SC Lawyer, September 2006, #3. Scrubbing hard drives is a dirty business: employee liability for computer sabotage.

• Author: By Peter A. Rutledge

South Carolina Lawyer

2006.

SC Lawyer, September 2006, #3.

Scrubbing hard drives is a dirty business: employee liability for computer sabotage

South Carolina Lawyer September 2006 Scrubbing hard drives is a dirty business: employee liability for computer sabotage By Peter A. Rutledge I. Background

As is by now almost a universal practice in the business world, Acme Acquisitions, Inc. (Acme) issued a company owned laptop computer to its lead business development employee for her work. Employee enjoyed significant successes generating profitable acquisitions, so much so that she eventually figured she could fare as well or better establishing her own competitive business, ignoring the non-compete agreement she entered into with Acme when she was hired. To launch her grand plan, Employee composed, on the laptop, her new business plan and several draft proposals for Acme's clients she hoped would become clients of her future business, none of whom could she solicit under the terms of her non-compete. The proposals Employee drafted were based in large part on Acme's business practices, past proposals to other clients, margins and collected data related to Acme's existing customers and prospects. After resigning her employment without warning or notice on a Friday, Employee returned the laptop computer to the Information Systems Department, which on Tuesday discovered that she had "scrubbed" the computer by installing a secure-erasure program designed to write over deleted files to prevent their recovery.

The files Employee erased and overwrote contained information about current projects Acme needed to fulfill its contractual obligations to clients, as well as information that would have proven Employee's acts of disloyalty, misuse of confidential and proprietary information and trade secrets, solicitations of Acme's clients and other acts of competition that violated Employee's contractual obligations to Acme. Acme learned about Employee's competitive business in an awkward phone call with a client who, upon being contacted by Acme to discuss the completion of an ongoing project, confusingly reported that he was still doing business with Employee and assumed that Acme had simply changed its name. Acme's president contacted you expressing anger and betrayal and seeking advice on the remedies available to Acme against its former Employee.

II. Employee liability under the Computer Fraud and Abuse Act

In addition to committing breaches of contract, breaches of the duties of loyalty and perhaps fiduciary duties, conversion, tortious interference with contract and violations of the South Carolina Trade Secrets Act, Employee has also likely violated the federal Computer Fraud and Abuse Act (CFAA), 18 U.S.C.S. § 1030. See Int'l Airport Ctrs., L.L.C. v. Citrin, 440 F.3d 418 (7th Cir. 2006). In Citrin, the plaintiff sued Mr. Citrin under a provision of the CFAA which provides that "[whoever] knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer," violates the Act. 18 U.S.C.S. § 1030(a)(5)(A)(i). The plaintiff alleged that Mr. Citrin had, like Acme's Employee, used a secure-erasure program to delete and overwrite files that were property of the plaintiff and would have established Citrin's acts of disloyalty. The Citrin court noted that ordinarily, deleting information using delete keys or the mouse does not permanently affect the data. Rather, "it merely removes the index entry and pointers to the data file so that the file appears no longer to be there, and the space allocated to that file is made available for future write commands." Citrin, 440 F.3d at 419. The program Mr. Citrin used overwrote deleted files to prevent their recovery by Acme. Id.

A. The CFAA protects against internal as well as external sabotage.

The trial court granted the defendant's motion to dismiss the action under the CFAA. See Int'l Airport Ctrs., L.L.C. v. Citrin, 2005 U.S. Dist. LEXIS 3905 (N.D. Ill. 2005)...