" />
attorney next to Electronic Data Tampering text

Electronic Data Tampering

The 85th Texas Legislature created a new law in 2017 called Electronic Data Tampering, which makes it illegal to use ransomware and to alter data shared over the internet or other network without a legitimate business purpose.

This law was created by Section 3 of House Bill 91 and is to be codified at Section 33.023 in the Texas Penal Code.

Have you been charged with Electronic Data Tampering in Texas? Call criminal defense lawyer Paul Saputo at (888) 239-9305.

Effective September 1, 20172, the new law is a response to the growing cybersecurity threat that hackers pose to people and institutions with DDOS attacks, worms and other malware and ransomware. The law is one of three laws created by the same bill in 2017, with the others being Electronic Access Interference and Unlawful Decryption.

What is the law about Electronic Data Tampering in Texas?

Section 33.023 of the Texas Penal Code will describe the Electronic Data Tampering law at subsections (b) & (c) as follows:3

(b) A person commits an offense if the person intentionally alters data as it transmits between two computers in a computer network or computer system through deception and without a legitimate business purpose.

(c) A person commits an offense if the person intentionally introduces ransomware onto a computer, computer network, or computer system through deception and without a legitimate business purpose.

What is the penalty for an Electronic Data Tampering conviction?

A conviction for Electronic Data Tampering will be punished according to a somewhat complex scheme. By default, the offense is a Class C misdemeanor, but the punishment can be enhanced all the way up to a First Degree Felony.4

What is ransomware under the Electronic Data Tampering law?

Ransomware is defined in this new law as “a computer contaminant or lock that restricts access by an unauthorized person to a computer, computer system, or computer network or any data in a computer, computer system, or computer network under circumstances in which a person demands money, property, or a service to remove the computer contaminant or lock, restore access to the computer, computer system, computer network, or data, or otherwise remediate the impact of the computer contaminant or lock.”5

However, there are two exceptions to this definition that are built-in to the statute. Software is not ransomware for the purposes of this law “if the software restricts access to data because: (1) authentication is required to upgrade or access purchased content; or (2) access to subscription content has been blocked for nonpayment.”6


Legal References:

1House Bill 9

2House Bill 9 at Section 5-6

3Penal Code Section 33.023(b)&(c), as created by House Bill 9, Section 3

4Penal Code Section 33.023(d), (d-1), (d-2) and (e), as created by House Bill 9, Section 3:

(d) Subject to Subsections (d-1) and (d-2), an offense under this section is a Class C misdemeanor.

(d-1) Subject to Subsection (d-2), if it is shown on the trial of the offense that the defendant acted with the intent to defraud or harm another, an offense under this section is:

(1) a Class C misdemeanor if the aggregate amount involved is less than $100 or cannot be determined;

(2) a Class B misdemeanor if the aggregate amount involved is $100 or more but less than $750;

(3) a Class A misdemeanor if the aggregate amount involved is $750 or more but less than $2,500;

(4) a state jail felony if the aggregate amount involved is $2,500 or more but less than $30,000;

(5) a felony of the third degree if the aggregate amount involved is $30,000 or more but less than $150,000;

(6) a felony of the second degree if the aggregate amount involved is $150,000 or more but less than $300,000; and

(7) a felony of the first degree if the aggregate amount involved is $300,000 or more.

(d-2) If it is shown on the trial of the offense that the
defendant knowingly restricted a victim’s access to privileged
information, an offense under this section is:

(1) a state jail felony if the value of the aggregate amount involved is less than $2,500;

(2) a felony of the third degree if:

(A) the value of the aggregate amount involved is $2,500 or more but less than $30,000; or

(B) a client or patient of a victim suffered harm attributable to the offense;

(3) a felony of the second degree if:

(A) the value of the aggregate amount involved is $30,000 or more but less than $150,000; or

(B) a client or patient of a victim suffered bodily injury attributable to the offense; and

(4) a felony of the first degree if:

(A) the value of the aggregate amount involved is $150,000 or more; or

(B) a client or patient of a victim suffered serious bodily injury or death attributable to the offense.

(e) When benefits are obtained, a victim is defrauded or harmed, or property is altered, appropriated, damaged, or deleted in violation of this section, whether or not in a single incident, the conduct may be considered as one offense and the value of the benefits obtained and of the losses incurred because of the fraud, harm, or alteration, appropriation, damage, or deletion of property may be aggregated in determining the grade of the offense.

5Penal Code Section 33.023(a), as created by House Bill 9, Section 3

6Penal Code Section 33.023(g), as created by House Bill 9, Section 3

Published by Criminal Defense Attorney on and last modified