CHAPTER 949g*

COMPUTER CRIMES

*See Sec. 53a-250 et seq. re computer-related offenses.

Table of Contents

Sec. 53-451. Computer crimes.

Sec. 53-452. Civil actions. Recovery of attorney’s fees and costs. Damages. Statute of limitations.

Sec. 53-453. Civil enforcement by Attorney General.

Sec. 53-454. Misrepresentation as on-line Internet business. Civil enforcement by Attorney General or aggrieved person. Damages. Exclusions. Penalty.


Sec. 53-451. Computer crimes. (a) Definitions. As used in sections 53-451 to 53-453, inclusive, unless the context clearly requires otherwise:

(1) “Computer” means an electronic, magnetic or optical device or group of devices that, pursuant to a computer program, human instruction or permanent instructions contained in the device or group of devices, can automatically perform computer operations with or on computer data and can communicate the results to another computer or to a person. “Computer” includes any connected or directly related device, equipment or facility that enables the computer to store, retrieve or communicate computer programs, computer data or the results of computer operations to or from a person, another computer or another device.

(2) “Computer data” means any representation of information, knowledge, facts, concepts or instructions that is being prepared or has been prepared and is intended to be processed, is being processed or has been processed in a computer or computer network. “Computer data” may be in any form, whether readable only by a computer or only by a human or by either, including, but not limited to, computer printouts, magnetic storage media, punched cards or stored internally in the memory of the computer.

(3) “Computer network” means a set of related, remotely connected devices and any communications facilities including more than one computer with the capability to transmit data among them through the communications facilities.

(4) “Computer operation” means arithmetic, logical, monitoring, storage or retrieval functions and any combination thereof, and includes, but is not limited to, communication with, storage of data to or retrieval of data from any device or human hand manipulation of electronic or magnetic impulses. A “computer operation” for a particular computer may also be any function for which that computer was generally designed.

(5) “Computer program” means an ordered set of data representing coded instructions or statements that, when executed by a computer, causes the computer to perform one or more computer operations.

(6) “Computer services” means computer time or services including data processing services, Internet services, electronic mail services, electronic message services or information or data stored in connection therewith.

(7) “Computer software” means a set of computer programs, procedures and associated documentation concerned with computer data or with the operation of a computer, computer program or computer network.

(8) “Electronic mail service provider” means any person who (A) is an intermediary in sending or receiving electronic mail, and (B) provides to end-users of electronic mail services the ability to send or receive electronic mail.

(9) “Financial instrument” includes, but is not limited to, any check, draft, warrant, money order, note, certificate of deposit, letter of credit, bill of exchange, credit or debit card, transaction authorization mechanism, marketable security or any computerized representation thereof.

(10) “Owner” means an owner or lessee of a computer or a computer network, or an owner, lessee or licensee of computer data, computer programs or computer software.

(11) “Person” means a natural person, corporation, limited liability company, trust, partnership, incorporated or unincorporated association and any other legal or governmental entity, including any state or municipal entity or public official.

(12) “Property” means: (A) Real property; (B) computers and computer networks; (C) financial instruments, computer data, computer programs, computer software and all other personal property regardless of whether they are: (i) Tangible or intangible; (ii) in a format readable by humans or by a computer; (iii) in transit between computers or within a computer network or between any devices which comprise a computer; or (iv) located on any paper or in any device on which it is stored by a computer or by a human; and (D) computer services.

(13) A person “uses” a computer or computer network when such person:

(A) Attempts to cause or causes a computer or computer network to perform or to stop performing computer operations;

(B) Attempts to cause or causes the withholding or denial of the use of a computer, computer network, computer program, computer data or computer software to another user; or

(C) Attempts to cause or causes another person to put false information into a computer.

(14) A person is “without authority” when such person (A) has no right or permission of the owner to use a computer or such person uses a computer in a manner exceeding such right or permission, or (B) uses a computer, a computer network or the computer services of an electronic mail service provider to transmit unsolicited bulk electronic mail in contravention of the authority granted by or in violation of the policies set by the electronic mail service provider. Transmission of electronic mail from an organization to its members shall not be deemed to be unsolicited bulk electronic mail.

(b) Unauthorized use of a computer or computer network. It shall be unlawful for any person to use a computer or computer network without authority and with the intent to:

(1) Temporarily or permanently remove, halt or otherwise disable any computer data, computer programs or computer software from a computer or computer network;

(2) Cause a computer to malfunction, regardless of how long the malfunction persists;

(3) Alter or erase any computer data, computer programs or computer software;

(4) Effect the creation or alteration of a financial instrument or of an electronic transfer of funds;

(5) Cause physical injury to the property of another;

(6) Make or cause to be made an unauthorized copy, in any form, including, but not limited to, any printed or electronic form of computer data, computer programs or computer software residing in, communicated by or produced by a computer or computer network; or

(7) Falsify or forge electronic mail transmission information or other routing information in any manner in connection with the transmission of unsolicited bulk electronic mail through or into the computer network of an electronic mail service provider or its subscribers.

(c) Unlawful sale or distribution of software designed to facilitate falsification of electronic mail transmission or routing information. It shall be unlawful for any person to knowingly sell, give or otherwise distribute or possess with the intent to sell, give or distribute software that: (1) Is primarily designed or produced for the purpose of facilitating or enabling the falsification of electronic mail transmission information or other routing information; (2) has only limited commercially significant purpose or use other than to facilitate or enable the falsification of electronic mail transmission information or other routing information; or (3) is marketed by that person or another acting in concert with that person with that person’s knowledge for use in facilitating or enabling the falsification of electronic mail transmission information or other routing information.

(d) Criminal penalty. Any person who violates any provision of this section shall be guilty of a class B misdemeanor, except that if such person’s reckless disregard for the consequences of such person’s actions causes damage to the property of another person in an amount exceeding two thousand five hundred dollars, such person shall be guilty of a class A misdemeanor, and if such person’s malicious actions cause damage to the property of another person in an amount exceeding two thousand five hundred dollars, such person shall be guilty of a class D felony.

(e) Nonapplicability to provisions in certain contracts and licenses. Nothing in this section shall be construed to interfere with or prohibit terms or conditions in a contract or license related to computers, computer data, computer networks, computer operations, computer programs, computer services or computer software or to create any liability by reason of terms or conditions adopted by, or technical measures implemented by, a Connecticut-based electronic mail service provider to prevent the transmission of unsolicited electronic mail in violation of this section.

(P.A. 99-160, S. 1.)

See Sec. 52-570c re unsolicited electronic mail.

See Sec. 53a-250 et seq. re computer-related offenses.

See Sec. 53a-301 re computer crime in furtherance of terrorist purposes.

Sec. 53-452. Civil actions. Recovery of attorney’s fees and costs. Damages. Statute of limitations. (a) Any person whose property or person is injured by reason of a violation of any provision of section 53-451 may bring a civil action in the Superior Court to enjoin further violations and to recover the actual damages sustained by reason of such violation and the costs of the civil action. Without limiting the generality of the term, “damages” includes loss of profits.

(b) If the injury arises from the transmission of unsolicited bulk electronic mail, the injured person, other than an electronic mail service provider, may also recover reasonable attorneys’ fees and costs, and may elect, in lieu of actual damages, to recover the lesser of ten dollars for each and every unsolicited bulk electronic mail message transmitted in violation of section 53-451 or twenty-five thousand dollars per day for each day of violation. The injured person shall not have a cause of action against the electronic mail service provider that merely transmits the unsolicited bulk electronic mail over its computer network.

(c) If the injury arises from the transmission of unsolicited bulk electronic mail, an injured electronic mail service provider may also recover reasonable attorneys’ fees and costs and may elect, in lieu of actual damages, to recover the greater of ten dollars for each and every unsolicited bulk electronic mail message transmitted in violation of section 53-451 or twenty-five thousand dollars per day.

(d) At the request of any party to an action brought pursuant to this section, the court may, in its discretion, conduct all legal proceedings in such a way as to protect the secrecy and security of the computer, computer network, computer data, computer program and computer software involved in order to prevent any possible recurrence of the same or a similar act by another person and to protect any trade secrets of any party.

(e) The provisions of this section shall not be construed to limit any person’s right to pursue any additional civil remedy otherwise allowed by law.

(f) A civil action under this section shall not be commenced but within two years from the date of the act complained of. In actions alleging injury arising from the transmission of unsolicited bulk electronic mail, personal jurisdiction may be exercised pursuant to section 52-59b.

(P.A. 99-160, S. 2.)

See Sec. 52-570b re civil action for computer-related offenses.

Sec. 53-453. Civil enforcement by Attorney General. The Attorney General, acting on behalf of the state of Connecticut, may bring an action in the superior court for the judicial district in which a violation of any provision of section 53-451 occurs to enforce the provisions of said section. In any such action, the Attorney General may obtain, for the benefit of persons adversely affected by the violations of section 53-451, any relief to which such persons may be entitled. The Attorney General may combine such action with any other action within the Attorney General’s power to maintain, including an action under chapter 735a. Nothing in this section shall limit the right of a person adversely affected by violations of the law from bringing a private cause of action under section 53-452 or any other law that may entitle such person to relief.

(P.A. 99-160, S. 3.)

Sec. 53-454. Misrepresentation as on-line Internet business. Civil enforcement by Attorney General or aggrieved person. Damages. Exclusions. Penalty. (a) For purposes of this section:

(1) “Electronic mail message” means a message sent to a unique destination that consists of a unique user name or mailbox and a reference to an Internet domain, whether or not displayed, to which such message can be sent or delivered.

(2) “Identifying information” means specific details that can be used to access a person’s financial accounts or to obtain goods or services, including, but not limited to, such person’s Social Security number, driver’s license number, bank account number, credit or debit card number, personal identification number, automated or electronic signature, unique biometric data or account password.

(b) No person shall, by means of an Internet web page, electronic mail message or otherwise using the Internet, solicit, request or take any action to induce another person to provide identifying information by representing that the person, either directly or by implication, is an on-line Internet business, without the authority or approval of such on-line Internet business.

(c) The Attorney General or any person aggrieved by a violation of subsection (b) of this section may file a civil action in Superior Court to enforce the provisions of this section and to enjoin further violations of this section. The Attorney General or such aggrieved person may recover actual damages or twenty-five thousand dollars, whichever is greater, for each violation of subsection (b) of this section.

(d) In a civil action under subsection (c) of this section, the court may increase the damage award to an amount equal to not more than three times the award provided in said subsection (c) if the court determines that the defendant has engaged in a pattern and practice of violating subsection (b) of this section.

(e) An interactive computer service provider shall not be held liable or found in violation of this section for identifying, removing or disabling access to an Internet web page or other on-line location that such provider believes in good faith is being used to engage in a violation of this section.

(f) A violation of subsection (b) of this section shall be a class D felony. Multiple violations resulting from a single action or act shall constitute one violation for the purposes of this subsection.

(P.A. 06-50, S. 1.)