Article 5.5. Computer Crime
§ 18-5.5-101. Definitions
As used in this article 5.5, unless the context otherwise requires:
(1) “Authorization” means the express consent of a person which may include an employee’s job description to use said person’s computer, computer network, computer program, computer software, computer system, property, or services as those terms are defined in this section.
(2) “Computer” means an electronic, magnetic, optical, electromagnetic, or other data processing device which performs logical, arithmetic, memory, or storage functions by the manipulations of electronic, magnetic, radio wave, or light wave impulses, and includes all input, output, processing, storage, software, or communication facilities which are connected or related to or operating in conjunction with such a device.
(3) “Computer network” means the interconnection of communication lines (including microwave or other means of electronic communication) with a computer through remote terminals, or a complex consisting of two or more interconnected computers.
(4) “Computer program” means a series of instructions or statements, in a form acceptable to a computer, which permits the functioning of a computer system in a manner designed to provide appropriate products from such computer system.
(5) “Computer software” means computer programs, procedures, and associated documentation concerned with the operation of a computer system.
(6) “Computer system” means a set of related, connected or unconnected, computer equipment, devices, and software.
(6.3) “Damage” includes, but is not limited to, any impairment to the integrity of availability of information, data, computer program, computer software, or services on or via a computer, computer network, or computer system or part thereof.
(6.5) “Encoding machine” means an electronic device that is used to encode information onto a payment card.
(6.7) “Exceed authorized access” means to access a computer with authorization and to use such access to obtain or alter information, data, computer program, or computer software that the person is not entitled to so obtain or alter.
(7) “Financial instrument” means any check, draft, money order, certificate of deposit, letter of credit, bill of exchange, credit card, debit card, or marketable security.
(7.5) “Payment card” means a credit card, charge card, debit card, or any other card that is issued to an authorized card user and that allows the user to obtain, purchase, or receive goods, services, money, or anything of value from a merchant.
(8) “Property” includes, but is not limited to, financial instruments, information, including electronically produced data, and computer software and programs in either machine or human readable form, and any other tangible or intangible item of value.
(8.5) “Scanning device” means a scanner, reader, wireless access device, radio-frequency identification scanner, near-field communications technology, or any other electronic device that is used to access, read, scan, obtain, memorize, or store, temporarily or permanently, information from a payment card.
(9) “Services” includes, but is not limited to, computer time, data processing, and storage functions.
(10) To “use” means to instruct, communicate with, store data in, retrieve data from, or otherwise make use of any resources of a computer, computer system, or computer network.
§ 18-5.5-102. Cybercrime
(1) A person commits cybercrime if the person knowingly:
(a) Accesses a computer, computer network, or computer system or any part thereof without authorization; exceeds authorized access to a computer, computer network, or computer system or any part thereof; or uses a computer, computer network, or computer system or any part thereof without authorization or in excess of authorized access; or
(b) Accesses any computer, computer network, or computer system, or any part thereof for the purpose of devising or executing any scheme or artifice to defraud; or
(c) Accesses any computer, computer network, or computer system, or any part thereof to obtain, by means of false or fraudulent pretenses, representations, or promises, money; property; services; passwords or similar information through which a computer, computer network, or computer system or any part thereof may be accessed; or other thing of value; or
(d) Accesses any computer, computer network, or computer system, or any part thereof to commit theft; or
(e) Without authorization or in excess of authorized access alters, damages, interrupts, or causes the interruption or impairment of the proper functioning of, or causes any damage to, any computer, computer network, computer system, computer software, program, application, documentation, or data contained in such computer, computer network, or computer system or any part thereof; or
(f) Causes the transmission of a computer program, software, information, code, data, or command by means of a computer, computer network, or computer system or any part thereof with the intent to cause damage to or to cause the interruption or impairment of the proper functioning of or that actually causes damage to or the interruption or impairment of the proper functioning of any computer, computer network, computer system, or part thereof; or
(g) Uses or causes to be used a software application that runs automated tasks over the internet to access a computer, computer network, or computer system, or any part thereof, that circumvents or disables any electronic queues, waiting periods, or other technological measure intended by the seller to limit the number of event tickets that may be purchased by any single person in an online event ticket sale as defined in section 6-1-720, C.R.S.; or
(h) Solicits or offers to arrange a situation in which a minor may engage in prostitution, by means of using a computer, computer network, computer system, or any part thereof; or
(i) Directly or indirectly uses a scanning device to access, read, obtain, memorize, or store, temporarily or permanently, information encoded on the payment card without the permission of the authorized user of the payment card, and with the intent to defraud the authorized user, the issuer of the authorized user’s payment card, or a merchant; or
(j) Directly or indirectly uses an encoding machine to place information encoded on the payment card onto a different payment card without the permission of the authorized user of the payment card from which the information being reencoded was obtained, and with the intent to defraud the authorized user, the issuer of the authorized user’s payment card, or a merchant.
(2) (Deleted by amendment, L. 2000, p. 695, § 8, effective July 1, 2000.)
(3)
(a) Except as provided in subsections (3)(b), (3)(b.5), and (3)(c) of this section, if the loss, damage, value of services, or thing of value taken, or cost of restoration or repair caused by a violation of this section is:
(I) (Deleted by amendment, L. 2018.)
(II) Less than three hundred dollars, cybercrime is a class 3 misdemeanor;
(III) Three hundred dollars or more but less than seven hundred fifty dollars, cybercrime is a class 2 misdemeanor;
(IV) Seven hundred fifty dollars or more but less than two thousand dollars, cybercrime is a class 1 misdemeanor;
(V) Two thousand dollars or more but less than five thousand dollars, cybercrime is a class 6 felony;
(VI) Five thousand dollars or more but less than twenty thousand dollars, cybercrime is a class 5 felony;
(VII) Twenty thousand dollars or more but less than one hundred thousand dollars, cybercrime is a class 4 felony;
(VIII) One hundred thousand dollars or more but less than one million dollars, cybercrime is a class 3 felony; and
(IX) One million dollars or more, cybercrime is a class 2 felony.
(b) Cybercrime committed in violation of subsection (1)(a) of this section is a class 2 misdemeanor; except that, if the person has previously been convicted under this section or of any criminal act committed in any jurisdiction of the United States which, if committed in this state, would be a felony under this statute, cybercrime committed in violation of subsection (1)(a) of this section is a class 6 felony.
(b.5) Cybercrime committed in violation of subsection (1)(h), (1)(i), or (1)(j) of this section is a class 5 felony.
(c)
(I) Cybercrime committed in violation of subsection (1)(g) of this section is a class 1 misdemeanor.
(II) If cybercrime is committed to obtain event tickets, each ticket purchased shall constitute a separate offense.
(III) Subsection (1)(g) of this section shall not prohibit the resale of tickets in a secondary market by a person other than the event sponsor or promoter.
(d) Consistent with section 18-1-202, a prosecution for a violation of subsection (1)(g) of this section may be tried in the county where the event has been, or will be, held.
(4) Nothing in this section precludes punishment pursuant to any other section of law.