Elements of Several Computer Crimes Described
In a full-fledged opinion by Justice Saxe, the First Department affirmed defendant’s convictions for computer trespass, computer tampering, unlawful duplication of computer related material, and criminal possession of computer related material. Defendant was on disability leave from his employer Time Warner when he used/installed software to gain access to passwords and log-in information. The First Department took the opportunity to discuss the proof requirements for the elements of these offenses, some of which have little or no appellate authority. With respect to the “without authorization” and “computer material” elements of computer trespass, the court wrote:
The term “without authorization” is defined as “access of a computer service by a person without permission . . . or after actual notice to such person, that such access was without permission” (Penal Law § 156.00[8]). While there is apparently no appellate authority on this point, the question of how to prove that use of a computer was not authorized was addressed in People v Klapper (28 Misc 3d 225 [Crim Ct, NY County 2010]), which considered a charge of unauthorized use of a computer (Penal Law § 156.05). The Klapper court held that no allegations supported the claim that the defendant’s access was unauthorized, because for access to be without authorization, the defendant must have had knowledge or notice that access was prohibited or “circumvented some security device or measure installed by the user” (28 Misc 3d at 230). Of course, here, evidence fully supports the finding that defendant gained access to Time Warner’s computers when he was unauthorized to do so. There is proof that Time Warner announced in its employee handbook that employees on disability leave were prohibited from entering the building, and the company deactivated those employees’ access cards; this establishes that defendant had actual notice that he lacked authorization to enter the building and to use the company’s computers. * * *
As to whether the information defendant gained access to constituted “computer material” for purposes of Penal Law § 156.10, the statutory definition of the term includes “any computer data or computer program” that “is not and is not intended to be available to anyone other than the person . . . rightfully in possession thereof . . . and which accords or may accord such rightful possessors an advantage over competitors or other persons who do not have knowledge or the benefit thereof” (Penal Law § 156.00[5]). With the use of user log-in information and passwords obtained through his installation of the keystroke-logging program Winvestigator, defendant was able to access information not intended to be available to anyone but the rightful user, namely, Time Warner and its authorized employees. Specifically, he gained access to … confidential information about customers’ accounts, including address, phone number, subscription, service call records, and billing and payment information, as well as a list of any problems customers reported or services they requested. Customer information … is the sort of information that businesses have an interest in protecting and keeping away from competitors …. Accordingly, it qualifies as computer data that is not intended to be available to anyone other than the rightful possessor and that gives (or may give) the rightful possessor an advantage over competitors. People v Puesan, 2013 NY Slip Op 06530, 1st Dept 10-8-13