OHIO LEGISLATIVE SERVICE COMMISSION
Office of Research Legislative Budget
www.lsc.ohio.gov and Drafting Office
H.B. 116* Bill Analysis
134th General Assembly
Click here for H.B. 116’s Fiscal Note
Version: As Reported by Senate Judiciary
Primary Sponsor: Rep. Baldridge
Effective Date:
Dennis M. Papp, Attorney
SUMMARY
Creates the crime of electronic computer service interference that prohibits a person
from knowingly, and without authorization, gaining access to or permitting access to be
gained to a computer, computer system, or computer network.
Creates the crimes of electronic data tampering and electronic data manipulation that
prohibit a person from knowingly and without authorization altering data as it travels
between two computer systems or introducing malware into any electronic data or
computer system under certain circumstances.
Creates the crime of computer trespass that prohibits a person from knowingly and
without authorization gaining access or causing access to be gained to a computer,
computer system, or computer network without authorization, with increased penalties
under certain circumstances.
Creates the crime of electronic data theft that prohibits a person from knowingly and
without authorization obtaining electronic data without authorization and with the
intent to either (1) revise or execute any scheme to defraud, deceive, extort, or commit
any crime or (2) wrongfully control or obtain property or wrongfully gain access to
electronic data.
Creates the crime of unauthorized data disclosure that prohibits a person from
knowingly and without authorization doing either of the following:
Making or causing to be made an unauthorized display, disclosure, or copy of data
residing in, communicated by, or produced by a computer system;
* This analysis was prepared before the report of the Senate Judiciary Committee appeared in the
Senate Journal. Note that the legislative history may be incomplete.
December 13, 2022
�Office of Research and Drafting LSC Legislative Budget Office
Disclosing a password, identification code, personal identification number, or other
confidential information used as a means of access to a computer system or
computer service.
Revises the existing offenses of criminal mischief and unauthorized use of computer,
cable, or telecommunications property to limit overlap with the new offenses.
Excludes from the bill’s prohibitions actions by a person within the scope of the person’s
lawful employment when the person performs acts that are reasonably necessary to the
performance of the person’s work assignments or duties, even if the person mistakenly
goes beyond the scope of the person’s lawful employment.
Allows a person affected by the commission of any of the above crimes to bring a civil
action within two years of the violation or discovery of the damage, whichever is later.
TABLE OF CONTENTS
Overview ......................................................................................................................................... 2
Criminal mischief and computer service interference and tampering ............................................. 3
Criminal mischief – eliminated as it applies to computers ......................................................... 3
Electronic computer service interference – new ........................................................................ 3
Electronic data tampering and electronic data manipulation – new ......................................... 3
Unauthorized access, data theft, and unauthorized disclosure ..................................................... 4
Unauthorized computer use – eliminated in part....................................................................... 4
Computer trespass – new ........................................................................................................... 5
Electronic data theft – new ......................................................................................................... 6
Unauthorized data disclosure – new........................................................................................... 6
Scope of employment ..................................................................................................................... 6
Civil action ....................................................................................................................................... 6
Conforming changes ....................................................................................................................... 7
DETAILED ANALYSIS
Overview
Existing law contains two offenses to cover computer-related crimes: (1) criminal
mischief and (2) unauthorized use of a computer.1 The bill partially revises these offenses and
adds several new felony-level, computer-related offenses, including electronic computer
service interference, electronic data tampering and electronic data manipulation, computer
trespass, electronic data theft, and unauthorized data disclosure. The bill also allows victims of
cybercrime to file a civil lawsuit against a person who violates the bill’s provisions. Lastly, the
1 R.C. 2909.07(A)(6) and 2913.04(B) and (G)(1).
P a g e |2 H.B. 116
As Reported by Senate Judiciary
�Office of Research and Drafting LSC Legislative Budget Office
bill protects a person acting within the scope of the person’s lawful employment, such that a
person does not commit an offense under the bill when the person performs acts that are
reasonably necessary to the performance of the person’s work assignments or duties, even if
the person mistakenly goes beyond the scope of the person’s lawful employment.2
Criminal mischief and computer service interference and
tampering
Criminal mischief – eliminated as it applies to computers
Under existing law, the offense of criminal mischief prohibits a person, without privilege
to do so, from knowingly impairing the functioning of a computer, computer system, computer
network, computer software, or computer program. The penalty for criminal mischief ranges
from a first degree misdemeanor to a fourth degree felony depending on the value of the
property involved and whether the property involved was an aircraft. The bill eliminates this
manner of committing criminal mischief.3
Electronic computer service interference – new
Under the bill, a person is prohibited from knowingly, and without authorization,
causing the transmission of data, a computer program, or an electronic command that
interrupts or suspends access to or use of a computer network or computer service with the
intent to impair the functioning of a computer network or computer service. A person who
violates this provision is guilty of electronic computer service interference, a fourth degree
felony.4
As used in the bill, computer services includes data processing services, storage
functions, internet services, email services, electronic message services, website access,
internet-based electronic gaming services, and other similar computer system, computer
network, and internet-based services.5
Electronic data tampering and electronic data manipulation – new
Under the bill, a person is prohibited from knowingly, and without authorization,
altering data as it travels between two computer systems over an open or unsecure network or
introducing malware into any electronic data, computer, computer system, or computer
network if: (1) the person intended to devise or execute a scheme to defraud, deceive, or
extort, (2) the person intended to commit any other crime in violation of a state law, (3) the
person intended to wrongfully control or obtain property or wrongfully gain access to electronic
data, or (4) the electronic data, computer, computer system, or computer network is
2 R.C. 2913.93 and 2913.94.
3 R.C. 2909.07(A)(6) and (C) and 2923.04(B)(1).
4 R.C. 2913.88.
5 R.C. 2923.86(A).
P a g e |3 H.B. 116
As Reported by Senate Judiciary
�Office of Research and Drafting LSC Legislative Budget Office
maintained by the state or a political subdivision. A person who violates this provision is guilty
of electronic data manipulation, a third degree felony.
Also under the bill, a person is prohibited from knowingly, and without authorization,
altering data as it travels between two computer systems over an open or unsecure network or
introducing malware into any electronic data, computer, computer system, or computer
network, in circumstances not constituting a violation of the prohibition described in the
preceding paragraph. A person who violates this prohibition is guilty of electronic data
manipulation, a fourth degree felony.
As used in the bill, malware means a set of computer instructions that is designed or
used to do any of the following to a computer, computer system, or computer network without
the authorization of the owner or other person authorized to give consent:
Modify, damage, destroy, disable, deny, or degrade access to it;
Gain access to it;
Functionally impair it;
Record or transmit information within it.6
Unauthorized access, data theft, and unauthorized disclosure
Unauthorized computer use – eliminated in part
The current offense of unauthorized use of computer, cable, or telecommunications
property (unauthorized computer use) prohibits, among other things, unauthorized access to
another’s computer, computer system, computer network, cable service, cable system,
telecommunications device, telecommunications service, or information service. The penalty
for violating this prohibition ranges from a fifth degree felony to a second degree felony,
depending on the value of the loss to the victim, whether the access was used to commit
another offense, and whether the victim is an elderly person or disabled adult.7
The bill limits this existing prohibition to a cable service, cable system,
telecommunications device, telecommunications service, or information service and enacts a
number of new prohibitions that encompass unauthorized computer use and other computer-
related activities. Continuing law, unchanged by the bill, continues to prohibit a person from
knowingly using or operating the property of another without consent.8 It appears possible that
to some extent the continuing prohibitions might duplicate the newly enacted offenses. But,
the bill provides that a person cannot be convicted of violating both unauthorized computer
use and the new offense of computer trespass for the same underlying action. 9
6 R.C. 2913.86(C), 2913.89, and 2913.90.
7 R.C. 2913.04(B) and (G).
8 R.C. 2913.04(A).
9 R.C. 2913.04(K).
P a g e |4 H.B. 116
As Reported by Senate Judiciary
�Office of Research and Drafting LSC Legislative Budget Office
Computer trespass – new
The bill prohibits a person from knowingly and without authorization gaining access to
or causing access to be gained to a computer, computer system, or computer network when
either: (1) the access is gained or caused to be gained with the intent to commit a crime in
violation of state law, or (2) the computer, computer system, or computer network is
maintained by the state or a political subdivision. It also prohibits a person from knowingly and
without authorization gaining access to or causing access to be gained to a computer, computer
system, or computer network under circumstances not constituting a violation of the first
prohibition described in this paragraph. A person who violates either prohibition is guilty of
computer trespass. A violation of the first prohibition generally is a fourth degree felony and a
violation of the second prohibition generally is a fifth degree felony.10
For either prohibition, if the computer, computer system, or computer network involved
in a violation is used or intended to be used in the operation of an aircraft, and the violation
creates a substantial risk of physical harm to any person or the aircraft in question is an
occupied aircraft, subject to the special penalties described below that apply when the victim is
an elderly person or disabled adult, then the violation is a third degree felony (under existing
law, this penalty relates to criminal mischief, see “Criminal mischief,” above).11
Except as provided in the subsequent paragraph, for either prohibition, if a person
commits computer trespass for the purpose of doing any of the following, and the value of the
property or services involved or the loss to the victim is $150,000 or more, then the violation is
a third degree felony:
Devising or executing a scheme to defraud or to obtain property or services;
Obtaining money, property, or services by false or fraudulent pretenses;
Committing any other criminal offense.12
Lastly, if the offender acted recklessly with regard to the status of the victim as an
elderly person or disabled adult, and the value of the property or services or loss to the victim is
$7,500 or more and less than $37,500, for either prohibition, the violation is a third degree
felony. If the value is $37,500 or more, the violation is a second degree felony.13
A person commits a separate violation with regard to each computer trespass.14
10 R.C. 2913.87(A), (B), (C)(1), and (C)(2).
11 R.C. 2913.87(C)(3) and 2909.07(C)(3).
12 R.C. 2913.87(C)(4).
13 R.C. 2913.87(C)(5).
14 R.C. 2913.87(D).
P a g e |5 H.B. 116
As Reported by Senate Judiciary
�Office of Research and Drafting LSC Legislative Budget Office
Electronic data theft – new
The bill prohibits a person from knowingly and without authorization obtaining
electronic data with the intent to do either of the following:
Devise or execute any scheme to defraud, deceive, extort, or commit any crime in
violation of state law;
Wrongfully control or obtain property or wrongfully gain access to electronic data.
A person who violates this prohibition is guilty of electronic data theft, a fourth degree
felony.15
Unauthorized data disclosure – new
Under the bill, a person is prohibited from knowingly and without authorization making
or causing to be made a display, use, disclosure, or copy of data residing in, communicated by,
or produced by a computer, computer system, or computer network.
A person also is prohibited from knowingly and without authorization disclosing a
password, identifying code, personal identification number, or other confidential information
that is used as a means of access to a computer, computer system, computer network, or
computer service.
A violation of either prohibition is the offense of unauthorized data disclosure, a fourth
degree felony.16
Scope of employment
The bill’s new computer crimes are not to be construed to prohibit actions by a person
within the scope of that person’s lawful employment. A person acts within the scope of the
person’s lawful employment when the person performs acts that are reasonably necessary to
the performance of the person’s work assignments or duties. A person does not violate the new
computer crimes by mistakenly going beyond the scope of the person’s lawful employment.17
Civil action
In addition to any other civil remedy available, the bill allows the owner or lessee of any
electronic data, computer, computer system, or computer network who suffers damage or loss
because of a violation of any of the above provisions to sue the person who committed the
violation for compensatory damages and injunctive or other equitable relief. The bill specifies
that a victim of cybercrime is entitled to the civil action regardless of whether there has been a
criminal conviction relating to the violation. Compensatory damages must include any cost
reasonably and necessarily incurred by the owner or lessee to verify that the electronic data,
computer, computer system, or computer network, was not altered, damaged, or deleted by
15 R.C. 2913.91.
16 R.C. 2913.92.
17 R.C. 2913.94.
P a g e |6 H.B. 116
As Reported by Senate Judiciary
�Office of Research and Drafting LSC