What §33.02 Actually Criminalizes

Section summaryTexas Penal Code §33.02 makes it an offense to knowingly access a computer, computer network, or computer system without the effective consent of the owner. The statute reaches both outsider intrusion and insider misuse, with no narrowing analogue to Van Buren.

The elements are deceptively simple:

  • Knowingly
  • Accesses a computer, computer network, or computer system
  • Without the effective consent of the owner

Most of the litigation runs through the third element. "Computer," "computer network," and "computer system" are defined in Penal Code §33.01 and reach almost any device with a processor, but the definitional fight is rare. The fight is over consent: whether consent existed, whether it covered the conduct, and whether it had been withdrawn.

Unlike the federal CFAA, §33.02 was not narrowed by the Supreme Court in Van Buren. Texas courts construe the statute independently, and while Van Buren's "gates-up-or-down" framing has been raised in Texas appellate briefing, no Texas court of last resort has adopted it as the test for "effective consent." Our Van Buren impact analysis covers the federal side.

When Authorization Ends

Section summaryAuthorization can end at termination, at project conclusion, at session expiration, or at the explicit withdrawal of consent. The cleanest cases are the ones where the boundary is documented; the harder cases are the ones where it is not.

Authorization is dynamic. Several common end-points generate §33.02 fact patterns:

  • Termination. Employment ends, access should end, but the employee logs in during a notice period or after. Was consent withdrawn? Often the answer is yes, but the record must support it.
  • Project completion. A contractor with project-scoped access continues to log in after the project ends. Consent was for the project; logins after it are unauthorized.
  • Session expiration. A user with one-time access for a specific transaction returns and logs in again. The original consent did not authorize the second visit.
  • Explicit withdrawal. The owner tells the user, in writing or otherwise, that consent is withdrawn. Logins after that point are unauthorized.

If you are weighing potential exposure, the charge-subsection spotter screens both federal and state possibilities and points toward the most-fitting statute. For federal sentencing exposure once a charge is on the table, the federal sentencing guidelines calculator models the offense-level math.

Charging Tiers

Section summarySection 33.02 runs from Class B misdemeanor at the base level up to first-degree felony where loss is substantial or where critical infrastructure is targeted. The tier turns on dollar amount, benefit obtained, and target type.

The escalation structure of §33.02 generally tracks:

  • Class B misdemeanor — baseline knowing access without consent.
  • Class A misdemeanor — aggravators tied to the nature of the system or modest loss.
  • State jail felony — moderate loss or benefit, certain target types.
  • Third-degree felony — higher loss, government computers in some configurations.
  • Second-degree felony — substantial loss thresholds.
  • First-degree felony — top-tier loss, critical infrastructure, repeat conduct.

The exact dollar thresholds and statutory language should be checked against the current text at statutes.capitol.texas.gov for any specific case, since legislative updates have moved the tier boundaries over time.

Building a §33.02 Defense

Section summaryDefense against §33.02 turns on documenting the scope, source, and timing of consent. The work is records-driven and starts well before any motion is filed.

A strong §33.02 defense workup focuses on:

  • Written grants of access — onboarding records, IT tickets, vendor agreements.
  • Scope-defining policies — acceptable-use policies, role definitions, contracts.
  • System audit logs — what was accessed, when, and from where.
  • Withdrawal records — termination letters, project-end communications, explicit-withdrawal emails.
  • Source-of-authority records — proof the person granting consent had authority to grant it.

Where the record shows consent that covered the conduct and was not withdrawn, the State's proof can collapse on the third element. Where the records are silent, the case becomes a credibility contest. Our Texas Computer Crimes Defense Guide walks through the full architecture of a §33.02 defense.

Need defense counsel?

L&L Law Group, PLLC handles Computer Crimes Defense cases throughout DFW. Initial consultations are free.

Call (972) 370-5060 →

Frequently Asked Questions

Is §33.02 always a misdemeanor?
No. The baseline is a Class B misdemeanor but the offense escalates based on loss amount, benefit obtained, and target type, up to first-degree felony in the most serious cases. Critical-infrastructure targets and substantial loss are the most common felony triggers.
Does Van Buren apply to Texas §33.02 cases?
Not as binding precedent. Van Buren is a federal CFAA case. Texas courts construe §33.02 independently. Defense lawyers do cite Van Buren for its reasoning on access versus use, and the persuasive weight is meaningful, but Texas appellate law on §33.02 is still developing.
What if I had credentials that the company forgot to revoke?
Forgotten revocation does not, by itself, create effective consent. If consent was withdrawn at termination, continued access after that point can violate §33.02 even if your credentials still technically worked. The question is what consent the owner gave and when it ended, not whether the technical access was still possible.
Can I be charged under both §33.02 and the federal CFAA for the same conduct?
Yes, in some configurations. Dual sovereignty allows federal and state prosecutions for the same underlying conduct, though most cases proceed in one forum based on charging-discretion factors. Federal prosecutors in the Northern and Eastern Districts of Texas typically take CFAA cases where federal interests dominate.
Part of a larger guide

Read the full Texas Computer Crimes Defense Guide

This article is one section of our comprehensive Texas Computer Crimes Defense Guide. The pillar guide covers recent developments, official resources, and the complete framework with deeper analysis.

Read the Pillar Guide →
⚖️
Texas Bar
Licensed
Bar Nos. 24043266 · 24043514
🏆
40+
Years Combined
Criminal Defense Experience
📞
Free
Consultation
Direct to Attorney
🔓
24/7
Jail Release
Available 7 Days a Week

Next Steps

If you are facing a situation described here, consult counsel promptly. Many issues in this area run on strict deadlines.

Reggie London & Njeri London

Co-Founding Partners · L&L Law Group, PLLC

Reggie London (Tex. Bar #24043514) and Njeri London (Tex. Bar #24043266) co-founded L&L Law Group in Frisco, Texas.

This guide was reviewed by Reggie London on May 30, 2026.

Cite this guide

Bluebook: Reggie London & Njeri London, Texas §33.02: When Authorization Ends, L&L Law Group (May 30, 2026), https://landllawgroup.com/insights/texas-33-02-authorization-when-it-ends/.

APA: London, R., & London, N. (2026, May 30). Texas §33.02: When Authorization Ends. L&L Law Group.