Crime of abusive access to a computer system

Article 269A, added to the Penal Code by law 1273 of 2009, brings with it the crime of abusive access to a computer system:

“Whoever, without authorization or outside of what has been agreed, accesses in whole or in part a computer system protected or not with a security measure, or remains within the same against the will of whoever has the legitimate right to exclude it, shall incur a prison sentence of forty-eight (48) to ninety-six (96) months and a fine of 100 to 1,000 legal monthly minimum wages in force.”

The Supreme Court of Justice, in judgment SP 592 of 2022, considers that this is a crime of mere conduct, that is to say, with its simple commission, with the simple access and/or permanence within a computer system or electronic communication network with violation of a password or logical door or in excess of the permission granted, there is criminal liability for the conduct, regardless of whether or not any legal right such as privacy or economic patrimony was harmed.

It also recognizes two types of active subjects who may commit the crime of abusive access to a computer system: outsiders, who access the computer system without any authorization, and insiders, who, having been authorized to enter, remain in excess of the permission granted by the owner of the system.

It should be added that, despite the fact that the insiders had, in principle, the power to access the computer system, this power does not mean that remaining in the system in an irregular manner, outside the time or space limits set by the owner, ceases to be of criminal relevance.

Glossary

• 
  Computer system:
  Information system (storage, processing and retrieval of data) comprising an interrelated system of hardware (physical part) and software (immaterial part).
• 
  Logic gate:
  Electronic device that works by schematizing logical operations such as adding, subtracting, including or excluding.