Unauthorized Access to Stored Computer Files, Password or PIN(s)

Categories: Info Articles

Unauthorized Access to Stored Computer Files, Password or PIN(s)

by Curtis J. Romanowski, Esq.

Accessing e-mails or computer files by a spouse with the help of PIN(s) or Password of the other, but without their permission, is a clear violation of the Wiretap Statute. Nevertheless, it is a violation only if the information is in the transmission stage and not if it is in the post-transmission storage. Additionally, such illegal access of computer-related theft could summon criminal penalties too, under the aegis of a common-law tort of invasion of seclusion or invasion of privacy.
ex:

What is Wiretap Violation?

The basic rule of Wiretap Violation of the New Jersey Wiretap and Electronic Surveillance Control Act is that it is illegal to intercept any electronic, wire, or oral communications through mechanical, electronic, or any other devices. (N.J.S.A. 2A:156A-1, et seq). Hence, a spouse recording or retrieving e-mail transmissions or any other communication of the other spouse is an illegal act.

Nevertheless, there is an exception to this. A New Jersey trial court upholds that retrieving stored e-mail from the hard drive of the family’s computer does not amount to any unlawful access to stored electronic communications and is therefore not in violation of the New Jersey Wiretap Statute. This has reference to the following case:

White v. White, 344 N.J. Super 211 (Ch. Div. 2001)

In this case, the wife was accessing information by scouting through the different directories on the hard drive of the family’s computer. The Union County Court upheld the fact that this was not any act of wiretap violation.

The Court therefore drew a line of distinction between e-mails in active transmission and those in post transmission storage. E-mails in post transmission storage are outside definition of the ‘electronic storage, as defined in the New Jersey Wiretap Act. Therefore, the wife having access to the family’s computer in the family room could access, retrieve, and use the husband’s e-mails stored in the family computer’s hard drive.

The wife does not need consent of the husband to use a Password or PIN (Personal Identification Number). The Court’s reasoning was that the husband could not have any objective reasonable expectation of privacy in the e-mails stored in the family’s computer as everyone had access to it and hence, there was no question of any privacy.

N.J.S.A. 2A:156A-27

According to The New Jersey Wiretap Statute, it is an offense invoking criminal penalties to access stored communications unlawfully.

The Statute states:

a. A person is guilty of a crime of the fourth degree if he (1) Knowingly accesses a facility, providing electronic communication service without authorization or accesses the facility exceeding an authorization and

(2) Thereby alters, obtains, or prevents authorized access to electronic communication or a wire while it is still in electronic storage.

a. A person is guilty of a crime of the third-degree if he for the purpose of private commercial gain, commercial advantage, or malicious destruction or damage,

(1) Knowingly accesses a facility, providing electronic communication service without authorization or accesses the facility exceeding an authorization and (2) Thereby alters, obtains, or prevents authorized access to an electronic communication or a write while it is still in electronic storage.

State v. Gaikwad, 349 N.J. Super 62 (App. Div. 2002)

In this case, the Defendant accessed accounts of various individuals, copied, and read their electronic mail and received sensitive information by accessing ATT’s computer system without authorization. The Appellate Division in Gaikwad defended Mr. Gaikwad’s conviction under N.J.S.A. 2A:156A-27b.

The Court’s ruling was that Gaikwad’s unauthorized and deliberate access, reading and copying of an electronic mail in storage in another’s mailbox is in violation to N.J.S.A. 2A:156A-27b. However, this ruling is in conflict with the trial court’s holding in White v. White. In the latter case, the court upheld that the statute is inapplicable to electronic communications received by the recipient and placed in post-transmission storage.

Theft of Computer Data

According to N.J.S.A. 2C:20-25

“A person is guilty of theft if he knowingly or purposely and without authorization:

(a) Alters, takes, damages, or destroys any data, computer program, database, computer software or computer equipment present internally or externally to a computer, computer system or computer network,

(b) Alters, takes, damages, or destroys a computer, computer system or computer network,

(c) accesses or tries to access any computer, computer system or computer network for executing a scheme or fraud, or to obtain services, property or money, from the owner of a computer or any third-party, or

(d) Alters, tampers with, obtains, intercepts, damages, or destroys a financial instrument.”

If any party uses any evidence or financial records in a divorce action, such information has little or no monetary value. According to N.J.S.A. 2C:20-29, it will be a petty disorderly person’s offense. The law defines the crime as:

‘A person is guilty of petty disorderly person’s offense if he knowingly or purposely accesses and recklessly alters, destroys, damages, or obtains any data, database, computer, computer program, computer software, computer equipment, computer system, or computer network with a value of $200 or less.
2C:20-30. Damage or Wrongful Access to Computer System, No Accessible Damage; Degree of Crime
(L.1984, c.184, Sub. Section 9, eff. March 14, 1985)

A person is guilty of third-degree crime if he without authorization and purposely accesses, alters, destroys, or damages any parts of a computer system or the total system, where the accessing and altering cannot be assessed any monetary value or loss.

2C:20-31. Disclosure of Data from Wrongful Access; No assessable Damage; Degree of Crime
(L.1984, c.184, Sub. Section 10, eff. March 14, 1985)

A person is guilty of third-degree crime if he without authorization and purposely accesses any of the parts of a computer system or the total system itself and directly or indirectly discloses or causes to be disclosed data, data base, computer software or computer programs, where the accessing and disclosing cannot be assessed any monetary value or loss.

2C:20-32. Wrongful Access to Computer; Lack of Damage or Destruction; Disorderly Persons Offense
L.1984, c.184, Sub. Section 11, eff. March 14, 1985.

A person is guilty of a disorderly person’s offense if he purposely and without authorization accesses a computer or any of its parts but this does not result in the altering, damaging or destruction of any property or services.

Therefore, the conclusions drawn are that unauthorized use of PIN(s) or Password for receiving data stored in computers could be:
(a) data obtained from a computer system like a network of a corporation, business, or financial institution, or
(b) data unlawfully retrieved from a stand-alone computer.

The criminal penalties would apply based on the kind of violation. According to the Court’s ruling in Gaikwad case, the unlawful use of PIN(s) or Password to obtain records or information stored in computers fall into two different categories:

(1) N.J.S.A. 2C: 20-30 (wrongful access or damage to computer system) – Data retrieved from a computer system; for example, a company or corporation’s network, financial institution or business house.

(2) N.J.S.A. 2C:20-25 (computer related theft), N.J.S.A. 2C:20-29 and/or N.J.S.A. 2C:20-32 (wrongful access to computer) – Data illegally retrieved from an individual or stand-alone computer.

Besides the above, there is a common-law tort of invasion of privacy. Accordingly, an individual can be sued on the common-law cause of action, if a spouse obtains or steals the data or information in an offensive manner.

However, it is not clear whether accessing an electronically stored information or data in the post-transmission storage is a crime under N.J.S.A. 201256A-27(b).

Conclusion:

New Jersey Divorce actions in unauthorized access to computer systems, stores files, PIN(s) or password(s) is evolving. The common-law tort of invasion of privacy offers a civil remedy if the unauthorized access of information is received from a person’s computer.

If the unauthorized access is from an electronic storage device (for example a computer system), there is a common-law tort of invasion of privacy. A spouse can also receive a civil remedy under the New Jersey Wiretap Statute. Besides, unauthorized access of a computer system will violate the criminal statutes of N.J.S.A. 2C:20-25, N.J.S.A. 2C:20-31, N.J.S.A. 2C:20-32 and N.J.S.A. 2C:20-30, or any one or combination of the above.

Therefore, if a person uses a PIN or Password or otherwise obtains personal data or information without permission of the spouse that deliberately intrudes on privacy, there is a remedy under the New Jersey law.

– CJR