I recently read a Legaltech News article, “Cybercrimes in Civil Litigation: Using the CFAA To Go ‘On the Offensive,’” which outlines how the Computer Fraud and Abuse Act (CFAA) can be used to protect organizations from “digital misdeeds” by employees, vendors, joint venture participants and hackers. I often see the CFAA applied to intellectual property theft (IPT), which constitutes about 75 percent of our digital forensics cases. The act is an important tool for counsel and risk management. Here’s why.
A Classic IPT Scenario
Typical IPT cases unfold when a key employee in areas such as sales, research and development or the executive suite departs. You then discover the employee now works for a competitor or formed a competing company. Sales dwindle, and you’re no longer the only company with that successful “secret formula.” Subsequent analysis of the departed employee’s computer reveals customer data and proprietary operational data, i.e., intellectual property, was accessed and possibly “exfiltrated” to an external USB, DVD, mobile device or cloud-based storage site.
How the CFAA Applies
The CFAA provides protections where there’s been access to a protected digital asset with intent, access is unauthorized or exceeds granted authorization and the access results in damage or loss. The CFAA not only provides for recovery of demonstrated damages, but fees paid to professionals such as digital forensic examiners and damages experts in support of the claim.
The above scenario often falls under CFAA protections. The departed employees may not have improperly accessed information but certainly exceeded their authority by removing a copy from the organization, and you’re harmed if customers are defecting and you no longer control your most valuable IP.
What to Do
With the cheap cost of hard drives and replacement cellphones today, I stress the importance of “shelving” a departing employee’s hard drive or company-owned cellphone for a reasonable period of time. Even if there’s no initial suspicion of malfeasance, I often see computers repurposed or wiped only to discover a few weeks later the employee did compromise valuable IP. The next critical step is to conduct a forensic analysis on the former employee’s digital assets. Such analysis can answer the questions of what was accessed and when as well as whether it was stolen. These simple—yet often overlooked—actions will greatly affect whether a CFAA claim succeeds.
Latest posts by Lanny Morrow (see all)
- Your Organization Is a Complex System—Treat It That Way - August 22, 2017
- Look over Here! (While I Steal Your Data over There) - August 14, 2017
- Voting Machines Easy Hack for DEF CON® Teams - August 7, 2017