Connecticut Computer Crimes
Conn. Gen. Stat. § 53-451 - § 53-454 and
Conn. Gen. Stat. § 53a-250, et seq.
Connecticut General Statutes
Title 53 - Crimes
Chapter 949g - Computer Crimes
Section 53-451 - Computer crimes.
Section 53-452 - Civil actions. Recovery of attorney's fees and costs. Damages. Statute of limitations.
Section 53-453 - Civil enforcement by Attorney General.
Section 53-454 - Misrepresentation as on-line Internet business. Civil enforcement by Attorney General or aggrieved person. Damages. Exclusions. Penalty.
Sec. 53-451. Computer crimes. (a) Definitions. As used in sections 53-451 to 53-453, inclusive, unless the context clearly requires otherwise:
(1) “Computer” means an electronic, magnetic or optical device or group of devices that, pursuant to a computer program, human instruction or permanent instructions contained in the device or group of devices, can automatically perform computer operations with or on computer data and can communicate the results to another computer or to a person. “Computer” includes any connected or directly related device, equipment or facility that enables the computer to store, retrieve or communicate computer programs, computer data or the results of computer operations to or from a person, another computer or another device.
(2) “Computer data” means any representation of information, knowledge, facts, concepts or instructions that is being prepared or has been prepared and is intended to be processed, is being processed or has been processed in a computer or computer network. “Computer data” may be in any form, whether readable only by a computer or only by a human or by either, including, but not limited to, computer printouts, magnetic storage media, punched cards or stored internally in the memory of the computer.
(3) “Computer network” means a set of related, remotely connected devices and any communications facilities including more than one computer with the capability to transmit data among them through the communications facilities.
(4) “Computer operation” means arithmetic, logical, monitoring, storage or retrieval functions and any combination thereof, and includes, but is not limited to, communication with, storage of data to or retrieval of data from any device or human hand manipulation of electronic or magnetic impulses. A “computer operation” for a particular computer may also be any function for which that computer was generally designed.
(5) “Computer program” means an ordered set of data representing coded instructions or statements that, when executed by a computer, causes the computer to perform one or more computer operations.
(6) “Computer services” means computer time or services including data processing services, Internet services, electronic mail services, electronic message services or information or data stored in connection therewith.
(7) “Computer software” means a set of computer programs, procedures and associated documentation concerned with computer data or with the operation of a computer, computer program or computer network.
(8) “Electronic mail service provider” means any person who (A) is an intermediary in sending or receiving electronic mail, and (B) provides to end-users of electronic mail services the ability to send or receive electronic mail.
(9) “Financial instrument” includes, but is not limited to, any check, draft, warrant, money order, note, certificate of deposit, letter of credit, bill of exchange, credit or debit card, transaction authorization mechanism, marketable security or any computerized representation thereof.
(10) “Owner” means an owner or lessee of a computer or a computer network, or an owner, lessee or licensee of computer data, computer programs or computer software.
(11) “Person” means a natural person, corporation, limited liability company, trust, partnership, incorporated or unincorporated association and any other legal or governmental entity, including any state or municipal entity or public official.
(12) “Property” means: (A) Real property; (B) computers and computer networks; (C) financial instruments, computer data, computer programs, computer software and all other personal property regardless of whether they are: (i) Tangible or intangible; (ii) in a format readable by humans or by a computer; (iii) in transit between computers or within a computer network or between any devices which comprise a computer; or (iv) located on any paper or in any device on which it is stored by a computer or by a human; and (D) computer services.
(13) A person “uses” a computer or computer network when such person:
(A) Attempts to cause or causes a computer or computer network to perform or to stop performing computer operations;
(B) Attempts to cause or causes the withholding or denial of the use of a computer, computer network, computer program, computer data or computer software to another user; or
(C) Attempts to cause or causes another person to put false information into a computer.
(14) A person is “without authority” when such person (A) has no right or permission of the owner to use a computer or such person uses a computer in a manner exceeding such right or permission, or (B) uses a computer, a computer network or the computer services of an electronic mail service provider to transmit unsolicited bulk electronic mail in contravention of the authority granted by or in violation of the policies set by the electronic mail service provider. Transmission of electronic mail from an organization to its members shall not be deemed to be unsolicited bulk electronic mail.
(b) Unauthorized use of a computer or computer network. It shall be unlawful for any person to use a computer or computer network without authority and with the intent to:
(1) Temporarily or permanently remove, halt or otherwise disable any computer data, computer programs or computer software from a computer or computer network;
(2) Cause a computer to malfunction, regardless of how long the malfunction persists;
(3) Alter or erase any computer data, computer programs or computer software;
(4) Effect the creation or alteration of a financial instrument or of an electronic transfer of funds;
(5) Cause physical injury to the property of another;
(6) Make or cause to be made an unauthorized copy, in any form, including, but not limited to, any printed or electronic form of computer data, computer programs or computer software residing in, communicated by or produced by a computer or computer network; or
(7) Falsify or forge electronic mail transmission information or other routing information in any manner in connection with the transmission of unsolicited bulk electronic mail through or into the computer network of an electronic mail service provider or its subscribers.
(c) Unlawful sale or distribution of software designed to facilitate falsification of electronic mail transmission or routing information. It shall be unlawful for any person to knowingly sell, give or otherwise distribute or possess with the intent to sell, give or distribute software that: (1) Is primarily designed or produced for the purpose of facilitating or enabling the falsification of electronic mail transmission information or other routing information; (2) has only limited commercially significant purpose or use other than to facilitate or enable the falsification of electronic mail transmission information or other routing information; or (3) is marketed by that person or another acting in concert with that person with that person's knowledge for use in facilitating or enabling the falsification of electronic mail transmission information or other routing information.
(d) Criminal penalty. Any person who violates any provision of this section shall be guilty of a class B misdemeanor, except that if such person's reckless disregard for the consequences of such person's actions causes damage to the property of another person in an amount exceeding two thousand five hundred dollars, such person shall be guilty of a class A misdemeanor, and if such person's malicious actions cause damage to the property of another person in an amount exceeding two thousand five hundred dollars, such person shall be guilty of a class D felony.
(e) Nonapplicability to provisions in certain contracts and licenses. Nothing in this section shall be construed to interfere with or prohibit terms or conditions in a contract or license related to computers, computer data, computer networks, computer operations, computer programs, computer services or computer software or to create any liability by reason of terms or conditions adopted by, or technical measures implemented by, a Connecticut-based electronic mail service provider to prevent the transmission of unsolicited electronic mail in violation of this section.
(P.A. 99-160, S. 1.)
See Sec. 52-570c re unsolicited electronic mail.
See Sec. 53a-250 et seq. re computer-related offenses.
See Sec. 53a-301 re computer crime in furtherance of terrorist purposes.
Sec. 53-452. Civil actions. Recovery of attorney's fees and costs. Damages. Statute of limitations. (a) Any person whose property or person is injured by reason of a violation of any provision of section 53-451 may bring a civil action in the Superior Court to enjoin further violations and to recover the actual damages sustained by reason of such violation and the costs of the civil action. Without limiting the generality of the term, “damages” includes loss of profits.
(b) If the injury arises from the transmission of unsolicited bulk electronic mail, the injured person, other than an electronic mail service provider, may also recover reasonable attorneys' fees and costs, and may elect, in lieu of actual damages, to recover the lesser of ten dollars for each and every unsolicited bulk electronic mail message transmitted in violation of section 53-451 or twenty-five thousand dollars per day for each day of violation. The injured person shall not have a cause of action against the electronic mail service provider that merely transmits the unsolicited bulk electronic mail over its computer network.
(c) If the injury arises from the transmission of unsolicited bulk electronic mail, an injured electronic mail service provider may also recover reasonable attorneys' fees and costs and may elect, in lieu of actual damages, to recover the greater of ten dollars for each and every unsolicited bulk electronic mail message transmitted in violation of section 53-451 or twenty-five thousand dollars per day.
(d) At the request of any party to an action brought pursuant to this section, the court may, in its discretion, conduct all legal proceedings in such a way as to protect the secrecy and security of the computer, computer network, computer data, computer program and computer software involved in order to prevent any possible recurrence of the same or a similar act by another person and to protect any trade secrets of any party.
(e) The provisions of this section shall not be construed to limit any person's right to pursue any additional civil remedy otherwise allowed by law.
(f) A civil action under this section shall not be commenced but within two years from the date of the act complained of. In actions alleging injury arising from the transmission of unsolicited bulk electronic mail, personal jurisdiction may be exercised pursuant to section 52-59b.
(P.A. 99-160, S. 2.)
See Sec. 52-570b re civil action for computer-related offenses.
Sec. 53-453. Civil enforcement by Attorney General. The Attorney General, acting on behalf of the state of Connecticut, may bring an action in the superior court for the judicial district in which a violation of any provision of section 53-451 occurs to enforce the provisions of said section. In any such action, the Attorney General may obtain, for the benefit of persons adversely affected by the violations of section 53-451, any relief to which such persons may be entitled. The Attorney General may combine such action with any other action within the Attorney General's power to maintain, including an action under chapter 735a. Nothing in this section shall limit the right of a person adversely affected by violations of the law from bringing a private cause of action under section 53-452 or any other law that may entitle such person to relief.
(P.A. 99-160, S. 3.)
Sec. 53-454. Misrepresentation as on-line Internet business. Civil enforcement by Attorney General or aggrieved person. Damages. Exclusions. Penalty. (a) For purposes of this section:
(1) “Electronic mail message” means a message sent to a unique destination that consists of a unique user name or mailbox and a reference to an Internet domain, whether or not displayed, to which such message can be sent or delivered.
(2) “Identifying information” means specific details that can be used to access a person's financial accounts or to obtain goods or services, including, but not limited to, such person's Social Security number, driver's license number, bank account number, credit or debit card number, personal identification number, automated or electronic signature, unique biometric data or account password.
(b) No person shall, by means of an Internet web page, electronic mail message or otherwise using the Internet, solicit, request or take any action to induce another person to provide identifying information by representing that the person, either directly or by implication, is an on-line Internet business, without the authority or approval of such on-line Internet business.
(c) The Attorney General or any person aggrieved by a violation of subsection (b) of this section may file a civil action in Superior Court to enforce the provisions of this section and to enjoin further violations of this section. The Attorney General or such aggrieved person may recover actual damages or twenty-five thousand dollars, whichever is greater, for each violation of subsection (b) of this section.
(d) In a civil action under subsection (c) of this section, the court may increase the damage award to an amount equal to not more than three times the award provided in said subsection (c) if the court determines that the defendant has engaged in a pattern and practice of violating subsection (b) of this section.
(e) An interactive computer service provider shall not be held liable or found in violation of this section for identifying, removing or disabling access to an Internet web page or other on-line location that such provider believes in good faith is being used to engage in a violation of this section.
(f) A violation of subsection (b) of this section shall be a class D felony. Multiple violations resulting from a single action or act shall constitute one violation for the purposes of this subsection.
(P.A. 06-50, S. 1.)
Conn. Gen. Stat. § 53a-250, et seq.
Connecticut Computer-Related Offenses
CHAPTER 952*
PENAL CODE: OFFENSES
Sec. 53a-250. Definitions.
Sec. 53a-251. Computer crime.
Sec. 53a-252. Computer crime in the first degree: Class B felony.
Sec. 53a-253. Computer crime in the second degree: Class C felony.
Sec. 53a-254. Computer crime in the third degree: Class D felony.
Sec. 53a-255. Computer crime in the fourth degree: Class A misdemeanor.
Sec. 53a-256. Computer crime in the fifth degree: Class B misdemeanor.
Sec. 53a-257. Alternative fine based on defendant's gain.
Sec. 53a-258. Determination of degree of crime.
Sec. 53a-259. Value of property or computer services.
Sec. 53a-260. Location of offense.
Sec. 53a-261. Jurisdiction.
Sec. 53a-262. Computer extortion by use of ransomware: Class E felony.
Secs. 53a-263 to 53a-274. Reserved
Sec. 53a-250. Definitions. For the purposes of this part and section 52-570b:
(1) “Access” means to instruct, communicate with, store data in or retrieve data from a computer, computer system or computer network.
(2) “Computer” means a programmable, electronic device capable of accepting and processing data.
(3) “Computer network” means (A) a set of related devices connected to a computer by communications facilities, or (B) a complex of two or more computers, including related devices, connected by communications facilities.
(4) “Computer program” means a set of instructions, statements or related data that, in actual or modified form, is capable of causing a computer or computer system to perform specified functions.
(5) “Computer services” includes, but is not limited to, computer access, data processing and data storage.
(6) “Computer software” means one or more computer programs, existing in any form, or any associated operational procedures, manuals or other documentation.
(7) “Computer system” means a computer, its software, related equipment, communications facilities, if any, and includes computer networks.
(8) “Data” means information of any kind in any form, including computer software.
(9) “Person” means a natural person, corporation, limited liability company, trust, partnership, incorporated or unincorporated association and any other legal or governmental entity, including any state or municipal entity or public official.
(10) “Private personal data” means data concerning a natural person which a reasonable person would want to keep private and which is protectable under law.
(11) “Property” means anything of value, including data.
(P.A. 84-206, S. 1; P.A. 95-79, S. 183, 189.)
History: P.A. 95-79 redefined “person” to include a limited liability company, effective May 31, 1995.
See Sec. 53-451 re computer crimes.
Sec. 53a-251. Computer crime. (a) Defined. A person commits computer crime when he violates any of the provisions of this section.
(b) Unauthorized access to a computer system. (1) A person is guilty of the computer crime of unauthorized access to a computer system when, knowing that he is not authorized to do so, he accesses or causes to be accessed any computer system without authorization.
(2) It shall be an affirmative defense to a prosecution for unauthorized access to a computer system that: (A) The person reasonably believed that the owner of the computer system, or a person empowered to license access thereto, had authorized him to access; (B) the person reasonably believed that the owner of the computer system, or a person empowered to license access thereto, would have authorized him to access without payment of any consideration; or (C) the person reasonably could not have known that his access was unauthorized.
(c) Theft of computer services. A person is guilty of the computer crime of theft of computer services when he accesses or causes to be accessed or otherwise uses or causes to be used a computer system with the intent to obtain unauthorized computer services.
(d) Interruption of computer services. A person is guilty of the computer crime of interruption of computer services when he, without authorization, intentionally or recklessly disrupts or degrades or causes the disruption or degradation of computer services or denies or causes the denial of computer services to an authorized user of a computer system.
(e) Misuse of computer system information. A person is guilty of the computer crime of misuse of computer system information when: (1) As a result of his accessing or causing to be accessed a computer system, he intentionally makes or causes to be made an unauthorized display, use, disclosure or copy, in any form, of data residing in, communicated by or produced by a computer system; or (2) he intentionally or recklessly and without authorization (A) alters, deletes, tampers with, damages, destroys or takes data intended for use by a computer system, whether residing within or external to a computer system, or (B) intercepts or adds data to data residing within a computer system; or (3) he knowingly receives or retains data obtained in violation of subdivision (1) or (2) of this subsection; or (4) he uses or discloses any data he knows or believes was obtained in violation of subdivision (1) or (2) of this subsection.
(f) Destruction of computer equipment. A person is guilty of the computer crime of destruction of computer equipment when he, without authorization, intentionally or recklessly tampers with, takes, transfers, conceals, alters, damages or destroys any equipment used in a computer system or intentionally or recklessly causes any of the foregoing to occur.
(P.A. 84-206, S. 2.)
See Sec. 53-451 re computer crimes.
See Sec. 53a-301 re computer crime in furtherance of terrorist purposes.
Cited. 49 CA 582.
Sec. 53a-252. Computer crime in the first degree: Class B felony. (a) A person is guilty of computer crime in the first degree when he commits computer crime as defined in section 53a-251 and the damage to or the value of the property or computer services exceeds ten thousand dollars.
(b) Computer crime in the first degree is a class B felony.
(P.A. 84-206, S. 3.)
Sec. 53a-253. Computer crime in the second degree: Class C felony. (a) A person is guilty of computer crime in the second degree when he commits computer crime as defined in section 53a-251 and the damage to or the value of the property or computer services exceeds five thousand dollars.
(b) Computer crime in the second degree is a class C felony.
(P.A. 84-206, S. 4.)
Sec. 53a-254. Computer crime in the third degree: Class D felony. (a) A person is guilty of computer crime in the third degree when he commits computer crime as defined in section 53a-251 and (1) the damage to or the value of the property or computer services exceeds one thousand dollars or (2) he recklessly engages in conduct which creates a risk of serious physical injury to another person.
(b) Computer crime in the third degree is a class D felony.
(P.A. 84-206, S. 5.)
Sec. 53a-255. Computer crime in the fourth degree: Class A misdemeanor. (a) A person is guilty of computer crime in the fourth degree when he commits computer crime as defined in section 53a-251 and the damage to or the value of the property or computer services exceeds five hundred dollars.
(b) Computer crime in the fourth degree is a class A misdemeanor.
(P.A. 84-206, S. 6.)
Sec. 53a-256. Computer crime in the fifth degree: Class B misdemeanor. (a) A person is guilty of computer crime in the fifth degree when he commits computer crime as defined in section 53a-251 and the damage to or the value of the property or computer services, if any, is five hundred dollars or less.
(b) Computer crime in the fifth degree is a class B misdemeanor.
(P.A. 84-206, S. 7.)
Sec. 53a-257. Alternative fine based on defendant's gain. If a person has gained money, property or services or other consideration through the commission of any offense under section 53a-251, upon conviction thereof the court, in lieu of imposing a fine, may sentence the defendant to pay an amount, fixed by the court, not to exceed double the amount of the defendant's gain from the commission of such offense. In such case the court shall make a finding as to the amount of the defendant's gain from the offense and, if the record does not contain sufficient evidence to support such a finding, the court may conduct a hearing upon the issue. For the purpose of this section, “gain” means the amount of money or the value of property or computer services or other consideration derived.
(P.A. 84-206, S. 8.)
Sec. 53a-258. Determination of degree of crime. Amounts included in violations of section 53a-251 committed pursuant to one scheme or course of conduct, whether from the same person or several persons, may be aggregated in determining the degree of the crime.
(P.A. 84-206, S. 9.)
Sec. 53a-259. Value of property or computer services. (a) For the purposes of this part and section 52-570b, the value of property or computer services shall be: (1) The market value of the property or computer services at the time of the violation; or (2) if the property or computer services are unrecoverable, damaged or destroyed as a result of a violation of section 53a-251, the cost of reproducing or replacing the property or computer services at the time of the violation.
(b) When the value of the property or computer services or damage thereto cannot be satisfactorily ascertained, the value shall be deemed to be two hundred fifty dollars.
(c) Notwithstanding the provisions of this section, the value of private personal data shall be deemed to be one thousand five hundred dollars.
(P.A. 84-206, S. 10.)
Sec. 53a-260. Location of offense. (a) In any prosecution for a violation of section 53a-251, the offense shall be deemed to have been committed in the town in which the act occurred or in which the computer system or part thereof involved in the violation was located.
(b) In any prosecution for a violation of section 53a-251 based upon more than one act in violation thereof, the offense shall be deemed to have been committed in any of the towns in which any of the acts occurred or in which a computer system or part thereof involved in a violation was located.
(P.A. 84-206, S. 11.)
Sec. 53a-261. Jurisdiction. If any act performed in furtherance of the offenses set out in section 53a-251 occurs in this state or if any computer system or part thereof accessed in violation of section 53a-251 is located in this state, the offense shall be deemed to have occurred in this state.
(P.A. 84-206, S. 12.)
Sec. 53a-262. Computer extortion by use of ransomware: Class E felony. (a) A person is guilty of computer extortion by use of ransomware, when such person (1) introduces ransomware into any computer, computer system or computer network, and (2) demands payment of money or other consideration to remove the ransomware, restore access to the computer, computer system, computer network or data contained on such computer, computer system or computer network, or otherwise remediate the impact of the ransomware.
(b) Computer extortion by use of ransomware is a class E felony.
(c) For purposes of this section, “ransomware” means any computer contaminant or lock placed or introduced without authorization into a computer, computer system or computer network that restricts access by an authorized person to the computer, computer system, computer network, or any data held by the computer, computer system or computer network, but does not include authentication required to upgrade or access purchased content or the blocking of access to subscription content in the case of nonpayment for such access, and “computer contaminant” means any set of computer instructions that are designed to modify, damage, destroy, record or transmit data held by a computer, computer system or computer network without the intent or permission of the owner of the data.
(P.A. 17-223, S. 1.)
Secs. 53a-263 to 53a-274. Reserved for future use.
For more information, see here: https://www.cga.ct.gov/current/pub/chap_949g.htm
These materials were obtained directly from the State Legislative websites and are posted here for your review and reference only. No Claim to Original State Government Works. This may not be the most recent version. The State may have more current information. We make no guarantees or warranties about the accuracy or completeness of this information, or the information linked to. Please check the linked sources directly.