Slashdot Mirror
Deleting Files is a Crime?
cemaco writes "A former employee of International Airport Centers, who is currently embroiled in a legal dispute with them, returned his company laptop as required. Hoping to find incriminating evidence, I.A.C. attempted to retrieve deleted information from the laptop in question with no success. This employee had beaten them to the punch. He had used 'secure delete' software, in order to make sure nothing could be recovered. He is now being charged with a violation of the Computer Fraud and Abuse Act."
Of course it is. Wasn't this law passed when Gmail went public? Why if google could get its way, you wouldn't delete shi.. oh wait... :)
So if he has the files, he's a criminal. But if he doesn't have the files, he's also a criminal? How is deliberate obstruction determined in a case like this?
"The term "damage" means any impairment to the integrity or availability of data, a program, a system, or information;" Whoa, better not install windows. But really, after I close the lid on my laptop it takes a few seconds for the system to come back to life when I open it, technically, the availability of data is impaired in those few seconds (well 30 if it's a compaq). Oh, whoa again! So if I'm watching a DVD and my brother steps in front of the screen and I can't see for a second, then my access to the "data" is "impaired". Huzzah! We're all going to jail! BONG!
If the laptop was classified as evidence in the case, chances are it wouldn't be in his possession. If it wasn't, then he didn't commit a crime.
On the other hand, if a document was issued classifying the harddrive as evidence before he deleted the contents of the drive, he did commit a crime.
Ideally, it should be as simple as that.
Interestingly, it appears to me that the ex-employee did the right thing.
i ndofmatthew.com
1.)He is protecting the privacy of whoever's data was on the computer.
2.)He is ensuring that the computer is free from viruses, worms, spy ware, etc (assuming he performed a total wipe).
If the company wanted evidence against their employee then they should have attained it before accusing him. To do so in reverse order, as they did, only allows the employee to cover his tracks. If anything I am disappointed in the way that the company handled their business and at the very minimum reflects on the "quality of employees" that they hire.
One more note: doesn't this sort of thing fall under the category of "entrapment."
Argggg, I'm getting frustrated.... and I don't know if I should blame stupidity or the lawyers... oh wait... aren't they the same?
Matthew Wong
http://www.themindofmatthew.com/">http://www.them
If this "secure eraser" is so awesome, then what trace was there that this "secure eraser" had been used? If someone hauls me in for a crime and my computer has no evidence, does that mean I must have used a "secure eraser" on it?
So then if I have nothing to hide, am I now hiding something?
If I have been able to see further than others, it is because I bought a pair of binoculars.
I can't find it now, but a federal court judge once made the comment that people need the ability to delete files and have courts recognize them as "destroyed". Just because computer forensics has a much greater chance of success shouldn't mean that people can't deliberately disassociate themselves from material. This is core to the right against self incrimination.
Consider what might happen if I sent you a child porn image. You, offended, delete the image immediately and report me to the FBI. Now what if, unable to find me, the FBI came to your door, confiscated your laptop with a warrant (after all, you reported seeing the file, therefore you must have it) and used an undelete program to recover it. Are you now guilty of the crime of possession of child pornography? Yes, you are. At least, as far as the prosecutors are concerned.
It's never been tested legally to my knowledge, but the court MUST recognize that for someone to be charged over deleted evidence is akin to government agent pulling memories from your brain and using those memories to reconstitute matter in the same patter and then use it as evidence against you in a court of law.
This is Orwellian to the extreme, but it is quite possible that the raving "think of the children" lunatics out there will create just such a legal system. After all, they will argue, what stops kiddie porners from keeping their porn collections in the Recycle Bin? What about on a shadow drive with no FAT to link sectors to filenames? At what point does the work involved in recovery become high enough to consider something "gone"?
I'm glad to see this case, and I hope that the jurist in charge realizes that this is about a person's right to prevent their own thoughts and memories from being used against them in a court of law. After all, if the evidence went beyond the employee's person...there will be copies in e-mails, filed records, other computers. For someone to be able to go beyond the bounds of corporate communications into the person at the computer makes that employee's mind the company's property and not just his laptop.
-JoeShmoe
.
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
From the article:
That law says whoever "knowingly causes damage without authorization" to a networked computer can be held civilly and criminally liable.
The 7th Circuit made two remarkable leaps. First, the judges said that deleting files from a laptop counts as "damage." Second, they ruled that Citrin's implicit "authorization" evaporated when he (again, allegedly) chose to go into business for himself and violate his employment contract.
The court argued that the worst damage you can cause to someone's computer is erase their personal data. Seems he deleted his client list (or something similar, the article wasn't very clear on that point), and the company wanted it. Unethical way to leave a company, and he probably deserves to be nailed.
The main thing that bothers me is, what if I delete some JPGs that were stored on the computer? I may have a good reason for not wanting anyone to see them, and since they were mine, there should be nothing wrong with deleting them. Will this law allow them to come after me? Seems like it will, and that's what's scary.
Qxe4
I read most of -- maybe 95% -- of the original article, but I did NOT read the court papers nor try to look for them.
So, this is on the assumption that he SELECTIVELY deleted files and didn't delete day-to-day financials, IT-installed AV software, IT-installed firewall and logger software..
But, since he used a secure delete:
-- HOW does IAC know WHAT he deleted?
-- WHY be such specious pieces of shit and sue him for something they cannot prove/trying to prove the unknowable?
If he once had a company proposal, but then had his own ideas and prototyped them, but left the company-bound original in place then the stuff he made for himself is HIS HIS HIS! Not the company's "just because he put it there".
If he put a pic of his family, they'd deleted it without a second thought. But, because it may be or they FEEL it's in their "sphere of interest", of course they'll want a copy. But, too bad. If they had a plan to expand and didn't include him, and liked his ideas but said, "See ya, we don't need ya", and he felt they we're using HIS ideas (which, if he's smart, can be reconstructed by any MBA observing the business potential, studying the companies and entities involved, and using some wit and imagination...), then if they didn't have them in their meetings minutes, they're stupid.
Now, IF he produced the stuff on COMPANY time FOR the company and it was stuff they TOLD him to make as an in-process and end-product set of information, then he shouldn't have deleted it. But, if he, for instance, installed (say, with their permission) his own licensed software and produced data for them, but say, deleted their data, then they have NO damn business expecting to keep "evidence of his Corel (or whatever) copy". He could have had Maya, Alias, ACAD, who knows. And, if they had ACAD, but he drew floorplans of an office he intends to have fitted out, THAT, TOO is none of their goddam business.
Sour grapes. Sometimes, some COMPANIES just don't get it. Same goes for those companies whic hire programmers and and then "compensate" them to intentionally embed, encrypt and then claim as "their own intellectual property" some GPL/GNU software they goddam didn't create, and then adamantly pass off and defend as their own and expect smarter employees to sign NDAs and Non-Competes over stuff the company didn't create.
I hope that guy is smart, has a smart lawyer and that he actually IS in the right. But, unless we actually see the court transcripts, get our own forensics team on the hard drive (assuming the company didn't distrub the 1s and 0s any more than the ex-employee did), then it's going to be hard for any geek/nerd on this site to say much of anything meaningful without laying out some reasonable scenarios. I guess....
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
Ideally, a judge would, like the article's author, take one look at the charges and say, "whaaaaat?" just before throwing the whole silly thing out. Now three loops have decided returning the drive clean is a crime, unanimously.
RTFA. That's exactly what the judge did. The company appealled the decision, and the appeals court sent it back to the judge saying: no, you can't throw this out. The company might be right. You need to hold a trial to figure it out.
Having read the article, I agree. The issue is not so clear-cut that it should be dismissed out of hand: it deserves its day in court. The guy may have deleted incriminating information (which is a crime, see Enron paper shredders). He may also have been propping up his business at company's expense (i.e. using whatever data he acquired while making sure the company doesn't get a hold of it). That's for the judge to decide, and that's exactly what the appeals court said should happen.
Oh and, btw:
Adolf Hitler
you lose.
___
If you think big enough, you'll never have to do it.
Presumably, there was somewhat confidential data on that notebook anyway. The use of a secure deletion program should be required to keep that data out of the hands of competitors.
But there are things in the case that we don't know.. for example, what evidence does the company have that these files were even there in the first place? Maybe he was secure-deleting personal information that the company had no right to in the first place (where I work, we have an incidental use clause regarding technology--that is, we can use it for our own personal purposes as long as it doesn't degrade the system as a whole). Simply put, we don't know most of the facts of this case.
Deleting files is a crime.
Copying files is also a crime.
What about deleting copied files? Will the two cancel each other out?
I guess deleting is like killing, copying is like saving someone's life (but still getting sued over cracked ribs or something), and file compression is pretty much torture.
Basically the whole issue ended up being about timing.
When he decided to leave employ of the IAC to start his own venture, his authorization at that point to use the computer did not belong to him. Though he may have physically retained the computer, and had all access to it, he did not have legal rights to its contents.
At that point, he was a competitor to IAC, possibly with information on his person about IAC that a competitor should not.
IAC wondered what he had, and whether he was misusing this laptop for his own benefit, which would break all kinds of laws. They wanted to take a look at said laptop, and see if he'd used it or seen anything he shouldn't have recently.
This employee then accessed the laptop and deleted all kinds of stuff, akin to shredding documents Enron or Watergate style. He then returns the laptop to IAC, his former employer and now competitor.
Unsurprisingly, former employee is now sued, though his conviction is by a tenuous interpretation of a law.
Citrin pointed out that his employment contract permitted him to "destroy" data in the laptop when he left the company.
His right to do this was in his contract. Can anyone tell me why a contract can no longer protect an individual from a company?
Defense lawyer to IAC:
"Please state the names of the unrecoverable files."
IAC:
"britneyspearsnaked01.jpg, britneyspearsnaked02.jpg, britneyspearsnaked03.jpg, britneyspearsnaked04.jpg... clearly the defendant was using steganographic techniques to hide sensitive data."
"Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson
I think his mistake was in arguing about his authority to delete files at all. His argument should have been that all the files alleged to have been deleted were personal files, personal use of the laptop was authorized by his employment agreement (quote the relevant paragraph from the agreement, and the company has no right to demand that those files be turned over in the first place. You can't be charged under the law he was if the only things you "damaged" belonged to you.
Of course, this only works if he was scrupulous to avoid mixing his personal stuff with company data and can clearly show that all the files the company can prove were theirs are untouched. If he did delete files from an area normally or provably containing company data, he's pretty much SOL.
This should be a civil matter.
It is a testament to the broken state of our laws (and especially our computer crime laws) that his former employer was able to (convince a DA to) drag him into criminal court for this.
If the guy had hacked into company computers and destroyed data, then sure, he should be prosecuted under criminal laws. But wiping files from a hard drive? If the guy really did do damage to his former employer, or violated a contract with them, then it shouldn't be a criminal case. It should be a civil case.
If you had super powers, would you use them for good, or for awesome?
Of course it's BS. But so is the whole case.
The REAL case is that the guy was setting up his competing business, and they wanted the laptop data to prove it.
They shouldn't be going after him for "destruction of data on a networked device" but for violating his non-compete. Especially since, if they can't prove he violated the non-compete, then it IS his data to do as he pleases, even if it was sitting on their laptop.
Look at it this way: If they can't first show he violated his non-compete, then they have no claim to the data he erased, as it may have been "his" data just as much, or more, than theirs.
On the other hand, prove first that he violated his non-compete, and you can THEN also get him on the data destruction.
What you CAN'T do is the reverse - prove the destruction of your data if you can't first prove that it is uncontestedly your data.
Or better yet Mr. Goatse.
A few years back, I worked on a project that used ClearCase, and the management really wanted us to use it to record the full history of our projects. The group I was working with decided to take them literally.
.o and executable files, see ...
After about a week, we found that we were each able to fill our workstations' disks with the compiles we did. The ClearCase setup saved all our
If was fun watching them actually install a second disk on most workstations the first time this happened (and we all showed that the disks were 99% full of ClearCase files recording the week's work. Then, by the end of the next day, the new disks were full, and we announced that our progress was blocked until we could get more disks.
It actually took a couple weeks of meetings (and no progres on the project) before they faced the fact that "You can't delete your files" was not a tenable rule. They simply couldn't afford the petabytes of disk that the project was projected to require under their "save everything" rule.
So finally we were able to start deleting the 99% of our files that couldn't possibly be of any use to anyone, and only save the interesting source files. I don't think most of the management ever did understood what "source" and "binary" files referred to.
Anyway, yeah; if an employer wants to pay for the disk space, I'll happily save all my files for their later study. But somehow, I suspect that they're not gonna get much for their investment. They'll be much better off if they let me be the judge of which 99% of my files can be safely discarded.
If this court does go along with a "save all files" rule, it could be a very interesting precedent. It'll take more than a couple weeks of meetings to get such a court ruling overturned. In the meantime, some disk manufacturers might be doing a lot of business.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Did Jesus just kill another kitten or something?
Nope. No more than if I put my lunch in a company-owned drawer, or install developer software bought, paid for, and licensed to ME on a company-owned computer, or even on their server.
Your theory of "company-owned" is more viral than Microsoft's "shared-source".
I leave, my stuff leaves with me.
I'll agree the guy WAS stupid to delete the files, and he WAS stupid to even bother using the company laptop. But lets reverse your argument - the company-owned laptop was at one point on an employee-owned resource - the employee's lap. Does that mean he owns it? Of course not. Ownership is not transferred by putting something next to, inside of, or on something. Its transferred by either mutual agreement or act of law.
That is bullshit. If that were true: a company could argue that the government can't look at their financial records because it would incriminate them; a murderer could deny police access to their premises because they would find a body in her freezer that would incriminate her.
A murderer CAN deny access to their property even having a dead body in the freezer, enless the police have a warrant. A company CAN refuse to turn over documents enless the police have a warrant. Police can't walk in anywhere they want and/or just take things because they may or may not be incriminating, it's called probable cause. They must have enough viable reason to further their investigation, you can't just bother every citizen because you may or may not know a partial bit of information about a crime.
Having RTFA, it looks like Mr. Citrin's problem was that he resigned first, THEN handed back the laptop. The judge ruled that Citrin's right to issue commands of any sort on the system ended upon resignation. If I'm reading that correctly, the solution for other soon-to-be-former employees or contractors seems simple: delete, then quit.
More than anything, use head main ting when separating from a company. 1) get your personal gear out of the office; 2) delete email and files relating to personal business (or that might reflect especially poorly on you); 4) clear your browser history and cache; 5) securely overwrite all free sectors on disk; 6) log out and power down; 7) resign. It looks like Mr. Citrin may have gone overboard and nuked all of the company data on the laptop, which is of value and use to the company and their next person to fill his position, and made it look like he had something to hide.
Luke, help me take this mask off
The company is stupid for not requiring backups. The guy's an idiot for using his position to start his own business, and using the company're property to do it. He screwed over all his co-workers by doing that, because it takes away from the company's viability.
/., so that's saying something.
I'm really surprised they actually needed the guy's laptop to support their position in all this, they should be able to prove it without that. Going after him because he deleted files is just a vindictive ploy after they realized they had no way of proving what he was doing.
Sounds like the guy AND the people at the company are both guilty of being freaking morons.
I mean really.... all of the sudden "Wipe"-like programs are going to be off corporate computer systems? Yeah, good luck with that. That's the stupidest damn thing I've read all day.... and I've been reading
I kept the computer quite tidy due to a small hard drive. Most work was accouting, spread sheets and some word processing. Hard copies were printed and filed as permanent reports and as backups. Every month or two I would do a Norton Speed Disk which would wipe unused space.
When I left the company I left about two months of data on the hard drive and a 20 page status report which detailed where all the hard copy documents/files/data were physically located and info on the work in progress. The company sent the computer out for data recovery and when no erased files could be recovered I was sued. The company claimed the hard copies did not exist but were later found when I succeeded in obtaining a court ordered search of the company's office.
My lawyers filed a motion to dismiss claiming there was no triable evidence. The judge ruled that the lack of recoverable files was in itself evidence that "something" on the computer had been destroyed and thus fit the statute. The bopgus case settled a few year. No money changed hands but my legal fees ran about $150,000, my life savings.
Advice: 1. NEVER erase anything. Simply move the file out of the current workspace to an archive directory. When the drive gets full have the company buy a new drive -- give the old drive to the boss with a corresponding memo detailing in general what was on the drive. 2. Keep each file you create in a separate directory and maintain a printout of that directory. 3. Run your own backups and transfer the backups via memo when you leave. Leave another copy of the backup with a trusted co-worker who can put them where they can't easily be found and destroyed. The more people involved the better.
If you accidentially have personal info on the hard drive it might be a good idea to wipe the info before you leave. But you need to overwrite the directory and file space deleted since the empty space might be detected. Others here can suggest a procedure.