Skip to content
Blog | Technology

The Use of Physical Analogy in Georgia’s Computer Trespass Statute

Courts and commentators dispute the usefulness of physical analogies in interpreting computer crime statutes. But how should courts interpret a statute, like Georgia’s, for which the analogy appears essential?

By   and  Ryan C. Malone
14 min read

Author: Ryan C. Malone
Assistant Public Defender, Chattahoochee Judicial Circuit; J.D., Georgia State University College of Law; B.A., University of Texas at Austin. The views expressed herein are those of the author and do not reflect any policy or position of his employer.

The federal government and all fifty states have enacted computer crime statutes that prohibit, along with other conduct, unauthorized access to a computer.[1] Judicial and scholarly discourse has probed the extent to which legislatures sought to analogize unauthorized computer access to physical trespass upon another’s property.[2] And much ink has been spilled disputing the efficacy of such an analogy.[3] Proponents argue that longstanding precedent and well understood norms of physical trespass ought to inform the type of access proscribed.[4] For detractors, the analogy further muddies statutory language and criminalizes a breadth of harmless conduct.[5]

Georgia’s own computer trespass statute, enacted as part of the Georgia Computer Systems Protection Act of 1991 (GCSPA),[6] provides:

(b) Computer Trespass. Any person who uses a computer or computer network with knowledge that such use is without authority and with the intention of_:

       (1) Deleting or in any way removing, either temporarily or permanently, any computer program or data from a computer or computer network;

       (2) Obstructing, interrupting, or in any way interfering with the use of a computer program or data; or

       (3) Altering, damaging, or in any way causing the malfunction of a computer, computer network, or computer program, regardless of how long the alternation, damage, or malfunction persists shall be guilty of the crime of computer trespass.[7]

The statute is unique among its counterparts because of its evocation of trespassory language. First, the crime is expressly called “computer trespass” and not “computer tampering” or “unauthorized access” as the equivalent offense is called in other jurisdictions.[8] And second, the language of subsection 2 limits the proscribed conduct to that affecting the “use of a computer program or data” whereas other statutes require threshold pecuniary injury or establish only misdemeanor liability for unauthorized access without adverse effect.[9] This requirement, that an owner’s or authorized user’s use be adversely affected, mirrors Georgia’s criminal trespass statute, which prohibits, in relevant part, “knowingly and maliciously interfer[ing] with the possession or use of the property of another person without consent of that person.”[10] In interpreting Georgia’s criminal trespass statute, courts have repeatedly held that a trespasser need not enter upon another’s property to interfere with her use or possession but that merely preventing or hindering rightful access is unlawful interference.[11] This interference without entry is further reflected in case law construing Georgia’s civil trespass statute.[12] These similarities, in sum, show that although courts and commentators have sound reservations to the trespass analogy generally, the analogy has substantial bearing on Georgia’s computer trespass statute as it contemplates unauthorized interference with rightful use or enjoyment. Moreover, the statute’s use of a physical trespass analogy invites courts to draw comparisons to physical trespass in construing the conduct proscribed under subsection 2.

Since its enactment, there has been relatively little case law interpreting the statute.[13] Federal courts, although proceeding cautiously, have construed it in a manner consistent with physical trespass, finding unlawful interference when a rightful user’s access is denied or files are removed or altered, but not when information is merely accessed or duplicated.[14] In June 2021, the Georgia Supreme Court issued its opinion in Kinslow v. State and addressed directly the conduct proscribed under subsection 2 of Georgia’s computer trespass statute.[15] At trial, Mr. Kinslow was convicted of computer trespass based on evidence that he altered, without permission, his employer’s computer network such that he received a copy of all emails addressed to his supervisor to his own personal email address.[16] The court’s majority opinion, authored by Justice Nels S.D. Peterson, held that there was insufficient evidence to show that Mr. Kinslow acted with the intention of interfering with the use of data as proscribed.[17] In its opinion, the court relied heavily on contemporaneous dictionary entries, defining “interfere” as “hinder,” “hamper,” “infringe,” “to come into collision or opposition,” and “[t]o come between so as to be a hindrance or an obstacle.”[18] To these definiens, the court applied the canon against surplusage, among others, to ultimately interpret “interfering” to mean something “along the lines of coming in between so as to be a hindrance or an obstacle;” an interpretation that applies to conduct unique from that contemplated by the statutory terms “obstructing” and “interrupting” and excluded Mr. Kinslow’s conduct, which copied emails addressed to his supervisor, but did not hinder or impede the delivery of emails to his supervisor’s email address.[19]

The dissent, authored by Chief Justice Harold Melton, similarly relied on dictionaries defining “interfere” as “to come between so as to be a hindrance or an obstacle . . . to intervene or intrude in the affairs of others; meddle.”[20] However, the dissent found that the plain meaning of the phrase “in any way interfering” implored a broad, rather than narrow, construction and therefore applied to the changing of network settings and forwarding of emails.[21]

Marginal in this contest of dictionary entries and canons of interpretation was an examination of the grammatical object of interference, namely “the use of a computer program or data.”[22] In a footnote, the majority acknowledged “that interfering with data is not necessarily the same as interfering with ‘the use of’ data. But this case does not require us to examine any such distinction.”[23] This elision is grammatically peculiar. “Use” is the direct object of the transitive verb “interfering” in the phrase “interfering with the use of a computer program or data” whereas “computer program” and “data” are the indirect objects. As the direct object, “use” immediately specifies “interfering” and therefore is the contextual word most indicative of its meaning. The indirect objects, “computer program” and “data,” are subordinate and specify the use that is being interfered with, not the interference itself. This grammatical fastidiousness is particularly important when the transitive verb or direct object at issue is general or otherwise ambiguous,[24] as the court, in its reliance on dictionary and case law definitions of “interfering,” suggests.

More broadly, the court’s elision deferred inquiry into the relevance of trespass jurisprudence to its digital counterpart. The majority did cite a physical trespass case but only to support the general proposition that Georgia courts have narrowly interpreted “interfere.”[25] In that case, Huckaby v. Cheatham, the Georgia Court of Appeals held that a grantee, parking a vehicle on an easement interfered, i.e., would “check; hamper; hinder; infringe; encroach; trespass; disturb; intervene; intermeddle; interpose[,]” with the grantor’s full enjoyment of the easement as a matter of law.[26] The court in Huckaby did not exhibit a more discerning interpretation of “interfere” as much as it reiterated longstanding precedent regarding the scope of a grantor’s right to an exclusive easement.[27] In so far as Huckaby does provide a general, lexical interpretation of “interfere,” it does not appear narrower than the dissent’s interpretation in Kinslow nor does it militate against the dissent’s argument that the statutory phrase “in any way interfering” requires a broader meaning.

Had the court heeded the statute’s use of a physical trespass analogy and, in turn, availed itself of Georgia’s physical trespass jurisprudence, the judgment in Kinslow would have been the same but the reasoning quite different: computer trespass under subsection 2 requires an authorized user’s use of the computer program or data be adversely affected in a manner similar to trespassory interference. Accordingly, Mr. Kinslow’s conduct would not constitute computer trespass because he did not interfere with the use—the receipt, delivery, or accurate retention—of his supervisor’s email application and electronic communications data. In addition to being more textually sound, this reasoning, which places the interpretive weight less on the defendant’s conduct than on the adverse effect borne by an authorized user, has two advantages. First, it excludes harmless conduct for which authorization is unclear, a concern several justices expressed during oral argument.[28] And second, retaining a broad construction of the statutory terms specifying conduct—“obstructing,” “interrupting,” and “in any way interfering”—permits appropriately flexible application of a thirty-year-old statute to accommodate a rapidly changing cybersecurity landscape and range of cyberattack modalities.

  1. 18 U.S.C. § 1030; Ala. Code § 13A-8-112 (Westlaw through 2021 Reg. Sess. & 2021 First Spec. Sess.); Alaska Stat. Ann. §§ 11.46.740, 11.46.990 (West, Westlaw through Ch. 23, 33 of 2021 First Reg. Sess. of 32nd Leg.); Ariz. Rev. Stat. Ann. §§ 13-2316 to -2316.02 (Westlaw through First Spec. Sess. of 55th Leg. & First Reg. Sess. of 55th Leg.); Ark. Code Ann. §§ 5-41-101 to -206 (West, Westlaw through all acts passed by 2021 Reg. Sess. & 2021 First Extraordinary Sess. of 93rd Gen. Assemb.); Cal. Penal Code § 502 (West, Westlaw through Ch. 770 of 2021 Reg. Sess.); Colo. Rev. Stat. Ann. §§ 18-5.5-101 to -102 (West, Westlaw through First Reg. Sess. of 73rd Gen. Assemb. (2021)); Conn. Gen. Stat. Ann. §§ 53a-250 to -262 (West, Westlaw through 2021 Reg. Sess. & 2021 June Spec. Sess.); Del. Code Ann. tit. 11, §§ 931-941 (West, Westlaw through ch. 237 of 151st Gen. Assemb. (2021-2022)); Fla. Stat. Ann. §§ 815.01 to .07, 668.801 to .805 (West, Westlaw through 2021 First Reg. Sess. & Spec. “A” Sess. of 27th Leg.); Ga. Code Ann. §§ 16-9-90 to -94, 16-9-150 to -157 (West, Westlaw through 2021 Reg. Sess. of Ga. Gen. Assemb.); Haw. Rev. Stat. Ann. §§ 708-890 to -895.7 (West, Westlaw through 2021 Spec. Sess.); Idaho Code Ann. §§ 18-2201 to -2202 (West, Westlaw through Chs. 1 to 364 & S.J.R. No. 102 of 2021 First Reg. Sess. of 66th Idaho Leg.); 720 Ill. Comp. Stat. Ann. 5/17-50 to -55 (West, Westlaw through P.A. 102-178 of 2021 Reg. Sess.); Ind. Code Ann. §§ 35-43-1-7 to -8, 35-43-2-3 (West, Westlaw through 2021 First Reg. Sess. of 122nd Gen. Assemb.); Iowa Code Ann. §§ 715.1 to .8, 716.6B (West, Westlaw through 2021 Reg. Sess.); Kan. Stat. Ann. § 21-5839 (West, Westlaw through 2021 Reg. Sess. of Kan. Leg.); Ky. Rev. Stat. Ann. §§ 434.840 to .860 (West, Westlaw through 2021 Reg. & Spec. Sess. & Nov. 3, 2020 election); La. Stat. Ann. §§ 14:73.1 to .12 (Westlaw through 2021 Reg. Sess. & Veto Sess.); Me. Rev. Stat. Ann. tit. 17 A, §§ 431–437 (Westlaw through 2021 First Reg. Sess. & 2021 First Spec. Sess. of 130th Leg.); Md. Code Ann., Crim. Law § 7-301 to -304 (West, Westlaw through 2021 Reg. Sess. of Gen. Assemb.); Mass. Gen. Laws Ann. ch. 266, §§ 33a, 120f (West, Westlaw through Ch. 55 of 1st Ann. Sess.); Mich. Comp. Laws Ann. §§ 752.791 to .797 (West, Westlaw through P.A.2021, No. 91, of 2021 Reg. Sess., 101st Leg.); Minn. Stat. Ann. §§ 609.87 to .8913 (West, Westlaw through 2021 Reg. Sess. & 1st Spec. Sess.); Miss. Code Ann. §§ 97-45-1 to -33 (West, Westlaw through 2021 Reg. Sess.); Mo. Ann. Stat. §§ 569.095 to .099 (West, Westlaw through West ID No. 45 of 2021 First Reg. & First Extraordinary Sess. of 101st Gen. Assemb.); Mont. Code Ann. §§ 45-6-310 to -311 (West, Westlaw through 2021 Sess. of Mont. Leg.); Neb. Rev. Stat. Ann. §§ 28-1341 to -1349 (West, Westlaw through 1st Reg. Sess. & 1st Spec. Sess. of 107th Leg. (2021)); Nev. Rev. Stat. Ann. §§ 205.473 to .513 (West, Westlaw through Ch. 557 (End) of 81st Reg. Sess. (2021)); N.H. Rev. Stat. Ann. §§ 638:16 to :18 (Westlaw through 2021 Reg. Sess.); N.J. Stat. Ann. §§ 2C:20-23 to -34 (West, Westlaw through L.2021, c. 221 & J.R. No. 3); N.M. Stat. Ann. §§ 30-45-1 to -7 (West, Westlaw through First Reg. Sess. & First Spec. Sess., 55th Leg. (2021)); N.Y. Penal Law §§ 156.00 to .50 (McKinney, Westlaw through L.2021, Chs. 1 to 522); N.C. Gen. Stat. Ann. §§ 14-453 to -459 (West, Westlaw through S.L. 2021-105, S.L 2021-113 & 2021-140, of 2021 Reg. Sess. of Gen. Assemb.); N.D. Cent. Code Ann. §§ 12.1-06.1-01, 12.1-06.1-08 (West, Westlaw through 2021 Reg. Sess. of 67th Legis. Assemb.); Ohio Rev. Code Ann. §§ 2913.04, 2913.421 (West, Westlaw through File 48 of 134th Gen. Assemb. (2021-2022)); Okla. Stat. Ann. tit. 21, §§ 1951-1959 (West, Westlaw through First Reg. Sess. of 58th Leg. (2021)); Or. Rev. Stat. Ann. § 164.377 (West, Westlaw through 2021 Reg. Sess. of 81st Legis. Assemb. & 2021 First Spec. Sess. of 81st Legis. Assemb.); 18 Pa. Stat. and Cons. Stat. Ann. §§ 7601–7661 (West, Westlaw through 2021 Reg. Sess. Act 80); 11 R.I. Gen. Laws Ann. §§ 52.2-1 to -8 (West, Westlaw through Ch. 424 of 2021 Reg. Sess. of R.I. Leg.); S.C. Code Ann. §§ 16-16-10 to -40 (Westlaw through 2021 Act No. 116); S.D. Codified Laws §§ 43-43B-1 to -8 (Westlaw through 2021 Sess. Laws, Executive Order 2021-05 & Supreme Court Rule 21-12); Tenn. Code Ann. §§ 39-14-601 to -606 (West, Westlaw through 2021 First Reg. Sess. of 112th Tenn. Gen. Assemb.); Tex. Penal Code Ann. §§ 33.01 to -07 (West, Westlaw through 2021 Reg. & 2d Called Sess. of 87th Leg.); Utah Code Ann. §§ 76-6-701 to -705 (West, Westlaw through 2021 First Spec. Sess.); Vt. Stat. Ann. tit. 13, §§ 4101-4107 (West, Westlaw through Acts 1 through 76 (end) & M-1 through M-6 (end) of Reg. Sess. of 2021-2022 Vt. Gen. Assemb. (2021)); Va. Code Ann. §§ 18.2-152.1 to -152.15 (West, Westlaw through 2021 Reg. Sess. & 2021 Spec. Sess. I & includes 2021 Spec. Sess. II, c. 1); Wash. Rev. Code Ann. §§ 9A.90.010 to 90.110 (West, Westlaw through 2021 Reg. Sess. of Wash. Leg.); W. Va. Code Ann. §§ 61-3C 1 to -3C-21 (West, Westlaw through 2021 First Spec. Sess.); Wis. Stat. Ann. § 943.70 (West, Westlaw through 2021 Act 59-79); Wyo. Stat. Ann. §§ 6-3-501 to -507 (West, Westlaw through 2021 Gen. Sess. of Wyo. Leg.). See generally Christine LiCalzi, Computer Crimes, 54 Am. Crim. L. Rev. 1025 (2017) (surveying contemporary state and federal computer crimes statutes). ↩︎

  2. See, e.g., Laurent Sacharoff, Criminal Trespass and Computer Crime, 62 Wm. & Mary L. Rev. 571, 611–13 (2020) (examining the Computer Fraud and Abuse Act’s legislative history and state statutory schemes showing common language and structure between criminal trespass and computer trespass statutes). ↩︎

  3. See generally_ George H. Fibbe, Screen-Scraping and Harmful Cybertrespass After Intel, 55 Mercer L. Rev. 1011 (2004) (describing the use of property analogies in jurisprudence and scholarship about tortious computer trespass); Dan Hunter, Cyberspace as Place and the Tragedy of the Digital Anticommons, 91 Cal. L. Rev. 439, 447–52 (2003) (providing a concise history of the larger debate over analogizing cyberspace to physical space). ↩︎

  4. See generally Orin S. Kerr, Norms of Computer Trespass, 116 Colum. L. Rev. 1143 (2016); see also Orin S. Kerr, Trespass, Not Fraud: The Need for New Sentencing Guidelines in CFAA Cases, 84 Geo. Wash. L. Rev. 1544, 1564–67 (2016) (contending that CFAA sentences should no longer be calculated from the economic crimes guideline, as fraud crimes are, but from a new guideline in which consequential loss is weighed less heavily). ↩︎

  5. See, e.g., Hunter, supra note 3, at 475–83 (noting that the statutory terms “access” and “unauthorized” are easily confused when applied to the internet or remotely stored data); Sacharoff, supra note 2, at 640–47 (arguing for repeal of the federal crime of computer trespass). ↩︎

  6. The Georgia Computer Systems Protection Act of 1991 provides civil relief and criminal penalties for the offenses of computer theft, computer trespass, computer invasion of privacy, computer forgery, and computer password disclosure. Georgia Computer Systems Protection Act of 1991, 1991 Ga. Laws 1045 (codified as amended at Ga. Code Ann. §§ 16-9-93 (Supp. 1991)). See John C. Yates & Michael W. Mattox, Intellectual Property, 42 Mercer L. Rev. 295, 336–40 (1990), for a legislative history and account of notable cases regarding the earlier Georgia Computer Systems Protection Act of 1981. ↩︎

  7. Ga. Code Ann. § 16-9-93(b) (West, Westlaw through legis. passed at the 2021 Reg. Sess. of the Ga. Gen. Assemb.). ↩︎

  8. E.g., Ala. Code § 13A 8 112 (2021); Cal. Penal Code § 502 (West 2021); Conn. Gen. Stat. Ann. § 53a-251 (West 2021). ↩︎

  9. E.g., Wyo. Stat. Ann. § 6-3-506 (West 2021); Ohio Rev. Code Ann. § 2913.04 (West 2021); Wis. Stat. Ann. § 943.70(2) (West 2021). ↩︎

  10. Ga. Code Ann. § 16-7-21(a) (West, Westlaw through legis. passed at the 2021 Reg. Sess. of the Ga. Gen. Assemb.). ↩︎

  11. See Ball v. City of Atlanta, No. 08-cv-1694, 2009 WL 10656068, at *5 (N.D. Ga. Nov. 24, 2009) (positing that entry or presence on another’s property is “immaterial” in determining whether there was knowing interference with the owner’s possession or use); Kerr v. State, 387 S.E.2d 355, 357–58 (Ga. Ct. App. 1989) (evidence that a protestor interfered with patients’ access to a clinic was sufficient to support a criminal trespass conviction regardless of whether the protestor was on the clinic’s property). ↩︎

  12. Ga. Code Ann. § 51-9-1 (West, Westlaw through legis. passed at the 2021 Reg. Sess. of the Ga. Gen. Assemb.) (“[E]very act of another which unlawfully interferes with [] enjoyment [of private property] is a tort . . . .”); see also, e.g., Moss v. Thomson Co., 91 S.E.2d 485, 487 (Ga. 1956) (holding that an off-premises fence, interfering with a landowner’s ingress and egress, was a continuing trespass that would “seriously interfere with the use, occupancy and enjoyment of the property”); Ivey v. Davis, 59 S.E.2d 256, 258 (Ga. Ct. App. 1950) (reversing dismissal of a complaint, averring that the landlord removed stairs to the entrance and required the tenant use a ladder, because such conduct could have reasonably “interfered with [the tenant’s] enjoyment of the use and possession” of the premises). See Hunter, supra note 3, at 483–85, for a discussion of the developing interplay between tortious trespass to property and chattel and criminal computer trespass. ↩︎

  13. Hodges v. Collins, No. 12-CV-202, 2013 WL 557183, at *14 (M.D. Ga. Feb. 12, 2013) (“There is little authority (and, as noted, no clearly established authority) construing the meaning of the Computer Trespass statute.”); Vurv Tech. LLC v. Kenexa Corp., No. 08-cv-3442, 2009 WL 2171042, at *5 (N.D. Ga. July 20, 2009) (noting that “the Court’s own research has not revealed any authority construing this section [Ga. Code Ann. § 16-9-92(b) (West 2012)]”). ↩︎

  14. Light for Life, Inc. v. Our Firm Found. for Koreans, Inc., No. 12-CV-38, 2015 WL 631138, at *10 (M.D. Ga. Feb. 12, 2015) (denying summary judgement for defendant, who allegedly “seized access to and control over the Websites and deprived [p]laintiffs of access to [] Websites . . .” owned by plaintiffs). Cf. Hodges, 2013 WL 557183, at *14 (that probable cause could not be established if the only facts available were that an employee accessed his supervisor’s email and responded to emails from his supervisor’s email address); Moulton v. VC3, No. 00CV434, 2000 WL 33310901, at *6 (N.D. Ga. Nov. 7, 2000) (that, as a matter of law, a negligible network slowdown possibly caused by throughput testing and a ping flood does not constitute an unlawful interference); Vurv Tech. LLC, 2009 WL 2171042, at *5 (dismissing a claim averring that two employees copied data to an external hard drive in violation of the company’s confidentiality agreement because the employees did not delete, relocate, or alter the copied data); FERCO Enters., Inc. v. Taylor Recycling Facility LLC, No. 05-CV-2980, 2007 WL 9701361, at *30–31 (N.D. Ga. Oct. 16, 2007) (granting summary judgment for employee when former employer averred that the employee deleted, altered, or removed confidential information and trade secrets because “it is clear that the Georgia Computer Systems Protection Act is focused on computer crimes such as hacking and the spread of viruses rather than the use of an employer’s computer to send emails to outside parties”). ↩︎

  15. Kinslow v. State, 860 S.E.2d 444, 446 (Ga. 2021) (having granted certiorari to determine “whether Kinslow’s conduct constituted a violation of O.C.G.A. § 16-9-93(b)(2)”). ↩︎

  16. Id. at 446. ↩︎

  17. Id. at 448. ↩︎

  18. Id. ↩︎

  19. Id. at 450. ↩︎

  20. Id. at 453 (Melton, C.J., dissenting) (alteration in original). ↩︎

  21. Kinslow v. State, 860 S.E.2d 444, 452–53 (Ga. 2021) (Melton, C.J., dissenting). ↩︎

  22. See id. at 452 (Melton, C.J., dissenting). ↩︎

  23. Id. at 448 n.4. ↩︎

  24. See Smith v. United States, 508 U.S. 223, 244–45 (1993) (Scalia, J., dissenting) (that in construing the statutory language “‘use’ . . . of a firearm,” the direct object of a verb phrase “narrows the meaning” of common verbs that are “inordinately sensitive to context”). ↩︎

  25. Kinslow, 860 S.E.2d at 448. ↩︎

  26. Huckaby v. Cheatham, 612 S.E.2d 810, 814 (Ga. Ct. App. 2005). ↩︎

  27. Id. ↩︎

  28. During oral argument, Justice Peterson posed a hypothetical of forwarding work emails from a work computer to a home computer in violation of an IT policy, an act he posited would subject most adult Georgians to criminal liability; Justices Nahmias, Warren, and Bethel posed similar hypotheticals. Oral argument at 19:38, Kinslow v. State, 860 S.E.2d 444 (Ga. 2021) (S20G1001), https://www.gasupreme.us/oral-arguments-february-02-2021/ [https://perma.cc/ZH7X-DQDV]. ↩︎