Georgia Computer Systems Protection Act
Georgia’s Computer Systems Protection Act, codified at O.C.G.A. Sections 16-9-90 through 16-9-94, criminalizes unauthorized access to computer systems, computer theft, computer trespass, computer invasion of privacy, and computer forgery. The Act defines key terms including computer, computer network, computer program, and computer data at O.C.G.A. Section 16-9-92. The Act addresses both the unauthorized access to computer systems and the misuse of computer systems to facilitate other crimes. Penalties range from misdemeanors for minor unauthorized access offenses to felonies carrying up to fifteen years imprisonment for computer theft and other serious offenses. The Act operates alongside federal prohibitions under the Computer Fraud and Abuse Act, 18 U.S.C. Section 1030, creating potential dual sovereignty prosecution risk.
Consider this scenario: You access a former employer’s computer system using login credentials that were never deactivated. Even though those credentials once belonged to you, using them after your employment ended may constitute computer trespass under Georgia law.
Computer Theft
Computer theft under O.C.G.A. Section 16-9-93(a) occurs when a person uses a computer or computer network with the intention of taking or appropriating the property of another, obtaining property by any deceitful means or artful practice, or converting property to the person’s own use in violation of an agreement or other known legal obligation. The offense is a felony carrying one to fifteen years imprisonment. ThGeorgia’s state must prove that the defendant accessed a computer or network, that the access was unauthorized or exceeded the scope of authorization, that the defendant intended to commit theft through the computer system, and that property was actually obtained or appropriated. Property in this context includes data, programs, financial instruments, services, and any other thing of value stored or transmitted through computer systems.
Computer Trespass
Computer trespass under O.C.G.A. Section 16-9-93(b) involves the unauthorized use of a computer or computer network with knowledge that such use is without authority. This encompasses accessing data, programs, or supporting documentation without authorization; introducing a computer contaminant such as a virus, worm, trojan, or other malware into a computer system; and altering, damaging, or destroying computer data, programs, or supporting documentation. Computer trespass is a misdemeanor for a first offense, punishable by up to twelve months imprisonment and a $5,000 fine. Subsequent offenses or offenses causing significant damage may be prosecuted as high and aggravated misdemeanors or felonies, and the court may order restitution for repair and recovery costs.
Computer Invasion of Privacy
Computer invasion of privacy under O.C.G.A. Section 16-9-93(c) occurs when a person uses a computer or computer network with the intention of examining any employment, medical, salary, credit, or other financial or personal data relating to any other person with knowledge that such examination is without authority. This provision addresses unauthorized access to another person’s private data regardless of whether the information is used for any further purpose. The offense is a misdemeanor but may be elevated based on the nature and sensitivity of the information accessed and the purpose of the access. A skilled defense attorney will evaluate whether the information accessed constitutes the type of personal data covered by the statute and whether the access was truly unauthorized.
Authorization as the Central Defense
Authorization is the most frequently litigated issue in computer crime prosecutions. If the defendant had permission to access the computer system, the unauthorized access element fails regardless of how the defendant used the information obtained. An effective defense strategy involves investigate the full scope of any authorization the defendant possessed, including employment agreements and acceptable use policies, terms of service for online platforms, explicit permissions from the system owner, and industry customs regarding access. The critical question is whether the defendant’s access exceeded the scope of legitimate authorization, a question that has generated extensive litigation under both state and federal law.
The U.S. Supreme Court in Van Buren v. United States, 593 U.S. 374 (2021), narrowed the scope of the federal CFAA’s “exceeds authorized access” provision, holding that an individual exceeds authorized access only when accessing areas of the computer not authorized, not when accessing authorized areas for unauthorized purposes. Your attorney’s practical approach is to argue that Van Buren’s reasoning applies by analogy to Georgia’s similarly worded statute.
Digital Evidence and Federal Exposure
Computer crime cases rely heavily on digital evidence including system access logs, network traffic records, IP address data, and forensic analysis of electronic devices. A well-prepared defense attorney will retain an independent digital forensics expert to examine the evidence, verify the integrity of forensic images, evaluate whether the digital evidence reliably connects the defendant to the alleged access, and assess attribution challenges. When the alleged crime involves a protected computer connected to the internet, federal prosecution under 18 U.S.C. Section 1030 may attach, carrying potentially higher penalties and different procedural requirements. A strong defense begins when your attorney evaluate federal exposure early and develop a coordinated defense strategy across both jurisdictions.