MASSACHUSETTS TITLE: AN ACT TO PREVENT COMPUTER CRIME DEFINITIONS: ¤ 1. DEFINITIONS For the purposes of this Act, the following terms have the following meanings: "Access" means to gain entry to or communicate with a computer system or computer network by using a computer terminal or similar device. "Computer equipment" or "hardware" means central processing units, microprocessors, data storage and other computer memory devices, and computer terminals or similar devices. "Computer services" means data input, data output, data processing or data storage by or in a computer system or computer network. "Computer network" means two or more computer systems connected so as to permit the exchange or sharing of data between or among them. "Computer program" or "software" means a set of computer- readable instructions or statements which when executed by a computer system causes the computer system or the computer network to which it is connected to perform computer services. "Computer system" means computer equipment or hardware connected together and operating under the control of one or more computer programs. "Data" means information stored in a computer system or on electronic media or processed in a computer system. "Injury" means addition, alteration, damage, deletion, destruction, denial of access with respect to data in or functions of a computer system or computer network. "Victim expenditure" means and expenditure reasonably and necessarily incurred by a lawful user of a computer system or computer network (i) to verify that the user's data or computer programs were or were not injured and (ii) to repair any injury. "Without authorization" means without the permission of or in excess of the permission of an owner, lessor or rightful user or someone licensed or privileged by an owner, lessor or rightful user to grant such permission. OFFENSES: ¤ 2. [NOT SPECIFICALLY TITLED IN STATUTORY HEADINGS] ELEMENTS: ¤ 2. [NOT SPECIFICALLY TITLED IN STATUTORY HEADINGS] Except as otherwise provided in Section 7 of this Act, any person who commits any of the following acts is guilty of a public offense: (1) Without authorization accesses a computer system or computer network and purposefully, knowingly or recklessly adds, alters, changes, deletes, destroys or otherwise uses any data, computer, computer system or computer network in order to either (A) devise or execute any scheme or artifice to steal, defraud, deceive or extort or (B) wrongfully control or obtain money, property, computer services, or data. (2) without authorization accesses a computer system or computer network and purposefully, knowingly or recklessly takes or uses for any period of time any data from such computer, computer system or computer network. (3) without authorization accesses a computer system or computer network and purposefully, knowingly or recklessly uses or causes to be used computer services. This paragraph shall not apply to any person who accesses or uses the computer, computer system or computer network of another provided such activities (i) do not cause an injury as defined in Section (2) or (ii) the aggregate value of the computer services which are used wrongfully are not in excess of $250. (4) without authorization accesses a computer, computer system or computer network and purposefully, knowingly or recklessly adds, alters, damages, deletes or destroys any data which is in a computer system or computer network. (5) without authorization accesses a computer system or computer network and purposefully, knowingly or recklessly disrupts or causes the disruption of computer services to an authorized user of a computer, computer system or computer network. (6) purposefully, knowingly or recklessly provides or assists in providing a means of accessing, without authorization a computer, computer system or computer network. (7) without authorization accesses a computer, computer system or computer network and purposefully, knowingly or recklessly obtains or uses any employment, medical, family, credit, academic, commercial or personal information relating to any other person that resides in such computer, computer system or computer network. PENALTIES: ¤ 4. [NOT SPECIFICALLY TITLED IN STATUTORY HEADINGS] Whoever violates paragraphs (1), (2), (4) or (5) of section 3 shall be punished by imprisonment in the state prison for not more than three years, or by a fine of not more than one hundred thousand dollars or by both such fine and imprisonment. Whoever violates paragraphs (3), (6) or (7) of section 3 shall be punished as follows: (A) For a first violation which does not result in an injury, an infraction shall be punishable by a fine not more than one thousand dollars. (B) For any violation which results in a victim expenditure in an amount of not more than five thousand dollars, or for a second or subsequent violation, by a fine of not more than ten thousand dollars. (C) For any violation that results in a victim expenditure in an amount greater than five thousand dollars, by a fine not exceeding twenty-five thousand dollars, or by imprisonment in a jail or house of correction for a term of not more than one year or by both such fine and imprisonment. DEFENSES: ¤ 7. [NOT SPECIFICALLY TITLED IN STATUTORY HEADINGS] Section 3 of this Act shall not apply to any person who accesses his or her employer's computer system, computer network or computer program or data when acting within the scope of his or her lawful employment. Paragraph (3) of Section 3 shall not apply to any employee who accesses his or her employer's computer system, computer network or computer program or data when acting outside the scope of his or her lawful employment provided the employee's activities do not cause an injury, as defined in section 2 to the employer or another person or persons, or the aggregate value of the computer services, as defined in section 2, which are used do not exceed two hundred fifty dollars. ¤ 8. [NOT SPECIFICALLY TITLED IN STATUTORY HEADINGS] No activity exempted from prosecution under section 7 which incidentally violates paragraphs (2), (4) or (7) of Section 3 shall be prosecuted under those paragraphs. VENUE: ¤ 9. [NOT SPECIFICALLY TITLED IN STATUTORY HEADINGS] For purposes of bringing a civil or criminal action under this section, a person who causes by any means the access of a computer system or computer network in one jurisdiction from another jurisdiction is deemed to have personally accessed the computer system or computer network in each jurisdiction. CIVIL REMEDY: Referred to but not specified in venue provision above. PURPOSE: ¤ 1. [NOT SPECIFICALLY TITLED IN STATUTORY HEADINGS] It is the intent of the Legislature in enacting this section to expand the degree of protection afforded to individuals, businesses and governmental agencies from tampering, interference, damage and unauthorized access to lawfully created computer data and computer systems. The Legislature finds and declares that the proliferation of computer technology has resulted in the concomitant proliferation of computer crime and other forms of unauthorized access to computers, computer systems and data. The Legislature finds and declares that protection of the integrity of all types and forms of lawfully created computers, computer systems and data is vital to the protection of the privacy of individuals as well as to the well-being of financial institutions, business concerns, governmental agencies and others within this Commonwealth that lawfully utilize those computers, computer systems and data. MISCELLANEOUS: ¤ 5. [NOT SPECIFICALLY TITLED IN STATUTORY HEADINGS] Any act or conduct in violation of Section 3 which results in an injury shall be an unfair or deceptive act or practice for all purposes of M.G.L. Ch. 93A. ¤ 6. [NOT SPECIFICALLY TITLED IN STATUTORY HEADINGS] This Act shall not be construed to preclude the applicability of any other provision of the criminal law of this Commonwealth which applies or may apply to any transaction, nor shall it make illegal any employee labor relations activities that are within the scope or protection of state or federal labor laws. CITATION: Unavailable. SOURCE: Enacted August 8, 1990, citation unavailable (Senate Bill No. 1453).