Electronic Data Tampering - Texas Penal Code 33.023

Is “ransomware” a crime in Texas? The answer is yes, but we titled the law “electronic data tampering” for some reason, instead of just calling it “unlawful ransomware” etc.

What is ransomware? It’s when someone locks down your computer and asks for money (or usually bitcoin) to unlock it. The legal definition below is pretty convoluted, but it’s what we have to work with. Typically this is done by sending an email with an attachment that tricks you into downloading it. Or when you are looking for software online and aren’t careful about your sources.

We don’t see many ransomware prosecutions in Texas, and one reason might be that the definition below is going to confuse any jury that tries to apply it. Another issue is that a lot of ransomware attacks originate from outside the US, not from within Texas. Your local police department can’t really prosecute people in Russia etc.

Texas Penal Code 33.023(a) defines ransomware as “a computer contaminant or lock that restricts access by an unauthorized person to a computer, computer system, or computer network or any data in a computer, computer system, or computer network under circumstances in which a person demands money, property, or a service to remove the computer contaminant or lock, restore access to the computer, computer system, computer network, or data, or otherwise remediate the impact of the computer contaminant or lock.

The Electronic Data Tampering law doesn’t just regulate ransomware, Texas Penal Code 33.023(b) makes it illegal to hack into a computer network and change data in the system. Kind of like Superman III.

Texas Penal Code 33.023(c) is where just introducing ransomware onto a computer is a crime. So under this statute, you don’t even have to try and extort money, just loading the software onto a computer or network that isn’t yours is illegal.