The Dallas Court of Appeals recently decided a civil case involving claims under Texas’ unauthorized access of computer law that provides some helpful guidance for this relatively new law that has very little case law construing it. The 3 takeaways that follow are the key legal principles that apply to this law as set forth in the case Miller v. Talley Dunn Gallery, LLC, 2016 WL 836775 (Tex. App.–Dallas, Mar. 3, 2016).
Texas’ unauthorized access of computers law is titled Breach of Computer Security, Chapter 33, Section 33.02 of the Texas Penal Code, a criminal law that has a civil cause of action if the conduct constituting the violation was committed knowingly or intentionally, Chapter 143 of the Texas Civil Practice and Remedies Code, titled Harmful Access by Computer Act (HACA). This law was amended effective September 1, 2015, which is discussed in another post.
The Miller v. Talley Dunn Gallery, LLC, case is one of the few civil cases construing either the amended version of the law, or its predecessor. Here are the 3 key legal principles to take from this case:
3 Key Legal Principles for Texas’ Unauthorized Access Law (HACA)
- A cell phone is a “computer” for purposes of HACA (“In reality, ‘a modern cell phone is a computer ….'”).
- Examining a phone log and text messages from a cell phone necessarily requires retrieving the data on the phone which constitutes an “access” of a computer under HACA.
- The misguided belief that, because a cell phone used exclusively by one spouse may technically constitute “community property,” the other spouse has “effective consent” to access the data on the cell phone, is absolutely false. “Nothing in chapter 33 of the penal code incorporates community property law for the purpose of establishing ownership of the computer. Rather, the statute defines ‘owner’ as a person who: (1) has title to the property, possession of the property, whether lawful or not, or a greater right to possession of the property than the actor; (2) has the right to restrict access to the property; or (3) is the licensee of data or computer software.” Note, the Court’s fact-intensive approach to analyzing this issue is very important: Because both spouses agreed that the phone belonged to one spouse, she used it on a daily basis, it was the only way to reach her, she had the right to place a password on the phone, and had at various times restricted access to it by the password, and the other spouse accessed the phone at night when she was asleep and not using it, the evidence showed she had a greater right to possession of the phone.
Based upon several discussions I have had since publishing this post, I need to make this point clear: I have not thoroughly researched this issue as it pertains to family law cases, however, in my past research on other issues, when I have seen family law cases dealing with “unauthorized access” issues nationwide, the way the Dallas Court of Appeals handled it is the prevailing view — but only when the device is clearly used by only one spouse or the other — this is definitely not the case in instances of things such as family computers, jointly used devices, etc.
This is only the rule in cases where the device is treated by the parties as being only one spouse’s or the others, despite the technicality that it’s true property ownership may be “community property.” In cases where devices are shared, the prevailing view is that both have a right to access the device.
Now, where this gets trickier is in a situation where you may have a family computer, that is jointly used by both spouses, but one spouse then uses that family computer device (which is proper) to surreptitiously access an online account such as Facebook, Gmail, etc. that is exclusively the other spouses, because such accounts are considered to be separate “computers” within these laws, which depending upon how the access was gained, would be prohibited by these laws.
Given the popularity of and amount of discussion this post has generated, I may share more on these issues — let me know in the comments if you’d be interested in hearing more!
Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He is a Cybersecurity & Data Protection Partner at Scheef & Stone, LLP, a full-service business law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.