Computer hacking is illegal in California.
Hacking (or more formally, “unauthorized computer access”) is defined in California law as knowingly accessing any computer, computer system or network without permission. It’s usually a misdemeanor, punishable by up to a year in county jail.
However, the punishments for computer hacking can get more severe depending on what you did after gaining access.
- What is ‘Unauthorized computer access’?
- Penalty for unauthorized computer access
- Penalty for introducing malware
- Penalty for using a service without permission
- Penalties for hacking into government or public safety services
- Penalty for a ‘denial of service’ (DoS/DDoS) attack
- Penalty for altering, deleting or taking data
- Can you receive jail time for computer hacking in California?
- How to beat computer hacking charges
What is ‘Unauthorized computer access’?
California’s hacking law is intentionally written very broadly (Penal Code 502(c)). In order to convict you, a prosecutor simply has to prove that you:
- Knowingly accessed a computer, system or network
- Without permission.
This can be something as simple as a husband guessing his wife’s password to snoop on her e-mail, or it could be a curious employee gaining access to a restricted server at work.
It’s important to note here that you can also be convicted of unauthorized computer access by providing someone else access to a computer they shouldn’t be allowed to access. Say, giving the password to a restricted server to an unauthorized employee.
Penalty for unauthorized computer access
As we mentioned above, the penalty for computer hacking is based on the “damage” done after you gained access.
If there was no “injury” to anyone and this was a first-time offense, this is simply treated as an infraction under California law, punishable by a fine of up to $1,000. On the second offense, prosecutors can seek:
- Misdemeanor probation;
- Up to one year in county jail; and/or
- Fines up to $5,000.
However, if your activity did cause damage, then the penalties can get more serious. We’ll cover some specific examples below.
Penalty for introducing malware
Malware is one of the more obvious examples. If a person introduces software, viruses, worms or scripts without permission to someone else’s computer, and that “computer contaminant” modifies, damages, records or transmits information without the owner’s consent, it is a violation of this law.
“Robert really came to my rescue! I found myself under false accusations and he really came through. I was really freaking out, and Robert was able to make me feel like I was in good hands. I can’t recommend his services enough.”Drew, CA
This also applies to self-replicating malware, which may spread from user to user.
If there is no “injury” and this was a first-time offense, the penalty is the same as a simple unauthorized access above. On a second offense or one in which the victim suffered damage, this becomes a “wobbler” — either a misdemeanor or felony, depending on the facts of the case and the severity of the crime.
In that case, this is punishable by:
- 16 months, two years or three years in county jail, and/or
- A fine of up to $10,000.
Penalty for using a service without permission
Let’s say a person who lives in an apartment is getting tired of paying his cable bill. Instead, he cancels his cable and decides to covertly “leech” off of a neighbor.
This is a violation of the “using services without permission” provision of the unauthorized computer access law. According to the language of the law, it’s illegal to, knowingly and without permission, use someone else’s internet services, e-mail, data processing, storage, internet or computer time.
This is treated as a misdemeanor if it is:
- A first-time offense;
- With no “injury”; and
- The total value of computer services being used is less than $950.
It becomes a wobbler if:
- It’s not a first-time offense;
- The value of the services used is more than $950; or
- This resulted in an injury or an expenditure by the victim greater than $5,000.
The penalties for the wobbler version are the same as the penalties for malware above.
Penalties for hacking into government or public safety services
Breaking into a government computer service or public safety infrastructure computer system without permission is another form of unauthorized computer access. It’s also illegal to assist someone while they do this.
As an example, let’s say someone is an employee at a local electric company. He provides a second person password information to log into the electric company’s billing system and update his electric bill to be much lower than it should be. In this case, both individuals could be found guilty of unauthorized computer access.
The penalties for hacking into government or public safety are the same as the previous two examples. If this is a first-time offense with no real injury, it is treated as a misdemeanor.
If the unauthorized activity caused substantial damages, it could then become a wobbler.
Penalty for a ‘denial of service’ (DoS/DDoS) attack
Let’s say someone isn’t a fan of a particular website or web service. This person uses a distributed denial of service attack (DDoS) to overload that website’s hosting and knock it offline, causing it to lose sales and ad revenue during the downtime.
This would also be illegal. California’s hacking law makes it illegal to “knowingly and without permission” disrupt or deny access to computer services.
Because this type of unauthorized computer access almost always causes injury, it is typically treated as a wobbler, punishable by up to a year in county jail as a misdemeanor or up to three years in county jail as a felony.
Penalty for altering, deleting or taking data
As one last example, let’s say someone is a software engineer at a company.
After some internal disagreements with management, he leaves the company on not-so-friendly terms. But before he goes, he covertly downloads the company’s entire database of customers. Using a codebase he’s already familiar with, he then creates a competitor to his old company, and he begins marketing it to the old company’s customer database.
In this case, this person could be guilty of “knowingly and without permission” taking, copying or making use of data from a computer system or network.
As well, this part of the law also forbids altering, damaging, deleting or destroying data. If instead of taking the company database, our person simply wiped it all out, he still would have violated California’s unauthorized computer access law.
Because this part of the law also involves “injury,” it is usually treated as a wobbler. Depending on the facts of the case, penalties can range from a year in county jail as a misdemeanor to three years in jail as a felony.
Can you receive jail time for computer hacking in California?
You can. According to the California Penal Code, computer hacking is a misdemeanor offense that is punishable by up to one year in county jail. However, if the computer hacking caused over $950 in damages, then it is considered a felony offense and is punishable by up to three years in state prison.
Additionally, if the computer hacking was done for financial gain or to cause physical injury, then it is also considered a felony offense and is punishable by up to five years in state prison. Therefore, it is possible to receive jail time for computer hacking in California.
How to beat computer hacking charges
It’s not uncommon to see simple cases of mistaken identity. The fact is that many investigators aren’t tech savvy, so they can be prone to misunderstanding or mishandling details in an “unauthorized computer access” case.
To make matters worse, a great deal of computer hacking cases in California are perpetrated by people who know how to make it look like someone else was at fault.
This can add up to a situation where investigators bring charges against the wrong person.
As well, prosecutors have to prove that when you gained unauthorized access to a computer, you did it knowingly. In order to do this, they have to produce extensive evidence showing that you purposely and intentionally meant to break into another computer.
Handling these cases can be difficult, and for criminal defense attorneys it can be even more difficult to communicate the details of cases to non-tech savvy judges and juries. Robert M. Helfend has served the Los Angeles area for more than 30 years, and in that time he has developed a specialization in defending cybercrimes.
When facing computer hacking charges, the prospect of losing 1-3 years of your life can be daunting. However, with a skilled, savvy criminal defense attorney in your corner, you can fight computer hacking charges head-on.
Call today for your free case review — 800-834-6434
California’s hacking law is intentionally written very broadly (Penal Code 502(c)). In order to convict you, a prosecutor simply has to prove that you knowingly accessed a computer, system or network without permission.
This can be something as simple as a husband guessing his wife’s password to snoop on her e-mail, or it could be a curious employee gaining access to a restricted server at work.