Slashdot Mirror
Deleting Files is a Crime?
cemaco writes "A former employee of International Airport Centers, who is currently embroiled in a legal dispute with them, returned his company laptop as required. Hoping to find incriminating evidence, I.A.C. attempted to retrieve deleted information from the laptop in question with no success. This employee had beaten them to the punch. He had used 'secure delete' software, in order to make sure nothing could be recovered. He is now being charged with a violation of the Computer Fraud and Abuse Act."
So if he has the files, he's a criminal. But if he doesn't have the files, he's also a criminal? How is deliberate obstruction determined in a case like this?
"The term "damage" means any impairment to the integrity or availability of data, a program, a system, or information;" Whoa, better not install windows. But really, after I close the lid on my laptop it takes a few seconds for the system to come back to life when I open it, technically, the availability of data is impaired in those few seconds (well 30 if it's a compaq). Oh, whoa again! So if I'm watching a DVD and my brother steps in front of the screen and I can't see for a second, then my access to the "data" is "impaired". Huzzah! We're all going to jail! BONG!
Interestingly, it appears to me that the ex-employee did the right thing.
i ndofmatthew.com
1.)He is protecting the privacy of whoever's data was on the computer.
2.)He is ensuring that the computer is free from viruses, worms, spy ware, etc (assuming he performed a total wipe).
If the company wanted evidence against their employee then they should have attained it before accusing him. To do so in reverse order, as they did, only allows the employee to cover his tracks. If anything I am disappointed in the way that the company handled their business and at the very minimum reflects on the "quality of employees" that they hire.
One more note: doesn't this sort of thing fall under the category of "entrapment."
Argggg, I'm getting frustrated.... and I don't know if I should blame stupidity or the lawyers... oh wait... aren't they the same?
Matthew Wong
http://www.themindofmatthew.com/">http://www.them
If this "secure eraser" is so awesome, then what trace was there that this "secure eraser" had been used? If someone hauls me in for a crime and my computer has no evidence, does that mean I must have used a "secure eraser" on it?
So then if I have nothing to hide, am I now hiding something?
If I have been able to see further than others, it is because I bought a pair of binoculars.
I can't find it now, but a federal court judge once made the comment that people need the ability to delete files and have courts recognize them as "destroyed". Just because computer forensics has a much greater chance of success shouldn't mean that people can't deliberately disassociate themselves from material. This is core to the right against self incrimination.
Consider what might happen if I sent you a child porn image. You, offended, delete the image immediately and report me to the FBI. Now what if, unable to find me, the FBI came to your door, confiscated your laptop with a warrant (after all, you reported seeing the file, therefore you must have it) and used an undelete program to recover it. Are you now guilty of the crime of possession of child pornography? Yes, you are. At least, as far as the prosecutors are concerned.
It's never been tested legally to my knowledge, but the court MUST recognize that for someone to be charged over deleted evidence is akin to government agent pulling memories from your brain and using those memories to reconstitute matter in the same patter and then use it as evidence against you in a court of law.
This is Orwellian to the extreme, but it is quite possible that the raving "think of the children" lunatics out there will create just such a legal system. After all, they will argue, what stops kiddie porners from keeping their porn collections in the Recycle Bin? What about on a shadow drive with no FAT to link sectors to filenames? At what point does the work involved in recovery become high enough to consider something "gone"?
I'm glad to see this case, and I hope that the jurist in charge realizes that this is about a person's right to prevent their own thoughts and memories from being used against them in a court of law. After all, if the evidence went beyond the employee's person...there will be copies in e-mails, filed records, other computers. For someone to be able to go beyond the bounds of corporate communications into the person at the computer makes that employee's mind the company's property and not just his laptop.
-JoeShmoe
.
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
From reading the article, it looks like there wasn't anything resembling an investigation under way. Merely a guy who was leaving the company to pursue another job (albeit a competitive one). He returned the laptop, as he pretty much was required to do.
THEN they went looking for dirt on him.
That order right there is what's important. If the guy had been informed of an investigation, and had then returned the laptop, wiped, he could be guilty of destroying evidence.
But he returned the laptop, then an investigation was begun.
Sorry, no investigation first, no crime.
Granted, this COULD be an internal policy issue for the company too. However, they're not suing him for violating company policy. They're suing him under "hacking" charges. Which pretty much says that there was no policy in place regarding the data on the laptop. Moreover, the guy's employment contract, apparently, SPECIFICALLY allowed him the option of destroying data on the machine.
In agreeing to that, the company pretty much just abrogated ownership of the data.
This guy's in for a really long court battle. But, eventually, he's going to be acquitted.
Chas - The one, the only.
THANK GOD!!!
From the article:
That law says whoever "knowingly causes damage without authorization" to a networked computer can be held civilly and criminally liable.
The 7th Circuit made two remarkable leaps. First, the judges said that deleting files from a laptop counts as "damage." Second, they ruled that Citrin's implicit "authorization" evaporated when he (again, allegedly) chose to go into business for himself and violate his employment contract.
The court argued that the worst damage you can cause to someone's computer is erase their personal data. Seems he deleted his client list (or something similar, the article wasn't very clear on that point), and the company wanted it. Unethical way to leave a company, and he probably deserves to be nailed.
The main thing that bothers me is, what if I delete some JPGs that were stored on the computer? I may have a good reason for not wanting anyone to see them, and since they were mine, there should be nothing wrong with deleting them. Will this law allow them to come after me? Seems like it will, and that's what's scary.
Qxe4
Ideally, a judge would, like the article's author, take one look at the charges and say, "whaaaaat?" just before throwing the whole silly thing out. Now three loops have decided returning the drive clean is a crime, unanimously.
RTFA. That's exactly what the judge did. The company appealled the decision, and the appeals court sent it back to the judge saying: no, you can't throw this out. The company might be right. You need to hold a trial to figure it out.
Having read the article, I agree. The issue is not so clear-cut that it should be dismissed out of hand: it deserves its day in court. The guy may have deleted incriminating information (which is a crime, see Enron paper shredders). He may also have been propping up his business at company's expense (i.e. using whatever data he acquired while making sure the company doesn't get a hold of it). That's for the judge to decide, and that's exactly what the appeals court said should happen.
Oh and, btw:
Adolf Hitler
you lose.
___
If you think big enough, you'll never have to do it.
That is bullshit. If that were true: a company could argue that the government can't look at their financial records because it would incriminate them; a murderer could deny police access to their premises because they would find a body in her freezer that would incriminate her.
A murderer CAN deny access to their property even having a dead body in the freezer, enless the police have a warrant. A company CAN refuse to turn over documents enless the police have a warrant. Police can't walk in anywhere they want and/or just take things because they may or may not be incriminating, it's called probable cause. They must have enough viable reason to further their investigation, you can't just bother every citizen because you may or may not know a partial bit of information about a crime.
Having RTFA, it looks like Mr. Citrin's problem was that he resigned first, THEN handed back the laptop. The judge ruled that Citrin's right to issue commands of any sort on the system ended upon resignation. If I'm reading that correctly, the solution for other soon-to-be-former employees or contractors seems simple: delete, then quit.
More than anything, use head main ting when separating from a company. 1) get your personal gear out of the office; 2) delete email and files relating to personal business (or that might reflect especially poorly on you); 4) clear your browser history and cache; 5) securely overwrite all free sectors on disk; 6) log out and power down; 7) resign. It looks like Mr. Citrin may have gone overboard and nuked all of the company data on the laptop, which is of value and use to the company and their next person to fill his position, and made it look like he had something to hide.
Luke, help me take this mask off
I kept the computer quite tidy due to a small hard drive. Most work was accouting, spread sheets and some word processing. Hard copies were printed and filed as permanent reports and as backups. Every month or two I would do a Norton Speed Disk which would wipe unused space.
When I left the company I left about two months of data on the hard drive and a 20 page status report which detailed where all the hard copy documents/files/data were physically located and info on the work in progress. The company sent the computer out for data recovery and when no erased files could be recovered I was sued. The company claimed the hard copies did not exist but were later found when I succeeded in obtaining a court ordered search of the company's office.
My lawyers filed a motion to dismiss claiming there was no triable evidence. The judge ruled that the lack of recoverable files was in itself evidence that "something" on the computer had been destroyed and thus fit the statute. The bopgus case settled a few year. No money changed hands but my legal fees ran about $150,000, my life savings.
Advice: 1. NEVER erase anything. Simply move the file out of the current workspace to an archive directory. When the drive gets full have the company buy a new drive -- give the old drive to the boss with a corresponding memo detailing in general what was on the drive. 2. Keep each file you create in a separate directory and maintain a printout of that directory. 3. Run your own backups and transfer the backups via memo when you leave. Leave another copy of the backup with a trusted co-worker who can put them where they can't easily be found and destroyed. The more people involved the better.
If you accidentially have personal info on the hard drive it might be a good idea to wipe the info before you leave. But you need to overwrite the directory and file space deleted since the empty space might be detected. Others here can suggest a procedure.