(1) Subject to section 13 and subsections (3) and (4), a person shall not knowingly and without lawful authority, cause a computer system to perform any function for the purpose of securing access to any program or data held in that computer system or in any other computer system.
(2) A person who contravenes subsection (1), commits an offence and is liable, on summary conviction—
(a) in case of a first offence—
(i) subject to subparagraph (ii), to a fine not exceeding $5,000 or to imprisonment for a term not exceeding 3 months or to both, and
(ii) where the computer system is damaged, impaired, or where data contained in the computer system is suppressed or modified, to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 months, or to both;
(b) in the case of a second or subsequent offence—
(i) subject to subparagraph (ii), to a fine not exceeding $20,000 or to imprisonment for a term not exceeding 6 months or to both, and
(ii) where the computer system is damaged impaired, or where data contained in the computer system is suppressed or modified, to a fine not exceeding $50,000 or to imprisonment for a term not exceeding one year, or to both.
(3) A person shall not be liable under subsection (1) if that person—
(a) is the person with a right to control the operation or use of the computer system and exercises such right in good faith;
(b) has the express or implied consent of the person empowered to authorize him or her to have such an access;
(c) has reasonable grounds to believe that he or she had such consent as specified in paragraph (b);
(d) is acting pursuant to measures that can be taken under Part 3; or
(e) is acting in reliance of any statutory power arising under any enactment for the purpose of obtaining information, or of taking possession of, any document or other property.
(4) An access by a person to a computer system is unauthorized if the person—
(a) is not entitled or allowed to control access of the kind in question; and
(b) does not have consent to the kind of access in question from any person who is entitled to give the consent.
(5) For the purposes of this section, it is immaterial that the unauthorized access is not directed at—
(a) any particular program or data;
(b) a program or data of any kind; or
(c) a program or data held in any particular computer system.