March 10, 2006 10:32 AM PST
Police blotter: Ex-employee faces suit over file deletion
- Related Stories
-
Police blotter: Cell phone tracking rejected
March 3, 2006 -
Police blotter: Dot-com magnate loses fraud appeal
February 24, 2006 -
Police blotter: Patriot Act e-mail spying approved
February 9, 2006 -
Police blotter: Sysadmin loses e-intrusion case
January 13, 2006 -
Police blotter: Alleged eDonkey pirate gets trial
January 6, 2006 -
Police blotter: Nude 'profile' yields Yahoo suit
December 9, 2005 -
Police blotter: Legal flap over secret sex video
November 25, 2005 -
Police blotter: Judge questions Patriot Act bugs
November 4, 2005 -
Police blotter: Feds' cell phone tracking denied
October 28, 2005 -
Police blotter: Closed-source breathalyzer on trial
October 21, 2005 -
Police blotter: Patriot Act wins a round
October 14, 2005
What: International Airport Centers sues former employee, claiming use of a secure file deletion utility violated federal hacking laws.
When: Decided March 8 by the U.S. Court of Appeals for the 7th Circuit.
Outcome: Federal hacking law applies, the court said in a 3-0 opinion written by Judge Richard Posner.
What happened, according to the court: Jacob Citrin was once employed by International Airport Centers and given a laptop to use in his company's real estate related business. The work consisted of identifying "potential acquisition targets."
At some point, Citrin quit IAC and decided to continue in the same business for himself, a choice that IAC claims violated his employment contract.
Normally that would have been a routine business dispute. But the twist came when Citrin dutifully returned his work laptop--and IAC tried to undelete files on it to prove he did something wrong.
IAC couldn't. It turned out that (again according to IAC) Citrin had used a "secure delete" program to make sure that the files were not just deleted, but overwritten and unrecoverable.
In most operating systems, of course, when a file is deleted only the reference to it in the directory structure disappears. The data remains on the hard drive.
But a wealth of programs like PGP, open-source programs such as Wipe, and a built-in feature in Apple Computer's OS X called Secure Empty Trash will make sure the information has truly vanished.
Inevitably, perhaps, IAC sued. The relevance for Police Blotter readers is that the company claimed that Citrin's alleged secure deletion violated a federal computer crime law called the Computer Fraud and Abuse Act.
That law says whoever "knowingly causes damage without authorization" to a networked computer can be held civilly and criminally liable.
The 7th Circuit made two remarkable leaps. First, the judges said that deleting files from a laptop counts as "damage." Second, they ruled that Citrin's implicit "authorization" evaporated when he (again, allegedly) chose to go into business for himself and violate his employment contract.
The implications of this decision are broad. It effectively says that employees better not use OS X's Secure Empty Trash feature, or any similar utility, because they could face civil and criminal charges after they leave their job. (During oral argument last October, one judge wondered aloud: "Destroying a person's data--that's as bad as you can do to a computer.")
Citrin pointed out that his employment contract permitted him to "destroy" data in the laptop when he left the company. But the 7th Circuit didn't buy it, and reinstated the suit against him brought by IAC.
Excerpts from Posner's opinion (click here for PDF), with parentheses in the original: The provision of the Computer Fraud and Abuse Act on which IAC relies provides that whoever "knowingly causes the transmission of a program, information, code or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer (a defined term that includes the laptop that Citrin used)," violates the Act. Citrin argues that merely erasing a file from a computer is not a "transmission." Pressing a delete or erase key in fact transmits a command, but it might be stretching the statute too far (especially since it provides criminal as well as civil sanctions for its violation) to consider any typing on a computer keyboard to be a form of "transmission" just because it transmits a command to the computer...
Citrin's breach of his duty of loyalty terminated his agency relationship (more precisely, terminated any rights he might have claimed as IAC's agent--he could not by unilaterally terminating any duties he owed his principal gain an advantage!) and with it his authority to access the laptop, because the only basis of his authority had been that relationship...
Citrin points out that his employment contract authorized him to "return or destroy" data in the laptop when he ceased being employed by IAC (emphasis added). But it is unlikely, to say the least, that the provision was intended to authorize him to destroy data that he knew the company had no duplicates of and would have wanted to have--if only to nail Citrin for misconduct. The purpose of the provision may have been to avoid overloading the company with returned data of no further value, which the employee should simply have deleted.
More likely the purpose was simply to remind Citrin that he was not to disseminate confidential data after he left the company's employ--the provision authorizing him to return or destroy data in the laptop was limited to "Confidential" information. There may be a dispute over whether the incriminating files that Citrin destroyed contained "confidential" data, but that issue cannot be resolved on this appeal. The judgment is reversed with directions to reinstate the suit, including the supplemental claims that the judge dismissed because he was dismissing IAC's federal claim.
See more CNET content tagged:
Richard Posner,
Police Blotter,
Computer Fraud,
Computer Fraud and Abuse Act,
authorization
"accidentally" lost the laptop. Or it was ran over by a truck followed
by an SUV. Much like what happened to poor Ben Stiller in "Duplex".
Then Citrin tells IAC that he'd compensate the loss.
Will he still be in trouble?
It shouldn't matter.
While the laptop is in the possession of the employee, it is his/her responsibility to maintain the integrity of the laptop. They are responsible for the data on the laptop. This includes deletion of the data.
Unless the ICA had an explicit corporate policy governing the use of any such "secure" deletion software, then he should be in the clear.
Of course, what's to say that he deleted the files and then downloaded copies of DVDs he rented to his hard drive? (repeatedly).
The author is correct that normal deletes just remove the inode reference. (Unix) And the OS then reclaims the disk space. So if he used the normal delete and then reused the diskspace for something else, then ICA would still be out of luck.
employment, he should have handed over the laptop, nothing
more (and courts decide matters of fact, not website "police
blotters"). The act of deleting files was, probably a violation of
his terms of employment, or even a violation of law. I take issue
with this statement from the article:
"Normally that would have been a routine business dispute. But
the twist came when Citrin dutifully returned his work laptop--
and IAC tried to undelete files on it to prove he did something
wrong."
Proof that he deleted work he was hired to do is prima facie
evidence that he destroyed the company's work, and by this
judgement, violated the law.
The implications for this are not broad at all. You are already
not allowed to destroy your employer's data. Sorry, but it's no
leap of logic to believe that deleting data (the company's work
for hire) such that it's unrecoverable is legitimate damage. This
ruling changes nothing, except perhaps for Citrin. News.com is
again overhyping a non-issue.
Charles
The tagline/summary is innacurate and an attempt to bring in more readers.
He is at fault for destruction of company property. If he deleted his sexy pictures that would be a different story.
One ***** in the armor -- How do they prove the data he deleted was company property -- how can they prove he didnt just secure delete his pr0n.
Food for thought.
The tagline/summary is innacurate and an attempt to bring in more readers.
He is at fault for destruction of company property. If he deleted his sexy pictures that would be a different story.
One ***** in the armor -- How do they prove the data he deleted was company property -- how can they prove he didnt just secure delete his pr0n.
Food for thought.
The tagline/summary is innacurate and an attempt to bring in more readers.
He is at fault for destruction of company property. If he deleted his sexy pictures that would be a different story.
One ***** in the armor -- How do they prove the data he deleted was company property -- how can they prove he didnt just secure delete his pr0n.
Food for thought.
That's a new development in legal principles. Or a new low in
judicial competence.
such is life as the justices continue to downgrade the constitution, and replace it with expedience!
On the flip side IAC is negligent in protecting its own data which could bring an interesting argument to the table. If IAC felt that the data was so important why didn?t they take steps to have the laptop backed up on a regular basis. Since it did not is the Citrins fault?
This case was wrongly decided because of hubris; the judges proudly assumed (they had) adequate knowledge and intelligence to see the principles of this case. Clearly, they did not.
The target of this case is the consultant who merely improved the workings of the provided computer by actually wiping deleted space. In doing so error dumps become smaller because the error report can compress images of effected areas by summarizing data (lines m to n: all x'00') and eliminate "eye traps" of familiar data images. The concept of a temporary file record buffer having real or non-real information is quite obscure for a "layman". Similarly, the question of who "owns" deleted space in a computer buffer is fraught with problems: theoretically, a consultant could gain insight into business data or processes, especially error handling which is the weak underbelly of any operating system!
So, the defendant shielded himself from acquiring such information, and now, after the courts decision, no others will be able to create such a shield; they will acquire the information by happenstance, or be misled by dump information , or merely waste space and time because the next consultant cannot do a ?real? delete.
Of course, the ?condemned consultant? could have achieved the very same results, clearing unused physical hard drive space, by doing a simple, highly recommended task, namely, defrag. This task improves the entire operation of a computer because it calls together all the pieces of any object that is NOT deleted. Recapturing wasted space dramatically improves the physical task of accessing data because the process pulls all objects into logical and physical sequence; the read/write process against a busy file can improve many times over as the 4k buffers are no longer scattered over the drive.
This case has decided in favor of unused buffer space ? that?s the unintended consequence. It does not take a terribly skilled analyst or user to see the damage done.
Warren
I think sending a competitor the data would have been far worse.
I think sending a competitor the data would have been far worse.
Therefore things such as personnel data held on manager's workstations, private information such as the names and addresses of the general public, and other private documents are guaranteed to be inaccessible to all but the most costly data recovery experts, and sometimes not even them.
Like I said, this is a mandated procedure, and failure to properly wipe a computer prior to its possible release to the public would end in termination of the employee responsible, as well as that employee's supervisor who must countersign the accompanying documentation.
This is not done for laughs or just to protect State employees from embarressing documents being leaked.
Certain instances, such as domestic violence victims who are paid child support, but have a guarantee that their name and address will not be made public, make this policy essential to protect vulnerable members of the public.
Equally it is not considered abuse of equipment if an employee decides to check their personal bank account during a lunch break, maybe to verify they have funds to pay for a meal.
So a precedent that makes wiping computers a crime is outrageous. Maybe this person did have something to hide, but also it's not a stretch to say he may have had a small number of personal documents that he had every right to keep on the computer while he was an employee and quite correctly wouldn't want a computer tech reading.
This decision is so wrong it makes the demand that judges with no technical knowledge be barred from making decisions on technical issues totally valid.
http://www.active-undelete.com/
http://www.uneraser.com/
- No evidence that evidence ever existed, is there?
-
by hackdotEd
March 24, 2006 10:22 AM PST
- My questions:
-
Reply to this comment
-
-
See all 29 Comments >>1. How does IAC KNOW that the files that were deleted and are now unrecoverable ever existed in the first place? Presumably, a good secure deletion program would remove all traces of the file, making even the file handle and other associated entries in the FAT or similar file system index impossible to discover, let alone recover.
2. Same as 1. except this time, how do they KNOW that the deleted files contained any evidence of wrongdoing?
3. Same as 2 but how do they KNOW that Mr. Citrin deleted the files AFTER he violated his employment agreement? Proof? How can you proove it without any evidence? Makes no sense to me.
More comments at my website, http://www.hackdot.org