Computer crimes and penalties -- Interfering with critical infrastructure.
Checkout our iOS App for a better way to browser and research.
(1) It is unlawful for a person to:
(a) without authorization, or in excess of the person's authorization, access or attempt to access computer technology if the access or attempt to access results in:
(i) the alteration, damage, destruction, copying, transmission, discovery, or disclosure of computer technology;
(ii) interference with or interruption of:
(A) the lawful use of computer technology; or
(B) the transmission of data;
(iii) physical damage to or loss of real, personal, or commercial property;
(iv) audio, video, or other surveillance of another person; or
(v) economic loss to any person or entity;
(b) after accessing computer technology that the person is authorized to access, knowingly take or attempt to take unauthorized or unlawful action that results in:
(i) the alteration, damage, destruction, copying, transmission, discovery, or disclosure of computer technology;
(ii) interference with or interruption of:
(A) the lawful use of computer technology; or
(B) the transmission of data;
(iii) physical damage to or loss of real, personal, or commercial property;
(iv) audio, video, or other surveillance of another person; or
(v) economic loss to any person or entity; or
(c) knowingly engage in a denial of service attack.
(2) A person who violates Subsection (1) is guilty of:
(a) a class B misdemeanor when:
(i) the economic loss or other loss or damage caused or the value of the money, property, or benefit obtained or sought to be obtained is less than $500; or
(ii) the information obtained is not confidential;
(b) a class A misdemeanor when the economic loss or other loss or damage caused or the value of the money, property, or benefit obtained or sought to be obtained is or exceeds $500 but is less than $1,500;
(c) a third degree felony when the economic loss or other loss or damage caused or the value of the money, property, or benefit obtained or sought to be obtained is or exceeds $1,500 but is less than $5,000;
(d) a second degree felony when the economic loss or other loss or damage caused or the value of the money, property, or benefit obtained or sought to be obtained is or exceeds $5,000; or
(e) a third degree felony when:
(i) the property or benefit obtained or sought to be obtained is a license or entitlement;
(ii) the damage is to the license or entitlement of another person;
(iii) the information obtained is confidential or identifying information; or
(iv) in gaining access the person breaches or breaks through a security system.
(3)
(a) A person who intentionally or knowingly and without authorization gains or attempts to gain access to a computer, computer network, computer property, or computer system under circumstances not otherwise constituting an offense under this section is guilty of a class B misdemeanor.
(b) Notwithstanding Subsection (3)(a), a retailer that uses an electronic product identification or tracking system, or other technology, to identify, track, or price goods is not guilty of a violation of Subsection (3)(a) if the equipment designed to read the electronic product identification or tracking system data and used by the retailer to identify, track, or price goods is located within the retailer's location.
(4)
(a) A person who, with intent that electronic communication harassment occur, discloses or disseminates another person's identifying information with the expectation that others will further disseminate or use the person's identifying information is subject to the penalties outlined in Subsection (4)(b).
(b) If the disclosure or dissemination of another person's identifying information results in electronic communication harassment, as described in Section 76-9-201, of the person whose identifying information is disseminated, the person disseminating the information is guilty of:
(i) a class B misdemeanor if the person whose identifying information is disseminated is an adult; or
(ii) a class A misdemeanor if the person whose identifying information is disseminated is a minor.
(c) A second offense under Subsection (4)(b)(i) is a class A misdemeanor.
(d) A second offense under Subsection (4)(b)(ii), and a third or subsequent offense under this Subsection (4)(b), is a third degree felony.
(5) A person who uses or knowingly allows another person to use any computer, computer network, computer property, or computer system, program, or software to devise or execute any artifice or scheme to defraud or to obtain money, property, services, or other things of value by false pretenses, promises, or representations, is guilty of an offense based on the value of the money, property, services, or things of value, in the degree set forth in Subsection 76-10-1801(1).
(6) A person is guilty of a third degree felony if the person intentionally or knowingly, and without lawful authorization, interferes with or interrupts critical infrastructure.
(7) It is an affirmative defense to Subsection (1), (2), or (3) that a person obtained access or attempted to obtain access:
(a) in response to, and for the purpose of protecting against or investigating, a prior attempted or successful breach of security of computer technology whose security the person is authorized or entitled to protect, and the access attempted or obtained was no greater than reasonably necessary for that purpose; or
(b) pursuant to a search warrant or a lawful exception to the requirement to obtain a search warrant.
(8)
(a) An interactive computer service is not guilty of violating this section if a person violates this section using the interactive computer service and the interactive computer service did not knowingly assist the person to commit the violation.
(b) A service provider is not guilty of violating this section for:
(i) action taken in relation to a customer of the service provider, for a legitimate business purpose, to install software on, monitor, or interact with the customer's Internet or other network connection, service, or computer for network or computer security purposes, authentication, diagnostics, technical support, maintenance, repair, network management, updates of computer software or system firmware, or remote system management; or
(ii) action taken, including scanning and removing computer software, to detect or prevent the following:
(A) unauthorized or fraudulent use of a network, service, or computer software;
(B) illegal activity; or
(C) infringement of intellectual property rights.
(9) Subsections (4)(a) and (b) do not apply to a person who provides information in conjunction with a report under Title 34A, Chapter 6, Utah Occupational Safety and Health Act, or Title 67, Chapter 21, Utah Protection of Public Employees Act.
(10) In accordance with 47 U.S.C.A. Sec. 230, this section may not apply to, and nothing in this section may be construed to impose liability or culpability on, an interactive computer service for content provided by another person.
(11) This section does not affect, limit, or apply to any activity or conduct that is protected by the constitution or laws of this state or by the constitution or laws of the United States.