted hearsay; counsel provided no reason for not objecting to that testimony; the defendant was prejudiced by counsel's deficiency as that testimony was the only evidence offered to prove the charge; and, but for counsel's deficient performance, a more than reasonable probability existed that the trial's outcome would have been different. Entwisle v. State, 340 Ga. App. 122, 796 S.E.2d 743 (2017).

Insufficient evidence in defamation case from social media.

- Judgment notwithstanding the verdict and directed verdicts in a defamation case were affirmed because the plaintiff was properly found to be a public figure in the spheres of running and Christian evangelism and there was no evidence of actual malice as to the social media postings, which alleged that the plaintiff was having multiple affairs with married women and had not completed all of the long distance runs, were true; there was no evidence of violations of O.C.G.A. § 16-9-93 or O.C.G.A. § 16-9-93.1. Bickerstaff v. SunTrust Bank, 299 Ga. 459, 788 S.E.2d 787 (2016), cert. denied, 137 S. Ct. 571, 196 L. Ed. 2d 447 (U.S. 2016).

Tolling of statute of limitations.

- Prosecution of the defendant's case was not barred by the four year statute of limitations for computer theft because even if the National Guard were actually aware that the defendant entered the defendant's own grades, with or without authorization to do so; in October 2012, the undisputed evidence showed that the Guard did not become aware that the grades entered were false until January 2015. Countryman v. State, 355 Ga. App. 573, 845 S.E.2d 312 (2020).

Cited in Stargate Software Int'l, Inc. v. Rumph, 224 Ga. App. 873, 482 S.E.2d 498 (1997).

OPINIONS OF THE ATTORNEY GENERAL

For an update of crimes and offenses for which the Georgia Crime Information Center is authorized to collect and file identifying data, see 1991 Op. Att'y Gen. No. 91-35.

RESEARCH REFERENCES

Am. Jur. 2d.

- 37 Am. Jur. 2d, Fraud and Deceit, § 1.

C.J.S.

- 37 C.J.S., Fraud, §§ 1, 2.

ALR.

- Computer fraud, 70 A.L.R.5th 647.

Invasion of privacy by using or obtaining e-mail or computer files, 68 A.L.R.6th 331.

Validity, construction, and application of state computer crime and fraud laws, 87 A.L.R.6th 1.


Download our app to see the most-to-date content.