Internet fraud, also known as cybercrime, is a growing problem in California. Internet fraud is a blanket term that describes several different fraud crimes such as phishing emails asking for personal information, online romance scams, fake ticket/prize offers, and tech support scams. Internet fraud can be a state and federal offense depending on the case.
The Internet Crime Complaint Center, a project set up by the Federal Bureau of Investigation (FBI) and other organizations, received over 300,000 complaints about internet fraud and other computer crimes in 2010.1 Over 10% of these complaints came from California.2 California residents reported losing over $46.3 million dollars to internet fraud in 2010.3
Prosecutors have been cracking down hard on internet fraud. In 2011, the California Attorney General created a special “eCrime Unit” to investigate and prosecute internet fraud and cybercrime criminal cases.4
In this article, our California criminal defense attorneys5 will sort these crimes out and explain them to you. In particular, we will address the following:
- 1. Types of internet fraud (also known as cybercrime)
- 2. Fraudulent schemes carried out through the internet
- 3. “Phishing” (identity theft and credit card fraud through the internet)
- 4. Unauthorized computer use or access
If you would like more information after reading this article, we invite you to contact us at Shouse Law Group.
1. Types of internet fraud (also known as cybercrime)
The term “internet fraud” or cybercrime can refer to pretty much any use of the internet to commit fraud. There are a wide variety of California criminal fraud laws as well as federal laws that can cover a wide range of behaviors.
The most common kinds of internet fraud fall into three categories. These are:
- Fraudulent schemes (in other words, scams) carried out through email or the internet,
- “Phishing” (using email or the internet to obtain sensitive information like social security numbers or credit card info), and
- Accessing a computer or computer data without permission.
In the sections below, our criminal defense lawyers will explain each of these in greater detail.
2. Fraudulent schemes carried out through the internet
In the most general terms, the crime of fraud consists of deceiving someone in order to get them to give up something they value (usually money).6
This crime can be done in person, over the phone, or through the mail (in which case it is the federal crime of mail fraud). Though it also can be done – and is done, quite often – over the internet.
2.1. Examples of popular internet frauds
There is no limit to the number and variety of fraud schemes that can be carried out over the internet. Though here are some of the most common types:
- Non-delivery merchandise fraud7
- Example: Nadia advertises designer handbags for sale at a discount on the auction website eBay. Her postings include photos she pulls from other websites. She asks that all buyers pay her by wire transfer to a foreign bank account. She accepts payment from buyers but never sends them the handbags.
- Advance fee fraud8
- Example: Mike posts internet classified ads offering great deals on used cars for sale. When potential buyers email him, Mike tells them that the car they want is located on the other side of the country but that he can deliver it to them for an extra fee of $1000. Mike tells the buyers that they need to pay him in advance for the delivery, and so each buyer wires $1000 to Mike’s foreign bank account. Mike never delivers the cars and never contacts the buyers again.
- Real estate overpayment fraud9
- Example: Harry responds to an ad for an apartment for rent on the classified website Craigslist. He emails the landlord, Martha, saying that he is living in Germany now but will be moving to the U.S. to study and would like to rent the apartment.
After Martha agrees to rent the apartment to him, Harry sends her a cashier’s check drawn on a German bank account that is for much more than the amount Martha requires as a deposit. Harry asks Martha to deposit the check and then wire the extra amount to another bank account. He explains that this will help him transfer funds to his new U.S. bank account more easily.
After Martha cashes the check and wires the funds, she finds out that the check Harry sent was fake. So Harry has taken Martha’s money, and Martha hasn’t received any money from him.10
- Example: Harry responds to an ad for an apartment for rent on the classified website Craigslist. He emails the landlord, Martha, saying that he is living in Germany now but will be moving to the U.S. to study and would like to rent the apartment.
- Prize sweepstakes or lottery scams, where you send an email telling the recipient that they have won a large prize and will receive it after paying certain taxes and fees; after the recipient pays the fee, they find out there is no prize.11
- Work-at-home scams, where fake companies offer attractive jobs that can be done at home but require applicants to pay a registration fee before work begins; it turns out that the company and the job do not exist.12
- Fraudulent sales transactions, where you sell an item on the internet that turns out to be a fake or not what you represented it to be.
- Example: Stella claims on the internet to be selling genuine designer handbags, when actually what she is selling are counterfeit versions. In this case, Stella would also be guilty of Penal Code 350 PC sale of a counterfeit mark.
2.2. Elements of the federal crime of internet fraud
These sorts of internet scams can be prosecuted and punished under federal criminal law. The wire fraud includes fraud carried out over the internet or email.13
This is a catch-all crime that can cover pretty much any scheme to get money from people using false pretenses. So these crimes often will be prosecuted in federal court.
In order to convict you of internet fraud under federal law, prosecutors have to prove the following “elements” of the crime:
- You had a scheme, or plan, to commit fraud,
- You specifically intended to defraud someone, and
- You used electronic communication (such as email) to further that scheme.14
The prosecutor does not necessarily have to prove that the scheme to defraud was actually successful. In other words, you can be convicted of internet fraud even if you never succeeded in getting anyone else’s money.15
2.3. Federal penalties for internet fraud
If you are convicted of internet fraud under the federal wire fraud statute, you can be fined, sentenced to up to 20 years in federal prison, or both.16
3. “Phishing” schemes (identity theft and credit card fraud through the internet)
A more specific category of the federal crime of mail fraud is “phishing.”
According to Santa Ana criminal defense attorney John Murray:17
“The form of California internet fraud known as ‘phishing‘ is the practice of tricking an email or internet user into giving out personal or confidential information that can then be used for illegal purposes. A complicated network of California state and federal laws can be used to prosecute people for phishing.”
Here is a classic example of a phishing scheme:
Example: Rudy sends emails to strangers claiming to be from the American Express credit card company. These emails say that American Express has important news about the email recipient’s account but that the recipient has to confirm that this is their email address before it can give them the news. The emails ask the recipient to respond with their social security number, date of birth, and current address.
Some people reply to the emails with this information. Once Rudy has this information, he can use it fraudulently to apply for loans and credit cards in these people’s names.
3.1. California phishing law
3.1.1. California identity theft law (Penal Code 530.5 PC)
If you are accused of phishing for obtaining someone else’s personal information (like a social security number) over email, you may be charged under California’s identity theft laws (Penal Code 530.5 PC).
Penal Code 530.5 PC prohibits four types of behavior:
- willfully obtaining another person’s personal identifying information and using that information for any unlawful purpose without that person’s consent;
- acquiring or retaining possession of another person’s personal identifying information, without that person’s consent and with the intent to commit a fraud;
- selling, transferring or providing the personal identifying information of another person, without that person’s consent and with the intent to commit a fraud; and / or
- selling, transferring or providing the personal identifying information of another person, with the actual knowledge that the information will be used to commit a fraud.18
What counts as personal identifying information?
“Personal identifying information” includes information such as:
- Name, address, and phone number
- Social security number
- Driver’s license number
- Health insurance number
- Mother’s maiden name
- Bank account number
- Any PIN or password
- Passport numbers
- Date of birth
- Information contained in birth or death certificates.19
What counts as an unlawful purpose?
You can be convicted of identity theft in California for using someone else’s personal information for “any unlawful purpose.”20
This includes obvious things like applying for a loan in the other person’s name, or obtaining their confidential medical information.21 Though it also includes less obvious actions, as the following example shows:
Example: Linda is angry at Kenneth, a police officer who has investigated her for drug crimes. Her threatening behavior prompts Kenneth to get a restraining order against her. A friend then helps Linda get Kenneth’s credit report through the internet. Linda uses the information in that report to try to get a center that investigates police misconduct to conduct surveillance on Kenneth. This is a violation of the restraining order Kenneth has against Linda. By using Kenneth’s personal information to violate a restraining order, Linda has violated identity theft law.22
As that example also shows, it is not necessary that anyone actually is defrauded or suffer any kind of financial or other loss as a result of your actions. You can still be convicted of identity theft even if no one was harmed.23
What are the penalties?
The offense of identity theft is a “wobbler” in California law. This means that it may be prosecuted as either a misdemeanor or a felony in California law.24
If you are convicted of internet fraud / phishing through California’s identity theft law, the penalty will depend
- on the specific behavior (such as whether you actually used the other person’s identifying information or just possessed it with fraudulent intent, whether you sold or transferred it, etc.) of which you are accused, and
- on whether you have prior convictions.
Depending on all these factors, you may be fined, or imprisoned for one year, 16 months, or two or three years.25
3.1.2. Credit card fraud law (Penal Code 484e PC)
Another popular form of phishing involves using email or the internet to collect other people’s credit card numbers, which can then be used to make unauthorized purchases. This kind of phishing can result in charges of California credit card fraud – Penal Code 484e.
If you obtain someone else’s credit card information through internet fraud, you can then be charged with credit card fraud if you do any of the following:
- Sell, transfer, or convey the credit card information without the cardholder’s consent and with intent to defraud (this is considered a form of grand theft);26
- Acquire the credit card information of four or more people in a 12 month period, with reason to know that this information was obtained in an unlawful way (this is also considered a form of grand theft);27
- Acquire or possess someone else’s credit card information without the cardholder’s consent, with the intent to defraud, and with intent to use, sell, or transfer it to someone else (this is considered a form of petty theft);28
- Acquire or possess someone else’s credit card information without the cardholder’s consent and with intent to use it fraudulently (this is considered a form of grand theft);29 or
- Use someone else’s credit card information to obtain anything of value with intent to defraud and while possessing that information unlawfully (this is a form of petty theft UNLESS the value of the goods or services received exceeds $950 in a six month period, in which case it is grand theft).30
Penalties
The penalties for Penal Code 484e credit card fraud committed through phishing depend on whether the behavior charged is grand theft or petty theft.
Grand theft is a wobbler,31 so it may be prosecuted as either a misdemeanor or a felony. If you are convicted of grand theft for credit card fraud, you may be imprisoned for one year, 16 months, or two or three years.32
Petty theft is usually a misdemeanor and may be punished with up to six months in county jail and/or a fine of up to $1,000.33
3.1.3. California Anti-Phishing Act (Business & Professions Code 22948)
You can only be punished under California criminal law (whether for identity theft or credit card fraud) if you actually obtain other people’s personal or credit card information through internet fraud. In other words, if your phishing was actually successful.34
In an attempt to crack down further on phishing attempts, including unsuccessful ones, the California legislature passed the Anti-Phishing Act of 2005 (Business & Professions Code 22948 BPC).35 This law makes it illegal to use email, a webpage, or the internet to try to induce another person to provide certain information (including social security numbers, credit card numbers, passwords, etc.) by pretending to be a business without that business’s permission.36
There are no criminal penalties for violating the Anti-Phishing Act. Instead, you may be sued in a civil (non-criminal) suit by either
- a person harmed by the violation or
- the California Attorney General.37
If the plaintiff wins this suit, you may have to pay damages of as much as $500,000 OR $1.5 million if the court finds that you engaged in a pattern of phishing / internet fraud.38
Examples
Here are some examples showing how the various California laws related to the form of internet fraud known as “phishing” interact with each another:
Example: These days many people pay their cell phone bills through an automatic recurring charge to their credit card. Pete is a talented computer hacker. He creates a program that sends emails to thousands of people. These emails say that the credit card they use for automatic payment of their cell phone bill has expired, and they need to enter new information.
The email contains a link to a website Pete has created. It looks like the cell phone carrier’s website but is not. Several people go to the link and enter their credit card numbers and expiration dates.
Pete collects the credit card information and sells it to an organized crime ring in Russia.
Pete may be prosecuted for California credit card fraud.39 Also, the victims of his internet fraud, including the cell phone carrier he impersonated, may sue him for damages under the Anti-Phishing Act.40
Example: Tanya sends out an email to hundreds of people claiming to be a representative of a major credit card company.
The email says that someone appears to have been using the recipient’s credit card without authorization and that the account has been frozen. The email also says that they can reactivate their account only by replying with their social security number and date of birth. A few dozen people take the bait and respond with this information.
Tanya waits several years and then applies for credit cards in the names of several of these people, using the identifying information she got from the emails. She maxes out the credit cards on a shopping spree and then cancels them.
Tanya may be charged with California identity theft.41 She may also face a lawsuit under the Anti-Phishing Act and be forced to pay damages to the people who sent her their information, and the credit card company that she impersonated in her email.42
Example: Let’s say Tanya sends the email above, but no one falls for it and sends her their information. She can’t be charged with identity theft because she never acquired or possessed personal information BUT the credit card company she impersonated can still sue her under the Anti-Phishing Act.43
3.2. Federal phishing law
Phishing can also lead to federal criminal charges, under federal laws that prohibit identity theft and credit card fraud.
3.2.1. Federal identity theft laws in California
Federal law prohibits transferring, possessing, or using, by email or other electronic communication, another person’s “means of identification,” with the intent to commit or in connection with any other federal crime or state felony.44 A “means of identification” includes a social security number, date of birth, driver’s license number, etc.45
The penalties for internet fraud resulting in federal identity theft are quite steep. If convicted, you can be fined and/or imprisoned in federal prison for up to 15 years if:
- the charges involve the transfer of government-issued ID information (like a birth certificate, driver’s license, or social security number),
- the charges involve the transfer of more than five means of identification, or
- you use someone else’s identification to obtain anything of value worth more than $1,000 in a one-year period.46
Otherwise, the maximum prison sentence is five years.47
The maximum prison sentence goes up to 20 years for second convictions for this crime and for instances of identity fraud connected with drug trafficking crimes or crimes of violence.48
3.2.2. Federal credit card fraud law
If you are accused of internet fraud related to other people’s credit card information, you can be charged under federal laws prohibiting the following:
- Trafficking in or using one or several unauthorized credit card numbers, knowingly and with intent to defraud, if by doing so you obtain anything of value worth $1,000 or more in any one-year period;
- Possessing 15 or more unauthorized credit card numbers, knowingly and with intent to defraud; and
- Engaging in transactions using other people’s credit card numbers, knowingly and with intent to defraud, in order to obtain anything of value worth $1,000 or more during a one-year period.49
A conviction under this law can mean a fine or imprisonment for up to 10 or 15 years, or 20 years for a second offense, depending on the circumstances.50
4. Unauthorized computer use or access
Another common form of California internet fraud / cybercrime involves accessing a computer, computer data, or a computer network without permission, often with some unlawful purpose.
This can be accomplished by the technologically sophisticated way of breaking into a computer known as “hacking.” Though it can also be done in a less sophisticated way.
Example: When David quits his job at a technology company, he takes with him computer data files that contain the programming code used by the company to develop its main product. He then starts his own company selling a product that looks suspiciously like the product sold by his old employer, which he may have developed with the code he “stole” from the employer.51
Example: Glen and Santiago quit their jobs at a health care center and start a new, competing company, taking with them information about the patients of the old company that they took off of the old company’s computers. They then use this information to market their new company to the old company’s patients.52
Example: Glen is a college student and a computer whiz. On a dare from another student, he “hacks” into the computer drive where his college’s registrar stores exam grades and erases all of the grades for several courses.
4.1. California law (Penal Code 502 PC)
Penal Code 502 PC – California’s unauthorized computer access law (also known as the “Comprehensive Computer Data Access and Fraud Act”) makes this sort of activity a crime in California.
4.1.1. Offenses and penalties
Penal Code 502 prohibits the following behavior and prescribes the following punishments for it:
- Offense: Knowingly accessing and without permission altering, damaging, deleting, destroying, or otherwise using any data, computer, computer system, or computer network in order either to: a) devise or execute a scheme to defraud, deceive, or extort, or b) wrongfully control or obtain money, property, or data.53
- Penalties: This offense is a wobbler. Can be a fine of up to $10,000, imprisonment in the county jail for 16 months or two or three years, or both. Can also be a fine of up to $5,000, imprisonment in a county jail for up to one year, or both.54
- Offense: Knowingly accessing and without permission taking, copying, or using any data from a computer, computer system, or computer network.55
- Penalties: This offense is also a wobbler. Can be a fine of up to $10,000, imprisonment in the county jail for 16 months or two or three years, or both. Can also be a fine of up to $5,000, imprisonment in a county jail for up to one year, or both.56
- Offense: Knowingly and without permission using (or causing to be used) computer services.57
- Penalties: For a first offense under this law that doesn’t result in any “injury” and where the value of the computer services that were used is no more than $950, the offense is a misdemeanor. Penalties can be a fine of up to $5,000, or imprisonment in a county jail for up to one year, or both.58 (Note that “injury” for these purposes means any changes, deletions, or damage to a computer, computer network, computer system, or computer data.59) For a second conviction under this law, or if an injury results, or the victim of the offense suffers expenditures more than $5,000, or the computer services used were worth more than $950, then the offense is a wobbler. Punishment can be EITHER a fine of up to $10,000, imprisonment in the county jail for 16 months or two or three years, or both; OR a fine of up to $5,000, imprisonment in a county jail for up to one year, or both.60
- Offense: Knowingly accessing and without permission adding, altering, damaging, deleting, or destroying any data, computer software, or computer programs.61
- Penalties: This offense is another wobbler. Can be a fine of up to $10,000, imprisonment in the county jail for 16 months or two or three years, or both. Can also be a fine of up to $5,000, imprisonment in a county jail for up to one year, or both.62
- Offense: Knowingly and without permission disrupting or causing the disruption of computer services or the denial of computer services to an authorized user.63
- Penalties: This offense is another wobbler. Can be a fine of up to $10,000, imprisonment in the county jail for 16 months or two or three years, or both. Can also be a fine of up to $5,000, imprisonment in a county jail for up to one year, or both.64
- Offense: Knowingly and without permission providing someone else with a means of accessing computer equipment so that they can commit one of the other offenses on this list.65
- Penalties: For a first offense under this law that does not cause any injury, this offense is an infraction in California law. If convicted, you can be fined up to $1,000.66 For a second offense under this law, or if the victim of the offense does suffer a loss but of no more than $5,000, this offense graduates to a misdemeanor. In this case it is punishable by a fine of not more than $5,000, imprisonment in the county jail for up to one year, or both.67 And, if the victim of the offense suffers a loss of more than $5,000, this offense becomes a wobbler. It can then be punished with a fine of up to $10,000, imprisonment in the county jail for 16 months or two or three years, or both. Or it can be punished with a fine of up to $5,000, imprisonment in a county jail for up to one year, or both.68
- Offense: Knowingly and without permission accessing (or causing to be accessed) any computer, computer system, or computer network.69
- Penalties: The penalty scheme for this offense is the same as that for offense #6, which we just discussed.70
- Offense: Knowingly introducing any “computer contaminant” (like a virus or a “worm”) into any computer, computer system, or computer network.71
- Penalties: For a first violation that doesn’t injure anyone, this offense is a misdemeanor punishable by a fine of not more than $5,000, imprisonment in the county jail for up to one year, or both.72 For a second violation or any violation resulting in injury, the offense is a wobbler. It can then be punished with a fine of up to $10,000, imprisonment in county jail for up to one year, imprisonment in county jail for 16 months or two or three years, or both a fine and imprisonment.73
- Offense: Knowingly and without permission using someone else’s internet domain name to send one or more emails, and thereby damaging or causing damage to a computer, computer system, or computer network.74
- Penalties: For a first offense under this law that does not cause any injury to anyone, this offense is an infraction. If convicted, you can be fined up to $1,000.75 For a second offense under this law, or if the violation does cause injury, this offense graduates to a misdemeanor. In this case it is punishable by a fine of not more than $5,000, imprisonment in the county jail for up to one year, or both.76
In addition, the owner of the computer equipment or data that was damaged by any of these offenses can sue you for damages.77
Also, any computer equipment used to commit one of these offenses may be subject to asset forfeiture under California asset forfeiture laws.78
4.1.2. Scope of employment exception
This list of offenses is likely to make anyone who has ever held an office job a little nervous.
Let’s say one day you violate company policy by copying a file related to your work to a portable drive so that you could take the file home and work on it on your home computer over the weekend instead of coming into the office. This sounds quite a bit like “knowingly accessing and without permission taking, copying, or using any data from a computer.”79
Luckily, you probably did not commit a crime. Penal Code 502 PC carves out an exception for acts that you commit within the scope of your employment; that is, when you are doing things that are reasonably necessary to the performance of your jobs.80
In some cases, this exception may apply even when you are doing things at work that your employer did not specifically ask you to do or, indeed, would not have approved of you doing. For example:
Example: Kelly is a police officer who uses his work computer to obtain personal information about certain individuals, including celebrities and his ex-girlfriend, that he has no legitimate reason to obtain. But he is not guilty of unauthorized use of his work computer, since obtaining this kind of information about other individuals for work-related purposes was a part of his job, and his computer access was set up to allow him to do this.81
Not only that, but you also cannot be convicted of unauthorized use of computer services (offense number 3 above) for your activities at work even when these activities are technically outside the scope of your job as long as
- your activities do not cause an injury to your employer or anyone else, or
- the value of any computer services that you use without authorization does not exceed a total of $250.82
4.2. Federal law
Some of the activities that can lead to charges of unauthorized computer use or access under Penal Code 502 PC in California can also lead to federal charges. A federal law against “computer fraud” makes it a crime to access a computer that is
- used by the U.S. government,
- used by a bank, or
- used for any commercial purposes,
without authorization, or in excess of your authorized access, in order to carry out a fraud and obtain something of value, knowingly and with intent to defraud.83
For a first offense or attempted offense under this law, penalties can include a fine or imprisonment in federal prison for up to five years, or both. For a second or subsequent offense, you may be fined, imprisoned for up to 10 years, or both.84
Helpful Links
Legal References:
- Internet Crime Complaint Center, 2010 Internet Crime Report, at 5.
- Internet Crime Complaint Center, California IC3 2010 Internet Crime Report, at 1.
- Same.
- Mark Anderson, “Attorney general creates cyber crime unit,” Sacramento Business Journal, Dec.13, 2011.
- Our California and federal criminal defense attorneys defend clients against accusations of internet fraud and cybercrime throughout the state. We have local Los Angeles law offices in Beverly Hills, Burbank, Glendale, Lancaster, Long Beach, Los Angeles, Pasadena, Pomona, Torrance, Van Nuys, West Covina, and Whittier. We have additional law offices conveniently located throughout the state in Orange County, San Diego, Riverside, San Bernardino, Ventura, San Jose, Oakland, the San Francisco Bay area, Sacramento, and several nearby cities.
- Black’s Law Dictionary (9th ed. 2009), fraud. (“Fraud. . . 1. A knowing misrepresentation of the truth or concealment of a material fact to induce another to act to his or her detriment.”)
- See Internet Crime Complaint Center, 2010 Internet Crime Report, at 19. (“Non-Delivery Payment/Merchandise (non-auction) – Purchaser did not receive items purchased, or seller did not receive payment for items sold.”)
- Same. (“Advance Fee Fraud – Criminals convince victims to pay a fee to receive something of value, but do not deliver anything of value to the victim.”)
- Same, at 15.
- Same.
- Same, at 16.
- Same.
- 18 United States Code (“U.S.C.”) § 1343 Fraud by wire, radio, or television. (“Whoever, having devised or intending to devise any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises, transmits or causes to be transmitted by means of wire, radio, or television communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such scheme or artifice, shall be fined under this title or imprisoned not more than 20 years, or both. If the violation occurs in relation to, or involving any benefit authorized, transported, transmitted, transferred, disbursed, or paid in connection with, a presidentially declared major disaster or emergency (as those terms are defined in section 102 of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5122)), or affects a financial institution, such person shall be fined not more than $1,000,000 or imprisoned not more than 30 years, or both.”)See also United States v. Selby, (2009) 557 F.3d 968, 979. (“The internal e-mail Selby forwarded to her husband . . . is sufficient to establish the element of the use of the wires in furtherance of the scheme.”)
- United States v. Briscoe, (7th Cir. 1995) 65 F.3d 576, 583. (“To prove mail fraud under section 1341, the government must show: (1) a scheme to defraud; (2) committed with intent to defraud; and (3) use of the mails to further the fraudulent scheme. . . . The elements of wire fraud under 18 U.S.C. Sec. 1343 directly parallel those of the mail fraud statute, but require the use of an interstate telephone call or electronic communication made in furtherance of the scheme.”) (citation omitted)
- Same. (“The government is not required to prove that the scheme to defraud was successful; . . . “)
- 18 United States Code (“U.S.C.”) 1343 – Internet fraud or fraud by wire, radio, or television. (“Whoever, having devised or intending to devise any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises, transmits or causes to be transmitted by means of wire, radio, or television communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such scheme or artifice, shall be fined under this title or imprisoned not more than 20 years, or both. If the violation occurs in relation to, or involving any benefit authorized, transported, transmitted, transferred, disbursed, or paid in connection with, a presidentially declared major disaster or emergency (as those terms are defined in section 102 of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5122)), or affects a financial institution, such person shall be fined not more than $1,000,000 or imprisoned not more than 30 years, or both.”)
- Santa Ana California criminal defense lawyer John Murray works extensively in the Orange County courts, including the Central Justice Center in Santa Ana, the Harbor Justice Center in Newport Beach, the West Justice Center in Westminster and the North Justice Center in Fullerton.
- Penal Code section 530.5 PC – California internet fraud; unauthorized use of personal identifying information of another person; attempt to obtain credit, goods, services, real property or medical information; commission of crime; punishment for first, subsequent or multiple offenses; sale of information; mail theft; liability of computer service or software providers. (“(a) Every person who willfully obtains personal identifying information, as defined in subdivision (b) of Section 530.55, of another person, and uses that information for any unlawful purpose, including to obtain, or attempt to obtain, credit, goods, services, real property, or medical information without the consent of that person, is guilty of a public offense, and upon conviction therefor, shall be punished by a fine, by imprisonment in a county jail not to exceed one year, or by both a fine and imprisonment, or by imprisonment pursuant to subdivision (h) of Section 1170. (b) In any case in which a person willfully obtains personal identifying information of another person, uses that information to commit a crime in addition to a violation of subdivision (a), and is convicted of that crime, the court records shall reflect that the person whose identity was falsely used to commit the crime did not commit the crime. (c)(1) Every person who, with the intent to defraud, acquires or retains possession of the personal identifying information, as defined in subdivision (b) of Section 530.55, of another person is guilty of a public offense, and upon conviction therefor, shall be punished by a fine, by imprisonment in a county jail not to exceed one year, or by both a fine and imprisonment. (2) Every person who, with the intent to defraud, acquires or retains possession of the personal identifying information, as defined in subdivision (b) of Section 530.55, of another person, and who has previously been convicted of a violation of this section, upon conviction therefor shall be punished by a fine, by imprisonment in a county jail not to exceed one year, or by both a fine and imprisonment, or by imprisonment pursuant to subdivision (h) of Section 1170. (3) Every person who, with the intent to defraud, acquires or retains possession of the personal identifying information, as defined in subdivision (b) of Section 530.55, of 10 or more other persons is guilty of a public offense, and upon conviction therefor, shall be punished by a fine, by imprisonment in a county jail not to exceed one year, or by both a fine and imprisonment, or by imprisonment pursuant to subdivision (h) of Section 1170. (d)(1) Every person who, with the intent to defraud, sells, transfers, or conveys the personal identifying information, as defined in subdivision (b) of Section 530.55, of another person is guilty of a public offense, and upon conviction therefor, shall be punished by a fine, by imprisonment in a county jail not to exceed one year, or by both a fine and imprisonment, or by imprisonment pursuant to subdivision (h) of Section 1170. (2) Every person who, with actual knowledge that the personal identifying information, as defined in subdivision (b) of Section 530.55, of a specific person will be used to commit a violation of subdivision (a), sells, transfers, or conveys that same personal identifying information is guilty of a public offense, and upon conviction therefor, shall be punished by a fine, by imprisonment pursuant to subdivision (h) of Section 1170, or by both a fine and imprisonment.”)
- California Penal Code 530.55 PC. (“(b) For purposes of internet fraud in this chapter, “personal identifying information” means any name, address, telephone number, health insurance number, taxpayer identification number, school identification number, state or federal driver’s license, or identification number, social security number, place of employment, employee identification number, professional or occupational number, mother’s maiden name, demand deposit account number, savings account number, checking account number, PIN (personal identification number) or password, alien registration number, government passport number, date of birth, unique biometric data including fingerprint, facial scan identifiers, voiceprint, retina or iris image, or other unique physical representation, unique electronic data including information identification number assigned to the person, address or routing code, telecommunication identifying information or access device, information contained in a birth or death certificate, or credit card number of an individual person, or an equivalent form of identification.”)
- California Penal Code 530.5 PC – Unauthorized use of personal identifying information of another person as a form of internet fraud; attempt to obtain credit, goods, services, real property or medical information; commission of crime; punishment for first, subsequent or multiple offenses; sale of information; mail theft; liability of computer service or software providers. (“(a) Every person who willfully obtains personal identifying information, as defined in subdivision (b) of Section 530.55, of another person, and uses that information for any unlawful purpose, including to obtain, or attempt to obtain, credit, goods, services, real property, or medical information without the consent of that person, is guilty of a public offense, and upon conviction therefor, shall be punished by a fine, by imprisonment in a county jail not to exceed one year, or by both a fine and imprisonment, or by imprisonment pursuant to subdivision (h) of Section 1170. . . . “)
- Same.
- People v. Tillotson, (2007) 157 Cal.App.4th 517, 533.
- California Criminal Jury Instructions “CALCRIM” 2040 – Unauthorized Use of Personal Identifying Information. (“It is not necessary that anyone actually be defrauded or actually suffer a financial, legal, or property loss as a result of the defendant’s acts.”)See also CALCRIM 2041 – Fraudulent Possession of Personal Identifying Information.
- Penal Code 530.5 PC. See also Penal Code 17 PC – Felony; misdemeanor; infraction; classification of internet fraud and cybercrime offenses. (“(a) A felony is a crime that is punishable with death, by imprisonment in the state prison, or notwithstanding any other provision of law, by imprisonment in a county jail under the provisions of subdivision (h) of Section 1170. Every other crime or public offense is a misdemeanor except those offenses that are classified as infractions. (b) When a crime is punishable, in the discretion of the court, either by imprisonment in the state prison or imprisonment in a county jail under the provisions of subdivision (h) of Section 1170, or by fine or imprisonment in the county jail, it is a misdemeanor for all purposes under the following circumstances: (1) After a judgment imposing a punishment other than imprisonment in the state prison or imprisonment in a county jail under the provisions of subdivision (h) of Section 1170. (2) When the court, upon committing the defendant to the Division of Juvenile Justice, designates the offense to be a misdemeanor. (3) When the court grants probation to a defendant without imposition of sentence and at the time of granting probation, or on application of the defendant or probation officer thereafter, the court declares the offense to be a misdemeanor. (4) When the prosecuting attorney files in a court having jurisdiction over misdemeanor offenses a complaint specifying that the offense is a misdemeanor, unless the defendant at the time of his or her arraignment or plea objects to the offense being made a misdemeanor, in which event the complaint shall be amended to charge the felony and the case shall proceed on the felony complaint. (5) When, at or before the preliminary examination or prior to filing an order pursuant to Section 872, the magistrate determines that the offense is a misdemeanor, in which event the case shall proceed as if the defendant had been arraigned on a misdemeanor complaint.”)
- California Penal Code 530.5 PC. See also Penal Code 1170(h) PC. (“h)(1) Except as provided in paragraph (3), a felony for internet fraud punishable pursuant to this subdivision where the term is not specified in the underlying offense shall be punishable by a term of imprisonment in a county jail for 16 months, or two or three years.(2) Except as provided in paragraph (3), a felony punishable pursuant to this subdivision shall be punishable by imprisonment in a county jail for the term described in the underlying offense.”)
- Penal Code 484e PC – Theft of access cards or account information. (“(a) Every person who, with intent to defraud, sells, transfers, or conveys, an access card, without the cardholder’s or issuer’s consent, is guilty of grand theft.”)
- Same. (“(b) Every person, other than the issuer, who within any consecutive 12-month period, acquires access cards issued in the names of four or more persons which he or she has reason to know were taken or retained under circumstances which constitute a violation of subdivision (a), (c), or (d) is guilty of grand theft.”)
- Same. (“(c) Every person who, with the intent to defraud, acquires or retains possession of an access card without the cardholder’s or issuer’s consent, with intent to use, sell, or transfer it to a person other than the cardholder or issuer is guilty of petty theft.”)
- Same. (“(d) Every person who acquires or retains possession of access card account information with respect to an access card validly issued to another person, without the cardholder’s or issuer’s consent, with the intent to use it fraudulently, is guilty of grand theft.”)
- California Penal Code 484g PC – Fraudulent use of access cards or account information as a form of California internet fraud. (“Every person who, with the intent to defraud, (a) uses, for the purpose of obtaining money, goods, services, or anything else of value, an access card or access card account information that has been altered, obtained, or retained in violation of Section 484e or 484f, or an access card which he or she knows is forged, expired, or revoked, or (b) obtains money, goods, services, or anything else of value by representing without the consent of the cardholder that he or she is the holder of an access card and the card has not in fact been issued, is guilty of theft. If the value of all money, goods, services, and other things of value obtained in violation of this section exceeds nine hundred fifty dollars ($950) in any consecutive six-month period, then the same shall constitute grand theft.”)
- California Penal Code 489 PC. (“Grand theft is punishable as follows: (a) When the grand theft involves the theft of a firearm, by imprisonment in the state prison for 16 months, two, or three years. (b) In all other cases, by imprisonment in a county jail not exceeding one year or pursuant to subdivision (h) of Section 1170.”) See also Penal Code 1170(h) PC. (“h)(1) Except as provided in paragraph (3), a felony punishable pursuant to this subdivision where the term is not specified in the underlying offense shall be punishable by a term of imprisonment in a county jail for 16 months, or two or three years.(2) Except as provided in paragraph (3), a felony punishable pursuant to this subdivision shall be punishable by imprisonment in a county jail for the term described in the underlying offense.”)
- Same.
- California Penal Code 490 PC. (“Petty theft is punishable by fine not exceeding one thousand dollars ($1,000), or by imprisonment in the county jail not exceeding six months, or both.”)
- California Penal Code 530.5 PC; Penal Code 484e PC; Penal Code 484g PC.
- Business & Professions Code 22948 BPC – Short title. (“This chapter shall be known and may be cited as the Anti-Phishing Act of 2005.”)
- California Business & Professions Code 22948.2 BPC – Internet fraud as unlawful requests by misrepresentation. (“It shall be unlawful for any person, by means of a Web page, electronic mail message, or otherwise through use of the Internet, to solicit, request, or take any action to induce another person to provide identifying information by representing itself to be a business without the authority or approval of the business.”)
- California Business & Professions Code 22948.3 – Remedies for violation. (“(a) The following persons may bring an action against a person who violates or is in violation of Section 22948.2: (1) A person who (A) is engaged in the business of providing Internet access service to the public, owns a Web page, or owns a trademark, and (B) is adversely affected by a violation of Section 22948.2. An action brought under this paragraph may seek to recover the greater of actual damages or five hundred thousand dollars ($500,000). (2) An individual who is adversely affected by a violation of Section 22948.2 may bring an action, but only against a person who has directly violated Section 22948.2. An action brought under this paragraph may seek to enjoin further violations of Section 22948.2 and to recover the greater of three times the amount of actual damages or five thousand dollars ($5,000) per violation. (b) The Attorney General or a district attorney may bring an action against a person who violates or is in violation of Section 22948.2 to enjoin further violations of Section 22948.2 and to recover a civil penalty of up to two thousand five hundred dollars ($2,500) per violation. (c) In an action pursuant to this section, a court may, in addition, do either or both of the following: (1) Increase the recoverable damages to an amount up to three times the damages otherwise recoverable under subdivision (a) in cases in which the defendant has engaged in a pattern and practice of violating Section 22948.2. (2) Award costs of suit and reasonable attorney’s fees to a prevailing plaintiff. (d) The remedies provided in this section do not preclude the seeking of remedies, including criminal remedies, under any other applicable provision of law. (e) For purposes of paragraph (1) of subdivision (a), multiple violations of Section 22948.2 resulting from any single action or conduct shall constitute one violation.”)
- Same.
- California Penal Code 484e PC – Theft of access cards or account information. (“(a) Every person who, with intent to defraud, sells, transfers, or conveys, an access card, without the cardholder’s or issuer’s consent, is guilty of grand theft.”)
- California Business & Professions Code 22948.2 BPC – Unlawful requests by misrepresentation. (“It shall be unlawful for any person, by means of a Web page, electronic mail message, or otherwise through use of the Internet, to solicit, request, or take any action to induce another person to provide identifying information by representing itself to be a business without the authority or approval of the business.”)
- Penal Code 530.5 PC – Unauthorized use of personal identifying information of another person; attempt to obtain credit, goods, services, real property or medical information; commission of crime; punishment for first, subsequent or multiple offenses; sale of information; mail theft; liability of computer service or software providers. (“(a) Every person who willfully obtains personal identifying information, as defined in subdivision (b) of Section 530.55, of another person, and uses that information for any unlawful purpose, including to obtain, or attempt to obtain, credit, goods, services, real property, or medical information without the consent of that person, is guilty of a public offense, and upon conviction therefor, shall be punished by a fine, by imprisonment in a county jail not to exceed one year, or by both a fine and imprisonment, or by imprisonment pursuant to subdivision (h) of Section 1170. . . . “)
- Business & Professions Code 22948.2 BPC – Internet fraud as unlawful requests by misrepresentation. (“It shall be unlawful for any person, by means of a Web page, electronic mail message, or otherwise through use of the Internet, to solicit, request, or take any action to induce another person to provide identifying information by representing itself to be a business without the authority or approval of the business.”)
- Same.
- 18 U.S.C. § 1028 – Internet fraud and related activity in connection with identification documents, authentication features, and information. (“(a) Whoever, in a circumstance described in subsection (c) of this section– . . . (7) knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, or in connection with, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law;. . . shall be punished as provided in subsection (b) of this section. . . . (c) The circumstance referred to in subsection (a) of this section is that–(1) the identification document, authentication feature, or false identification document is or appears to be issued by or under the authority of the United States or a sponsoring entity of an event designated as a special event of national significance or the document-making implement is designed or suited for making such an identification document, authentication feature, or false identification document; (2) the offense is an offense under subsection (a) (4) of this section; or (3) either– (A) the production, transfer, possession, or use prohibited by this section is in or affects interstate or foreign commerce, including the transfer of a document by electronic means; or (B) the means of identification, identification document, false identification document, or document-making implement is transported in the mail in the course of the production, transfer, possession, or use prohibited by this section.”)
- Same. (“(d)(7) the term “means of identification” means any name or number that may be used, alone or in conjunction with any other information, to identify a specific individual, including any– (A) name, social security number, date of birth, official State or government issued driver’s license or identification number, alien registration number, government passport number, employer or taxpayer identification number; (B) unique biometric data, such as fingerprint, voice print, retina or iris image, or other unique physical representation; (C) unique electronic identification number, address, or routing code; or (D) telecommunication identifying information or access device (as defined in section 1029(e)); . . . .”)
- Same. (“(b) The punishment for a California internet fraud offense under subsection (a) of this section is–(1) except as provided in paragraphs (3) and (4), a fine under this title or imprisonment for not more than 15 years, or both, if the offense is– (A) the production or transfer of an identification document, authentication feature, or false identification document that is or appears to be– (i) an identification document or authentication feature issued by or under the authority of the United States; or (ii) a birth certificate, or a driver’s license or personal identification card; (B) the production or transfer of more than five identification documents, authentication features, or false identification documents; (C) an offense under paragraph (5) of such subsection; or (D) an offense under paragraph (7) of such subsection that involves the transfer, possession, or use of 1 or more means of identification if, as a result of the offense, any individual committing the offense obtains anything of value aggregating $1,000 or more during any 1-year period; . . . .”)
- Same. (“(b) The punishment for an offense under subsection (a) of this section is– . . . (2) except as provided in paragraphs (3) and (4), a fine under this title or imprisonment for not more than 5 years, or both, if the offense is– (A) any other production, transfer, or use of a means of identification, an identification document, authentication feature, or a false identification document; or (B) an offense under paragraph (3) or (7) of such subsection; . . . .”)
- Same. (“(b) The punishment for an offense under subsection (a) of this section is– . . . (3) a fine under this title or imprisonment for not more than 20 years, or both, if the offense is committed– (A) to facilitate a drug trafficking crime (as defined in section 929(a)(2)); (B) in connection with a crime of violence (as defined in section 924(c)(3)); or (C) after a prior conviction under this section becomes final; . . . .”)
- 18 U.S.C. § 1029 – Internet fraud and related activity in connection with access devices. (“(a) Whoever– (2) knowingly and with intent to defraud traffics in or uses one or more unauthorized access devices during any one-year period, and by such conduct obtains anything of value aggregating $1,000 or more during that period; (3) knowingly and with intent to defraud possesses fifteen or more devices which are counterfeit or unauthorized access devices; (5) knowingly and with intent to defraud effects transactions, with 1 or more access devices issued to another person or persons, to receive payment or any other thing of value during any 1-year period the aggregate value of which is equal to or greater than $1,000; . . . shall, if the offense affects interstate or foreign commerce, be punished as provided in subsection (c) of this section.”)
- Same. (“(c) Penalties.– (1) Generally.–The punishment for an offense under subsection (a) of this section is– (A) in the case of an offense that does not occur after a conviction for another offense under this section– (i) if the offense is under paragraph (1), (2), (3), (6), (7), or (10) of subsection (a), a fine under this title or imprisonment for not more than 10 years, or both; and (ii) if the offense is under paragraph (4), (5), (8), or (9) of subsection (a), a fine under this title or imprisonment for not more than 15 years, or both; (B) in the case of an offense that occurs after a conviction for another offense under this section, a fine under this title or imprisonment for not more than 20 years, or both; and (C) in either case, forfeiture to the United States of any personal property used or intended to be used to commit the offense.”)
- Loosely based on the facts of People v. Hawkins, (2002) 98 Cal.App.4th 1428.
- Loosely based on the facts of Hanger Prosthetics & Orthotics, Inc. v. Capstone Orthopedic, Inc., (E.D.Cal. 2008) 556 F.Supp.2d 1122.
- Penal Code 502(c) PC. (“(c) Except as provided in subdivision (h), any person who commits any of the following acts is guilty of a public internet fraud offense: (1) Knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network in order to either (A) devise or execute any scheme or artifice to defraud, deceive, or extort, or (B) wrongfully control or obtain money, property, or data. . . . “)
- Penal Code 502(d) PC. (“(d)(1) Any person who violates any of the provisions of paragraph (1), (2), (4), or (5) of subdivision (c) is punishable by a fine not exceeding ten thousand dollars ($10,000), or by imprisonment pursuant to subdivision (h) of Section 1170 for 16 months, or two or three years, or by both that fine and imprisonment, or by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment.”)
- Penal Code 502(c) PC. (“(c) Except as provided in subdivision (h), any person who commits any of the following acts is guilty of a public internet fraud offense: . . . (2) Knowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external to a computer, computer system, or computer network.”)
- Penal Code 502(d) PC. (“(d)(1) Any person who violates any of the provisions of paragraph (1), (2), (4), or (5) of subdivision (c) is punishable by a fine not exceeding ten thousand dollars ($10,000), or by imprisonment pursuant to subdivision (h) of Section 1170 for 16 months, or two or three years, or by both that fine and imprisonment, or by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment.”)
- Penal Code 502(c) PC. (“(c) Except as provided in subdivision (h), any person who commits any of the following acts is guilty of a public offense: . . . (3) Knowingly and without permission uses or causes to be used computer services.”)
- Penal Code 502(d) PC. (“(2) Any person who violates paragraph (3) of subdivision (c) is punishable as follows:(A) For the first violation that does not result in injury, and where the value of the computer services used does not exceed nine hundred fifty dollars ($950), by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment. (B) For any violation that results in a victim expenditure in an amount greater than five thousand dollars ($5,000) or in an injury, or if the value of the computer services used exceeds nine hundred fifty dollars ($950), or for any second or subsequent violation, by a fine not exceeding ten thousand dollars ($10,000), or by imprisonment pursuant to subdivision (h) of Section 1170 for 16 months, or two or three years, or by both that fine and imprisonment, or by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment.”)
- California Penal Code 502(b) PC. (“(b) For the purposes of this section on internet fraud, the following terms have the following meanings: . . . (8) “Injury” means any alteration, deletion, damage, or destruction of a computer system, computer network, computer program, or data caused by the access, or the denial of access to legitimate users of a computer system, network, or program.”)
- Penal Code 502(d) PC. (“(d)(2) Any person who violates paragraph (3) of subdivision (c) is punishable as follows: (A) For the first violation that does not result in injury, and where the value of the computer services used does not exceed nine hundred fifty dollars ($950), by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment. (B) For any violation that results in a victim expenditure in an amount greater than five thousand dollars ($5,000) or in an injury, or if the value of the computer services used exceeds nine hundred fifty dollars ($950), or for any second or subsequent violation, by a fine not exceeding ten thousand dollars ($10,000), or by imprisonment pursuant to subdivision (h) of Section 1170 for 16 months, or two or three years, or by both that fine and imprisonment, or by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment.”)
- Penal Code 502(c) PC. (“(c) Except as provided in subdivision (h), any person who commits any of the following acts is guilty of a public offense. . . (4) Knowingly accesses and without permission adds, alters, damages, deletes, or destroys any data, computer software, or computer programs which reside or exist internal or external to a computer, computer system, or computer network.”)
- Penal Code 502(d) PC. (“(d)(1) Any person who violates any of the provisions of paragraph (1), (2), (4), or (5) of subdivision (c) is punishable by a fine not exceeding ten thousand dollars ($10,000), or by imprisonment pursuant to subdivision (h) of Section 1170 for 16 months, or two or three years, or by both that fine and imprisonment, or by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment.”)
- Penal Code 502(c) PC. (“(c) Except as provided in subdivision (h), any person who commits any of the following acts is guilty of a public offense: . . . (5) Knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network.”)
- Penal Code 502(d) PC. (“(d)(1) Any person who violates any of the internet fraud provisions of paragraph (1), (2), (4), or (5) of subdivision (c) is punishable by a fine not exceeding ten thousand dollars ($10,000), or by imprisonment pursuant to subdivision (h) of Section 1170 for 16 months, or two or three years, or by both that fine and imprisonment, or by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment.”)
- Penal Code 502(c) PC. (“(c) Except as provided in subdivision (h), any person who commits any of the following acts is guilty of a public offense: (6) Knowingly and without permission provides or assists in providing a means of accessing a computer, computer system, or computer network in violation of this section.”)
- Penal Code 502(d) PC. (“(d)(3) Any person who violates paragraph (6) or (7) of subdivision (c) is punishable as follows: (A) For a first violation that does not result in injury, an infraction punishable by a fine not exceeding one thousand dollars ($1,000).”)
- Same. (“(d)(3) Any person who violates paragraph (6) or (7) of subdivision (c) is punishable as follows: . . . (B) For any violation that results in a victim expenditure in an amount not greater than five thousand dollars ($5,000), or for a second or subsequent violation, by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment.”)
- Same. (“(d)(3) Any person who violates paragraph (6) or (7) of subdivision (c) is punishable as follows: . . . (C) For any internet fraud violation that results in a victim expenditure in an amount greater than five thousand dollars ($5,000), by a fine not exceeding ten thousand dollars ($10,000), or by imprisonment pursuant to subdivision (h) of Section 1170 for 16 months, or two or three years, or by both that fine and imprisonment, or by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment.”)
- Penal Code 502(c) PC. (“(c) Except as provided in subdivision (h), any person who commits any of the following acts is guilty of a public offense: . . . (7) Knowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network.”)
- Penal Code 502(d) PC. (“(d)(3) Any person who violates paragraph (6) or (7) of subdivision (c) is punishable as follows: (A) For a first violation that does not result in injury, an infraction punishable by a fine not exceeding one thousand dollars ($1,000). (B) For any violation that results in a victim expenditure in an amount not greater than five thousand dollars ($5,000), or for a second or subsequent violation, by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment. (C) For any violation that results in a victim expenditure in an amount greater than five thousand dollars ($5,000), by a fine not exceeding ten thousand dollars ($10,000), or by imprisonment pursuant to subdivision (h) of Section 1170 for 16 months, or two or three years, or by both that fine and imprisonment, or by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment.”)
- Penal Code 502(c) PC. (“(c) Except as provided in subdivision (h), any person who commits any of the following acts is guilty of a public offense: . . . (8) Knowingly introduces any computer contaminant into any computer, computer system, or computer network.”)See also Penal Code 502(b) PC. (“(b) For the purposes of this internet fraud section, the following terms have the following meanings: . . . (10) “Computer contaminant” means any set of computer instructions that are designed to modify, damage, destroy, record, or transmit information within a computer, computer system, or computer network without the intent or permission of the owner of the information. They include, but are not limited to, a group of computer instructions commonly called viruses or worms, that are self-replicating or self-propagating and are designed to contaminate other computer programs or computer data, consume computer resources, modify, destroy, record, or transmit data, or in some other fashion usurp the normal operation of the computer, computer system, or computer network.”)
- Penal Code 502(d) PC. (“(d)(4) Any person who violates paragraph (8) of subdivision (c) is punishable as follows: (A) For a first violation that does not result in injury, a misdemeanor punishable by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment.”)
- Same. (“(d)(4) Any person who violates paragraph (8) of subdivision (c) is punishable as follows: . . . (B) For any internet fraud violation that results in injury, or for a second or subsequent violation, by a fine not exceeding ten thousand dollars ($10,000), or by imprisonment in a county jail not exceeding one year, or by imprisonment pursuant to subdivision (h) of Section 1170, or by both that fine and imprisonment.”)
- Penal Code 502(c) PC. (“(c) Except as provided in subdivision (h), any person who commits any of the following acts is guilty of a public offense: . . . 9) Knowingly and without permission uses the Internet domain name of another individual, corporation, or entity in connection with the sending of one or more electronic mail messages, and thereby damages or causes damage to a computer, computer system, or computer network.”)
- Penal Code 502(d) PC. (“(d)(5) Any person who violates paragraph (9) of subdivision (c) is punishable as follows: (A) For a first violation that does not result in injury, an infraction punishable by a fine not exceeding one thousand dollars.”)
- Same. (“(d)(5) Any person who violates paragraph (9) of subdivision (c) is punishable as follows: . . . (B) For any violation that results in injury, or for a second or subsequent violation, by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment.”)
- Penal Code 502(e) PC. (“(e)(1) In addition to any other civil remedy available, the owner or lessee of the computer, computer system, computer network, computer program, or data who suffers damage or loss by reason of a violation of any of the provisions of subdivision (c) may bring a civil action against the violator for compensatory damages and injunctive relief or other equitable relief. Compensatory damages shall include any expenditure reasonably and necessarily incurred by the owner or lessee to verify that a computer system, computer network, computer program, or data was or was not altered, damaged, or deleted by the access. For the purposes of actions authorized by this subdivision, the conduct of an unemancipated minor shall be imputed to the parent or legal guardian having control or custody of the minor, pursuant to the provisions of Section 1714.1 of the Civil Code.”)
- Penal Code 502(g) PC. (“(g) Any computer, computer system, computer network, or any software or data, owned by the defendant, that is used during the commission of any public offense described in subdivision (c) or any computer, owned by the defendant, which is used as a repository for the storage of software or data illegally obtained in violation of subdivision (c) shall be subject to forfeiture, as specified in Section 502.01.”)
- Penal Code 502(c) PC. (“(c) Except as provided in subdivision (h), any person who commits any of the following acts is guilty of a public offense: . . . (2) Knowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external to a computer, computer system, or computer network.”)
- Penal Code 502(h)(1) PC. (“Subdivision (c) does not apply to punish any acts which are committed by a person within the scope of his or her lawful employment. For purposes of this section, a person acts within the scope of his or her employment when he or she performs acts which are reasonably necessary to the performance of his or her work assignment.”)
- Chrisman v. City of Los Angeles, (2007) 155 Cal.App.4th 29, 37. (“Together these cases show that an employer’s disapproval of an employee’s conduct does not cast the conduct outside the scope of employment. If the employer’s disapproval were the measure, then virtually any misstep, mistake, or misconduct by an employee involving an employer’s computer would, by respondents’ reasoning, be criminal. For example, if an employer prohibited employees from internet fraud such as logging onto the Internet to check their personal email, respondents’ definition of scope of employment would make reading one’s email on company time a crime even where the employee read the email on a computer regularly assigned to that employee. Surely, that was not the Legislature’s intent in enacting subdivision (c)(7).”)
- Penal Code 502(h)(2) PC. (“(2) Paragraph (3) of subdivision (c) does not apply to penalize any acts committed by a person acting outside of his or her lawful employment, provided that the employee’s activities do not cause an injury, as defined in paragraph (8) of subdivision (b), to the employer or another, or provided that the value of supplies or computer services, as defined in paragraph (4) of subdivision (b), which are used does not exceed an accumulated total of two hundred fifty dollars ($250).”)
- 18 U.S.C. § 1030 – Fraud and related activity in connection with computers. (“(a) Whoever–. . . (4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period; shall be punished as provided in subsection (c) of this section. . . . (e) As used in this section– (2) the term “protected computer” means a computer– (A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or (B) which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States; . . . .”)
- Same. (“(c) The punishment for an offense under subsection (a) or (b) of this section is–. . . (3)(A) a fine under this title or imprisonment for not more than five years, or both, in the case of an offense under subsection (a)(4) or (a)(7) of this section which does not occur after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; and (B) a fine under this title or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(4) or (a)(7) of this section which occurs after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; . . . “)