Is Destroying A Hard Drive On A Work Issued Computer The Equivalent Of Hacking Or Fraud?
from the court-may-think-so... dept
We've noted in the past how the courts have been stretching massively the Computer Fraud and Abuse Act (CFAA), which was really designed to deal with unauthorized access to computers -- commonly referred to as malicious hacking. Yet, the courts have been interpreting it to cover all sorts of things that nobody would actually think of as hacking. In a recent case, for example, a guy who was a consultant at giant Deloitte & Touche, but then left to join a competitor, was sued by D&T because he destroyed the original hard drive in his work issued computer. When he quit, he returned the computer with a brand new hard drive. He had taken out the old hard drive and destroyed it because it had personal data on it (tax returns, account info and logins for personal things) that he didn't want to share with D&T.It's difficult to see how this amounts to "hacking" or unauthorized access, and so the guy sought to have the case dismissed. Yet the court is allowing it to go forward, saying that the destruction of the hard drive was "without authorization" and thus the action fits under the CFAA. The problem here, as in other CFAA cases, is that it seems to interpret almost anything that doesn't have direct authorization as being "unauthorized access" and thus, the equivalent of fraud or hacking. But in this case, it seems pretty clear that the guy didn't do anything to harm the original company. He was just a little overzealous in trying to protect his personal info. Considering that his expertise as a consultant was in security and privacy... perhaps his actions aren't all that surprising, really. What really is questionable here is why D&T is suing in the first place. They got back the computer with a newer hard drive, so it's not like he returned a broken sytem to them.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cfaa, fraud, hacking, hard drive
Companies: deloitte & touche
Reader Comments
Subscribe: RSS
View by: Time | Thread
Company Data
Especially as D&T does all sorts of tax, auditing, and financial work, and does it for some of the largest companies in the world. It's entirely possible some of the records on his laptop could be related to legal cases. I know the hoops you need to jump through just to encrypt data on drives that may be involved in legal cases (and the encryption product I use changes neither the data itself or meta-data such as last modified dates). And we have special procedures for any machines that are considered under "legal hold" - if anything happens to it, or it is being given to someone else, the drive is pulled, stored, and a new one put into the machine.
Since supposedly he's and expert in privacy and security, why was he keeping such sensitive personal information on a computer he didn't own? Sure, I've got some personal stuff on my work laptop, but nothing I'd be afraid of my employer having access to, or being made public. When my contract is up at BigBank, I'll be deleting my personal stuff, but sure as heck won't be wiping the drive.
[ link to this | view in chronology ]
Because I really like that idea :D
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Instead, he took the drive, and that means that he has everything that was on it, including proprietary stuff from D&T. Even if he says he destroyed it, can he really prove it?
His actions show can be taken as intent, and that makes it hard to get around.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
And considering he destroyed the HDD and trashed it, how is he gonna prove? Guilty till proven innocent? Inversion of
[ link to this | view in chronology ]
Re: Re:
Quoting one of the relevant provisions of the CFAA from the opinion:
Physically destroying a hard drive is not at all the same as transmitting a �program, information, code, or command�.
A hammer is not a program.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
That would come under 'computer abuse' !!
It was not his computer, it was not his hard drive, he therefore had no right to make any claim to ownership of that HD or it's contents because he had no right to use that computer for personal use. It was not his property, and it was a clear misuse of someone elses property.
This guy is or must be a total moron with little or no clue about computer security, as displayed by his actions.
but destroying a hard drive is a 'command'.
Its just as much a command as "Shift-delete".
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
"A hammer is not a program"
[ link to this | view in chronology ]
Not very good at his job
Still, a very bad precedent to set - hopefully the court comes to its senses.
[ link to this | view in chronology ]
Re: Not very good at his job
Competent security specialists know that there are cases where destroying the drive is the most practical way to completely destroy the data on it.
[ link to this | view in chronology ]
Re: Re: Not very good at his job
[ link to this | view in chronology ]
Re: Re: Re: Not very good at his job
*My* being the operative word of course. This wasn't 'his' drive.
Whether he should be charged under this statute or another, he willfully destroyed property belonging to someone else.
I can quite safely say that either he was not authorized to put his personal data on that drive
OR
he was allowed to but with the understanding that he was doing so at his own risk and specifically not allowed to destroy the drive because he had put his information on it.
[ link to this | view in chronology ]
Re: Re: Re: Not very good at his job
Assuming that all company data was backed up (which seems likely) this guy has acted in an exemplary fashion and this case is ridiculous.
[ link to this | view in chronology ]
Re: Re: Re: Re: Not very good at his job
[ link to this | view in chronology ]
Re: Re: Re: Re: Not very good at his job
What it sounds more like is that he was trying to destroy data that might get him in trouble, perhaps showing that he had used the company computer in a way that was not permitted. Rather than just deleting the data and using an obscuring tool to re-write all the unused space on the drive, he instead took unilateral action.
The company has no way to know if he destroyed the drive for real, gave it to a competitor, or perhaps destroyed it after the data was taken by a third party. Who knows?
His actions really indicate he had something to hide.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Not very good at his job
Homicide and speeding are not interchangeable laws. Neither should any possibly illegal act that involves a computer involve the CFAA.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Not very good at his job
indicate is not proof. In court it takes proof. Proof or STFU.
[ link to this | view in chronology ]
Re: Re: Re: Not very good at his job
There is such a thing as too paranoid. A nice multi-pass wipe on a modern drive will make all but maybe a few bytes recoverable, and you won't be able to do anything with those. Context matters.
[ link to this | view in chronology ]
Re: Re: Re: Re: Not very good at his job
Why should you have a problem with it if he's being paranoid? Sure, it's extra effort on his part, but obviously it's something he wanted to do.
[ link to this | view in chronology ]
Re: Re: Re: Not very good at his job
a single pass of zeroes ( dd if=/dev/zero of=/dev/[DISK] )
and its totally unrecoverable.
[ link to this | view in chronology ]
Re: Re: Re: Re: Not very good at his job
[ link to this | view in chronology ]
Re: Re: Re: Re: Not very good at his job
[ link to this | view in chronology ]
Re: Re: Re: Not very good at his job
Yes, because the first thing someone does when getting their hands on a used hard drive is spend several days running drive salvage software and trying to piece together the information from bad sectors and caches in the hopes of finding something they can use.
Here's a challenge I've made to others (and never had any takers); Take your main computer, the one you keep all your programs and important files on, and without backing it up, do a full format/zero-fill of the drive. Just do ONE pass, which everyone claims is completely useless for getting rid of data. Then send the drive off to one of these hard drive recovery services. If they can salvage even 25% of the data, I'll pay their entire bill.
Wanna try it? After all, with just a single-pass erasure, it shouldn't take them more that a couple minutes to completely restore your drive, right? Hell, you can probably un-format the drive yourself with some piece of freeware software.
So, are you game?
[ link to this | view in chronology ]
Re: Re: Re: Re: Not very good at his job
No wonder. You need to make it worth their while first.
So, are you game?
Tell ya what, come out from hiding behind your fake name, offer some big bucks (written, legally backed by a bond) to recover *any* data, and you've got yourself a deal. Otherwise, you're just blowing hot air.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Not very good at his job
"Any data"? What happened to the argument that users need to do a 10+ pass wipe to keep hackers from recovering all the information on the drive?
Here's a much easier challenege; Contact any drive recovery service and ask them how much data they can recover from a zero-filled drive. See if you can find even one that claims they can recover all your data.
Standard hard drives are designed to store one, and only one set of data in each sector. When that data is overwritten, there is absolutely no way to force a drive to read the previous data. If there was, don't you think hard drive makers would use this overwrite-&-recover method to double the storage capacity of their drives? Write the data, erase it, overwrite it, and still be able to read the old data?
Pulling any information off sectors that have been overwritten requires disassembling the drive, removing the platters and placing them in a hugely expensive machine that can read residual magnetic patterns, and even then, it can't recover anything reliably if the sector has been written to more than a couple times. They can also read tiny bits of data at the edges of tracks, where the head wasn't perfectly centered, but there's no way they're going to be able to read all of the data, or even enough of it to do anything with. No to mention that these methods are out of the reach of your average hacker, whose idea of salvaging data is to run Recuver-It on a quick-formatted drive where none of the data was actually overwritten.
[ link to this | view in chronology ]
Re: Re: Not very good at his job
I don't really see the harm in what he did, but that doesn't mean that what he did was right.
[ link to this | view in chronology ]
I can see Deloitte having an issue with the hard drive being destroyed if they believed that it had records of his soliciting another employee to leave with him, but do they not have email or chat archives to look at? I don't think that rises to the level of "hacking" by any means though. After all, those ocnversations would be considered personal in nature anyway, right? So how would deleting that be any different from deleting his tax returns, etc.?
And wouldn't an expert in security and privacy know better than to keep that stuff on his work computer anyway (despite stupidity of the masses)?
This just seems like a case of Deloitte bullying a manager who left for something more interesting. If it is a question of him recruiting another employee in violation of an emlpoyment agreement, then " still don't see how this rises to a claim of hacking.
[ link to this | view in chronology ]
Re:
Wait, what? So the court actually found that "soliciting another employee to leave" is an element of computer hacking? I know that many courts have a big-company bias these days, but isn't that stretching the law really far?
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
No, but I can see how taking a company owned piece of hardware and destroying evidence on it to hide breaking company policy (I'm guessing, but it's pretty standard employment/contractor language not to solicit other company employees for other employment) could be accessing company property or systems w/o access.
While I'm loathe to agree with this particular AC who throws the word FUD around with such ease, in this case I think Techdirt has it wrong. At the very least, I can see why the court would think the statute applies at least enough to allow the case to go forward....
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Wow. By that reasoning then, practically anyone who violates a company policy and then accesses any company computer equipment (time clock, most modern phones, email, etc.) could then be charged under the CFAA. That's even scarier.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Opinion pdf
[ link to this | view in chronology ]
Re: Opinion pdf
[ link to this | view in chronology ]
Re: Re: Opinion pdf
I mean, there's no :) or :p or :D in your posts. What's up with that?
[ link to this | view in chronology ]
Re: Re: Re: Opinion pdf
[ link to this | view in chronology ]
Re: Re: Re: Opinion pdf
[ link to this | view in chronology ]
Re: Re: Opinion pdf
[ link to this | view in chronology ]
Re: Opinion pdf
What the plaintiff is arguing is that, essentially, breaking any clause in an employment contract is grounds for CFAA liability if you did literally anything with one of their computers after having done so and the judge says he's ok with that:
"Defendants argue first that there is no allegation that Carlson acted �without authorization,� as required by the statute. Defendants highlight that Carlson was an employee of Deloitte when the alleged data destruction occurred, and therefore not acting �without authorization.� Defendants do acknowledge that an employee may be acting without authorization if he has breached a duty of loyalty to his employer prior to the alleged data destruction. See Int�l Airport Centers LLC v. Citrin, 440 F.3d 418, 420-21 (7 Cir. 2006). In the Defendants� words, Citrin does not apply because in that case �the employee had been undertaking a pattern of activity adverse to his employers� interests� prior to the official end of his employment.
This is exactly what is alleged in this case. Here, Carlson is claimed to have begun his solicitation of Deckter before departing Deloitte. The data destruction was done, in part, to cover his tracks in wrongfully soliciting Deckter. If, as claimed, Carlson was so nakedly violating his
Director Agreement, he would have been acting contrary to his employer�s interests, thereby ending his agency relationship with Deloitte and making his conduct �without authorization."
That's a little crazy I think. Suddenly any breach of an employment contract could be a CFAA violation if you do anything with a company computer afterward.
[ link to this | view in chronology ]
Re: Re: Opinion pdf
That's one way to frame it. I think though that if an employee pulls a hard drive out of his computer and destroys it for the purpose of covering his tracks for wrongdoings against his employer, it's probably safe to say that that employee is acting "without authorization" as to that hard drive and he damn well knows it.
[ link to this | view in chronology ]
Re: Re: Re: Opinion pdf
I'm perfectly fine with allowing that the guy may have done something illegal, but let's charge him with whatever law he supposedly broke rather than stretching the CFAA absurdly.
[ link to this | view in chronology ]
Re: Re: Re: Opinion pdf
You don't have to shoehorn this case into the CFAA (and neither does the judge) in order for him to be liable for a number of things due to his actions. They aledge them in the case, "breach of the non-solicitation provision of an employment contract, breach of a right-to-inspect provision of the contract concerning access to personal computers, breach of the fiduciary duty of loyalty, and tortious interference with prospective economic relations."
There's no need to tack on CFAA violations and twist the provision into applying by pedantically focusing on two words and ignoring the rest of the statue.
[ link to this | view in chronology ]
Re: Re: Re: Re: Opinion pdf
[ link to this | view in chronology ]
I know you're in such a hurry to FUD out anything related to the CFAA by pulling out the word "hacking" (even though that word is nowhere to be found in the statute), but did you even read the article on Evan Brown's Internet Cases blog that you linked to?
As Evan Brown says on his blog: "In this case, plaintiff alleged that defendant began soliciting another employee to leave before defendant left, and that defendant allegedly destroyed the data to cover his tracks. On these facts, the court found the �without authorization� element to be adequately pled."
Why they are suing is right there. Or better yet, if you want to understand why they're suing, you could actually look up the case and read the complaint for yourself.
Nope. Not Mike. Mike's too busy pouncing on anything that involves the CFAA with his stupid FUD-tastic "hacking" bullshit. Pure idiocy, Mike. Absolute nonsensical FUD.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
Heh, Anonymous Apologist trying to pretend that it isn't an anti-"hacking" law. Funny.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
That's absolutely true, but now my opinion is changing a bit. While I think the employee may have done something wrong here, I'm not so sure the CFAA actually applies. Granted, I'm relying heavily on Wikipedia here, but in their list of violations of the act, I'm not sure I see anything under which this particular action would apply.
http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act
This may be something that would need to be relegated to a contract law case, assuming he was under some kind of no-solicitation clause, or some kind of destruction of evidence law. I'm not seeing it in the CFAA, but if there's a clause or language you could point me to otherwise, I'd be willing to listen....
[ link to this | view in chronology ]
Re: Re: Re: Re:
As for the CFAA, while many believe it to be so, the act is not limited to so-called "hacking". It is broader and reaches a number of other actions associated with what one may do to a computer.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
What I'm now NOT clear on is HOW the CFAA applies. The decision doesn't seem to jive w/what I'm reading about the CFAA and what constitutes as a violation of it. The article was about an over-broad application of the CFAA and I'm starting to see why that may be so.
So can you point to something in the CFAA that would apply here or not?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
As for how it relates to the lawsuit, the above-cited opinion by the court does go into some detail about how the act applies. The general gist (and I do mean "general" to avoid presenting a post the length of a legal treatise) is that data was destroyed, and in doing so the defendant violated one or more of the many provisions of 18 USC 1030.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Mr Hat, I am not a lawyer but I have seen one on TV. One could possible, with a fair amount of stretching, apply item 3 and 4 from the wiki page. However, item 3 mentions goverment computer. Perhaps they meant the term "protected computer" defined above. If so, replacing the drive with a blank one would apply. Maybe. As for item 4... this guy clearly saw some value in removing sensitive data, if he was indeed covering his tracks.
I can see why the judge would let the case move forward.
[ link to this | view in chronology ]
Re: Re:
Yes, Mike. It is an anti-hacking law. But it's also broader than that.
My point is simple. At the end of the piece you say: "What really is questionable here is why D&T is suing in the first place. They got back the computer with a newer hard drive, so it's not like he returned a broken sytem to them."
The reason "why D&T is suing in the first place" is right there in Brown's blog entry that you linked to and made the basis of this entire article. As Brown explains: "In this case, plaintiff alleged that defendant began soliciting another employee to leave before defendant left, and that defendant allegedly destroyed the data to cover his tracks. On these facts, the court found the �without authorization� element to be adequately pled."
Now, either you completely missed this when you read Brown's blog piece, or you are intentionally misleading your readers. Considering the fact that Brown's piece is short and easy to read (with a font size even my mother would love), I think it's safe to assume that you read and understood all of it. You did, after all, write a whole article about it. Thus, it seems likely to me that you are intentionally leaving information out.
The goal, I presume, is because you want to spread your silly "it's not hacking so they're wrongfully broadening the scope of the CFAA" FUD. I think there are good arguments that the CFAA shouldn't apply here, but jumping to your "hacking" FUD does little to advance the discussion.
[ link to this | view in chronology ]
Re: Re: Re:
As usual, your post can be distilled to: deflect, distract, and denigrate.
Perhaps instead you could advance the discussion by helping everyone understand how the CFAA actually applies?
[ link to this | view in chronology ]
Re: Re: Re: Re:
Let's run through how the FUD is created.
Brown explains that the defendant claims to have destroyed the hard drive because "it had personal data on it such as tax returns and account information."
Rephrasing this, Mike claims the defendant destroyed it because "it had personal data on it (tax returns, account info and logins for personal things) that he didn't want to share with D&T."
Yes, Mike made up the "logins for personal things" out of thin air.
Later, Brown explains the plaintiff's theory of why the defendant really destroyed the hard drive. They claim "that defendant began soliciting another employee to leave before defendant left, and that defendant allegedly destroyed the data to cover his tracks."
But Mike feigns cluelessness.
First, Mike says "it seems pretty clear that the guy didn't do anything to harm the original company." This isn't clear at all, considering all the claims the plaintiff is making. The claims which Mike conveniently pretends don't exist.
Second, Mike says the defendant is "just a little overzealous in trying to protect his personal info." Of course, leaving off the fact that he is alleged to be covering his tracks makes his destroying the hard drives seem all the more OK.
It's another classic example of Mike FUDing something out to the hilt.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Mike wonders aloud about why the plaintiffs could possibly be upset about the defendant destroying the hard drive, while at the same time the very article he links to and makes the basis of his whole article explains why in one simple sentence. It's ridiculous FUD. If you can't see that, I'm not sure how else to explain it.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
Deloitte's claim probably has merit. The defendant is probably a douche-bag, but that doesn't mean we should warp laws to make them apply.
You're too busy trying to make everyone turn against Mike to participate in the actual discussion though.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
Side note: You need a new buzz word. I find it very difficult to keep reading your comments once I hit that word. It would be easier if you knew what that acronym meant, or if you didn't obviously have such an ax to grind for anything posted on this site, ever.
I'm only bothering to type this at all because if you could sound less like a frothing douche canoe (while keeping your own viewpoints, of course!) you'd be a valuable member of the community here; You seem intelligent and knowledgeable.
So, try and work on that, okay?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
People ingest information through the filter of their own context. You would likely argue that the majority of readers on this site don't view the posts critically enough and others would likely argue that you view all posts far too critically--so much so that you read in intent and agenda that isn't there. Both are likely true--but not to the degree either party thinks.
Most people here wanted to discuss whether the CFAA was being stretched to cover this situation. Mike wanted to bring that situation to light.
Everything else you've brought with you and the words you use completely undermine any point you want to make, which is frankly, sad.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
Your words, "pretending like he has no idea why the company could possibly be mad at the guy".
I guess it was the last few sentences of the post that are the problem. You see those words as Mike not digging enough or reacting in a shallow manner to certain words, but I see them similarly but without the judgment part. In other words, yes perhaps he could have understood Deloitte's position better, but he still achieved the objective: point out an area for commenter scrutiny.
Ultimately, the value in the site for me is not Mike's opinion, but the identification of possible areas of government, corporate, and legal overreach in technology and rights. I, for one, believe that is happening more and more. Perhaps you fundamentally believe it is a witch hunt, but many of us do not.
But if you removed the personal attacks from your posts I imagine more of us would listen to you.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re:
And how could he promote an informed conversation in the comments if he doesn't even know (or pretends not to know) the facts of the case or the court's reasoning in denying the motion to dismiss? That's what proves it's all FUD. He can't be bothered with the actual acts or the actual reasoning in deciding that the CFAA is being abused. Give me a break. Mike is just being super silly here. His motives are clear enough to me.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re:
He can promote an informed discussion because he provides ample citations and allows all sides of the discussion to occur below rather than restrict or prevent them (by requiring logins or posting approval).
I will listen to you if you post reasonable arguments, but I will not dismiss what I read here based on your ad-hominem assertions.
Their arguments are well-reasoned, well-founded, and as informed as can reasonably be expected. If that isn't good enough for you, well... don't expect people to keep listening or to treat you as anything other than a troll.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:
Anyway, I've said my piece. Bring on the enlightened debate.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
As an expert he should have known about Eraser
Of course that might still be hacking by the CFAA definition.
[ link to this | view in chronology ]
Re: As an expert he should have known about Eraser
As "a security expert" he probably also understood the limitations of such programs, especially when dealing things such as automatic sector relocation.
[ link to this | view in chronology ]
Re: As an expert he should have known about Eraser
Things that have been done with physical access:
1) RAM that was unpowered for 10 minutes was read perfectly, using a special hot-boot OS. For example, to grab an encryption or decryption key.
2) A 10 character password was copied into 10 files randomly distributed on a hard drive, then the hard drive was formatted, and written over 3 times with random 1's and 0's. The password was able to be recovered, (because some of the bits refuse to flip and areas/bits of non-randomness were apparently easy to identify). You aren't likely to copy down a password ten times, but it might be, say, store din a cookie, in firefox for auto-complete, maybe once in a password file somewhere, maybe all of those are copied because you have a back-up of your program preferences for some reason, whatever.
3) Files that they suspected to exist were completely falsified, because the defendant could not deny that they could reconstruct the file.
[ link to this | view in chronology ]
Re: As an expert he should have known about Eraser
Staring at a progress bar quickly loses its charm.
[ link to this | view in chronology ]
Both of those are clearly elite use of "hacking" skills!
[ link to this | view in chronology ]
Replacing the hard drive is not that simple - it could have been a more expensive enterprise class hard drive or some other special hard drive. Also depending on how this guy destroyed the hard drive - is there a certificate from an authorized hardware disposal or did he sell the hard drive?
[ link to this | view in chronology ]
Re:
Umm, no, it doesn't (on modern hard drives). There are areas of the drive that are not under the direct control of the user. Thus, the user may not overwrite these areas.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I dunno..
The part of the story that sticks out to me is there doesn't seem to be any proof the defendant destroyed the drive. Just a claim that he did.
[ link to this | view in chronology ]
Re: I dunno..
You'll notice a number of us questioning the defendant's motives, and supposed ability as a security expert.
[ link to this | view in chronology ]
It wasn't his drive to destroy
Can't they just do a good old criminal/civil combo using common reasons? Criminal: He stole the drive - whether or not he made restitution isn't the issue; Civil: That drive had information on it that we feel is relevant and we would like compensation for the loss of it.
[ link to this | view in chronology ]
Re: It wasn't his drive to destroy
[ link to this | view in chronology ]
Re: Re: It wasn't his drive to destroy
The best way to ruin a security professionals' life of business is probably get him convicted guilty with CFAA. In this way most computer security related companies won't hire him, and if they hire him, it'd be clear that something fishy has happened.
[ link to this | view in chronology ]
Without Authorization....
Last place I worked had an acceptable use policy, opening the case was NOT acceptable... taking anything from inside the PC was NOT acceptable... just because he was allowed to take it home, does not mean that he was allowed to open it up.. Unless they issued him with a machine that had a blank hard drive, returning the machine with one would not be acceptable in any place I worked..
Someone else asked if there was proof of drive destruction... that's something that needs more looking into...
and is it theft if you take something that isn't yours, even if you replace it with something equivalent?
[ link to this | view in chronology ]
WHY did he put personal info on company's computer?
Regardless, there's basis for allowing suit to continue, if only because ALL data on the drive was company property, no question. This high-powered consultant got himself into a tangle through a series of stupid decisions. Let him hang, be an example for others to NOT mix work and personal.
[ link to this | view in chronology ]
Re: WHY did he put personal info on company's computer?
[ link to this | view in chronology ]
Ninth circuit criticizes seventh circuit
From an article contrasting Citrin with Brekka:
(Citations omitted.)
Note that the present case, in the Northern District of Illinois, is in the Seventh Circuit, so the district court is bound by Citrin.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Most funny thing to watch its an all "I am a consultant, an expert" project, its like an Opera documentary on Discovery Channel.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Unintended consequences
The net result is that their ability to employ good staff in future is compromised - and as a result they will have to pay slightly more for slightly worse employees for a while to come.
Verdict (if they win) Pyrrhic victory!
(if they lose the appeal) Pure own goal!
[ link to this | view in chronology ]
$5,000 damage
From the opinion:
From the first Google hit: Newegg.com - Notebook Hard Drives, Laptop Hard Drives.
A laptop hard drive isn't $5,000 these days.
[ link to this | view in chronology ]
Re: $5,000 damage
Not that I agree, but I would imagine it would be pretty easy for Deloitte to claim >$5,000 in value in this way.
[ link to this | view in chronology ]
Re: Re: $5,000 damage
Zero.
From the opinion, I am left with the strong impression that Deloitte didn't actually set forth any plausible claim that data was lost.
[ link to this | view in chronology ]
I rent a car
It can't be done as it is not my car. The fact the engine is new is not relevant at this point.
[ link to this | view in chronology ]
[Is Destroying A Hard Drive On A Work Issued Computer The Equivalent Of Hacking Or Fraud?]
For emphasis, there are a few variables here to consider:
1. Who owns the computer?
2. Who destroyed the data?
3. Who "owns" the data?
4. What was the company policy at time of hire and did the said person go through orientation of that policy?
As noted in "3" the ownership of the said data is key. This is why when I do any kind of development (that goes outside of the SOW or Scope of job title) I always did it on "my" laptop and on my time as to retain not only ownership, but, chain of custody.
In my humble opinion.
3
[ link to this | view in chronology ]
Re: [Is Destroying A Hard Drive On A Work Issued Computer The Equivalent Of Hacking Or Fraud?]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Regarding writing random bits to erase data
While I agree there physical limit that can make sure it's unrecoverable with "current technologies", I'm agreeing no non-physical measure is enough if the harddisk contains data that I absolutely want noone to recover the tiny bit.
A previous post mentioned 25 percent recovery rate. But you know, for confidential data, the risk of being able to recover 0.0001% of data is still too high.
[ link to this | view in chronology ]
Re: Regarding writing random bits to erase data
http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf
This has been true since about 2001 and is applicable to drives that are larger than 15GB. It's all about density. There are no longer multiple paths possible for read/write heads on hard drives. The critical question is whether all sectors are being overwritten. The only software that guarantees this does it by triggering the ATA secure erase command, a command embedded in all hard disk controllers which are always integrated within the hard disk.
[ link to this | view in chronology ]
[ link to this | view in chronology ]