Deleting Files is a Crime?

cemaco writes "A former employee of International Airport Centers, who is currently embroiled in a legal dispute with them, returned his company laptop as required. Hoping to find incriminating evidence, I.A.C. attempted to retrieve deleted information from the laptop in question with no success. This employee had beaten them to the punch. He had used 'secure delete' software, in order to make sure nothing could be recovered. He is now being charged with a violation of the Computer Fraud and Abuse Act."

Two-way crime

[Too+many+errors,+bai]

So if he has the files, he's a criminal. But if he doesn't have the files, he's also a criminal? How is deliberate obstruction determined in a case like this?

Re:Two-way crime

[ackthpt]

So if he has the files, he's a criminal. But if he doesn't have the files, he's also a criminal? How is deliberate obstruction determined in a case like this?

Seems to me what is lacking here is IAC arguing before the court what specific contents should be on the computer which were destroyed, without authorisation, thus doing harm to the company.

Lord knows, everywhere I've worked, when I left I was expected to clean out my desk, not have a bunch of business analysts doing it to be sure I didn't throw anything useful away. Gosh. To think the massive amount of crap which would litter my computer and desk if I didn't dispose of things is daunting. I must be trusted to use good sense and not throw valuable stuff away, huh?

Re:Two-way crime

[Ossifer]

Seems to me what is lacking here is IAC arguing before the court what specific contents should be on the computer which were destroyed, without authorisation, thus doing harm to the company.

Exactly! The 7th Circuit has merely stated that the action could be a violation of the act--something to be determined at a trial. They haven't convicted anybody or even claimed that a law was broken, only that the alleged act is conceivably a violation.

Re:Two-way crime

[Drogo007]

FTFA:
"Jacob Citrin was once employed by International Airport Centers and given a laptop to use in his company's real estate related business. The work consisted of identifying "potential acquisition targets."

Essentially the product of his job was the information about which properties to acquire.

From the Judges decision (PDF here: http://www.ca7.uscourts.gov/tmp/R31363C0.pdf ):
"decided to quit IAC in violation
of his employment contract, he resolved to destroy files that
incriminated himself and other files that were also the
property of his employer"

He apprently deleted the files containing the information he had been hired to collect after violating what sounds like a non-compete clause in his employment contract because he wanted to go into business for himself doing the exact same thing he'd been hired to do.

Poor analogy: As a surveyor for a mining company, it's my job to find mineral deposits for my employer. Using company time and equipment, I find such a site, but fail to disclose the location because I decide I want to start my own personal Survey firm. I'd say they'd have a pretty darn good case against me.

I also don't think the case from TFA is going to get laughed right out of court.

Re:Two-way crime

[soft_guy]

Software companies keep source code in a repository, not on some developer's laptop.

Re:Two-way crime

[mindstrm]

"With point 1, I get a chuckle when I walk by someone on a computer, typing up an email, and when they see someone approaching from behind they flip to another window or hit screensaver etc. I want to say to them "you DO realize that's not private in any way shape or form and I or any of your managers could easily read it?" but I usually just walk away smiling at their ignorance."

Do you have an ego problem or something? Just because someone minimizes something and doesn't want your nosy ass reading over their shoulder, or seeing what they are doing doesn't mean they are stupid. Perhaps what they are doing is none of your business?

Just because you are a sysadmin, and can technically do these things does not make them right, or even legal, depending on your jurisdiction. Depending on the company, even a mighty sysadmin can be fired for doing this without the proper authorization.

Do you think telephone technicians sit there and laugh saying "Man people are so stupid, they think their phone calls are private!"... no, they don't. It's understood that yes, they can and do listen to calls on occasion, and they have the integrity and ethics not to blab about it or let it leave the equipment room.

"Man people are so stupid, they think that their personal conversations at home are private, but I have this parabolic microphone!"... man, what ingorant people.

Was it classified as evidence?

[radarsat1]

If the laptop was classified as evidence in the case, chances are it wouldn't be in his possession. If it wasn't, then he didn't commit a crime.

On the other hand, if a document was issued classifying the harddrive as evidence before he deleted the contents of the drive, he did commit a crime.

Ideally, it should be as simple as that.

Re:Was it classified as evidence?

[Chas]

From reading the article, it looks like there wasn't anything resembling an investigation under way. Merely a guy who was leaving the company to pursue another job (albeit a competitive one). He returned the laptop, as he pretty much was required to do.

THEN they went looking for dirt on him.

That order right there is what's important. If the guy had been informed of an investigation, and had then returned the laptop, wiped, he could be guilty of destroying evidence.

But he returned the laptop, then an investigation was begun.

Sorry, no investigation first, no crime.

Granted, this COULD be an internal policy issue for the company too. However, they're not suing him for violating company policy. They're suing him under "hacking" charges. Which pretty much says that there was no policy in place regarding the data on the laptop. Moreover, the guy's employment contract, apparently, SPECIFICALLY allowed him the option of destroying data on the machine.

In agreeing to that, the company pretty much just abrogated ownership of the data.

This guy's in for a really long court battle. But, eventually, he's going to be acquitted.

alarmist

[RelliK]

Once again, slashdot summary is wrong and you didn't read the article.

Ideally, a judge would, like the article's author, take one look at the charges and say, "whaaaaat?" just before throwing the whole silly thing out. Now three loops have decided returning the drive clean is a crime, unanimously.

RTFA. That's exactly what the judge did. The company appealled the decision, and the appeals court sent it back to the judge saying: no, you can't throw this out. The company might be right. You need to hold a trial to figure it out.

Having read the article, I agree. The issue is not so clear-cut that it should be dismissed out of hand: it deserves its day in court. The guy may have deleted incriminating information (which is a crime, see Enron paper shredders). He may also have been propping up his business at company's expense (i.e. using whatever data he acquired while making sure the company doesn't get a hold of it). That's for the judge to decide, and that's exactly what the appeals court said should happen.

Oh and, btw:

Adolf Hitler

you lose.

Re:What Rights?

[Sancho]

Presumably, there was somewhat confidential data on that notebook anyway. The use of a secure deletion program should be required to keep that data out of the hands of competitors.

But there are things in the case that we don't know.. for example, what evidence does the company have that these files were even there in the first place? Maybe he was secure-deleting personal information that the company had no right to in the first place (where I work, we have an incidental use clause regarding technology--that is, we can use it for our own personal purposes as long as it doesn't degrade the system as a whole). Simply put, we don't know most of the facts of this case.

To be the Devil's Advocate here...

[gerf]

Basically the whole issue ended up being about timing.

When he decided to leave employ of the IAC to start his own venture, his authorization at that point to use the computer did not belong to him. Though he may have physically retained the computer, and had all access to it, he did not have legal rights to its contents.

At that point, he was a competitor to IAC, possibly with information on his person about IAC that a competitor should not.

IAC wondered what he had, and whether he was misusing this laptop for his own benefit, which would break all kinds of laws. They wanted to take a look at said laptop, and see if he'd used it or seen anything he shouldn't have recently.

This employee then accessed the laptop and deleted all kinds of stuff, akin to shredding documents Enron or Watergate style. He then returns the laptop to IAC, his former employer and now competitor.

Unsurprisingly, former employee is now sued, though his conviction is by a tenuous interpretation of a law.

WTF...

[ls+-la]

Citrin pointed out that his employment contract permitted him to "destroy" data in the laptop when he left the company.

His right to do this was in his contract. Can anyone tell me why a contract can no longer protect an individual from a company?

Mistake in argument

[Todd+Knarr]

I think his mistake was in arguing about his authority to delete files at all. His argument should have been that all the files alleged to have been deleted were personal files, personal use of the laptop was authorized by his employment agreement (quote the relevant paragraph from the agreement, and the company has no right to demand that those files be turned over in the first place. You can't be charged under the law he was if the only things you "damaged" belonged to you.

Of course, this only works if he was scrupulous to avoid mixing his personal stuff with company data and can clearly show that all the files the company can prove were theirs are untouched. If he did delete files from an area normally or provably containing company data, he's pretty much SOL.

Why is this in criminal court?

[j0nb0y]

This should be a civil matter.

It is a testament to the broken state of our laws (and especially our computer crime laws) that his former employer was able to (convince a DA to) drag him into criminal court for this.

If the guy had hacked into company computers and destroyed data, then sure, he should be prosecuted under criminal laws. But wiping files from a hard drive? If the guy really did do damage to his former employer, or violated a contract with them, then it shouldn't be a criminal case. It should be a civil case.

Cart before the horse

[tomhudson]

Of course it's BS. But so is the whole case.

The REAL case is that the guy was setting up his competing business, and they wanted the laptop data to prove it.

They shouldn't be going after him for "destruction of data on a networked device" but for violating his non-compete. Especially since, if they can't prove he violated the non-compete, then it IS his data to do as he pleases, even if it was sitting on their laptop.

Look at it this way: If they can't first show he violated his non-compete, then they have no claim to the data he erased, as it may have been "his" data just as much, or more, than theirs.

On the other hand, prove first that he violated his non-compete, and you can THEN also get him on the data destruction.

What you CAN'T do is the reverse - prove the destruction of your data if you can't first prove that it is uncontestedly your data.

Re:Catch-22

[tomhudson]

The point is that any data of any kind even if it was created by the employee for the employee's own use, was at one point on a company owned resource (the laptop), and hence owned by the company.

Did Jesus just kill another kitten or something?

Nope. No more than if I put my lunch in a company-owned drawer, or install developer software bought, paid for, and licensed to ME on a company-owned computer, or even on their server.

Your theory of "company-owned" is more viral than Microsoft's "shared-source".

I leave, my stuff leaves with me.

I'll agree the guy WAS stupid to delete the files, and he WAS stupid to even bother using the company laptop. But lets reverse your argument - the company-owned laptop was at one point on an employee-owned resource - the employee's lap. Does that mean he owns it? Of course not. Ownership is not transferred by putting something next to, inside of, or on something. Its transferred by either mutual agreement or act of law.

THAT is bullshit!

[emptycorp]

That is bullshit. If that were true: a company could argue that the government can't look at their financial records because it would incriminate them; a murderer could deny police access to their premises because they would find a body in her freezer that would incriminate her.

A murderer CAN deny access to their property even having a dead body in the freezer, enless the police have a warrant. A company CAN refuse to turn over documents enless the police have a warrant. Police can't walk in anywhere they want and/or just take things because they may or may not be incriminating, it's called probable cause. They must have enough viable reason to further their investigation, you can't just bother every citizen because you may or may not know a partial bit of information about a crime.