76-6-703.  Unlawful computer technology access or action or denial of service attack.

(1)  Terms defined in Sections 76-1-101.5 and 76-6-702 apply to this section.

Attorney's Note

Under the Utah Code, punishments for crimes depend on the classification. In the case of this section:
ClassPrisonFine
class A misdemeanorup to 364 daysup to $2,500
class B misdemeanorup to 6 monthsup to $1,000
For details, see Utah Code § 76-3-204
criminal case

Have a question?
Click here to chat with a criminal defense lawyer and protect your rights.

Terms Used In Utah Code 76-6-703

  • Access: means to directly or indirectly use, attempt to use, instruct, communicate with, cause input to, cause output from, or otherwise make use of any resources of a computer, computer system, computer network, or any means of communication with any of them. See Utah Code 76-6-702
  • Actor: means a person whose criminal responsibility is in issue in a criminal action. See Utah Code 76-1-101.5
  • Authorization: means having the express or implied consent or permission of the owner, or of the person authorized by the owner to give consent or permission to access a computer, computer system, or computer network in a manner not exceeding the consent or permission. See Utah Code 76-6-702
  • Computer: means any electronic device or communication facility that stores, processes, transmits, or facilitates the transmission of data. See Utah Code 76-6-702
  • Computer technology: includes :
    (a) a computer;
    (b) a computer network;
    (c) computer hardware;
    (d) a computer system;
    (e) a computer program;
    (f) computer services;
    (g) computer software; or
    (h) computer data. See Utah Code 76-6-702
  • Conduct: means an act or omission. See Utah Code 76-1-101.5
  • Confidential: means data, text, or computer property that is protected by a security system that clearly evidences that the owner or custodian intends that it not be available to others without the owner's or custodian's permission. See Utah Code 76-6-702
  • Denial of service attack: means an attack or intrusion that is intended to disrupt legitimate access to, or use of, a network resource, a machine, or computer technology. See Utah Code 76-6-702
  • Discovery: Lawyers' examination, before trial, of facts and documents in possession of the opponents to help the lawyers prepare for trial.
  • Entitlement: A Federal program or provision of law that requires payments to any person or unit of government that meets the eligibility criteria established by law. Entitlements constitute a binding obligation on the part of the Federal Government, and eligible recipients have legal recourse if the obligation is not fulfilled. Social Security and veterans' compensation and pensions are examples of entitlement programs.
  • Identifying information: means a person's:
    (i) social security number;
    (ii) driver license number;
    (iii) nondriver governmental identification number;
    (iv) bank account number;
    (v) student identification number;
    (vi) credit or debit card number;
    (vii) personal identification number;
    (viii) unique biometric data;
    (ix) employee or payroll number;
    (x) automated or electronic signature; or
    (xi) computer password. See Utah Code 76-6-702
  • Interactive computer service: means an information service, system, or access software provider that provides or enables computer access by multiple users to a computer server, including a service or system that provides access to the Internet or a system operated, or services offered, by a library or an educational institution. See Utah Code 76-6-702
  • License or entitlement: includes :
    (a) licenses, certificates, and permits granted by governments;
    (b) degrees, diplomas, and grades awarded by educational institutions;
    (c) military ranks, grades, decorations, and awards;
    (d) membership and standing in organizations and religious institutions;
    (e) certification as a peace officer;
    (f) credit reports; and
    (g) another record or datum upon which a person may be reasonably expected to rely in making decisions that will have a direct benefit or detriment to another. See Utah Code 76-6-702
  • Person: means an individual, public or private corporation, government, partnership, or unincorporated association. See Utah Code 76-1-101.5
  • Property: includes both real and personal property. See Utah Code 68-3-12.5
  • Security system: means a computer, computer system, network, or computer property that has some form of access control technology implemented, such as encryption, password protection, other forced authentication, or access control designed to keep out unauthorized persons. See Utah Code 76-6-702
  • Service provider: means a telecommunications carrier, cable operator, computer hardware or software provider, or a provider of information service or interactive computer service. See Utah Code 76-6-702
  • State: when applied to the different parts of the United States, includes a state, district, or territory of the United States. See Utah Code 68-3-12.5
  • United States: includes each state, district, and territory of the United States of America. See Utah Code 68-3-12.5
    • (2)  An actor commits unlawful computer technology access or action or denial of service attack if the actor:

    (a)  without authorization, or in excess of the actor’s authorization, accesses or attempts to access computer technology if the access or attempt to access results in:

    (i)  the alteration, damage, destruction, copying, transmission, discovery, or disclosure of computer technology;

    (ii)  interference with or interruption of:

    (A)  the lawful use of computer technology; or

    (B)  the transmission of data;

    (iii)  physical damage to or loss of real, personal, or commercial property;

    (iv)  audio, video, or other surveillance of another person; or

    (v)  economic loss to any person or entity;

    (b)  after accessing computer technology that the actor is authorized to access, knowingly takes or attempts to take unauthorized or unlawful action that results in:

    (i)  the alteration, damage, destruction, copying, transmission, discovery, or disclosure of computer technology;

    (ii)  interference with or interruption of:

    (A)  the lawful use of computer technology; or

    (B)  the transmission of data;

    (iii)  physical damage to or loss of real, personal, or commercial property;

    (iv)  audio, video, or other surveillance of another person; or

    (v)  economic loss to any person or entity; or

    (c)  knowingly engages in a denial of service attack.

    (3)  A violation of Subsection (2) is:

    (a)  a class B misdemeanor if:

    (i)  the economic loss or other loss or damage caused or the value of the money, property, or benefit obtained or sought to be obtained is less than $500; or

    (ii)  the information obtained is not confidential;

    (b)  a class A misdemeanor if the economic loss or other loss or damage caused or the value of the money, property, or benefit obtained or sought to be obtained is or exceeds $500 but is less than $1,500;

    (c)  a third degree felony if:

    (i)  the economic loss or other loss or damage caused or the value of the money, property, or benefit obtained or sought to be obtained is or exceeds $1,500 but is less than $5,000;

    (ii)  the property or benefit obtained or sought to be obtained is a license or entitlement;

    (iii)  the damage is to the license or entitlement of another person;

    (iv)  the information obtained is confidential or identifying information; or

    (v)  in gaining access the actor breaches or breaks through a security system; or

    (d)  a second degree felony if the economic loss or other loss or damage caused or the value of the money, property, or benefit obtained or sought to be obtained is or exceeds $5,000.

    (4) 

    (a)  It is an affirmative defense that the actor obtained access or attempted to obtain access:

    (i)  in response to, and for the purpose of protecting against or investigating, a prior attempted or successful breach of security of computer technology whose security the actor is authorized or entitled to protect, and the access attempted or obtained was no greater than reasonably necessary for that purpose; or

    (ii)  pursuant to a search warrant or a lawful exception to the requirement to obtain a search warrant.

    (b)  In accordance with 47 U.S.C. § 230, this section may not apply to, and nothing in this section may be construed to impose liability or culpability on, an interactive computer service for content provided by another person.

    (c)  This section does not affect, limit, or apply to any activity or conduct that is protected by the constitution or laws of this state, or by the constitution or laws of the United States.

    (5) 

    (a)  An interactive computer service is not guilty of violating this section if a person violates this section using the interactive computer service and the interactive computer service did not knowingly assist the person to commit the violation.

    (b)  A service provider is not guilty of violating this section for:

    (i)  action taken in relation to a customer of the service provider, for a legitimate business purpose, to install software on, monitor, or interact with the customer’s Internet or other network connection, service, or computer for network or computer security purposes, authentication, diagnostics, technical support, maintenance, repair, network management, updates of computer software or system firmware, or remote system management; or

    (ii)  action taken, including scanning and removing computer software, to detect or prevent the following:

    (A)  unauthorized or fraudulent use of a network, service, or computer software;

    (B)  illegal activity; or

    (C)  infringement of intellectual property rights.

    Amended by Chapter 111, 2023 General Session

      Previous section
    Next section  
     Part 7 Contents

    LawServer is used by

    New York Times, IRS, USDA, UCLA, DOT