9.6-6 Misuse of Computer System Information -- § 53a-251 (e) (3) and (4) and §§ 53a-252 through 53a-256
Revised to December 1, 2007
Note: The various types of computer crime are defined in § 53a-251. The degree of the offense is determined by the value of the property damaged or services stolen or interfered with. See § 53a-252 (first degree: exceeds $10,000), § 53a-253 (second degree: exceeds $5,000), § 53a-254 (third degree: exceeds $1,000), § 53a-255 (fourth degree: exceeds $500), and § 53a-256 (fifth degree: does not exceed $500). In addition, the value of the property or services is irrelevant if the defendant recklessly created a risk of serious physical injury, in which case it is third degree (e.g., interfering with the computer system of a medical or emergency organization).
The defendant is charged [in count __] with misuse of computer system information in the (first / second / third/ fourth / fifth) degree. The statute defining this crime reads in pertinent part as follows:
a person is guilty of the computer crime of misuse of computer system information when (he/she) <insert appropriate subsection:>
§ 53a-251 (e) (3): knowingly receives or retains data obtained in violation of subdivision (1) or (2) of this subsection.
§ 53a-251 (e) (4): uses or discloses data (he/she) knows or believes was obtained in violation of subdivision (1) or (2) of this subsection.
[<Insert if appropriate:> For the purposes of this statute, "person" means a natural person, corporation, limited liability company, trust, partnership, incorporated or unincorporated association and any other legal or governmental entity, including any state or municipal entity or public official. <Describe the status of the defendant as a person.>]
For you to find the defendant guilty of this charge, the state must prove the following elements beyond a reasonable doubt:
Element 1 - Data obtained in
violation of subsection (1) or (2)
The first element is that data was obtained in violation of subdivision (1) or (2) of this subsection. These subsections prohibit <insert specific prohibitions alleged and the specific allegations concerning how the data was obtained>.
Element 2 - Received / retained
/ used / disclosed data
The second element is that the defendant (received / retained / used / disclosed) the data. <Insert specific allegations.>
<See Intent: General, Instruction 2.3-1.>
Element 3 - Knowledge
The third element is that the defendant knew that the data had been unlawfully obtained. A person acts "knowingly" with respect to conduct or circumstances when (he/she) is aware that (his/her) conduct is of such nature or that such circumstances exist. <See Knowledge, Instruction 2.3-3.>
Element 4 - Value of property
or services / Risk of serious physical injury
[<If the state is alleging a dollar amount of damages:>
The fourth element is that the damage to or the value of the property or computer services <insert according to degree charged:>
First degree: exceeds $10,000.
Second degree: exceeds $5,000.
Third degree: exceeds $1,000.
Fourth degree: exceeds $500.
Fifth degree: is $500 or less.
The value of property or computer services is either 1) the market value of the property or computer services at the time of the crime; or 2) if the property or computer services are unrecoverable, damaged or destroyed as a result of the crime, the cost of reproducing or replacing the property or computer services at the time of the crime. When the value of the property or computer services or damage to the property or the services cannot be satisfactorily ascertained, the value shall be deemed to be two hundred fifty dollars. The value of private personal data shall be deemed to be one thousand five hundred dollars.1
[<If there are multiple items and their values can be aggregated:> In making this determination, you may add or aggregate the value of the property involved. You can only aggregate amounts if the thefts were committed pursuant to one scheme or course of conduct, whether from the same or several persons.2]
[<If the state is alleging reckless conduct:>3
The fourth element is that the defendant engaged in conduct that created a risk of serious physical injury to another person. A person acts "recklessly" with respect to a result or circumstances when (he/she) is aware of and consciously disregards a substantial and unjustifiable risk that such result will occur or that such circumstances exist. <See Recklessness, Instruction 2.3-4.>
"Serious physical injury" is something more serious than mere physical injury, which is defined as "impairment of physical condition or pain." It is more than a minor or superficial injury. It is defined by statute as "physical injury which creates a substantial risk of death, or which causes serious disfigurement, serious impairment of health or serious loss or impairment of the function of any bodily organ."]
In summary, the state must prove beyond a reasonable doubt that 1) data was obtained by <insert specific allegations>, 2) the defendant (received / retained / used / disclosed) the data, 3) the defendant knew that the data had been obtained unlawfully, and 4) <insert the value of the damages or the allegations of recklessness>.
If you unanimously find that the state has proved beyond a
reasonable doubt each of the elements of the crime of misuse of computer system
information in the (first / second / third/ fourth / fifth) degree, then you
shall find the defendant guilty. On the other hand, if you unanimously find
that the state has failed to prove beyond a reasonable doubt any of the
elements, you shall then find the defendant not guilty.
1 General Statutes § 53a-259.
2 General Statutes § 53a-258.
Reckless conduct that creates a risk of serious physical injury to another
person is computer crime in the third degree. General Statutes § 53a-254.