Deleting Files is a Crime?

cemaco writes "A former employee of International Airport Centers, who is currently embroiled in a legal dispute with them, returned his company laptop as required. Hoping to find incriminating evidence, I.A.C. attempted to retrieve deleted information from the laptop in question with no success. This employee had beaten them to the punch. He had used 'secure delete' software, in order to make sure nothing could be recovered. He is now being charged with a violation of the Computer Fraud and Abuse Act."

Deleting Files is a Crime?

Of course it is. Wasn't this law passed when Gmail went public? Why if google could get its way, you wouldn't delete shi.. oh wait... :)

Two-way crime

[Too+many+errors,+bai]

So if he has the files, he's a criminal. But if he doesn't have the files, he's also a criminal? How is deliberate obstruction determined in a case like this?

Re:Two-way crime

[Kitanis]

If a smart lawyer would take the case.. it could be overturned on appeal.. How can you be charged when there is no evidence to hold you to that charge? The Judges are declaring a clean up of files as damage? Damage to what? the laptop was returned without the normal file associations that usually taints a origional install of the operating system. I tell you.. the more I see the law work.. the more i wonder....

Re:Two-way crime

[ackthpt]

So if he has the files, he's a criminal. But if he doesn't have the files, he's also a criminal? How is deliberate obstruction determined in a case like this?

Seems to me what is lacking here is IAC arguing before the court what specific contents should be on the computer which were destroyed, without authorisation, thus doing harm to the company.

Lord knows, everywhere I've worked, when I left I was expected to clean out my desk, not have a bunch of business analysts doing it to be sure I didn't throw anything useful away. Gosh. To think the massive amount of crap which would litter my computer and desk if I didn't dispose of things is daunting. I must be trusted to use good sense and not throw valuable stuff away, huh?

Re:Two-way crime

[kfg]

How is deliberate obstruction determined in a case like this?

Oh, that's easy enough. It doesn't enter into it at all.

KFG

Re:Two-way crime

[tomhudson]

He should have kept the laptop.

They would have argued that they need it to search for evidence against him.

Then he could have been able to argue "You can't have it - returning it to you would be self-incrimination."

Or he could have just removed the hard disk and paid them $100 for a replacement hard disk, or better yet: "gee, it died a few days ago, and I replaced it. BTW, here's the invoice. Please reimburse me".

Lesson - posession is still 9/10 of the law.

Re:Two-way crime

[bigboss1234]

It all depends on timing and rules. He is in trouble if he deleted the file after he realise there is an investigation, or if there is a rule against deleting that type of file, or there is a regulation against using a "secured delete" software.

Re:Two-way crime

[Ossifer]

Seems to me what is lacking here is IAC arguing before the court what specific contents should be on the computer which were destroyed, without authorisation, thus doing harm to the company.

Exactly! The 7th Circuit has merely stated that the action could be a violation of the act--something to be determined at a trial. They haven't convicted anybody or even claimed that a law was broken, only that the alleged act is conceivably a violation.

Re:Two-way crime

[Drogo007]

FTFA:
"Jacob Citrin was once employed by International Airport Centers and given a laptop to use in his company's real estate related business. The work consisted of identifying "potential acquisition targets."

Essentially the product of his job was the information about which properties to acquire.

From the Judges decision (PDF here: http://www.ca7.uscourts.gov/tmp/R31363C0.pdf ):
"decided to quit IAC in violation
of his employment contract, he resolved to destroy files that
incriminated himself and other files that were also the
property of his employer"

He apprently deleted the files containing the information he had been hired to collect after violating what sounds like a non-compete clause in his employment contract because he wanted to go into business for himself doing the exact same thing he'd been hired to do.

Poor analogy: As a surveyor for a mining company, it's my job to find mineral deposits for my employer. Using company time and equipment, I find such a site, but fail to disclose the location because I decide I want to start my own personal Survey firm. I'd say they'd have a pretty darn good case against me.

I also don't think the case from TFA is going to get laughed right out of court.

Re:Two-way crime

[blibbler]

> Then he could have been able to argue "You can't have it - returning it to you would be self-incrimination."

That is bullshit. If that were true: a company could argue that the government can't look at their financial records because it would incriminate them; a murderer could deny police access to their premises because they would find a body in her freezer that would incriminate her.
Self incrimination is when you are used directly as a source of evidence such as through a confession, or affidavit, and only applies to a criminal case.

Re:Two-way crime

[fm6]

If he has the files, he's not a criminal because he has them, but because of what's in them. If he had gone into his employer's filing cabinets and destroyed documents that could have been used against him, he could have been charged for that, though under a different law. Deleting documents from an employer owned computer isn't any different, at least morally.

Re:Two-way crime

[tomhudson]

Probably not, but lawyers have to eat, too. There's only so much sustenance to be gained by sucking the lifeblood out of people.

Re:Two-way crime

[krakelohm]

a murderer could deny police access to their premises because they would find a body in her freezer that would incriminate her

You have a crazy ex too?

Re:Two-way crime

[Philosinfinity]

I agree, but because the case originates in an employment at will state and because of the lack of a fact pattern, I am concerned in how the court is determining that the employment contract was broken. From the opinion, it seems that it was because the person had made a decision to quit the company caused the employment relationship to dissolve. However, there may be some facts missing or left implicit. Furthermore, the opinion states that the law includes the intent of keeping disgruntled programmers or admins from blowing away company files they have access to. The argument isn't that Citrin should be in trouble for blowing away his personal files and contacts from the laptop, but rather those files that were obtained, maintained, and altered in the course of his employment.

Re:Two-way crime

[v1]

"the files" is the evidence, not the crime. I think you are confusing the two. Making the evidence go away does not nullify the crime. If he commits a "crime" and there are files ("evidence") that he destroys, and you can prove there was a crime and the files were incriminating evidence, he can be charged not only with the crime, but also with destruction of evidence, which is illlegal.

Also the files on the laptop, were company property. While you are a company employee, you are caring for those files as a representative of the company, and you can arguably do with them as you please. After he was fired, those files were no longer under his care (he was no longer authorized to manage company property and resources) and remained property of the company. Wiping the hard drive at that point could very easily be proven to be Destruction of Private Property, again this is illegal.

The lessons learned:

(1) anything you put on a company computer IS THE COMPANY'S PROPERTY. Don't cry invasion of privacy or personal files, they are NOT yours anymore. You surrendered your right to privacy of your documents the moment you put them on company property. This actually is a double edged sword - many companies don't like you to use your own laptop specifically because they have less legal control over it and the information on it during extreme circumstances like termination. And don't forget, this includes email. Company has the right to monitor your email and anything else you do on the computer. It's astounding how many people believe that company email is private and that their employers are "not allowed" to look at personal employee emails.

(2) it's sometimes easier for a prossicutor to get a conviction if you destroy some (but not enough) evidence.

(3) it's not unheard of for a company to obtain a search warrant and send the police to ransack your house and take your computers/HDs/CDs to retrieve "sensitive company information". You don't even have to have the company's laptop for that one - they just have to convince a judge that you have "work in progress" you took home from work and loaded onto your computer, and you want it back. Sadly, most judges belly up on this issue and just sign off without due consideration for what they're allowing to happen.

With point 1, I get a chuckle when I walk by someone on a computer, typing up an email, and when they see someone approaching from behind they flip to another window or hit screensaver etc. I want to say to them "you DO realize that's not private in any way shape or form and I or any of your managers could easily read it?" but I usually just walk away smiling at their ignorance.

At some point in the future reality will hit them like a brick, and give them a good case of the cold sweats.

Re:Two-way crime

[penguinrenegade]

Believe it. If you are not a publicly traded company, you can refuse the IRS' audit request on 5th Amendment grounds. The IRS has no right to search your records and interrupt your business. A murderer CAN deny police access to their premises and strictly shut the door in their face. A warrant can override this but you cannot be compelled without one.

Similarly, if the police EVER pull you over and ask you if they can search your trunk or vehicle during a routine stop, you can refuse. I have done so, with no recriminations. I didn't have anything to hide but I take exception to the police searching without what I call a valid reason. I was stopped for expired tags, and after a 12-hour shift and 1 hour commute each way I was fully exhausted. Bloodshot eyes and the whole bit. Refused IMMEDIATELY and asked why they asked me. They told me that it was due to the bloodshot eyes and how I was obviously tired. I asked if they wanted me to pull over to sleep, they said no. I asked if they had any further reason for detaining me and again, they had to answer no, so I stated I would leave then. I already had the ticket in my hand - bing bang boom gone.

You don't have to incriminate yourself, and this guy will easily get out of it on appeal.

A better solution would be to ghost the hard drive when you get the laptop at your new job. Returning the computer to them in EXACTLY the same condition that it was given to you (data-wise) would then be trivial. How can they punish you for that? They can't. In fact, you can even prove that it IS in the same condition!

Re:Two-way crime

[llefler]

With point 1, I get a chuckle when I walk by someone on a computer, typing up an email, and when they see someone approaching from behind they flip to another window or hit screensaver etc. I want to say to them "you DO realize that's not private in any way shape or form and I or any of your managers could easily read it?" but I usually just walk away smiling at their ignorance.

It could also be that it is simply none of your business. I'm not comfortable with anyone reading over my shoulder or off of my screen while they stand there talking to me. I will nearly always minimize e-mail, query analyzer, web pages, regardless of their content. For all you know they could be writing a priviledged message to another employee (HR, management).

For me, I'm simply not comfortable with the situation, but with direct access to databases I could also be working with data that is confidential. Not only are work areas public, but it's not uncommon for people to have relatives or consultants visiting.

You make assumptions of wrong doing, but you're comfortable walking up and looking at someone's monitor where I doubt you would be comfortable picking up papers from their desk and reading them.

Re:Two-way crime

[soft_guy]

Software companies keep source code in a repository, not on some developer's laptop.

Re:Two-way crime

[mindstrm]

"With point 1, I get a chuckle when I walk by someone on a computer, typing up an email, and when they see someone approaching from behind they flip to another window or hit screensaver etc. I want to say to them "you DO realize that's not private in any way shape or form and I or any of your managers could easily read it?" but I usually just walk away smiling at their ignorance."

Do you have an ego problem or something? Just because someone minimizes something and doesn't want your nosy ass reading over their shoulder, or seeing what they are doing doesn't mean they are stupid. Perhaps what they are doing is none of your business?

Just because you are a sysadmin, and can technically do these things does not make them right, or even legal, depending on your jurisdiction. Depending on the company, even a mighty sysadmin can be fired for doing this without the proper authorization.

Do you think telephone technicians sit there and laugh saying "Man people are so stupid, they think their phone calls are private!"... no, they don't. It's understood that yes, they can and do listen to calls on occasion, and they have the integrity and ethics not to blab about it or let it leave the equipment room.

"Man people are so stupid, they think that their personal conversations at home are private, but I have this parabolic microphone!"... man, what ingorant people.

Re:Two-way crime

[sjb2016]

If only that were true. Unfortunately, companies, corporations anyway, do have the same rights as individuals in the United States. I tend to lean pretty hard to the right in most things political, but this fact has to change before companies do rule the world (even more than they do now).

Check out this interview
Companies do have the same rights as people

Re:Two-way crime

[surprise_audit]

One thing missing from the Police Blotter report was *when* the files were deleted. Were they deleted the day before giving back the laptop, or some months before?? In the latter case, it would be difficult to prove he wasn't just keeping things tidy. Kinda like shredding old printouts that are no longer relevant.

Re:Two-way crime

[sumdumass]

Well look at it this way, It matches the situation more closely.

The company gives you a company car to drive to locations were you need to either sell or fix something. You are allowed to take the car home and drive it to and from work. You have personal possesions in it like sun glasses, maps with the routes to your clients outline in markers, a jacket, change of clothes,your daughter's school book and homework because she left in the car when you droped her off on the way to your first apointment. Your company now decides to get rid of you for whatever reason, are you allowed to get you belonging out of the car now? Are you alowed to remove any trace of them? Did you violate any laws when removing them before returning the car? Even when the company fired you because you were driving your kid to school in the company car and they wer eplanning on ussing your daughter school books and home work as evidence to support thier decision?

This is more like what this is about. If the company gives me somethign to use, i use it for personal use as well as work, the personaly stuff doesn't automaticaly become the company's property. I'm not clear on exactly what was deleted but from the article it apears that it was evidence that could prove he was using the laptop to start his own buisiness wich should fall under personal use.

Re:Two-way crime

[nolife]

There is a HUGE difference between breaking a law and violating a contract or a business agreement. One is criminal, the other civil. If I'm not mistaken, isn't the Computer Fraud and Abuse Act a criminal act?
What about renting a VHS tape from Blockbuster and erasing the tape and returning it. I think BB would have to pursue the recourse from you as a civil matter, not the local police department. Who knows..

Re:Two-way crime

[Pendersempai]

While corporations do get a lot of the constitutional protections that humans have, they cannot plead the fifth to avoid self-incrimination.

Re:Two-way crime

[AK+Marc]

You have personal possesions in it like sun glasses, [...]
This is more like what this is about. If the company gives me somethign to use, i use it for personal use as well as work, the personaly stuff doesn't automaticaly become the company's property.

It sounded more to me like the appropriate analogy would be that he was a programmer hired to write a program. He took his salary for a year, then as he finished up the program, realized he could get someone to pay him cash for the program and he could keep the source code and sell it to other people later too. So, he quits. Someone asks for his laptop back. He realizes that the code is on the laptop, so he deletes it.

What he deleted that the company was interested in was not personal stuff. It is his work product that he is stealing from the company for his own gain. I'm unclear whether he deleted it to prevent them from getting the source code to compete with him, or because he knew it was illegal (or at the very least, unethical and a violation of his contract) and wanted to destroy evidence. But he did not destroy it until after he was fired, and at that point he did not own the laptop, and certainly not any work-product on it. They didn't want his sun glasses, they wanted the company-owned equipment in the trunk that he took out and sold to someone after he was fired.

Re:Two-way crime

[fm6]

Right you are, that's a better comparison. But legally and morally, the desk drawer isn't any different. The desk drawer is company property, as are any company files he sticks in it — even if he wrote them himself.

What Rights?

[ackthpt]

Adolf Hitler, when challenged by some people, said "I don't need you, I have your children."

Effectively one could say the same thing about those in government who have usurped the rights of the people since the ink dried on the Constitution and Bill of Rights. "I don't need you, I have the laws." Worst of all, they have a lot of the children too, because the children don't care or will vigorously defend the right of the government to deny them their very own rights.

Ideally, a judge would, like the article's author, take one look at the charges and say, "whaaaaat?" just before throwing the whole silly thing out. Now three loops have decided returning the drive clean is a crime, unanimously.

Ok, there's the thought that work on the laptop would be of value (a project of some sort or list of contacts and estimates valueable to the next to occupy the position) to the employer and the employee violated some work ethic, by destroying company property, but that's now how it reads. More likely the computer would only contain things meaningful to the employee in the context of producting the actual end work.

Next there will probably be some poor person sued for throwing out old yellowed paper-work, which had been in the bottom drawer of a desk for 30 years, when retiring.

Does this mean each person must approach the company gestapo for approval to destroy or discard anything?

A laughable concept. IAC are a bully and the U.S. Court of Appeals for the 7th Circuit are out of their league regarding workplaces and technology.

oy, he erased 'is name from the company directory! someone could get seriously lost looking for a former employee's cubicle and come to great harm! put 'im in irons!

Re:What Rights?

[ackthpt]

Fair point. Although you have to beg the question, why would the employee use so called "secure delete" software if he had nothing to hide? I know it's a bit of a crappy argument, although it is something to consider.

Apparently on that technical ground the court made, incredibly, a unanimous decision. I find that preposterous and worrying.

he's driving the speed limit, but he was probably speeding before he slowed down to it, let's write him a ticket

Re:What Rights?

[sparckzero]

Apparently on that technical ground the court made, incredibly, a unanimous decision. I find that preposterous and worrying.

You're right, that's damned worrying. I can see why they might decide that though. That doesn't make it right. You would have thought that at least one person would decide against it.

he's driving the speed limit, but he was probably speeding before he slowed down to it, let's write him a ticket

Good analogy. For the record, I always stick to the limit ;)

Re:What Rights?

[poot_rootbeer]

Ideally, a judge would, like the article's author, take one look at the charges and say, "whaaaaat?" just before throwing the whole silly thing out. Now three loops have decided returning the drive clean is a crime, unanimously.

I urge you to consider the possibility that all the judges who have thus far ruled that it can be a criminal act to destroy information that does not belong to you may, in fact, not be "out of their league" regarding workplaces and technology, and even may understand the issues better than either you or Mr. McCullagh.

Re:What Rights?

[Crispy+Critters]

"Apparently on that technical ground the court made, incredibly, a unanimous decision. I find that preposterous and worrying."

The most important thing to notice here is that this was not a final judgment. This was a ruling regarding an appeal to the case being dismissed. A case is only dismissed in this way if the plaintiff has no case even assuming that every disputed fact is in his favor. Dismissing the case is like saying, "You're so wrong, that even if you were right, you'd still be wrong." The ruling here just lets the case go forward. The guy could still be totally exonerated in the end.

Re:What Rights?

[Sancho]

Presumably, there was somewhat confidential data on that notebook anyway. The use of a secure deletion program should be required to keep that data out of the hands of competitors.

But there are things in the case that we don't know.. for example, what evidence does the company have that these files were even there in the first place? Maybe he was secure-deleting personal information that the company had no right to in the first place (where I work, we have an incidental use clause regarding technology--that is, we can use it for our own personal purposes as long as it doesn't degrade the system as a whole). Simply put, we don't know most of the facts of this case.

Re:What Rights?

[__aaclcg7560]

When I left my last job, the hard drive was being wiped as I walked out the door. I wasn't concern that the company would find any incrimating stuff on my computer (there was none). I was more concern that my manager might try to plant incrimating stuff on my computer to give me a bad reputation since I was leaving because of the manager and everyone knew it. That's a bit hard to do when the computer can't find the operating system. As for all my work-related files, they were stashed away on the network drive.

Whoa!

[LandownEyes]

"The term "damage" means any impairment to the integrity or availability of data, a program, a system, or information;" Whoa, better not install windows. But really, after I close the lid on my laptop it takes a few seconds for the system to come back to life when I open it, technically, the availability of data is impaired in those few seconds (well 30 if it's a compaq). Oh, whoa again! So if I'm watching a DVD and my brother steps in front of the screen and I can't see for a second, then my access to the "data" is "impaired". Huzzah! We're all going to jail! BONG!

Re:Whoa!

[infolation]

It's not an uncommon data-deletion policy to encrypt all archived data/backups, then to later delete the corresponding key to any data that needs to be securely wiped. It would be pretty easy to end up in the same situation as this employee if your data was archived in this way and you decided to delete your keys when you left your job.

It's a *company* laptop...

[the_skywise]

It's the *company's* information. Just as if you took out your file folders and TPS reports before you quit work and burned them, it's a violation of law.

Re:It's a *company* laptop...

[Chas]

Yes and no.

If the company had a set of policies in place, and had informed the employees about them, that ALL data that was put onto the system became the property of the company. Or if there was a clause on there about not putting personal data or programs on there.

In this case, they would pretty much need to PROVE that anything he deleted was possibly incriminating. Which, at this point, would be damn near impossible.

Re:It's a *company* laptop...

[Raul654]

RTFA - "Citrin pointed out that his employment contract permitted him to "destroy" data in the laptop when he left the company. But the 7th Circuit didn't buy it"

Re:It's a *company* laptop...

[Bagheera]

Depends. It's certainly the company's laptop, but the NON-work-related data may not be theirs. Every company I've worked in that allowed the use of a laptop had allowances for "limited personal use" in their acceptible use policies. That meant that it was cool for me to use the laptop to check my webmail accounts during lunch, etc. That information was mine, not theirs. It was also assumed reasonable for me to delete my personal data that was left on the system.

Operative word being "Reasonable."

It would all depend on whether his company's acceptible use policy had an allowance for limited personal use or not. If they did say it was OK to use it for personal use, they had no legal grounds upon which to try and recover HIS personal (not work related) data since it was HIS.

Your analogy implies that EVERYTHING in a workspace is company property, when in most cases it's not. Having personal effects in my office, and removing them when I leave the employer, is no different form having some personal data on a computer.

Was it classified as evidence?

[radarsat1]

If the laptop was classified as evidence in the case, chances are it wouldn't be in his possession. If it wasn't, then he didn't commit a crime.

On the other hand, if a document was issued classifying the harddrive as evidence before he deleted the contents of the drive, he did commit a crime.

Ideally, it should be as simple as that.

Re:Was it classified as evidence?

[Chas]

From reading the article, it looks like there wasn't anything resembling an investigation under way. Merely a guy who was leaving the company to pursue another job (albeit a competitive one). He returned the laptop, as he pretty much was required to do.

THEN they went looking for dirt on him.

That order right there is what's important. If the guy had been informed of an investigation, and had then returned the laptop, wiped, he could be guilty of destroying evidence.

But he returned the laptop, then an investigation was begun.

Sorry, no investigation first, no crime.

Granted, this COULD be an internal policy issue for the company too. However, they're not suing him for violating company policy. They're suing him under "hacking" charges. Which pretty much says that there was no policy in place regarding the data on the laptop. Moreover, the guy's employment contract, apparently, SPECIFICALLY allowed him the option of destroying data on the machine.

In agreeing to that, the company pretty much just abrogated ownership of the data.

This guy's in for a really long court battle. But, eventually, he's going to be acquitted.

Frivolous law suits.

[keilinw]

Interestingly, it appears to me that the ex-employee did the right thing.

1.)He is protecting the privacy of whoever's data was on the computer.
2.)He is ensuring that the computer is free from viruses, worms, spy ware, etc (assuming he performed a total wipe).

If the company wanted evidence against their employee then they should have attained it before accusing him. To do so in reverse order, as they did, only allows the employee to cover his tracks. If anything I am disappointed in the way that the company handled their business and at the very minimum reflects on the "quality of employees" that they hire.

One more note: doesn't this sort of thing fall under the category of "entrapment."

Argggg, I'm getting frustrated.... and I don't know if I should blame stupidity or the lawyers... oh wait... aren't they the same?

Matthew Wong
http://www.themindofmatthew.com/">http://www.themi ndofmatthew.com

Re:Kind of crazy....

[Qzukk]

If this "secure eraser" is so awesome, then what trace was there that this "secure eraser" had been used? If someone hauls me in for a crime and my computer has no evidence, does that mean I must have used a "secure eraser" on it?

So then if I have nothing to hide, am I now hiding something?

Re:Kind of crazy....

[Darthmalt]

Possibly. But if he used it as a personal laptop it might have credit card info from online purchases, porn in the internet history, or some music he ripped off a cd to listen to while he was working or traveling. None of that is illegal but all of it is stuff you wouldnt want an employer / ex employer to find.

Where I work...

[hackstraw]

We are required to wipe the drives when we leave with something like a hardware 3 pass low level uniquely random sequencer based on radioactive decay.

I got a little overboard there. I do not work in a secure environment. I believe this is for our privacy when we leave, or maybe it has to do with security for financial information, or maybe it has no reason, but it is a policy.

This guy got raped by the system before the real deal. Gotta love our freedoms!

Deleting is deleting, period...judge should get it

[JoeShmoe]

I can't find it now, but a federal court judge once made the comment that people need the ability to delete files and have courts recognize them as "destroyed". Just because computer forensics has a much greater chance of success shouldn't mean that people can't deliberately disassociate themselves from material. This is core to the right against self incrimination.

Consider what might happen if I sent you a child porn image. You, offended, delete the image immediately and report me to the FBI. Now what if, unable to find me, the FBI came to your door, confiscated your laptop with a warrant (after all, you reported seeing the file, therefore you must have it) and used an undelete program to recover it. Are you now guilty of the crime of possession of child pornography? Yes, you are. At least, as far as the prosecutors are concerned.

It's never been tested legally to my knowledge, but the court MUST recognize that for someone to be charged over deleted evidence is akin to government agent pulling memories from your brain and using those memories to reconstitute matter in the same patter and then use it as evidence against you in a court of law.

This is Orwellian to the extreme, but it is quite possible that the raving "think of the children" lunatics out there will create just such a legal system. After all, they will argue, what stops kiddie porners from keeping their porn collections in the Recycle Bin? What about on a shadow drive with no FAT to link sectors to filenames? At what point does the work involved in recovery become high enough to consider something "gone"?

I'm glad to see this case, and I hope that the jurist in charge realizes that this is about a person's right to prevent their own thoughts and memories from being used against them in a court of law. After all, if the evidence went beyond the employee's person...there will be copies in e-mails, filed records, other computers. For someone to be able to go beyond the bounds of corporate communications into the person at the computer makes that employee's mind the company's property and not just his laptop.

-JoeShmoe
.

What's "to get"???

[Ritz_Just_Ritz]

Unless the company's written policy was "you cannot delete files from this laptop we've given you" then I can't see where there is a problem. If they really needed those files, they should have taken possession of the laptop BEFORE the fit hit the shan rather than cry foul after the fact.

Re:What's "to get"???

[Em+Ellel]

Unless the company's written policy was "you cannot delete files from this laptop we've given you" then I can't see where there is a problem. If they really needed those files, they should have taken possession of the laptop BEFORE the fit hit the shan rather than cry foul after the fact.

From what I understand of the courts opinion - his fault is NOT in deleting files on laptop in itself, but in deleting the files AFTER he terminated his contract. Termination of the contract made his access of laptop unauthorized and destroying data on machine you are not authorized to access is a crime, leading me to think that he would have been ok if he deleted the files PRIOR to terminating his contract. They are treating it as if he, after quitting his job, connected to his former employer's network and deleted files on their servers.

-Em

Destroy Files on a Constant Basis!!!!

[acherrington]

IANAL - But i used to work for a bunch... legally speaking you should install eraser and allow it to wipe nightly/weekly then this isn't an issue. If you do it on a regular schedule... your more likely to be legally covered. For example: You destroy a bunch of files before a warrant comes to you... you are busted, but if you destroy your files, one per night every night as normal upkeep you have the same nothing as before... but you arent in trouble cause its scheduled destruction. similar to insider trading: scheduled sale vs. impromptu trading. If you sell just to sell... and the stock takes a dive or jumps.... you could be liable for insider trading (assuming you have insider info). But if you sell a certain amount every month.... you cant be hurt in court no matter what jumps its doing. wipe that hard drive every night....OR do not store the contact info on their computer and you are fine just say you like paper records or a roledex.

The problem with this law

[phantomfive]

From the article:
That law says whoever "knowingly causes damage without authorization" to a networked computer can be held civilly and criminally liable.
The 7th Circuit made two remarkable leaps. First, the judges said that deleting files from a laptop counts as "damage." Second, they ruled that Citrin's implicit "authorization" evaporated when he (again, allegedly) chose to go into business for himself and violate his employment contract.

The court argued that the worst damage you can cause to someone's computer is erase their personal data. Seems he deleted his client list (or something similar, the article wasn't very clear on that point), and the company wanted it. Unethical way to leave a company, and he probably deserves to be nailed.

The main thing that bothers me is, what if I delete some JPGs that were stored on the computer? I may have a good reason for not wanting anyone to see them, and since they were mine, there should be nothing wrong with deleting them. Will this law allow them to come after me? Seems like it will, and that's what's scary.

Re:The problem with this law

[Rudolf]

The main thing that bothers me is, what if I delete some JPGs that were stored on the computer? I may have a good reason for not wanting anyone to see them, and since they were mine, there should be nothing wrong with deleting them.

Don't store stuff you don't want people to see on any computer but your own. Why would you store something on your employer's computer if you didn't want to them to see it?

Re:Some people don't get it

[davidsyes]

I read most of -- maybe 95% -- of the original article, but I did NOT read the court papers nor try to look for them.

So, this is on the assumption that he SELECTIVELY deleted files and didn't delete day-to-day financials, IT-installed AV software, IT-installed firewall and logger software..

But, since he used a secure delete:

-- HOW does IAC know WHAT he deleted?

-- WHY be such specious pieces of shit and sue him for something they cannot prove/trying to prove the unknowable?

If he once had a company proposal, but then had his own ideas and prototyped them, but left the company-bound original in place then the stuff he made for himself is HIS HIS HIS! Not the company's "just because he put it there".

If he put a pic of his family, they'd deleted it without a second thought. But, because it may be or they FEEL it's in their "sphere of interest", of course they'll want a copy. But, too bad. If they had a plan to expand and didn't include him, and liked his ideas but said, "See ya, we don't need ya", and he felt they we're using HIS ideas (which, if he's smart, can be reconstructed by any MBA observing the business potential, studying the companies and entities involved, and using some wit and imagination...), then if they didn't have them in their meetings minutes, they're stupid.

Now, IF he produced the stuff on COMPANY time FOR the company and it was stuff they TOLD him to make as an in-process and end-product set of information, then he shouldn't have deleted it. But, if he, for instance, installed (say, with their permission) his own licensed software and produced data for them, but say, deleted their data, then they have NO damn business expecting to keep "evidence of his Corel (or whatever) copy". He could have had Maya, Alias, ACAD, who knows. And, if they had ACAD, but he drew floorplans of an office he intends to have fitted out, THAT, TOO is none of their goddam business.

Sour grapes. Sometimes, some COMPANIES just don't get it. Same goes for those companies whic hire programmers and and then "compensate" them to intentionally embed, encrypt and then claim as "their own intellectual property" some GPL/GNU software they goddam didn't create, and then adamantly pass off and defend as their own and expect smarter employees to sign NDAs and Non-Competes over stuff the company didn't create.

I hope that guy is smart, has a smart lawyer and that he actually IS in the right. But, unless we actually see the court transcripts, get our own forensics team on the hard drive (assuming the company didn't distrub the 1s and 0s any more than the ex-employee did), then it's going to be hard for any geek/nerd on this site to say much of anything meaningful without laying out some reasonable scenarios. I guess....

You mean you guys DON'T use secure delete?

[Titusdot+Groan]

Let me understand this -- you guys don't use secure delete on your laptops before returning them? Everybody techincal I know does a secure whipe before handing their laptops in -- and every IT guy expects it.

If you allow the employee to use the laptop for personal use (online banking eg.) then you have to expect them to take steps to protect themselves.

This is a bizarre ruling -- I expect some interesting repercussions.

Re:Wrong law

[Chas]

Was there a legal investigation going on when the employee returned the laptop?

No.

He quit and returned the item.

THEN they began digging for dirt.

That makes all the difference in the world.

it can be, but this seems wrong

[idlake]

Deleting files can have legal consequences: if it's prohibited by your contract, if it's data shared with others, or if the evidence has already been subpoenaed.

This decision seems wrong, however: preventing people from deleting files on laptops under their control was not what the Computer Fraud and Abuse Act was intended for (note, in particular, that it makes reference to a networked computer). Whether the employee was allowed to files should be a matter purely of their employment contract and the stated corporate policies.

Re:it can be, but this seems wrong

[Dunbal]

Deleting files can have legal consequences: if it's prohibited by your contract, if it's data shared with others, or if the evidence has already been subpoenaed.

      Next in the "Free" United States, a man will be convicted of murder because he was NOT in posession of the murder weapon...

      If he deleted the files, uhh, how do you know that they were there in the first place? A file called "$vidence.dat" that is full of nulls is pretty shaky evidence. "Yes your honour we are SURE that this file contained x-y-z sensitive information..."

Re:it can be, but this seems wrong

[Dunbal]

He was "not" in posession of the weapon. His fingerprints were "not" found on the weapon. He was "not" seen near the victim. In fact, witnesses have denied that the victim ever saw this person. Surely they must be hiding something!

      I was joking of course. Just wanted to prove a point that if he deleted the files how could they prove that something incriminating was there?

Re:Deleting is deleting, period...judge should get

[Locke2005]

If what you're saying is true, I say we all get busy emailing our government representatives some choice kitty porn, then immediately reporting them to the FBI as being "in possesion" of unlawful pictures... would that help to get the laws changed?

alarmist

[RelliK]

Once again, slashdot summary is wrong and you didn't read the article.

Ideally, a judge would, like the article's author, take one look at the charges and say, "whaaaaat?" just before throwing the whole silly thing out. Now three loops have decided returning the drive clean is a crime, unanimously.

RTFA. That's exactly what the judge did. The company appealled the decision, and the appeals court sent it back to the judge saying: no, you can't throw this out. The company might be right. You need to hold a trial to figure it out.

Having read the article, I agree. The issue is not so clear-cut that it should be dismissed out of hand: it deserves its day in court. The guy may have deleted incriminating information (which is a crime, see Enron paper shredders). He may also have been propping up his business at company's expense (i.e. using whatever data he acquired while making sure the company doesn't get a hold of it). That's for the judge to decide, and that's exactly what the appeals court said should happen.

Oh and, btw:

Adolf Hitler

you lose.

*Yawn* Which part of ...

[Pecisk]

..."if you have no evidence against guy, you simply can't get guy punished" they don't understand?

How they will prove that he cleaned up needed information in first place? Fingerprints? Electronic analystics? Give me a break, it is simply NOT possible. It is very possible that employee did something very wrong (and in fact, we don't know much about that). What we know that before getting a order from judge to get back hard drive, employee discarded any information from it. He maybe breached job contract, he maybe overstepped some laws, but clearly company will have a hard time to prove that this guy is gulty in first crime. And if laptop was only evidence then I think it smells more like "pushing around the small guy" theme all over again, not serious wish to discover the truth.

After a careful reading

[Baseball_Fan]

So if he has the files, he's a criminal. But if he doesn't have the files, he's also a criminal? How is deliberate obstruction determined in a case like this?

Or the third possibility is he does not delete the files, and there are no files which shows he violated his work contract. The crime was in deleting the files. There could not be a crime in leaving the files there.

What most likely happened was he used his employers laptop in starting his own buisness. Who knows how he did this, maybe he used trade secrets or something else. When he decided to quit, he wanted to remove the evidence of his actions, so he removed everything from the laptop.

The company has a right to issue the laptop and require it is returned in the same condition, and that would include the software and data on the laptop.

Is the laptop's data the property of the employer? That is the question. If the laptop is the property of the employer, and the employer has a right to the data on the laptop, then what this guy did is the same thing as if he deleted records from a PC in his cubicle. Or is it different because he can take a laptop out of the office?

My gut reaction is to want more privacy. But maybe that is not possible anymore. Heck, the government demanded search records from Yahoo, MSN, and Google a few months ago so they could see who was searching for prohibited porn and terrorism. Google was the only one who did not provide the data, but not because they wanted to protect their users privacy, but because they did not want other companies to see their data.

Re:After a careful reading

[langelgjm]

Defense lawyer to IAC:

"Please state the names of the unrecoverable files."

IAC:

"britneyspearsnaked01.jpg, britneyspearsnaked02.jpg, britneyspearsnaked03.jpg, britneyspearsnaked04.jpg... clearly the defendant was using steganographic techniques to hide sensitive data."

Keyword: Networked

[nick_davison]

That law says whoever "knowingly causes damage without authorization" to a networked computer can be held civilly and criminally liable.

Here's a simple defense then:

"I had unplugged the network cable at the time I deleted the files."

You can't claim damage to a networked computer if the computer wasn't networked.

Re:Keyword: Networked

[Em+Ellel]

Defense: "I had unplugged the network cable at the time I deleted the files."

Prosecution Lawer: The act of removing the network wire left the networked computer without wire, therefore it has then became a "wirelessly networked computer".

(you know they'd say it in a heartbeat too)

Re:Yep, that's illegal.

[Dunbal]

I didn't know companies now had that power.

      Welcome to the New World Order, mein freund.

Re:Some people don't get it

[NMerriam]

Would this have even been posted on /. if the guy had set fire to the corporate tower as he walked out the door. I think not. But, what he did was equally malicious.

If there was no evidence the corporate towers ever existed, nobody could say where they are, how big they were, what they were worth, and no construction company could ever be found that built them, then your analogy would be correct.

They are claiming he destroyed SOME data, but they don't know what it was, where it was, whether it was business or personal, and what if any value it had. You honestly think that should be a crime? How valuable could the data be to the company if the company can't even say for sure that it ever existed?

Not a criminal case

It's important to point out that this decision was not made in a criminal case, but in a civil case. As such Critin wasn't found guilty of anything and therefore I believe this ruling does not count as a binding precedent for criminal cases merely a persuasive one. Nevertheless, it is disconcerting that the seventh circuit court of appeals made this ruling. However there are lots of caveats in the ruling that mean the question of what you can and can't delete from a computer when leaving a company is still relatively open. In the end, Citrin didn't just delete love letters and e-mails to personal friends from his computer - he deleted files concerning clients - files he knew his company would be interested in and didn't have a copy of. Personally, I think that it should be the responsibility of the company to make sure a copy of such files exist on their servers but that's just my opinion.

Sadly, once again Slashdot has chosen to report news with the most sensationalist slant possible. Despite the fact interest in the story would have probably been the same (or more) if it had reported a few extra details of the case. In the end, sensationalism diminishes, not increases, the value of a news service.

So...

[babbling]

Deleting files is a crime.
Copying files is also a crime.
What about deleting copied files? Will the two cancel each other out?

I guess deleting is like killing, copying is like saving someone's life (but still getting sued over cracked ribs or something), and file compression is pretty much torture.

This reminds me..

[kickedfortrolling]

Some law in the UK makes it illegal to possess encrypted data and not provide a key to decrypt it. it even allowed for the situation where i could email u an encrypted archive and your inability to open it would put u in breach of the law.

hehe, the rebel i am.. i just emptied my recycle bin..

dont fill in with random, fill in with OP CODES

[cheekyboy]

Why cant these programs just fill the empty data with real useless data.

Like pictures of flowers, and exe code segments of windows dlls'.

Re:dont fill in with random, fill in with OP CODES

[LoRdTAW]

Or better yet Mr. Goatse.

Is this a problem if it's SOP?

[jridley]

If they can prove he did this in order to hide evidence, they may have a case.
However, for instance, I run "eraser" on a daily basis which scrubs all free space on all drives, plus slack space at the ends of files. I consider this simply standard operating procedure, because my computer does have sensitive data on it. In addition, I lock my machine when I leave, and all my data is held in an encrypted volume, so if someone reboots the machine to a boot CD or something, or steals the machine, they still get nothing.
If I undertake these actions as a general course of business because I consider them to be simply part of trying to do my job and take security seriously, I think that's a lot harder to prosecute against.

Re:Some people don't get it

[ToxicBanjo]

Saying that a company owns everything on a laptop is like saying they own everything in your desk. So take a good long look around where you work and ask if you have anything personal inside company property. If you pick up the kids with the company car do they become an asset used on a balance sheet? No. It all comes down to common sense (something that is lacking more and more these days).

Personall I think this is nothing more then a case of them getting ticked off. They got pissed because he decided to go on his own as a real estate competitor and when he returned the laptop THEY tried to find incriminating evidence on him. No accusations of "You did this and we are looking for the proof" no, they went on a fishing trip through the hard drive. Seeing as they were looking for anything I think this guy was getting into sh*t no matter what.

Document Retention Laws

[servognome]

There are laws and/or company policies that dictate what documents need to be retained. If he is in violation of those, then yes deleting files is illegal. This is no different than illegal shredding of documents as part of a cover-up (eg Enron)

How stupid can people be ?

[moe_jama]

Destruction of evidence is a crime .. so he is a criminal. Well first off if you were actually reading and paying attention you'd grasp the difference between personal data and evidence. Just cuz the company owns the laptop does not make every piece of data on it theirs. As a reader already pointed out if the company wanted to keep tabs on what their employee was doing then they should have spied on him via the company network or taken his laptop without first warning him. Just because you use a pencil from work to write a note to your wife doesn't mean the company intrinsically owns the data simply because you produced it using their pencil or paper. So any claim that all the data on his laptop could be considered company property is a joke and is more then pushing the envelope of personal privacy. Cases like this are great because they strengthen our rights by pointing out the continued erosion of personal privacy and getting people interested. If Americans are freaking out because they could be wiretapped imagine what they would do if we told them every note they have written and every word they have said at work or using company paper, pencils, cell phones or computers magically belongs to that company. If there is evidence on the computer then it has to be addresses as evidence, and they must provide the burdeon of that proof and good reasons for why they waited to long to review the potential evidence to see if it was even there. Obviously if they had ANY case what-so-ever they would have siezed the laptop from him like the police do with no questions asked. This will be a stupid move on the companies part as they have gone and gotten their private happenings into the public eye. If the guy dropped his laptop in the pool or something are they gonna claim that as a computer crime for destroying company data. It's not as if they don't have backups of the vast majority of work he did or else they DESERVE to lose their data as they had no reasonable plan for data backup in place. It's also ridiculous to suggest that if a person stores personal data on their laptop they have no right to remove. Any data worth not losing should have been backed up as company procedure. They only have their selves to blame.

To be the Devil's Advocate here...

[gerf]

Basically the whole issue ended up being about timing.

When he decided to leave employ of the IAC to start his own venture, his authorization at that point to use the computer did not belong to him. Though he may have physically retained the computer, and had all access to it, he did not have legal rights to its contents.

At that point, he was a competitor to IAC, possibly with information on his person about IAC that a competitor should not.

IAC wondered what he had, and whether he was misusing this laptop for his own benefit, which would break all kinds of laws. They wanted to take a look at said laptop, and see if he'd used it or seen anything he shouldn't have recently.

This employee then accessed the laptop and deleted all kinds of stuff, akin to shredding documents Enron or Watergate style. He then returns the laptop to IAC, his former employer and now competitor.

Unsurprisingly, former employee is now sued, though his conviction is by a tenuous interpretation of a law.

WTF...

[ls+-la]

Citrin pointed out that his employment contract permitted him to "destroy" data in the laptop when he left the company.

His right to do this was in his contract. Can anyone tell me why a contract can no longer protect an individual from a company?

Re:WTF...

[cdrguru]

The problem is that it is illegal to destroy materials that are the subject of discovery and/or subpeona. I think this can extend pretty easily to being illegal to destroy materials that you have any reason to believe might be the subject of a future subpeona.

This means if you have information that says you did something wrong, you can screw yourself further if you get rid of it. Finding a "secure delete" program on a computer is pretty much clear-cut evidence that you were trying to hide something. What, exactly, might you have had that warranted such behavior? Well, since they can't find that you better hope there isn't anything at all that is even remotely incriminating. Because if there is even a hint that you did actually destroy evidence, the judge is going to make your life hell.

The instructions to the jury can go something like "Since we don't actually know what happened to the evidence, or if the evidence would have proven the defendent is guilty, but we do know there was such evidence and that it disappeared, it is your duty to consider that this evidence did exist and was intentionally destroyed by the defendent. This may be taken as further evidence of guilt."

Spoilation of evidence is what it is called in both criminal and civil matters. You do not want to run afoul of this.

Re:WTF...

[jim_deane]

Finding a "secure delete" program on a computer is pretty much clear-cut evidence that you were trying to hide something.

Whoa, whoa there. Every user should be using "secure delete" of some sort on any file that they are certain they do not want to undelete. It should be a standard feature of any operating system, although it is still most often part of an add-on security suite or standalone program.

It is the digital analogue (ha ha) to shredding documents. When you shred a document, you shred it. You don't put it complete and intact in a box marked "SHREDDED" for long term storage.

Jim

cleaning up work pc

[freedom_surfer]

Prominent computer employers usually require basic scrubbing, like deleting and formatting harddrives, but generally encourage any technique that renders the previous data inaccessible such as zeroing and random writing programs when returning a workstation. Even if the machine isn't sold to the general public at that point, it can be given to another employee who has no business looking at data you might have been privy to. You would think that given the recent data exposures from companies who sold old equipment without properly 'scrubbing' the machines that something like this would be encouraged. FTFA, Sounds like the guy is no saint, but the employer should store any data they deem critical on central servers where they control retention and backup regiments. What do they want his browser bookmarks? history? Really sounds like the employer is misuing law because they were duped. Without any data, proving his breach of contract is more difficult regardless of how nefarious his activities appear. Gotta love the great cases that get to establish precedent...yeehaw...

The Law is Seriously Bent...

[Biomechanical]

...And needs to be hammered and polished into a new, updated shape for the information age.

I understand the reasoning that Judges can only pass judgements based on the arguments presented by lawyers on behalf of their clients, and this was fine for hundreds of years, but the computing universe that a lot people spend a considerable amount of time living in is far too different to the physical domain we live in.

A Judge who is not computer literate should not be prevailing over a case based on IT. Even us geeks have trouble coming up with analogies that are accurate enough to explain things properly to ordinary people when we're fixing their computers.

Judges shouldn't need analogies or "translators" when they hear a case centred around IT, they should know what CPU, GPU, NTFS, EXT2, HFS, etc, all mean, otherwise they cannot seriously be expected to form an accurate picture of what is being argued, and therefore cannot be expected to come up with a ruling based on any sort of accuracy.

Judging, he he, from this bit in the article,

(During oral argument last October, one judge wondered aloud: "Destroying a person's data--that's as bad as you can do to a computer.")

This Judge doesn't really know how a computer works.

Deleting files is certainly not the worst thing you can do to a computer. Hell, go ahead and delete critical operating system files. A restore disk, OS installation disk, or re-image later and the computer is back up and running.

It may seem like I'm arguing semantics, but it's just the way that phrase leapt out at me that leads me to think that the Judge seriously misunderstands the connection between the functions of a computer, and the way that data is stored within the computer.

Could he also misunderstand that the computer was probably going back to the company almost exactly as it had been issued, and therefore undamaged other than normal wear and tear?

Re:The Law is Seriously Bent...

[Tom_Yardley]

. . . but the Judge is not. If one reads what the court wrote, http://www.ca7.uscourts.gov/tmp/R31AIRTM.pdf , then it is pretty clear that the court understood how machines work. If I put a $10,000.00 database on a laptop and give it to a guy to use and he erases it, how is that any different from hacking into my network and erasing the same data base? This is a short (7 pages) and clear opinion. Perhaps one should read it before declaring the sky is falling.

Re:while otherwise you have some good points...

[kentrel]

He never mentioned Godwin's Law. Who cares about Godwin, bringing up Hitler in a completely unrelated discussion is a stupid thing to do to. Period.

Mistake in argument

[Todd+Knarr]

I think his mistake was in arguing about his authority to delete files at all. His argument should have been that all the files alleged to have been deleted were personal files, personal use of the laptop was authorized by his employment agreement (quote the relevant paragraph from the agreement, and the company has no right to demand that those files be turned over in the first place. You can't be charged under the law he was if the only things you "damaged" belonged to you.

Of course, this only works if he was scrupulous to avoid mixing his personal stuff with company data and can clearly show that all the files the company can prove were theirs are untouched. If he did delete files from an area normally or provably containing company data, he's pretty much SOL.

Re:Deleting is deleting, period...judge should get

[JoeShmoe]

Except what is his employer's data and what are his own personal thoughts? Taking their leads on properties and going "hey, I should call my friend and have him buy land near XYZ" is a lot different than "hey, I should send my friend a copy of confidential employer report".

The company is alleging that the only proof that the guy violated his contract was on their laptop. Well what if the guy had put the data on his own computer? Would the company then be entitled to it? If he destroyed the data on his own personal computer, would that also be a crime?

This whole idiotic ruling creates a legal catch-22. You are an employee given access to confidential information. Suddenly you are no longer an employee. So, if you keep that information, you could be found to "gaining access to information that you do not have permission to access" and be guilty of computer fraud under the statues. NOW, if you destroy the information so that you cannot be found guilty of having access, you can be charged with "hacking or tampering with information you did not have permission to access" and be guilty of computer fraud under the statues. Damned if you do, damned if you don't.

-JoeShmoe
.

Why is this in criminal court?

[j0nb0y]

This should be a civil matter.

It is a testament to the broken state of our laws (and especially our computer crime laws) that his former employer was able to (convince a DA to) drag him into criminal court for this.

If the guy had hacked into company computers and destroyed data, then sure, he should be prosecuted under criminal laws. But wiping files from a hard drive? If the guy really did do damage to his former employer, or violated a contract with them, then it shouldn't be a criminal case. It should be a civil case.

Cart before the horse

[tomhudson]

Of course it's BS. But so is the whole case.

The REAL case is that the guy was setting up his competing business, and they wanted the laptop data to prove it.

They shouldn't be going after him for "destruction of data on a networked device" but for violating his non-compete. Especially since, if they can't prove he violated the non-compete, then it IS his data to do as he pleases, even if it was sitting on their laptop.

Look at it this way: If they can't first show he violated his non-compete, then they have no claim to the data he erased, as it may have been "his" data just as much, or more, than theirs.

On the other hand, prove first that he violated his non-compete, and you can THEN also get him on the data destruction.

What you CAN'T do is the reverse - prove the destruction of your data if you can't first prove that it is uncontestedly your data.

Re:Cart before the horse

[cgenman]

"knowingly causes the transmission of a program, information, code or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer (a defined term that includes the laptop that Citrin used)"

Hey, the information you've transmitted over slashdot has damaged the company's lawyer's protected computer fund. Expect a warrant for your arrest.

Even if he was violating his agreement with the company, they loaned him the laptop. The law was not put in place to regulate how an employee may use an employer's computer, but to protect people from hackers. Non-case.

Re:Cart before the horse

[cgenman]

There is also the "transmission" thing, and only a highly philosophical engineer would consider typing into a laptop a "transmission."

Re:Cart before the horse

[park3r]

What I want to know is, why the fuck does he have admin access to the machine that the company issued him?

like you really need administrative access to a computer to format it. if he's savvy enough to know to use a dod-compliant erase utility, then he probably also knows he can use it from a boot disk.

Paper equivalent

[kautilya]

How about if I have a policy of deleting all files securely on all my computers all the time? Just as I shred my papers before throwing them away. Since I shred my papers, possibly I am destroying 'possible evidence' for any future law suit? If I do not delete files securely and someone steals my laptop and wrongly uses the information therein, who is responsible??

Catch-22

[tomhudson]

As I posted elsewhere, the whole case is bogus.

The employer can demand anything he wants. And the employee can say "sue me."

In this case, though, the employer is putting the cart before the horse - attempting to claim vandalism to their property (destruction of files on a networked computer) without first proving the files in question were their property. They wanted the files to show he broke his non-compete and, as such, was no longer an employee, and thus not authorized to delete the files. Seems to me, if they can't first show he broke his non-compete, they can't claim uncontested ownership to the files.

They're in a catch-22.

Re:Catch-22

[zifferent]

The point is that any data of any kind even if it was created by the employee for the employee's own use, was at one point on a company owned resource (the laptop), and hence owned by the company.

The destruction of that data was willfull.

That is what the lawsuit is about. While a judgement against the employee on non-compete grounds would help any further suits including vandalism, it is not necessary. All they have to prove is that there was data on the lappy and it was deleted.

Re:Catch-22

[tomhudson]

The point is that any data of any kind even if it was created by the employee for the employee's own use, was at one point on a company owned resource (the laptop), and hence owned by the company.

Did Jesus just kill another kitten or something?

Nope. No more than if I put my lunch in a company-owned drawer, or install developer software bought, paid for, and licensed to ME on a company-owned computer, or even on their server.

Your theory of "company-owned" is more viral than Microsoft's "shared-source".

I leave, my stuff leaves with me.

I'll agree the guy WAS stupid to delete the files, and he WAS stupid to even bother using the company laptop. But lets reverse your argument - the company-owned laptop was at one point on an employee-owned resource - the employee's lap. Does that mean he owns it? Of course not. Ownership is not transferred by putting something next to, inside of, or on something. Its transferred by either mutual agreement or act of law.

Re:Catch-22

[geodescent]

Most companies' employee handbooks expressly dictate that anything created on their laptop is immediately owned by the company. They also make you sign legal agreements that you've read and accept the handbook.

CVS

[roman_mir]

It seems to me that the company in question is arguing that the ex-employee deleted business related materials with intentions to use these materials for his own financial gain. If this is the case, the company should revisit its business policies, they should enforce a rule, that all business related materials must be committed to a source repository. Maybe they should even install software on the laptop, that duplicates all files that are created, but does it quitely, encrypts the files, and stores them in a local protected database, and syncs with an online repository when it can.

This also means that the company probably should use a different tactic - they should simply sue the former employee for breach of contract and not play these silly games with the deleted files.

This could be an interesting precedent ...

[jc42]

A few years back, I worked on a project that used ClearCase, and the management really wanted us to use it to record the full history of our projects. The group I was working with decided to take them literally.

After about a week, we found that we were each able to fill our workstations' disks with the compiles we did. The ClearCase setup saved all our .o and executable files, see ...

If was fun watching them actually install a second disk on most workstations the first time this happened (and we all showed that the disks were 99% full of ClearCase files recording the week's work. Then, by the end of the next day, the new disks were full, and we announced that our progress was blocked until we could get more disks.

It actually took a couple weeks of meetings (and no progres on the project) before they faced the fact that "You can't delete your files" was not a tenable rule. They simply couldn't afford the petabytes of disk that the project was projected to require under their "save everything" rule.

So finally we were able to start deleting the 99% of our files that couldn't possibly be of any use to anyone, and only save the interesting source files. I don't think most of the management ever did understood what "source" and "binary" files referred to.

Anyway, yeah; if an employer wants to pay for the disk space, I'll happily save all my files for their later study. But somehow, I suspect that they're not gonna get much for their investment. They'll be much better off if they let me be the judge of which 99% of my files can be safely discarded.

If this court does go along with a "save all files" rule, it could be a very interesting precedent. It'll take more than a couple weeks of meetings to get such a court ruling overturned. In the meantime, some disk manufacturers might be doing a lot of business.

Missing the main point

[revengance]

Does the employee has rights to delete any files from the computer? If he does, there is ZERO reason to sue him. If you ask a non technical lay person who has no prior knowledge of how computers delete files, I think it is likely that he will think the act of deleting a file would remove a file completely from the computer and there will be no trace of it. However, it is the imperfection of use current technology that result in residue of files still residing in the computer after you delete them. There is ZERO requirement from anyone using a computer that the computer should contains copy of data in the computer after the data is deleted (if so, why should there be a delete in the first place?) So why should the act of "deleting" deleted data a crime, especially a serious crime? It is like you can throw away a piece of paper document but you can't shred a piece of paper document and throw it away.

call me crazy...but use your own laptop

[atarione]

but if i was going to quit my job... and start a new company in the same business .... I woudln't use my old companies laptop for planning my new venture. When i look for new jobs, I don't search monster from my work computer... i go home and weep like a woman... consider killing myself and then decide to look for a new job instead =)

had this guy bought a laptop (which he is likely going to need for his new company anyway) and used it for dealings w/ his new venture... his problems would be gone.

that said.... it is some bullshite to claim that deleting the files securely was a violation.

seems like most of the time when i hear about employement problems like this ... it is always sales or real estate?? why is that...?

I'm the IT manager and I *require* drive wipes

[thesandbender]

We ask supervising managers what files/data are required and ask the users to send us those files. Provided that data is returned and the user left on good terms the drive on their machine/laptop is wiped. We have a lot of users who travel fulltime and to ask or even expect them not to use their laptop for personal reasons while on the road is ridiculous and management thankfully agress with that stance. So, for everyone's privacy... the drive just gets zapped and then reimaged.

It was argued that we may lose valuable information in doing so but I pointed out to our CMMI happy managers that this would indicate a failure in the document creation and control process and not an issue with our IT policy and they conceded the point.

Additionally we work on secure projects for the government and have NDA's in place with corporate clients. I can't allow my IT staff to dig through files that they're not authorized to see and because of that we have to treat the whole drive as if its classified material unless we can get someone who is authorized to see to come in and sort through the whole mess. And we're never going to be able to pull a billable consultant off a project to do that unless something is missing.

Long story short... *ZAP*

Why was the "critical data" on a laptop?

[Darth+Muffin]

From the article: But it is unlikely, to say the least, that the provision was intended to authorize him to destroy data that he knew the company had no duplicates of and would have wanted to have

So why the hell was this critical data on a laptop and not backed up or stored somewhere more secure? Their IT guys should be fired...

IANAL, but I think there's his defense right there. If the data was critical, any company worth it's salt has a policy that it needs to be stored (or at least copied) somewhere secure.

Headline misses the legal point

[fishbowl]

Deleting data isn't necessarily a crime, but destroying evidence which is subject to discovery in a civil or criminal process is, even if you're Arthur Anderson.

THAT is bullshit!

[emptycorp]

That is bullshit. If that were true: a company could argue that the government can't look at their financial records because it would incriminate them; a murderer could deny police access to their premises because they would find a body in her freezer that would incriminate her.

A murderer CAN deny access to their property even having a dead body in the freezer, enless the police have a warrant. A company CAN refuse to turn over documents enless the police have a warrant. Police can't walk in anywhere they want and/or just take things because they may or may not be incriminating, it's called probable cause. They must have enough viable reason to further their investigation, you can't just bother every citizen because you may or may not know a partial bit of information about a crime.

Context: Quit, then Deleted?

[cmholm]

It would seem we're missing some context. Did Citrin wipe the entire disk, or did he merely make sure to overwrite some word processing docs? In many companies, including my employer, you're REQUIRED to encrypt working files and delete-by-overwrite files no longer required when taking laptops off site.

Having RTFA, it looks like Mr. Citrin's problem was that he resigned first, THEN handed back the laptop. The judge ruled that Citrin's right to issue commands of any sort on the system ended upon resignation. If I'm reading that correctly, the solution for other soon-to-be-former employees or contractors seems simple: delete, then quit.

More than anything, use head main ting when separating from a company. 1) get your personal gear out of the office; 2) delete email and files relating to personal business (or that might reflect especially poorly on you); 4) clear your browser history and cache; 5) securely overwrite all free sectors on disk; 6) log out and power down; 7) resign. It looks like Mr. Citrin may have gone overboard and nuked all of the company data on the laptop, which is of value and use to the company and their next person to fill his position, and made it look like he had something to hide.

Re:The judges are flat out wrong

[msobkow]

When I return a PC or laptop to a client site, they are entitle to:

• The OS installed and configured as it was when delivered.
• All applications and software provided by the client installed and configured as when delivered.
• All data, files, programs, and other information provided to me by the client or employer.

That's it. Everything else on the machine is my personal property, and removing it is my right the same as cleaning out my desk when I finish a contract.

The general-use non-wipe routine...

[TheRealStyro]

Besides the poor choice of going into business that directly completes with his former employer, this guy allegedly made the other poor choice of using a 'wipe' utility to remove data.

What he should have done is used what I refer to as the general-use non-wipe routine. Basically, it involves simply deleting files you don't want/need, then filling the remaining drive space with 'wipe' files - various sized files filled with random or meaningless data and given random or misleading file names. Generate a group of base files, store on USB drives, then copy to the root directory of the target drive, renaming the files as you go. For extra fun, delete your 'wipe' files after you fill the drive. You could probably write a script to help, just make sure it is given an innocent name and stays on the USB drive.

It would be interesting to see the reaction of the managers and scavengers to finding a directory of hundreds of text files and then discovering that each file is a copy of unix man files, or five year old project documentation (that you had no part), or trek fan fiction, or ... How about a group of graphics files that are public domain textures, traffic signs, fragments from websites (taken from browser cache), etc.. Another good group is music - record meetings and lectures then rename them to look like popular music titles. The final idea is to include some encrypted zip files with suggestive names - of course the files contained are renamed unix man docs. Just be sure to use the standard delete command to 'hide' the files from recovery.

If you are brought into court like this poor guy your lawyer can argue that those files are there from the day-to-day use of the system. Nothing sinister or devious about those files.

Bush Justice at work

[tubapro12]

This is very much like the very logical evidence Bush had of weapons of mass destruction (WMDs) in Iraq.

1. WMDs probably are or once were present in possession of the Iraqi government.
2. • If WMDs are found, they have obviously been possessing WMDs and need to be removed from power.
   • If WMDs are not found, they are obviously attempting to decieve us and should be removed from power.

what??

[jasen666]

Someone please tell me how the fuck they could prove that certain incriminating files even existed, if said files were wiped before they got the laptop?
What if they were never there to start with?
What a fucking idiot retard of a judge.

Geesh.

[deanj]

The company is stupid for not requiring backups. The guy's an idiot for using his position to start his own business, and using the company're property to do it. He screwed over all his co-workers by doing that, because it takes away from the company's viability.

I'm really surprised they actually needed the guy's laptop to support their position in all this, they should be able to prove it without that. Going after him because he deleted files is just a vindictive ploy after they realized they had no way of proving what he was doing.

Sounds like the guy AND the people at the company are both guilty of being freaking morons.

I mean really.... all of the sudden "Wipe"-like programs are going to be off corporate computer systems? Yeah, good luck with that. That's the stupidest damn thing I've read all day.... and I've been reading /., so that's saying something.

I Was Also Sued For Deleting Files

I kept the computer quite tidy due to a small hard drive. Most work was accouting, spread sheets and some word processing. Hard copies were printed and filed as permanent reports and as backups. Every month or two I would do a Norton Speed Disk which would wipe unused space.

When I left the company I left about two months of data on the hard drive and a 20 page status report which detailed where all the hard copy documents/files/data were physically located and info on the work in progress. The company sent the computer out for data recovery and when no erased files could be recovered I was sued. The company claimed the hard copies did not exist but were later found when I succeeded in obtaining a court ordered search of the company's office.

My lawyers filed a motion to dismiss claiming there was no triable evidence. The judge ruled that the lack of recoverable files was in itself evidence that "something" on the computer had been destroyed and thus fit the statute. The bopgus case settled a few year. No money changed hands but my legal fees ran about $150,000, my life savings.

Advice: 1. NEVER erase anything. Simply move the file out of the current workspace to an archive directory. When the drive gets full have the company buy a new drive -- give the old drive to the boss with a corresponding memo detailing in general what was on the drive. 2. Keep each file you create in a separate directory and maintain a printout of that directory. 3. Run your own backups and transfer the backups via memo when you leave. Leave another copy of the backup with a trusted co-worker who can put them where they can't easily be found and destroyed. The more people involved the better.

If you accidentially have personal info on the hard drive it might be a good idea to wipe the info before you leave. But you need to overwrite the directory and file space deleted since the empty space might be detected. Others here can suggest a procedure.

Circular Logic

[Narcogen]

I'll go out on a limb here and say that if this company is sophisticated enough to have a non-compete agreement in place, there's probably an agreement in place that covers what you should and should not have on a company laptop. You say that if they can't prove violation of the non-compete then hte data is his to do with what he pleases. This is almost certainly not so. I'd be willing to bet that ANYTHING on that company computer is company property. The company has a right to look at any of it at any time, and the individual's use of the computer is tactit agreement to that policy. Therefore, if he has deleted ANYTHING the company wants to see he is likely in violation of the company's data policy. If any data recovered was unrelated to his work, he's again violated the company's data policy. If any data recovered was related to a private business he was running using company property, then he's in violation of the company's data policy AND his non-compete agreement. If it's company hardware then everything on it is uncontestedly their data. They don't need to prove it.

San Diego's Former Mayor

[zbyte64]

Perhaps a little off topic, but just today I was reading how my former mayor left office and 4000 emails magically "disappeared". It is interesting because lately San Diego has had a great deal of scandals. I suppose stuff like this is becomming common practice. I can't help but wonder, why is the IT system so lacking? I know that if the FDA were to audit a life critical system, such a thing wouldn't pass (of course, the auditors might not realize the flaw). Granted lives aren't on the line in this case... but still.

Company time, company computer - their property!

[tygt]

1. If you do work on the company's property, the work belongs to them.
2. If you do work on the company's time (they're paying you), the work belongs to them.
3. If you do work on the company's computer, regardless of the above two, the work done on that computer belongs to them.

That's in California. In some other states and countries, it's quite possible that any work done by you in the general field of commerce engaged by your employer belongs to them, regardless of when, where and how you did it.

Thus, they certainly have a right to be looking for evidence on the computer that he'd done competitive work on it - that would belong to them. They looked, closely, and found.... nothing at all. Probably, just a clean, sanitized system (just like I always leave at the end of a job :]). So what? Sure, it's suspicious, but I'd say "too bad"; they certainly can't prove that he threw away anything useful.

I'm sure that any lawyer worth his salt can call any number of expert witnesses who can show that secure-deletes are not hacking, and are absolutely required in many instances.

He'll get off, but sure it's a pain.

The judge didn't decide, but I say yes

[jgoemat]

First off, just note that this was an appeals court overturning a dismissal in the employee's favor. This just means it goes back to the lower court to be decided. The judge basically said the complaint was sufficient to go forward to a trial.

I am somewhat torn on the issue, so first my argument against him...

The data on the laptop belonged to IAC, not the employee. It wasn't personal emails to his wife or his personal credit card information. It was data gained during his employment and deleting those files was a malicious act taken after his employment ended. Would anyone here really say it is OK for someone to login to the server on their last day and wipe the company's customer database when they don't have a backup? What about a bank employee deleting financial records? Once you agree that those occurences of deleting data would be wrong, it's just a matter of scale to determine how wrong his actions were.

On the other hand, his contract specifically let him return or delete the data on his laptop. They probably didn't anticipate him leaving this way, and maybe he was supposed to backup those files to the company server or store them there in the first place. I don't think it matters though. When you have a contract (like his employment contract), you HAVE to take the plain meaning of it's words. The judge in the opinion tried several different ways to explain how IAC may have been thinking when they created the contract, but you can only argue that if the actual words of the contract are ambiguous. That is why lawyers make so much money, they are supposed to catch things like that. Saying that he can delete the data before returning the laptop is pretty plain to me. In either case, if the employement agreement was a standard employment contract for the company with minor modifications, any ambiguities must be decided against the drafter. If he has some say in the wording of the contract and had things changed from the first draft that wouldn't be the case though.

Also note that th

Of course, take this all with a grain of salt as I am not a lawyer...

There are ways

[eneville]

There are ways to get the information back if you look at the traces of magnetic distortion left on the surface of the disk from each write. Rather expensive equipment and much time is required to make it work.