Computer Fraud and Abuse Act: Government to the Rescue of Employers?

Posted by Molly DiBiancaOn July 23, 2009In: Privacy In the Workplace

Email This Post | Print this Post

Employee theft, especially electronic theft, has been on the rise. Some blame falls on the state of the economy. Another explanation is the current state of technology.  Employees are more savvy with technology today than ever before.  And the workplace is more digital than ever before, so there's more data where employees can find it. Once they find it, they know how to use it, remove it, or, in some cases, destroy it. 

Stories of employees' theft and destruction of their employers' data are scarily commonplace.  Usually, employers are left with little recourse. Although they can, of course, terminate the wrongdoer, this option doesn't compensate the organization for the harm caused. Some employers have looked to the legal system and found the Computer Fraud Abuse Act (CFAA), hoping to find a civil remedy to employers whose computer system has been hacked by an employee.  Some courts have agreed with this interpretation, while others have not.  And some employers are left without recourse, especially those who don't have the resources to detect the source of the breach.   

But wait!  There may be another answer!  The government!

No, really.  The government is here to help. I know, I know, when that investigator from the Department of Labor called, there was no mention of any gratuitous assistance, right? But really, there may be some hope. 3d men in need of help with computer

There have recently been a few high-profile stories of "employees who hack" who are then investigated and prosecuted in criminal court.  Former Philadelphia news anchor, Larry Mendte, is the first such story that comes to mind. Mendte was convicted of computer crimes after the FBI discovered that he hacked into his co-anchor's personal email accounts hundreds of times and leaked personal information about her to the media.  Mendte served time on house arrest and recently was released from the confines of his Main Line property and is free to carry out the terms of his probation from the Jersey Shore. 

Another, more recent story is a real-world example of an employer's worst-case scenario. When LifeGift Center, a nonprofit organ and tissue donation center, terminated its IT director, she accessed the computer network remotely from home.  Once she gained access, she deleted organ-donation database records, invoice files, and database and accounting software.  Danielle Duann, 51, then disabled the computer logging functions on several LifeGift servers and erased the computer logs that recorded her remote access to cover her trail. LifeGift claimed more than $94,9000 in damages from the intrusion.

Enter the government!  The DOJ prosecuted Duann. She was indicted by a grand jury last summer and, in May, pleaded guilty to one count of causing damage to a protected computer. Earlier this month, she was sentenced to a two-year prison term, followed by three years of supervised release, and was ordered to pay the full amount of damages as restitution.

Read more posts on the topic of technology's impact on the modern workforce.

Leave a comment