The Ninth Circuit rejected an employer’s argument that a former employee violated the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, when he emailed company client lists and financial data to himself for personal use. LVRC Holdings LLC v. Brekka, ___ F.3d ___, 2009 WL 2928952 (9th Cir. 2009). Superficially this decision is at odds with another decision in the Seventh Circuit. The employer in LVRC Holding based its theory on the 7th Circuit’s application of agency law as a basis for finding liability under the CFAA. However, the 9th Circuit decision seems sound and consistent with avoiding turning the CFAA into a catchall basis for finding criminal and/or civil liability in the absence of other relevant legal authority. While I disagree with the reasoning of the 7th Circuits decision, I believe justice was served in both cases, and the 9th Circuit laid out a logically more stable basis for assessing liability under the [...]
|
||||
|
By Robert Hudock, on September 18th, 2009
 Print This PostSeptember 18th, 2009 | Tags: 18 USC 1030, agency, Brekka, CFAA, Citrin, Computer Fraud and Abuse Act, congress, IAC, intent, LVRC Holdings LLC, motivation | Category: 18 USC 1030, 7th Circuit, 9th Circuit, Circuit Courts, Computer Security Law -- Federal, Forensic Tools |
Leave a comment
Print This PostBy Robert Hudock, on September 8th, 2009
Print This PostSecurity Incidents can be accidental incursions or deliberate attempts to break into systems and can be benign to malicious in purpose or consequence, each incident requires a careful response at a level commensurate with its potential impact to the security of individuals and your organization as a whole however few organizations have an appropriate security incident policy. The fundamental components of a security incident response plan include the following — [...] September 8th, 2009 | Tags: malicious hackers, malware, NIST, policy, Privacy, security, security incident | Category: Computer Security Law -- Federal, Data Hemorrages, FTC Security Breach Notification, Forensic Tools, HIPAA Privacy, HIPAA Security, Identity Theft, Law and Technology, Media Sanitization, NIST, Peer-2-Peer File Sharing, Privacy, State Privacy and Computer Security Laws, State Security Breach Laws |
2 comments
Print This PostBy Robert Hudock, on July 10th, 2009
Print This PostIn Stengart v. Loving Care Agency, Inc. et al. , --- A.2d ----, 2009 WL 1811064 (App. Div. 2009 Docket No. A-3506-08T1, published June 26, 2009), a three judge panel of the New Jersey Appellate Division ruled, despite a written policy to the contrary, an employee had a “reasonable expectation of privacy” in e-mails with her attorney via an employer-owned laptop. The Court remanded the case for a determination of appropriate sanctions, including possible disqualification of the employer's counsel. The policy in question was ambiguous in part because it contained an “occasional use [...]
July 10th, 2009 | Tags: "Expectation of Privacy", E-Discovery, employer-employee disputes | Category: "Expectation of Privacy", Attorney-Client Privilege, E-Discovery, Forensic Tools |
Leave a comment
Print This PostBy Robert Hudock, on July 7th, 2009
Print This PostThe California E-Discovery Act(“the Act”) establishing procedures for a party to obtain electronically stored information (ESI), similar to the Federal Rules of E-Discovery (December, 2006), was signed into law on June 29 by Governor Arnold Schwarzenegger. The Act implements new rules for electronic discovery in California civil cases. The Act tracks the 2006 amendments to the Federal Rules of Civil Procedure. [...] July 7th, 2009 | Tags: California, EDiscovery, ESI | Category: Attorney-Client Privilege, Discovery Plan, E-Discovery, FRCP 26(b)(2)(B) "Not Reasonably Accessible", FRCP 26(b)(5)(B) or FRE 502, FRCP 37(e) Safe Harbor, FRCP Rule 26(f) - Reasonably Useable Format, Law and Technology, Local Court Rule, Form or Guideline |
Leave a comment
Print This PostBy Robert Hudock, on July 6th, 2009
Print This PostWith unemployment reaching 10% employers are more at risk then ever from former employees who are let go, regardless of the reason attempt to take punitive action against their former employer. Recent cases highlight actions by former employees which put their former employer at risk through the spoliation of relevant data and/or theft of company trade secrets. Spoliation occurs when a party is aware of pending litigation, or should reasonably be able to anticipate pending litigation, and the party fails to suspend the destruction of documents that may be relevant to anticipated litigation; the party is also required suspend routine document purging (or passive) destruction of data by systems. Accordingly, in anticipation of potential legal issues resulting with from the termination of an employee’s, an employer should specifically define the scope (or absence thereof) of the employee’s right/expectation of privacy when using work owned information systems or computers in a policy or employee handbook. Nat’l Econ. Research Assocs., Inc. v. Evans, 2006 WL 2440008 (Mass. Super. Ct. Aug. 3, 2006)(relating to privilege of attorney-client communication of employee with his/her attorney), see also Sprenger v. The Rector and Board of Visitors of Virginia Tech, 2008 U.S. Dist. LEXIS 47115 (W.D. Va. June 17, 2008)(relating to spousal privilege). Second, the employer should remind the departing employee of the former employee’s duty not to steal company trade secrets and/or other confidential material regardless of the reason. Finally, employer should inform the former employee that he/she should not delete and/or destroy relevant data if he/she anticipates bringing legal [...] July 6th, 2009 | Tags: 18 USC 1030, civil procedure, computer fraud, employer-employee disputes, evidence, Spoilation, theft, Trade Secrets | Category: 18 USC 1030, E-Discovery, Spoilation |
Leave a comment
Print This PostBy Robert Hudock, on June 20th, 2009
Print This PostGoing to Court to force an ISP to disclose the identity raises many issues including First Amendment issues. For example, On June 13, 2007, the New Jersey Township of Manalapan filed a malpractice suit against its former attorney Stuart Moskovitz, alleging misconduct regarding the Township’s purchase of polluted land in 2005. The decision to file suit was met by a lively debate in the regional press and among localbloggers. One blogger who was particularly critical of the Township, of this and other decisions, was Blogspot blogger “datruthsquad” (http://www.eff.org/cases/manalapan-v-moskovitz). Long story short the Township lost, a copy of EFF’s motion squash is available here motiontoquashmpa-signed; and the Court order squashing the subpoena is available here order-122107. However, there may exist an alternative method for “unmasking” anonymous bloggers, cyber-stalkers, etc. using public information. Everyone has a unique writeprint (basically a written fingerprint that can be used to identify him or her). This technique s has traditionally been used to identify the true author of a text (e.g. a book) where authorship is disputed or unknown. Forensics linguistics has been used to provide evidence in trademark disputes cases, identifying the author of anonymous texts (such as threat or harassment letters), and identifying cases of plagiarism. The identification process relies on the analysis of an individual’s particular patterns of language use (vocabulary, collocations, pronunciation, spelling, grammar, etc.). The term “idiolect” is defined as the speech patterns of a specific person (a dialect, unique in pronunciation, grammar, and vocabulary to a single person). Stylistic features can be used to create a fingerprint of an individual’s writing style (a linguistic fingerprint is called a “writeprint”). A writeprint is composed of features that represent an author’s writing style, which are consistent across all of an individual’s writings. For a gentle introduction, see Digital fingerprints: tiny behavioral differences can reveal your identity, by Julie Rehmeyer in the January 13, 2007 issue of Science News (Westlaw cite 2007 WLNR [...] June 20th, 2009 | Tags: 1st Amendment, Bloggers, forensic linquistics, Writeprint | Category: Forensic Linguistics, Forensic Tools, Law and Technology, Open Source, Privacy, Privacy Law, Statistical Methods Use Thereof |
One comment
Print This PostBy Robert Hudock, on May 20th, 2009
Print This PostI recently identified an excellent product for identifying encrypted files (and other attributes of said files). Forensic Innovations’ File Identification Technology tool identifies 3,312 File Types. Recently the product announce support for identifying “TrueCrypt”. (See www.TrueCrypt.org, they claim that “no TrueCrypt volume can be identified (volumes cannot be distinguished from random data). Computer Forensics tools might see the files as unknown or unimportant [...] May 20th, 2009 | Tags: Forensics, NSRL, TrueCrypt | Category: E-Discovery, Forensic Tools |
Leave a comment
Print This PostBy Robert Hudock, on March 10th, 2009
Print This PostInformation not originally thought to be relevant may become a vital resource in laying the groundwork for your case. However some materials absent specific notice may be purged pursuant to a written document retention policy thereby providing opposing counsel and his/her client safe harbor protection under Rule 37(f) of the Federal Rules of Civil Procedure. On the other hand if you can provide notice as to potentially relevant information, and opposing counsel fails to preserve this information opposing counsel and his/her client will potentially be subject to serious sanctions.1 The universe of responsive documents can be further expanded using interrogatories designed to ascertain relevant electronic information systems that may contain information relevant to your litigation. (This process will also facilitate understanding of opposing counsel’s technological infrastructure, information that will be useful in the event opposing counsel claims data are [...] March 10th, 2009 | Tags: Discrimination, Due Diligence, E-Discovery, Excessive Lunch Breaks, NDCA, Rule 37(f), Safe Harbor, Usenet | Category: Discovery Plan, E-Discovery, FRCP 37(e) Safe Harbor, Key Cases, Notice |
Comments are closed
Print This PostBy Robert Hudock, on August 20th, 2008
Print This PostCD/DVDs may contain information not accessible by a normal user however this data can be recovered using highly specialized forensic software potentially creating E-Discovery issues especially where this “hidden” data has not been intentionally produced. Moreover, the duplication process of a CD/DVD may yield two unique copies – two copies that have two different MD5 hashes. CD-ROM stands for Compact Disc Read-Only Memory, a mass storage medium utilizing an optical laser to read microscopic pits on the aluminized layer of a polycarbonate disc; DVD is short for Digital Versatile Disc or Digital Video Disc that holds a minimum of 4.7GB (gigabytes) of data. [...] August 20th, 2008 | Tags: CD, DVD, E-Discovery, ISO | Category: E-Discovery |
Leave a comment
Print This PostBy Robert Hudock, on July 24th, 2008
Print This PostThe general rule in discovery is whatever agreement is reached between opposing parties during a meet and confer (under Fed. R. Civ. P. Rule 26(f)) controls the form of production. See e.g., Williams v. Sprint/United Management Co.,230 F.R.D. 640 (D.Kan.2005)(finding that a producing party must produce electronic documents with meta-data, unless that the parties agree that meta-data should not be produced or the producing party seeks a protective order), In the event the other side (with full knowledge) agrees to a production of TIFF images without OCR text without any meta-data — this agreement would likely control, and such a production probably could not be successfully challenged. However, as is more often the case, the parties do not address the issue of an acceptable production format and each party is thus left to determine how to produce documents in a reasonably usable format. In this situation a producing party is free to produce the data as it was originally stored or in another format that is reasonably usable (which typically means that key elements of meta-data are left intact and the electronic data is [...] July 24th, 2008 | Tags: ESI, meta-data, Native Documents, OCR, Principle 12 of the Sedona Principles, Reasonably Useable, Rule 26(f), TIFF | Category: E-Discovery, FRCP Rule 26(f) - Reasonably Useable Format |
Comments are closed
Print This PostImprove the web with Nofollow Reciprocity. |
||||
|
Copyright © 2010 Law Blog 2.0 - Robert Hudock, Esq., CISSP - All Rights Reserved - This Blog is a personal blog of Robert Hudock. |
||||