Charged with a crime in San Diego? Wondering how the case will affect your reputation, career, and freedom? Trying to figure out what comes next? Look no further! David’s book addresses common misconceptions and mistakes made by those charged with a crime in San Diego. Some of the chapters include topics such as:
Unauthorized computer access under PC 502 is a wobbler carrying up to 3 years in custody. Our San Diego defense lawyers fight hacking and computer crime charges. Call 24/7.
A computer crimes charge in San Diego changes everything overnight. One day you’re going about your life, the next you’re facing a criminal investigation involving forensic analysts, digital warrants, and accusations that can sound far worse than what actually happened. We get it.
The circumstances that lead to PC 502 charges are rarely black and white. A former employee who downloaded files they believed were their own work product. A tech professional who accessed a system they thought they still had authorization to use. A person who stumbled into restricted data through a shared network or an ambiguous login. Someone accused based on an IP address that doesn’t tell the full story.
Charges are accusations, not convictions. The prosecution still has to prove every element beyond a reasonable doubt, and in computer crime cases, that burden is harder to meet than many people realize. Proving who was actually at the keyboard, whether access was truly unauthorized, and whether any damage actually occurred are questions the prosecution must answer with evidence, not assumptions.
The fear and confusion are understandable. But what matters now is the defense you build. At David P. Shapiro Criminal Defense Attorneys, we’ve defended clients facing computer crime charges throughout San Diego County, from corporate data theft allegations to accusations of unauthorized access arising out of employment disputes. As part of our other criminal charges defense practice, we know how digital evidence works, how to challenge it, and how to fight these cases the right way.
The San Diego District Attorney’s Technology Crimes Unit has specialized resources and forensic expertise. You need a defense team that can match them. Every day without representation is a day the prosecution works unopposed.
Quick Reference: PC 502 Computer Crimes
| Classification | Wobbler (most subsections); § 502(c)(7) is misdemeanor-only for first offense |
|---|---|
| Misdemeanor Penalty | Up to 1 year county jail; fine up to $5,000 |
| Felony Penalty | 16 months, 2, or 3 years county jail (realignment); fine up to $10,000 |
| Strike Offense | No |
| Restitution | Mandatory — system restoration, forensic audits, lost revenue |
| Additional | Computer/internet restrictions on probation; equipment forfeiture possible; federal prosecution risk under 18 U.S.C. § 1030 |
What Are Computer Crimes Under California Law?
Penal Code Section 502 is California’s primary computer crimes statute. It prohibits a broad range of unauthorized computer activity, from hacking into systems and stealing data to introducing viruses and disrupting computer services.1
Now, here’s what’s important to understand: PC 502 is not one single offense. It contains multiple subsections under 502(c), each targeting different types of conduct. The specific subsection you’re charged under determines what the prosecution must prove and what penalties you face.
The key concept running through every subsection is “without permission.” That phrase does a lot of heavy lifting in these cases. Under the statute, “without permission” includes access that exceeds the scope of permission granted.2 So even if you had some level of authorized access to a computer system, the prosecution may argue you went beyond what you were allowed to do.
Well, what kinds of conduct does PC 502 actually cover? Here’s a breakdown of the most commonly charged subsections:
| Subsection | What It Prohibits |
|---|---|
| § 502(c)(1) | Accessing a computer without permission to execute a scheme to defraud, deceive, or extort, or to wrongfully obtain money, property, or data |
| § 502(c)(2) | Accessing a computer without permission to take, copy, or use data |
| § 502(c)(3) | Using computer services without permission |
| § 502(c)(4) | Accessing a computer without permission to add, alter, damage, delete, or destroy data or software |
| § 502(c)(5) | Disrupting or denying computer services without permission |
| § 502(c)(6) | Providing or assisting someone in accessing a computer system in violation of the statute |
| § 502(c)(7) | Simply accessing a computer, computer system, or network without permission (no additional conduct required) |
| § 502(c)(8) | Introducing a computer contaminant (virus, worm, Trojan, keylogger) into a system |
The statute also defines critical terms broadly. “Access” means to gain entry to, instruct, communicate with, store data in, retrieve data from, or otherwise make use of any resources of a computer system.3 “Computer contaminant” covers any set of instructions designed to modify, damage, destroy, record, or transmit information without the owner’s consent.4
Why does this matter for your defense? Because the broader the statute, the more room there is to challenge whether your specific conduct actually falls within its reach.
What Must the Prosecution Prove?
Here’s what the prosecution is up against. The elements vary depending on which subsection you’re charged under, but let’s walk through the most commonly charged variations.5
For § 502(c)(1) (fraud scheme), the prosecution must prove ALL of the following beyond a reasonable doubt:
-
You knowingly accessed a computer, computer system, or computer network. “Knowingly” is critical here. Accidental access is not criminal. If you clicked a link that happened to lead to restricted data, or an automated process accessed a system without your awareness, that’s not knowing access.
-
You did so without permission. This is often the most contested element. The prosecution must establish that you either had no authorization at all or that you exceeded the scope of whatever authorization you had. In employment cases, this line is frequently blurry.
-
You altered, damaged, deleted, destroyed, or otherwise used data, a computer, computer system, or computer network. The prosecution has to show you did something with or to the system beyond merely accessing it.
-
You did so to devise or execute a scheme to defraud, deceive, or extort, or to wrongfully obtain money, property, or data. This is the intent element. The prosecution must prove you had a specific fraudulent or wrongful purpose.
For § 502(c)(2) (data theft):
-
You knowingly accessed a computer, computer system, or computer network
-
You did so without permission
-
You took, copied, or made use of data from the system
For § 502(c)(7) (simple unauthorized access):
-
You knowingly accessed or caused to be accessed a computer, computer system, or computer network
-
You did so without permission
Notice how § 502(c)(7) requires no additional conduct beyond the access itself. No damage. No theft. No fraud. Just access without permission. That’s why it’s treated as a misdemeanor-only offense for first-time offenders.
Every element is a question mark for the prosecution and an opportunity for the defense. If they cannot prove any one of these elements beyond a reasonable doubt, you cannot be convicted.
Wobbler Classification: Felony vs. Misdemeanor
Most subsections of PC 502 are wobblers, meaning the prosecution can charge them as either a felony or a misdemeanor.6 The exception is § 502(c)(7), simple unauthorized access, which is a misdemeanor only for a first offense.
Well, what determines whether you face felony or misdemeanor charges? The prosecution considers several factors:
Amount of damage or loss. The $950 threshold is significant. When the damage or loss exceeds $950, felony filing becomes much more likely. And “loss” under PC 502 is defined broadly: it includes not just the value of data taken, but the costs the victim incurred to verify system integrity after the access, restore data, and audit their systems.7
Nature of the conduct. Accessing a system to execute a fraud scheme (§ 502(c)(1)) is treated more seriously than simply accessing without permission (§ 502(c)(7)). Introducing malware (§ 502(c)(8)) or disrupting services (§ 502(c)(5)) typically draws felony charges.
Who the victim was. Access to government systems, financial institutions, healthcare databases, or critical infrastructure increases the likelihood of felony prosecution.
Whether personal identifying information was compromised. If the access exposed Social Security numbers, financial account data, or other PII, prosecutors treat the case far more seriously.
Criminal history. A prior PC 502 conviction makes felony filing on a subsequent offense far more likely.
Number of victims affected. A breach affecting hundreds or thousands of people will almost certainly be charged as a felony.
For all intents and purposes, the wobbler classification is one of the most important aspects of your defense. If we can establish that the conduct falls on the misdemeanor side of the line, the consequences change dramatically: county jail instead of state custody, lower fines, and significantly less impact on your future.
And even after a felony conviction, California law allows for reduction to a misdemeanor under Penal Code Section 17(b) in wobbler cases. That’s another avenue we explore for every client.8
Penalties and Consequences
Let’s be real about something: even though PC 502 isn’t a violent crime, the penalties and collateral consequences can be severe, particularly for professionals in the technology and defense sectors that drive San Diego’s economy.
Custody and Fines
| Charge Level | Custody | Fine |
|---|---|---|
| Misdemeanor (§ 502(c)(7) first offense or other subsections filed as misd.) | Up to 1 year county jail | Up to $5,000 |
| Felony (§ 502(c)(1)-(6), (8)) | 16 months, 2, or 3 years county jail (realignment) | Up to $10,000 |
Important note on realignment: Felony PC 502 convictions are served in county jail under Penal Code Section 1170(h), not state prison.9 This is a meaningful distinction. Many competitor pages get this wrong. PC 502 is not listed as an exception to realignment, so even a felony sentence is served locally.
Restitution
This is where the financial exposure can become staggering. PC 502 requires mandatory restitution to the victim for:10
- Costs of restoring data, programs, or computer systems
- Costs of forensic audits to verify system integrity after the breach
- Lost revenue or profit attributable to the unauthorized access
In corporate cases, forensic audit costs alone can run into six figures. System restoration for a major breach can cost even more. A misdemeanor conviction with a $5,000 fine can still carry a restitution order in the hundreds of thousands of dollars.
Equipment Forfeiture
Computer equipment used in the commission of the offense may be subject to forfeiture under PC 502(g).11 For someone whose livelihood depends on their technology, losing equipment adds another layer of consequence.
Probation Conditions: Computer and Internet Restrictions
This is the consequence that many people don’t see coming until it’s too late. Courts frequently impose restrictions on computer and internet access as a condition of probation for PC 502 convictions.
For a software engineer, IT professional, cybersecurity analyst, or anyone in San Diego’s tech or defense contracting sectors, a probation condition restricting computer access can be career-ending. It effectively prevents you from doing your job.
Collateral Consequences
Immigration Consequences
PC 502 is not categorically classified as an aggravated felony for immigration purposes. However, fraud-based computer crimes under § 502(c)(1) involving a loss exceeding $10,000 may be classified as an aggravated felony under the fraud or deceit category. Any non-citizen facing PC 502 charges needs an attorney who understands both criminal defense and the immigration implications.
Professional Licenses
A PC 502 conviction, particularly a felony, can trigger disciplinary proceedings before licensing boards. This is especially relevant for attorneys, CPAs, financial professionals, healthcare workers, and anyone holding a security clearance. In San Diego, where defense contractors like General Atomics, SAIC, and Northrop Grumman employ thousands of cleared professionals, losing a security clearance means losing your career.
Firearm Rights
A felony PC 502 conviction results in a lifetime prohibition on possessing firearms under both California and federal law.12 A misdemeanor conviction does not carry this restriction.
Employment
Even a misdemeanor computer crime conviction creates problems. Employers in the technology sector routinely conduct background checks, and a conviction involving unauthorized computer access raises immediate red flags. Felony convictions trigger additional barriers under California’s Fair Chance Act, though employers can still consider convictions that are directly related to job duties.
Housing
Felony convictions can affect rental applications. Landlords in San Diego’s competitive housing market may deny applicants with felony records, though California law restricts blanket bans on renting to people with criminal histories.
Civil Liability
Here’s something many people don’t realize: PC 502(e) creates a separate private right of action.13 The victim of unauthorized computer access can sue you civilly for compensatory damages, injunctive relief, and other equitable relief. This is independent of the criminal case. So you could face criminal prosecution and a civil lawsuit simultaneously, each with its own financial exposure.
Digital Evidence and Forensic Investigation
What makes computer crime cases fundamentally different from most criminal cases is the nature of the evidence. Almost everything the prosecution relies on is digital, and digital evidence has unique vulnerabilities that an experienced defense team can exploit.
How These Cases Are Investigated in San Diego
San Diego has specialized resources for computer crime investigation. The District Attorney’s Technology Crimes Unit handles prosecution, and the San Diego Regional Computer Forensics Laboratory (RCFL), an FBI-sponsored facility, assists local law enforcement with digital forensic examinations.
What does that mean for you? It means the evidence quality in San Diego computer crime cases is often high. But “high quality” doesn’t mean “bulletproof.” Forensic examiners make mistakes. Forensic tools have limitations. And the chain of custody for digital evidence is more complex than for physical evidence.
The Identity Problem
Proving who was actually at the keyboard is one of the prosecution’s biggest challenges in computer crime cases. An IP address identifies a device or a network, not a person. Shared networks mean multiple users could have been responsible. VPNs and proxies can mask the true origin of access. Malware can cause a computer to perform actions without the user’s knowledge or involvement.
The prosecution must link you, specifically, to the access at issue. If they can’t, they can’t convict.
Challenging Digital Evidence
We scrutinize every piece of digital evidence: server logs, access records, forensic images of hard drives, metadata, timestamps, network traffic analysis. We look for gaps, inconsistencies, and alternative explanations. We examine whether forensic tools were used properly and whether the forensic examiner followed accepted protocols.
Federal vs. State Prosecution Risk
Many computer crimes violate both California law (PC 502) and federal law (the Computer Fraud and Abuse Act, 18 U.S.C. § 1030).14 The decision to prosecute federally versus at the state level depends on several factors, and it makes an enormous difference in what you’re facing.
| Factor | State (PC 502) | Federal (18 U.S.C. § 1030) |
|---|---|---|
| Maximum custody (felony) | 3 years county jail | Up to 10-20 years federal prison |
| Where served | County jail (realignment) | Federal prison |
| Sentencing | California determinate sentencing | Federal sentencing guidelines |
| Probation flexibility | Greater judicial discretion | Less flexibility |
Federal prosecution is more likely when:
- The conduct crossed state lines or international borders
- Federal government systems were accessed
- The loss exceeded $5,000 (federal threshold)
- Critical infrastructure was targeted
- The case involves national security concerns
San Diego’s proximity to military installations (Camp Pendleton, MCAS Miramar, Naval Base San Diego) and its concentration of defense contractors mean that computer crime cases here carry an elevated risk of federal prosecution when military or government systems are involved.
The U.S. Attorney’s Office for the Southern District of California actively prosecutes computer crimes. Cases that reach the federal level may be prosecuted under the CFAA, which is why having a team experienced in federal criminal defense is critical. Identifying the risk of federal prosecution early is essential because it shapes every aspect of the defense strategy.
Defense Strategies for Computer Crime Charges
The reality of the situation is this: computer crime charges are defensible. The question is identifying the right strategy based on the specific facts and then executing that strategy with precision. Here’s what we consider when building a defense.
Authorization Defense
This is the most common and often the most effective defense in PC 502 cases. The argument: you had actual or implied permission to access the system.
Many computer crime cases arise in the employment context. An employee who had broad system access gets fired, and the former employer claims the employee’s access in the weeks before termination was “unauthorized.” A contractor who accessed shared systems in ways that weren’t explicitly prohibited. A business partner who used a jointly maintained database.
The critical question is whether the scope of your authorization was clearly defined. If it wasn’t, the prosecution has a much harder time proving you exceeded it. We can, and will, challenge the prosecution’s characterization of what “without permission” means if the facts support a position to do so.
Lack of Knowledge
The statute requires that you “knowingly” accessed the system. Accidental access negates this element entirely.
This defense applies in situations where automated processes accessed systems without the user’s awareness, where clicking a hyperlink led to restricted data the user didn’t know was restricted, or where shared login credentials made it unclear what any individual user accessed.
No Damage or Loss
Even if unauthorized access occurred, we can argue that no damage, alteration, or destruction of data resulted and no loss was suffered by the victim. This can reduce a felony charge to a misdemeanor under § 502(c)(7) or support dismissal of more serious subsections entirely.
The prosecution often inflates “loss” figures by including speculative costs. We challenge every dollar of claimed loss and force the prosecution to prove actual, documented damage.
Consent and Claim of Right
This defense focuses on your reasonable belief that you had a right to the data. An employee who copied their own work product. A person who accessed their own accounts through a shared computer. A developer who retained code they personally wrote.
This is distinct from the authorization defense. Authorization asks whether you had permission to access the system. Claim of right asks whether you believed you were entitled to the data itself.
Constitutional Challenges: Overbreadth and Vagueness
PC 502 has been criticized for its extremely broad language. The definition of “access” is so expansive that it could theoretically criminalize conduct most people would consider benign: using a friend’s Netflix password, accessing a public Wi-Fi network in an unexpected way, or scraping publicly available data from a website.
In the right case, we challenge whether the statute is unconstitutionally vague as applied to the specific conduct alleged. This is particularly relevant in cases involving terms of service violations or accessing data that was not meaningfully secured.
Fourth Amendment: Illegal Search and Seizure
Computer crime investigations involve invasive searches of digital devices, cloud accounts, email, and ISP records. Every one of those searches requires proper legal authorization.
We examine whether search warrants were properly obtained, whether the scope of digital searches exceeded what the warrant authorized, and whether law enforcement used the warrant as a fishing expedition to examine data unrelated to the alleged crime. Suppression of illegally obtained digital evidence can fundamentally change the prosecution’s case, and in some situations, it’s case-dispositive.
Insufficient Evidence of Identity
As discussed above, proving who was at the keyboard is often the weakest link in the prosecution’s case. We challenge every assumption the prosecution makes about identity: IP address attribution, device ownership, access log interpretation, and the reliability of digital forensic conclusions.
Related Charges: Understanding the Differences
PC 502 charges frequently overlap with other offenses. Understanding the distinctions matters because it affects both the defense strategy and the potential consequences.
| Charge | Code | Classification | How It Relates |
|---|---|---|---|
| Identity Theft | PC 530.5 | Wobbler | Often co-charged when computer access is used to obtain personal identifying information |
| Grand Theft | PC 487 | Wobbler | When computer access results in theft of property or money exceeding $950 |
| Forgery | PC 470 | Wobbler | When computer access involves creating false digital documents |
| Eavesdropping | PC 631 | Wobbler | When computer access involves intercepting electronic communications |
| Invasion of Privacy | PC 647(j) | Misdemeanor | When computer access involves viewing private images |
| Stalking | PC 646.9 | Wobbler | When computer access is used to harass or stalk |
| Federal CFAA | 18 U.S.C. § 1030 | Federal felony | Federal counterpart; substantially higher penalties |
The prosecution sometimes stacks multiple charges from a single course of conduct. For example, accessing a former employer’s system and copying client data could result in charges under PC 502(c)(1), PC 502(c)(2), PC 530.5, and PC 487, all arising from the same set of facts. Part of an effective defense is challenging whether the evidence actually supports each separate charge or whether the prosecution is piling on.
Facing Computer Crime Charges in San Diego?
Computer crime cases turn on technical evidence that most criminal defense attorneys simply don’t understand. IP attribution, forensic imaging, server log analysis, network architecture: these aren’t concepts you can learn on the fly. When the DA’s Technology Crimes Unit is building a case with support from the FBI’s Regional Computer Forensics Laboratory, you need defense attorneys who can go toe-to-toe with their forensic experts and challenge the evidence at every level. We’ve defended clients in exactly these cases, from corporate data theft allegations to unauthorized access disputes arising out of employment terminations, throughout San Diego County.
The sooner we start, the more options you have. Evidence preservation, witness identification, and early forensic analysis can make the difference between a case that resolves favorably and one that doesn’t.
Call us 24/7 for a consultation. We’ll review your case, explain exactly what you’re facing, and start building your defense immediately. Contact our San Diego criminal defense team today. The bottom line is this: you’re entitled to a defense that matches the seriousness of what the prosecution is bringing against you. Protect your freedom and your future. You must know your rights.
References
- 1. Penal Code, § 502, subd. (c) [Prohibited computer access and fraud activities].↑
- 2. Penal Code, § 502, subd. (b) [Definitions — “access,” “without permission,” “computer contaminant,” “injury”].↑
- 3. Penal Code, § 502, subd. (b) [Definitions — “access,” “without permission,” “computer contaminant,” “injury”].↑
- 4. Penal Code, § 502, subd. (b) [Definitions — “access,” “without permission,” “computer contaminant,” “injury”].↑
- 5. See CALCRIM No. 2700 [Unauthorized Access to Computer].↑
- 6. Penal Code, § 502, subd. (c) [Prohibited computer access and fraud activities].↑
- 7. Penal Code, § 502, subd. (b) [Definitions — “access,” “without permission,” “computer contaminant,” “injury”].↑
- 8. See Penal Code, § 17, subd. (b) [Reduction of wobbler to misdemeanor].↑
- 9. Penal Code, § 1170, subd. (h) [Realignment — felony sentences served in county jail for non-excluded offenses].↑
- 10. Penal Code, § 502, subds. (e), (g) [Civil liability and equipment forfeiture].↑
- 11. Penal Code, § 502, subds. (e), (g) [Civil liability and equipment forfeiture].↑
- 12. Penal Code, § 29800 [Felon prohibited from possessing firearms].↑
- 13. Penal Code, § 502, subds. (e), (g) [Civil liability and equipment forfeiture].↑
- 14. 18 U.S.C. § 1030 [Computer Fraud and Abuse Act].↑
"*" indicates required fields
200+
Google Reviews
Our appearances in the media.
PRACTICE AREAS
Down Town Office
El Cajon Office
- San Diego
- El Cajon
- La Jolla
- Chula Vista
- La Mesa
- National City
- Coronado
- Del Mar
- Encinitas
- Carlsbad
- Oceanside
- Vista
- San Marcos
- Poway
- Santee
- Rancho Peñasquitos
- University City
- Clairemont / Bay Park
