From: Henry_Waldock@mtsg.ubc.ca
Message-Id: <1516894@mtsg.ubc.ca>

   I am a Canadian law student with a BSc in Computer Science.  I'm 
doing a paper on computer viruses and the Criminal Law. 
   When the Canadian Parliament considered computer mis-use, viruses 
were not a problem, but the legislation they produced isn't bad.  (I 
will attach a copy at the end of this message.)  They created a kind 
of "trespass to information" which they called "unauthorized access 
to a computer system", and a kind of "vandalism to information", 
which they called "unauthorized alteration or destruction of 
computerized data".  My major criticism is that they didn't 
explicitly criminalize the unauthorized consumption of computer 
resources.  While the language they chose may not suit your purposes 
exactly, the three concepts of
 1)  unauthorized access to services (and data),
 2)  unauthorized consumption of services, and
 3)  unauthorized alteration/destruction of data
should cover most forms of computer abuse.
  If you define the purposes for which a user is _authorized_ to use 
his or her own account/equipment, you can limit even private 
commercial usage.
   See also the California Penal Code s.502, and the Pennsylvania 18 
PA Cons. Stat. Amm s. 3933.
 
(Note that these are the old section numbers.  The Canadian Criminal 
Code was re-numbered on Jan 1, 1989.)
     The Canadian Criminal Code
301.2?(1)  Every one who fraudulently and without color of right
  (a) obtains, directly or indirectly, any computer service,
  (b) by means of an electormagnetic, acoustic, mechanical  or other
  device, intercepts or causes to be intercepted, directly or
  indirectly, any function of a computer system, or
  (c) causes to be used, directly or indirectly, a computer system
  with intent to commit an offence under paragraph (a) or (b) or an
  offence under section 387 in relation to data or a computer system
is guilty of an indictable offence and is liable to imprisonment for 
a term not exceeding ten years, or is guilty of an offence 
punishable on summary conviction.
      (2)  In this section,
"computer program" means data representing instructions or 
statements that, when executed in a computer system, causes the 
computer system to perform a function;
"computer service" includes data processing and the storage or 
retrieval of data;
"computer system" means a device that, or a group of interconnected 
or related devices one or more of which,
  (a) contains computer programs or other data, and
  (b) pursuant to computer programs,
    (i)  performs logic and control, and
    (ii) may perform any other function;
"data" means representations of information or of concepts that are 
being prepared or have been prepared in a form suitable for use in a 
computer system;
"electromagnetic, acoustic, mechanical or other device" means any 
device or apparatus that is used or is capable of being used to 
intercept any function of a computer system, but does not include a 
hearing aid used to correct subnormal hearing of the user to not 
better than normal hearing;
"function" includes logic, control, arithmetic, deletion, storage 
and retrieval and communication or telecommunication to, from or 
within a computer system;
"intercept" includes listen to or record a function of a computer 
system, or acquire the substance, meaning or purport thereof.
 
387. ... (1.1) Every one commits mischief who wilfully
  (a) destroys or alters data;
  (b) renders data meaningless, useless or ineffective;
  (c) obstructs, interrupts or interferes with the lawful use of
  data; or
  (d) obstructs, interrupts or interferes with any person in the
  lawful use of data or denies access to data to any person who is
  entitled to access thereto.
(8) In this section, "data" has the same meaning as in section 
301.2.