House Bill

§708-895.7 Unauthorized computer access in the third degree. (1) A person commits the offense of unauthorized computer access in the third degree if the person knowingly accesses a computer, computer system, or computer network without authorization.

(2) Unauthorized computer access in the third degree is a class C felony. [L 2001, c 33, pt of §1; am L 2012, c 293, §6]

COMMENTARY ON §§708-890 TO 708-895.7

Act 225, Session Laws 1992, repealed former §§708-890 to 708-896 and added this part [§§708-890 to 708-893] to expand the degree of protection afforded to individuals and organizations from persons who tamper, interfere, damage, and gain unauthorized access to their computers, computer systems, software, and data. Finding that the growth in computer use has resulted in a similar growth in unauthorized access to computer systems, the legislature created two new offenses of "computer fraud" and "unauthorized computer use," both class C felonies. The legislature, however, recognized that other people, including harmless pranksters, students, or curious computer hackers, may gain unauthorized access to computer systems and do no damage to those systems. Although these people have committed a serious breach of privacy, they do not deserve to be charged with a class C felony; the legislature therefore created the affirmative defense of "entry without disruption," authorizing a court to dismiss a prosecution if, having regard for the nature of the alleged conduct and attendant circumstances, it finds that the defendant's conduct did not actually cause harm or damage to a computer system or network. The court must also file a written statement of its reasons for dismissal. Conference Committee Report No. 29.

Act 33, Session Laws 2001, strengthened the State's computer crime laws, by, among other things, replacing statutes relating to computer crimes with several new offenses and provisions to deter computer fraud, damage, and other computer-related perpetrations, allowing the forfeiture of property used in computer crimes, and updating computer-related definitions to reflect modern technology and for clarity. The legislature found that society was adopting at a rapid pace, computer technology to conduct activities of daily living. Computer technology was being utilized not only for purposes of business and recreation, but also for criminal activity. Thus, computer-related criminal activity was on the rise as society's dependence on computers increased. Senate Standing Committee Report No. 1508.

Act 3, Session Laws 2003, made a technical amendment to §708-890, by deleting the brackets around the word "retrieve" in the definition of "access."

Act 141, Session Laws 2006, amended §708-893 to include the use of a computer to obtain control over the property of the victim [to commit theft in the first or second degree]. The legislature found that the use of a computer to commit theft is a growing problem in Hawaii and the number of crimes perpetrated via the Internet is increasing. Using a computer as an instrument of the crime offers the perpetrator relative anonymity, a quick and easy mechanism to commit fraud, and the potential for sizable financial gain. Hawaii's statutes relating to computer fraud are inadequate for purposes of prosecuting internet fraud. The amendment of §708-893 would enable law enforcement to respond more efficiently to the various forms of computer crime. Senate Standing Committee Report Nos. 3116 and 3306.

Act 192, Session Laws 2012, amended §708-893(1) by: (1) establishing that knowingly using a computer to perform certain acts against a victim or intended victim of harassment under §711-1106, or harassment by stalking under §711-1106.5, constitutes the offense of use of a computer in the commission of a separate crime; and (2) clarifying that the offense of use of a computer in the commission of a separate crime also includes knowingly using a computer to pursue, surveil, contact, harass, annoy, or alarm a victim or intended victim. The legislature found that Act 192 would assist in combating cyberbullying and preventing the emotional harm caused by the dissemination of personal information of an individual, whether true or false, via the Internet or wireless cellular communications. Senate Standing Committee Report No. 3232.

Act 293, Session Laws 2012, amended §708-891 to update Hawaii's computer crime statutes by adding language mirroring Hawaii's identity theft statutes to better address the realities of modern cybercrime by changing the offense of computer fraud in the first degree from a class B felony to a class A felony. Act 293 was intended to streamline and update computer crime statutes to better address and combat cybercrime. Senate Standing Committee Report No. 3230, Conference Committee Report No. 36-12.

Act 293, Session Laws 2012, amended §708-891.5 to update Hawaii's computer crime statutes by adding language mirroring Hawaii's identity theft statutes to better address the realities of modern cybercrime by changing the offense of computer fraud in the second degree from a class C felony to a class B felony. Act 293 was intended to streamline and update computer crime statutes to better address and combat cybercrime. Senate Standing Committee Report No. 3230, Conference Committee Report No. 36-12.

Act 293, Session Laws 2012, added §708-891.6 to establish a new offense of computer fraud in the third degree as a class C felony to update Hawaii's computer crime statutes, adding language mirroring Hawaii's identity theft statutes to better address the realities of modern cybercrime. Act 293 was intended to streamline and update computer crime statutes to better address and combat cybercrime. Senate Standing Committee Report No. 3230, Conference Committee Report No. 36-12.

Act 293, Session Laws 2012, amended §708-895.5 to update Hawaii's computer crime statutes by adding language mirroring Hawaii's identity theft statutes to better address the realities of modern cybercrime by: (1) changing the offense of unauthorized computer access in the first degree from a class B felony to a class A felony; and (2) increasing the minimum value of information obtained that constitutes unauthorized computer access in the first degree from $5,000 to $20,000. Act 293 was intended to streamline and update computer crime statutes to better address and combat cybercrime. Senate Standing Committee Report No. 3230, Conference Committee Report No. 36-12.

Act 293, Session Laws 2012, amended §708-895.6 to update Hawaii's computer crime statutes by adding language mirroring Hawaii's identity theft statutes to better address the realities of modern cybercrime by changing the offense of unauthorized computer access in the second degree from a class C to a class B felony. Act 293 was intended to streamline and update computer crime statutes to better address and combat cybercrime. Senate Standing Committee Report No. 3230, Conference Committee Report No. 36-12.

Act 293, Session Laws 2012, amended §708-895.7 to update Hawaii's computer crime statutes by adding language mirroring Hawaii's identity theft statutes to better address the realities of modern cybercrime by changing the offense of unauthorized computer access in the third degree from a misdemeanor to a class C felony. Act 293 was intended to streamline and update computer crime statutes to better address and combat cybercrime. Senate Standing Committee Report No. 3230, Conference Committee Report No. 36-12.

Act 213, Session Laws 2014, (1) created and established as a class C felony the offense of computer damage in the third degree [(§708-892.6)] as knowingly accessing a computer, computer system, or computer network without authorization and recklessly causing damage; (2) redefined and increased to a class A felony the offense of computer damage in the first degree [(§708-892)] as intentionally causing or attempting to cause damage to a computer, computer system, or computer network that manages or controls any critical infrastructure and specified that the offense applies to damage to state and federal critical infrastructure; (3) redefined and increased to a class B felony the offense of computer damage in the second degree [(§708-892.5)] as knowingly causing the transmission of a program, information, code, or command, and thereby knowingly causing unauthorized damage to a computer, computer system, or computer network, or intentionally accessing a computer, computer system, or computer network without authorization, and thereby knowingly causing damage; and (4) added a new definition of "critical infrastructure" [(§708-890)]. The legislature found that existing law only applied when a perpetrator used a computer to damage another computer, such as by hacking or transmitting a computer virus. However, greater protections were needed for [computers managing or controlling] critical infrastructure, as damage to these computers jeopardized public health, safety, and security, regardless of how the damage occurred. Senate Standing Committee Report No. 2452, House Standing Committee Report No. 1100-14.

Act 231, Session Laws 2016, amended §708-893(1) by repealing a provision that subjects a person to a separate charge and enhanced penalty for using a computer to commit an underlying theft crime. The amendment implemented the recommendation made by the Penal Code Review Committee convened pursuant to House Concurrent Resolution No. 155, S.D. 1 (2015). The Penal Code Review Committee commented, on page 51 of its report:

Currently, the enhanced penalties for use of a computer in the commission of a separate crime converts first-degree theft into a class A felony and second-degree theft into a class B felony. The definition of "computer" for purposes of this section would appear to include devices such as smartphones. Given the prevalence of such devices and the widespread use of "computers" in today's society in general, imposing the enhanced penalties for the use of a computer in committing theft seems unduly harsh.

House Standing Committee Report No. 660-16.

Act 184, Session Laws 2021, amended §708-893 to add aggravated harassment by stalking to the list of offenses upon which the offense of use of a computer in the commission of a separate crime may be based. Act 184 also amended §708-894 to provide courts with the discretion to require the forfeiture of property used in computer crimes if the perpetrator was a minor, regardless of whether the minor owned the property. The legislature found that bullying, cyberbullying, and harassment are serious issues that hinder student well-being and achievement, especially when the targets are vulnerable youth. The legislature further found that although the department of education had recently implemented comprehensive efforts to address bullying, cyberbullying, and harassment in public schools, including the adoption of amended administrative rules that, among other things, provided expanded definitions of and complaint procedures for these forms of student misconduct, the transition to online classroom environments as a result of the coronavirus disease 2019 pandemic had exacerbated the problems of bullying, cyberbullying, and harassment of vulnerable youth. The legislature found that Act 184 would provide further incentive to parents and guardians to better ensure that their minor children would refrain from using electronic devices to perpetrate bullying, cyberbullying, and harassment. Senate Standing Committee Report No. 1213.

Act 239, Session Laws 2024, amended §708-893 to amend the offense of use of a computer in the commission of a separate crime to include violation of privacy in the first and second degrees. The legislature found that the use of a computer to commit a separate crime, such as hacking into someone's personal or financial information, has become increasingly prevalent. The legislature further found that including the offenses of violation of privacy in the first and second degrees under the offense of use of a computer in the commission of a separate crime would strengthen penalties against violators for conducting this type of illegal behavior. Accordingly, the legislature noted that Act 239 would strengthen law enforcement's ability to combat these types of computer crimes, provide an additional tool for prosecutors, and serve as a deterrent to prevent these types of crimes from occurring. Conference Committee Report No. 20-24, House Standing Committee Report No. 1459-24.