What is Georgia Computer Theft?


FREE CASE EVALUATION

Can a DUI be dismissed? Yes
Can I keep my license? Yes
Will it be affordable? Yes

GET YOUR FREE CASE EVALUATION

Georgia Computer Theft

What is Computer Theft?

§ 16-9-93(a), titled “Computer Theft,” provides in pertinent part, as follows:
(a) Computer theft. Any person who uses a computer or computer network with knowledge that such use is without authority and with the intention of:
(1) Taking or appropriating any property of another, whether or not with the intention of depriving the owner of possession;
(2) Obtaining property by any deceitful means or artful practice; or
(3) Converting property to such person’s use in violation of an agreement or other known legal obligation to make a specified application or disposition of such property shall be guilty of the crime of computer theft.

The computer must be used without authority.

First, to be charged with Computer Theft in Georgia it must be proven that the computer was used “without authority” to copy the the files from the computer server, computer hard drive or cloud server.  Many people accused of computer theft have a valid password and user name to access the server at issue and copy the files.  Many times these types of charges will be alleged in the process of a business dispute or separation.  The first step in representation is to define the relationship between the accused and the allegel victim. Was the accused held out to the public as a partner or represented to clients as a partner?   Does or did the accused at anytime in the past have a username and password? Did the accused have a username and password on the date alleged that the files were accessed on server or hard drive? 

Was there a policy regarding data usage at the business? Was there a poilcy to keep client files confidential?   Is the accused or victim subject to state or federal rules and standards for maintaining the data at issue.   Furthermore, standard employer and employee rules regarding employer property rights and trade secrets do not apply to many regulated professions such as attorneys who are independent professionals licensed by the State Bar of Georgia and whose primary duty of loyalty belongs to the client.  Dowd v. Dowd, 181 Ill 2d 460 (1998)(holding that lawyers are not bound by the same fiduciary constraints that apply to non-lawyer officers and directors who are seeking to leave positions in commercial entities.)
The definition of “without authority” under OCGA § 16-9-92(18) which reads as follows: “(18) “Without authority” includes the use of a computer or computer network in a manner that exceeds any right or permission granted by the owner of the computer or computer network.” The Federal statute on computer theft in 18 U.S.C. §1030(e)(6) is essentially indistinguishable and provides, “(6) the term “exceeds authorized access” means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter[.]”

The computer must be used without authority.

First, to be charged with Computer Theft in Georgia it must be proven that the computer was used “without authority” to copy the the files from the computer server, computer hard drive or cloud server.  Many people accused of computer theft have a valid password and user name to access the server at issue and copy the files.  Many times these types of charges will be alleged in the process of a business dispute or separation.  The first step in representation is to define the relationship between the accused and the allegel victim. Was the accused held out to the public as a partner or represented to clients as a partner?   Does or did the accused at anytime in the past have a username and password? Did the accused have a username and password on the date alleged that the files were accessed on server or hard drive? 

Was there a policy regarding data usage at the business? Was there a poilcy to keep client files confidential?   Is the accused or victim subject to state or federal rules and standards for maintaining the data at issue.   Furthermore, standard employer and employee rules regarding employer property rights and trade secrets do not apply to many regulated professions such as attorneys who are independent professionals licensed by the State Bar of Georgia and whose primary duty of loyalty belongs to the client.  Dowd v. Dowd, 181 Ill 2d 460 (1998)(holding that lawyers are not bound by the same fiduciary constraints that apply to non-lawyer officers and directors who are seeking to leave positions in commercial entities.)
The definition of “without authority” under OCGA § 16-9-92(18) which reads as follows: “(18) “Without authority” includes the use of a computer or computer network in a manner that exceeds any right or permission granted by the owner of the computer or computer network.” The Federal statute on computer theft in 18 U.S.C. §1030(e)(6) is essentially indistinguishable and provides, “(6) the term “exceeds authorized access” means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter[.]”

Without authority and real estate agents.

In the context of a real estate agent leaving a real estate agency, Georgia courts addressed the issue in  DuCom v. State, 288 Ga. App. 555, 654 S.E.2d 670 (2007) where a salaried real estate agent who considered herself a partner in the business who downloaded data on the same day as negotiations with her principals broke down was “without authority” under OCGA 16-9-93(a).  First, DuCom was not a partner in the business enterprise (Compare with a lawyer subject to the provisions of the Georgia Bar Rules. Ga. R.P.C. 7.5(d)(“Lawyers may state or imply that they practice in a partnership or other organization only when that is the fact.”) Second, the computer client list at issue in DuCom was stored in a password protected computer program, and the client list was not permitted to be copied or used outside the office. DuCom, 654 SE2d at 672. Many firms have no such policy prohibiting the copying of firm files.  Was the accused issued a firm laptop for use outside of the office that could access the firm files from that laptop computer on the firm’s cloud data service? 
 
The DuCom Court made clear that the downloading of data was without authority because it was done immediately after the real business sale negotiations were terminated.

With One Click or Call We Can Begin Working on Your Georgia DUI Case

Online Case Evaluation or CALL (404) 333-0706

Without authority and vindictive and retaliatory conduct.

The DuCom Court cited Fugarino v. State, 243 Ga. App. 268, 270 (2000) for the proposition that a jury may infer a computer trespass was without authority based on an employee’s vindictive or retaliatory conduct.  The vindictive and retaliatory conduct in DuCom included, “The remaining C & D employees came to work the next day and found a property management office that had been left barren, “cleaned out.” The computer server was turned off, the hard copies of client files were missing, the fax and credit card phone lines had been sabotaged, and office supplies and equipment were missing. When C & D finally restored its computer service, it discovered that entire databases were missing, including the computer operating files for the homeowner association clients. Even the C & D property management website had been transferred to Real Escapes, Inc.”

Without authority and Attorneys copying client files and practice forms before they leave the firm.

Many attorneys will copy computer client files, practice forms and reference files from a law firm before they leave an old firm. While there is mention in the fact section of the DuCom opinion of a duty of loyalty of a real estate agent to her broker, section 4 of the DuCom opinion which addresses OCGA § 16-9-93 does not even mention the word loyalty. DuCom, 654 SE2d at 675-676. To suggest that the DuCom opinion adopts an intent-based approach to the element “without authority” under OCGA § 16-9-93(a) based upon the breach of a duty of loyalty is simply false. Clearly, the DuCom Court by citing Fugarino, supra, is utilizing a standard of vindictiveness and retaliation to rise to the level of a current employee being “without authority” under O.C.G.A. § 16-9-93.

Without authority and computer programmers.

In Fugarino v. State, supra, Fugarino worked as a computer programmer for company that designed software.  Id.  Fugarino became a difficult employee.  Id.  On the day of the computer trespass, Fugarino went “berserk” when he found out another another technical support employee was hired by the company.  Id.  Fugarino became enraged.  Id.  He told another employee that someone had been hired to take his place, the computer code was his product, that no one else was going to work on the computer code, that nobody was going to take his place, and he was going to take his computer code with him.  Id.  Fugarino was then observed deleting massive amounts of files.  Id.  It appeared that the whole system was being erased.  Id.  When confronted by the owner, Fugarino said that the computer code was his, the blood of his dead son was in that code, and the owner would never make any money from that code.  Id.  Ultimately Fugarino had to be removed from the company premises by the police.   Id.

When addressing the “without authority” element of OCGA 16-9-93, the Fugarino Court focused on the fact the employer testified that Fugarino did not have authority to “delete portions of the company’s program.”  Further, the Court found that the vindictive and retaliatory manner of Fugarino demonstrated that he knew deleting the data was “without authority” under OCGA 16-9-93.  See also,  Vurv Tech LLC v. Kenexa Corp, No. 1:08-cv-3442-WSD (July 20, 2009)(which had a strict data policy prohibiting “taking, copying, or making use of any data or supporting documentation from Vurv’s computer systems without permission” and further the Plaintiff in Vurv did not allege that the offending employees exceeded their authorized access or copied company data at a time when they were not authorized to access Plaintiff’s computers or computer system.); Ware v. Am. Recovery Sol. Servs., Inc. 324 Ga. App. 187, 749 S.E. 2d 775 (2013) (where an independent contractor who was contracted with by a debt collection firm accessed a computer program that he had written for the company using a company officer username and login, disabled the company logins, disabled the system, and held it ransom until he was paid the remainder of his money under the contract in violation of the terms of the contract between the parties.); Lyman v. Cellchem Int’l, Inc.,  300 Ga. 475, 796 S.E.2d 255 (2017)(the Supreme Court opinion simply states two former employees left a company and stole data and the Supreme Court found that OCGA 16-9-93, the GCSPA, does not support a claim for punitive damages – the only issue on certiorari.)

Creal-Icon

THE GEORGE C. CREAL JR. P.C. REAL DEAL GUARANTEE

The Real Deal Guarantee – You should never settle when choosing DUI representation. You deserve a DUI lawyer with experience and integrity, not a pretender. In a town with countless rookies and “plea lawyers,” George C. Creal Jr., P.C. is the real deal. We are an experienced, professional DUI defense firm ready to do anything within our power to ensure that our clients receive the best possible result in their DUI case. Our firm has a reputation for winning DUI cases and aggressively defending our DUI clients.

Learn More

Without authority and Graphic Artist portfolio.

In Wachovia Ins. Services, infra., and Sitton, infra, the Courts did not find computer trespass “without authority” under O.C.G.A. § 16-9-93 in the absence of retaliatory and vindictive behavior despite the data being used for a competing business and not in violation of any existing employer policy. In Wachovia Ins. Services, Inc. V. Fallon, 299 Ga.App. 440, 449 (2009), the Georgia Court of Appeals found that the Defendant’s use of her work computer during her prior employment with Wachovia to create a CD for her electronic portfolio as a graphics artist to use in her subsequent employment, standing alone, fails to establish that she did so with “knowledge that such use is without authority” and in violation of O.C.G.A. 16-9-93(a) titled, “Computer Theft.” Downloading data for use with a subsequent employer clearly violated a duty of loyalty to the previous employer but still does not rise to the level of being “without authority” under O.C.G.A. § 16-9-93.

Without authority and business’s computer data policy

In Sitton v. Print Direction, Inc, 312 Ga. App. 365 (2011), an employer was sued for computer theft under O.C.G.A 16-9-93 for printing a list of emails from his employee’s personal laptop while at the office after he received information that the employee was stealing clients. The employer’s computer usage policy allowed for the inspection of both company and personal computer equipment. Because access to the computer data was consistent with the Employer computer data policy, the Court found that the “without authority” element of O.C.G.A. § 16-9-93 could not be met and the computer theft claim failed. Any duty of loyalty is not an issue under O.C.G.A. § 16-9-93, rather the only issues are the violation of any know company policy or vindictive or retaliatory behavior.

Without authority and using Federal cases as persuasive authority.

Cases interpreting the Federal Computer Fraud and Abuse Act, codified at 18 U.S.C. § 1030 are directly applicable to Georgia Computer crimes charges of computer theft. The federal and state computer theft statutes are virtually identical. The definitions of “without authority” differ only semantically but deliver the identical meaning. OCGA § 16-9-92(18) reads as follows: “(18) “Without authority” includes the use of a computer or computer network in a manner that exceeds any right or permission granted by the owner of the computer or computer network.” By contrast, the Federal statute on computer theft in 18 U.S.C. §1030(e)(6) is essentially indistinguishable and provides, “(6) the term “exceeds authorized access” means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter[.]” If anything, the federal statute seems to be drafted more broadly than its Georgia counterpart.

This means that LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir 2009) is central to the analysis of any Georgia case. Again in Brekka, supra, the United States 9th Circuit Court of Appeals held that Brekka, an employee of a residential addiction treatment center, had not violated the Federal Computer Fraud and Abuse Act, when he emailed documents that he was authorized to obtain to his personal email account. Id. at 1129. The treatment center argued that Brekka obtained the documents he emailed without authorization because he later used them for his own personal interests. Id. at 1132. The treatment center had no policy prohibiting employees from emailing company documents to personal email accounts, and there was no dispute that Brekka had been authorized to obtain the documents or to send the emails while he was employed. Id. at 1129. Consequently, Brekka’s emailing the company documents to his personal email for personal reasons did not “exceed authorized access” of the federal computer theft statute in the absence of a violated company policy.

The decision in U.S. v. Rodriguez, 628 F.3d 1258 (11th Cir. 2006) provides no safe harbor for arguments misconstruing the case law addressing “without authority.” In Rodriguez, an employee of the Social Security Administration accessed government databases to track down old girlfriends and other love interests. He admitted that his use of computer system was personal and not for business reasons. The undisputed policy of the Social Security Administration was that use of databases to obtain personal information is authorized only when done for business reasons. The 11th Circuit did not disagree or split with Brekka, supra, but simply distinguished it finding that the treatment center in Brekka had no policy prohibiting employees from emailing company documents to personal email accounts, and there was no dispute that Brekka had been authorized to obtain the documents or to send the emails while he was employed. Id. citing, Brekka, 581 F.3d at 1129. The Rodriguez Court distinguished Brekka, supra, because the Social Security Administration told Rodriguez that he was not authorized to obtain personal information for nonbusiness reasons. Rodriguez, 628 F.3d at 1263.

The Questionable nature of Cloud Computer Data Services as a Computer or Computer Network for purposes of O.C.G.A. § 16-9-93.

Many prosecutors will attempt to expand the scope of O.C.G.A. § 16-9-93 to include cloud computing. However, Prosecutors can still not get around the language “..connected or directly related devices…” Computer Experts will testify that the cloud servers were not connected or directly related to local devices.

Cloud Computing Service on the open internet is not a “Computer” or “Computer Network” as defined by O.C.G.A. § 16-9-92 as applied to O.C.G.A. § 16-9-93. First, neither statute expressly references Cloud Computing or Internet data services. O.C.G.A. § 16-9-92 defines, “ Computer Network” as follows:
(2) “Computer network” means a set of related, remotely connected computers and any communications facilities with the function and purpose of transmitting data among them through the communications facilities.

The Cloud Computing Data Service was not “related, remotely connected computers” within the meaning of O.C.G.A. § 16-9-92(2). A criminal statute “must be construed strictly against criminal liability and, if it is susceptible to more than one reasonable interpretation, the interpretation most favorable to the party facing criminal liability must be adopted.” Fleet Finance of Ga. v. Jones, 263 Ga. 228(3), 231, 430 S.E.2d 352 (1993). If the legislature had intended O.C.G.A. 16-9-93 to included Cloud Computing Data Services then they would have expressly stated as much.

Many allegations of computer theft are simply business disputes and break ups gone bad. We have a great deal of experience getting these types of cases recognized as the civil disputes they really are and getting the criminal charges dismissed.

Without authority and computer programmers.

In Fugarino v. State, supra, Fugarino worked as a computer programmer for company that designed software.  Id.  Fugarino became a difficult employee.  Id.  On the day of the computer trespass, Fugarino went “berserk” when he found out another another technical support employee was hired by the company.  Id.  Fugarino became enraged.  Id.  He told another employee that someone had been hired to take his place, the computer code was his product, that no one else was going to work on the computer code, that nobody was going to take his place, and he was going to take his computer code with him.  Id.  Fugarino was then observed deleting massive amounts of files.  Id.  It appeared that the whole system was being erased.  Id.  When confronted by the owner, Fugarino said that the computer code was his, the blood of his dead son was in that code, and the owner would never make any money from that code.  Id.  Ultimately Fugarino had to be removed from the company premises by the police.   Id.

When addressing the “without authority” element of OCGA 16-9-93, the Fugarino Court focused on the fact the employer testified that Fugarino did not have authority to “delete portions of the company’s program.”  Further, the Court found that the vindictive and retaliatory manner of Fugarino demonstrated that he knew deleting the data was “without authority” under OCGA 16-9-93.  See also,  Vurv Tech LLC v. Kenexa Corp, No. 1:08-cv-3442-WSD (July 20, 2009)(which had a strict data policy prohibiting “taking, copying, or making use of any data or supporting documentation from Vurv’s computer systems without permission” and further the Plaintiff in Vurv did not allege that the offending employees exceeded their authorized access or copied company data at a time when they were not authorized to access Plaintiff’s computers or computer system.); Ware v. Am. Recovery Sol. Servs., Inc. 324 Ga. App. 187, 749 S.E. 2d 775 (2013) (where an independent contractor who was contracted with by a debt collection firm accessed a computer program that he had written for the company using a company officer username and login, disabled the company logins, disabled the system, and held it ransom until he was paid the remainder of his money under the contract in violation of the terms of the contract between the parties.); Lyman v. Cellchem Int’l, Inc.,  300 Ga. 475, 796 S.E.2d 255 (2017)(the Supreme Court opinion simply states two former employees left a company and stole data and the Supreme Court found that OCGA 16-9-93, the GCSPA, does not support a claim for punitive damages – the only issue on certiorari.)

Call (404) 333-0706 or email today for a FREE CONSULTATION.

Other computer crimes included in O.C.G.A. § 16-9-93 include: Computer Trespass, Computer Invasion of Privacy, Computer Forgery, and Computer Password Disclosure.

O.C.G.A. § 16-9-93(b) Computer Trespass.

Any person who uses a computer or computer network with knowledge that such use is without authority and with the intention of:
(1) Deleting or in any way removing, either temporarily or permanently, any computer program or data from a computer or computer network;
(2) Obstructing, interrupting, or in any way interfering with the use of a computer program or data; or
(3) Altering, damaging, or in any way causing the malfunction of a computer, computer network, or computer program, regardless of how long the alteration, damage, or malfunction persists shall be guilty of the crime of computer trespass.

O.C.G.A. § 16-9-93(c) Computer Invasion of Privacy.

Any person who uses a computer or computer network with the intention of examining any employment, medical, salary, credit, or any other financial or personal data relating to any other person with knowledge that such examination is without authority shall be guilty of the crime of computer invasion of privacy.

O.C.G.A. § 16-9-93 (d) Computer Forgery.

Any person who creates, alters, or deletes any data contained in any computer or computer network, who, if such person had created, altered, or deleted a tangible document or instrument would have committed forgery under Article 1 of this chapter, shall be guilty of the crime of computer forgery. The absence of a tangible writing directly created or altered by the offender shall not be a defense to the crime of computer forgery if a creation, alteration, or deletion of data was involved in lieu of a tangible document or instrument.

O.C.G.A. § 16-9-93(e) Computer Password Disclosure

Any person who discloses a number, code, password, or other means of access to a computer or computer network knowing that such disclosure is without authority and which results in damages (including the fair market value of any services used and victim expenditure) to the owner of the computer or computer network in excess of $500.00 shall be guilty of the crime of computer password disclosure.

O.C.G.A. § 16-9-93(h) Criminal Penalties for Georgia Computer crimes can be up to 15 years in state prison and fine of up to $50,000.00.

(1) Any person convicted of the crime of computer theft, computer trespass, computer invasion of privacy, or computer forgery shall be fined not more than $50,000.00 or imprisoned not more than 15 years, or both.
(2) Any person convicted of computer password disclosure shall be fined not more than $5,000.00 or incarcerated for a period not to exceed one year, or both.