(1) Subject to section 13 and subsection (4), a person shall not, by any means, knowingly—
(a) secure access, without authority, to a computer system for the purpose of obtaining, directly or indirectly, any computer service;
(b) intercept or cause to be intercepted, directly or indirectly, without authority, any function of, or any data within, a computer system; or
(c) communicate directly or indirectly a number, code, password or other means of access to a computer system to any person other than a person to whom he or she is duly authorized to communicate.
(2) A person who contravenes subsection (1), commits an offence and is liable, on summary conviction—
(a) in case of a first offence—
(i) subject to subparagraph (ii), to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 months or to both, and
(ii) where the computer system is damaged, impaired, or where data contained in the computer system is suppressed or modified, to a fine not exceeding $20,000 or to imprisonment for a term not exceeding 6 months;
(b) in the case of a second or subsequent offence—
(i) subject to subparagraph (ii), to a fine not exceeding $25,000 or to imprisonment for a term not exceeding one year or to both, and
(ii) where the computer system is damaged impaired, or where data contained in the computer system is suppressed or modified, to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 18 months.
(3) For the purpose of this section, it is immaterial that the unauthorized access or interception is not directed at—
(a) any particular program or data;
(b) a program or data of any kind; or
(c) a program or data held in any particular computer system.
(4) A person is not liable under subsection (1) if that person—
(a) has the express or implied consent of both the person who sent the data and the intended recipient of that data;
(b) is acting in reliance of any statutory power.