by Max Marbut
Staff Writer
Computers have changed global business by allowing more data to be processed and stored in more places and accessed by more people than in any time in history. In some ways, the technology has created new commercial advantages. In other ways, it has created consequences, depending on the nature of the data, who has access to it and what they are able to do with that data.
Cases are appearing on the dockets of federal courts that, before the computer age, would have involved breaking and entering and burglary or at least leaving the office with a briefcase full of sensitive information that was intended to remain in-house.
People with less-than-noble motives are still breaking and entering and committing theft, but now they’re doing it with a modem and a mouse instead of a crowbar.
In August, an Intel employee in Boston was indicted for theft of trade secrets. Three months later he was also indicted for wire fraud in connection with downloading confidential documents from the company’s headquarters in California, where his wife worked.
A few hours after the wife was transferred to Intel’s Boston office, the husband resigned but continued on Intel’s payroll to use up 1.5 weeks of accrued vacation time. He said he was going to help his wife move and investigate potential new employment at a hedge fund.
The indictment further alleged that unbeknownst to Intel, the employee had been offered a job at one of Intel’s competitors and went to work for them three days after his resignation. Also unbeknownst to Intel at the time, he had started downloading Intel’s trade secrets and confidential proprietary information while he was on “vacation,” still on Intel’s payroll, but working for the competitor.
Over a four-day period, it is alleged the man remotely accessed Intel’s computer system numerous times and downloaded 13 “top secret” (according to Intel’s classification system) Intel documents including a document that explained how the encrypted documents could be reviewed when not connected to Intel’s computer system. Other files were downloaded and stored on an external hard drive.
During his exit interview, the man acknowledged his confidentiality obligations and falsely told Intel that he had returned all of Intel’s property, including any documents or computer data.
It is also alleged that two days after he left Intel’s employment, he attempted to access the company’s computer network again and when the FBI visited his home, the man was in possession of several Intel documents classified as confidential, secret and top secret.
According to Intel, the information was worth more than $1 billion in research and development costs and included mission-critical details about Intel’s processes for designing its newest generation of microprocessors.
If convicted, the man faces up to 10 years of imprisonment on the trade secret charge and an additional 20 years on each of the wire fraud counts, three years of supervised release per count, a fine on each count of $250,000 or twice the gain or loss, restitution to Intel and forfeiture.
That’s just one of dozens of Intellectual Property (IP) crimes being prosecuted by the U.S. Department of Justice.
“It’s a big risk for companies, not just disgruntled employees but companies that are downsizing as well,” said Chanley Howell, a partner with Foley & Lardner who specializes in data security and privacy law.
With the modern technology available at most discount stores, theft of a company’s information stored on a computer network doesn’t have to involve wire fraud. Removable media — also called a “flash drive” or “thumb drive” — is widely available. The latest models can hold up to 12 gigabytes of data.
“And that’s the equivalent of a tractor-trailer full of paper,” said Robert Jones, an investigator at Mulholland Forensics.
Howell advises his clients to avoid that aspect of technology.
“We recommend that clients limit the use of flash drives. The more places data is stored, the more ways there are to lose data,” he said. “And it’s not just thumb drives. Any kind of remote storage, including laptops, is vulnerable. We recommend that all data stay on network servers or at least on encrypted laptops or other encrypted devices.”
Nondisclosure agreements and legally-binding contracts involving proprietary information and trade secrets can allow a company the remedies of prosecution and liability when it comes to employees who obtain and use data inappropriately.
Protecting company secrets can be a challenge, said Jones.
“There are so many vulnerabilities in most systems,” he said. “One way to protect data is to make sure each employee only has access to the information needed for his job. For most companies, it’s about network security, passwords for example, and having a network security manager.
“It’s a cat and mouse game whether it’s someone inside your company or a hacker outside your company. Many strategies can be employed to make it difficult to steal information, but you can’t make it impossible.”
Sean Mulholland, president of Mulholland Forensics, believes there is a concept that companies must embrace if they are going to store and use data on computer systems.
“There hasn’t been a commensurate recognition of the security risks with the boom in our ability to store data. The amount of data that can be stored and transmitted has multiplied thousands of times, but the ability to protect that data isn’t being given enough attention,” he said.
Maintaining control of digital information and the people who use it has opened up a new division of Mulholland’s investigation business as well as a new discipline in the legal profession.
“Data security and privacy has become an entire new practice group for us,” said Howell, who added there are currently 15 attorneys at Foley & Lardner focusing on the field in Florida, California and New York.
356-2466