Current through the 2024 Fourth Special Session
Section 76-6-703 - Unlawful computer technology access or action or denial of service attack(1) Terms defined in Sections 76-1-101.5 and 76-6-702 apply to this section.(2) An actor commits unlawful computer technology access or action or denial of service attack if the actor:(a) without authorization, or in excess of the actor's authorization, accesses or attempts to access computer technology if the access or attempt to access results in: (i) the alteration, damage, destruction, copying, transmission, discovery, or disclosure of computer technology;(ii) interference with or interruption of:(A) the lawful use of computer technology; or(B) the transmission of data;(iii) physical damage to or loss of real, personal, or commercial property;(iv) audio, video, or other surveillance of another person; or(v) economic loss to any person or entity;(b) after accessing computer technology that the actor is authorized to access, knowingly takes or attempts to take unauthorized or unlawful action that results in: (i) the alteration, damage, destruction, copying, transmission, discovery, or disclosure of computer technology;(ii) interference with or interruption of:(A) the lawful use of computer technology; or(B) the transmission of data;(iii) physical damage to or loss of real, personal, or commercial property;(iv) audio, video, or other surveillance of another person; or(v) economic loss to any person or entity; or(c) knowingly engages in a denial of service attack.(3) A violation of Subsection (2) is:(a) a class B misdemeanor if:(i) the economic loss or other loss or damage caused or the value of the money, property, or benefit obtained or sought to be obtained is less than $500; or(ii) the information obtained is not confidential;(b) a class A misdemeanor if the economic loss or other loss or damage caused or the value of the money, property, or benefit obtained or sought to be obtained is or exceeds $500 but is less than $1,500;(c) a third degree felony if: (i) the economic loss or other loss or damage caused or the value of the money, property, or benefit obtained or sought to be obtained is or exceeds $1,500 but is less than $5,000;(ii) the property or benefit obtained or sought to be obtained is a license or entitlement;(iii) the damage is to the license or entitlement of another person;(iv) the information obtained is confidential or identifying information; or(v) in gaining access the actor breaches or breaks through a security system; or(d) a second degree felony if the economic loss or other loss or damage caused or the value of the money, property, or benefit obtained or sought to be obtained is or exceeds $5,000.(4)(a) It is an affirmative defense that the actor obtained access or attempted to obtain access: (i) in response to, and for the purpose of protecting against or investigating, a prior attempted or successful breach of security of computer technology whose security the actor is authorized or entitled to protect, and the access attempted or obtained was no greater than reasonably necessary for that purpose; or(ii) pursuant to a search warrant or a lawful exception to the requirement to obtain a search warrant.(b) In accordance with 47 U.S.C. Sec. 230, this section may not apply to, and nothing in this section may be construed to impose liability or culpability on, an interactive computer service for content provided by another person.(c) This section does not affect, limit, or apply to any activity or conduct that is protected by the constitution or laws of this state, or by the constitution or laws of the United States.(5)(a) An interactive computer service is not guilty of violating this section if a person violates this section using the interactive computer service and the interactive computer service did not knowingly assist the person to commit the violation.(b) A service provider is not guilty of violating this section for: (i) action taken in relation to a customer of the service provider, for a legitimate business purpose, to install software on, monitor, or interact with the customer's Internet or other network connection, service, or computer for network or computer security purposes, authentication, diagnostics, technical support, maintenance, repair, network management, updates of computer software or system firmware, or remote system management; or(ii) action taken, including scanning and removing computer software, to detect or prevent the following: (A) unauthorized or fraudulent use of a network, service, or computer software;(C) infringement of intellectual property rights.Amended by Chapter 111, 2023 General Session ,§ 105, eff. 5/3/2023.Amended by Chapter 467, 2017 General Session ,§ 2, eff. 5/9/2017.Amended by Chapter 462, 2017 General Session ,§ 2, eff. 5/9/2017.Amended by Chapter 193, 2010 General Session.