Electronic Data Tampering: Texas Penal Code §33.023

The Texas Electronic Data Tampering law in Penal Code Section 33.023 makes it a crime to use ransomware and to alter data shared over the internet or other network without a legitimate business purpose.

This law prohibits the use of ransomware in Texas. Many ransomware attacks originate from IP addresses outside of Texas, making this offense somewhat rare for Texas district attorneys to prosecute. Under the Texas version of this anti-ransomware law, loading ransomware software onto a computer or network is enough to trigger prosecution – whether or not you tried to extort money.

The legislature created the Electronic Data Tampering law through the Texas Cybercrime Act in response to growing concern about cybercrime in Texas.

The Texas legislature codified this criminal offense in Texas Penal Code Section 33.023. The law was not updated in 2023. In fact, this law has not been amended since it was enacted in 2017.

The Penal Code classifies the Texas Electronic Data Tampering law under Title 7 “Offenses Against Property,” Chapter 33 “Computer Crimes.” Learn more about the Texas offense of Electronic Data Tampering below.

What is the current Texas law about Electronic Data Tampering?

The current Texas law defines the offense of Electronic Data Tampering in Penal Code Section §33.023 as follows:^[1]

(b) A person commits an offense if the person intentionally alters data as it transmits between two computers in a computer network or computer system through deception and without a legitimate business purpose.

(c) A person commits an offense if the person intentionally introduces ransomware onto a computer, computer network, or computer system through deception and without a legitimate business purpose.

This law was created by the 85th Texas Legislature and was codified at Section 33.023 in the Texas Penal Code, effective September 1, 2017.^[2]

The Electronic Data Tampering law was a response to the growing cybersecurity threat that hackers pose to people and institutions with DDOS attacks, worms and other malware and ransomware. The law was one of three laws created by the same bill in 2017, the others being Electronic Data Tampering and Unlawful Decryption.

What is ransomware under the Electronic Data Tampering law?

Ransomware is defined in this new law as “a computer contaminant or lock that restricts access by an unauthorized person to a computer, computer system, or computer network or any data in a computer, computer system, or computer network under circumstances in which a person demands money, property, or a service to remove the computer contaminant or lock, restore access to the computer, computer system, computer network, or data, or otherwise remediate the impact of the computer contaminant or lock.”^[3]

However, there are two exceptions to this definition that are built-in to the statute. Software is not ransomware for the purposes of this law “if the software restricts access to data because: (1) authentication is required to upgrade or access purchased content; or (2) access to subscription content has been blocked for nonpayment.”^[4]

Is “ransomware” a crime in Texas?

Yes, it is illegal to use ransomware in the state of Texas. This is prohibted under the Electronic Data Tampering law.

What is the statute of limitation for Electronic Data Tampering in Texas?

Misdemeanor level Electronic Data Tampering charges have a two-year limitations period.^[5] Felony level offenses have a three-year limitations period.^[6]

What is the penalty for a Texas Electronic Data Tampering offense?

The penalty scheme for Electronic Data Tampering convictions is somewhat complex. By default, the offense is classified as a Class C misdemeanor, but the punishment can be enhanced all the way up to a First Degree Felony.^[7]

Can you get probation for Electronic Data Tampering in Texas?

The Texas Code of Criminal Procedure allows both judges and juries to grant probation for Electronic Data Tampering, and judges are also allowed to accept deferred adjudication plea deals.^[8]

Note, however, that no matter the offense, neither judges nor juries may recommend community supervision for any suspended sentence of over 10 years.^[9] Also, judges may not grant community supervision after a conviction if (1) the defendant used or exhibited a deadly weapon during the commission of the felony or immediate flight thereafter and (2) the defendant used or exhibited the deadly weapon himself or was a party to the offense and knew that a deadly weapon would be used or exhibited.^[10]

What level of crime is Electronic Data Tampering in Texas?

The Penal Code classification of the punishment for Electronic Data Tampering ranges from a Class C misdemeanor to a first degree felony, depending on the amount involved and other factors.

Learn more about the penalty range for this offense in the section above.

---

Legal References:

^1. Texas Penal Code §33.023. This law is current as of the 88th Legislature Regular Session.^2. HB 9, 85th Legislature, Section 3^3. Texas Penal Code §33.023(a), as created by House Bill 9, Section 3^4. Texas Penal Code §33.023(g), as created by House Bill 9, Section 3^5. Code of Criminal Procedure 12.02(a)^6. See Code of Criminal Procedure 12.01(9)^7. Texas Penal Code §33.023(d), (d-1), (d-2) and (e), as enacted by HB 9, 85th Legislature, Section 3:

(d) Subject to Subsections (d-1) and (d-2), an offense under this section is a Class C misdemeanor.

(d-1) Subject to Subsection (d-2), if it is shown on the trial of the offense that the defendant acted with the intent to defraud or harm another, an offense under this section is:

(1) a Class C misdemeanor if the aggregate amount involved is less than $100 or cannot be determined;

(2) a Class B misdemeanor if the aggregate amount involved is $100 or more but less than $750;

(3) a Class A misdemeanor if the aggregate amount involved is $750 or more but less than $2,500;

(4) a state jail felony if the aggregate amount involved is $2,500 or more but less than $30,000;

(5) a felony of the third degree if the aggregate amount involved is $30,000 or more but less than $150,000;

(6) a felony of the second degree if the aggregate amount involved is $150,000 or more but less than $300,000; and

(7) a felony of the first degree if the aggregate amount involved is $300,000 or more.

(d-2) If it is shown on the trial of the offense that the
defendant knowingly restricted a victim’s access to privileged
information, an offense under this section is:

(1) a state jail felony if the value of the aggregate amount involved is less than $2,500;

(2) a felony of the third degree if:

(A) the value of the aggregate amount involved is $2,500 or more but less than $30,000; or

(B) a client or patient of a victim suffered harm attributable to the offense;

(3) a felony of the second degree if:

(A) the value of the aggregate amount involved is $30,000 or more but less than $150,000; or

(B) a client or patient of a victim suffered bodily injury attributable to the offense; and

(4) a felony of the first degree if:

(A) the value of the aggregate amount involved is $150,000 or more; or

(B) a client or patient of a victim suffered serious bodily injury or death attributable to the offense.

(e) When benefits are obtained, a victim is defrauded or harmed, or property is altered, appropriated, damaged, or deleted in violation of this section, whether or not in a single incident, the conduct may be considered as one offense and the value of the benefits obtained and of the losses incurred because of the fraud, harm, or alteration, appropriation, damage, or deletion of property may be aggregated in determining the grade of the offense.

^8. See Chapter 42, Texas Code of Criminal Procedure, Art. 42A.054, Art. 42A.056, Art. 42A.102 .^9. Art. 42A.053(c), Texas Code of Criminal Procedure^10. Art. 42A.054(b), Texas Code of Criminal Procedure