March 13, 2006

IAC v. Citrin, file deletion and the Computer Fraud and Abuse Act

Bob Helmer sent me a note about International Airport Centers, LLC v. Citrin, which involves:

The Seventh Circuit United States Appeals Court has ruled that employees cannot unlawfully delete their computers before handing them back to their employers. International Airport Centers (IAC) sued Jacob Citrin, a former employee, after he returned a laptop whose contents had been erased with a deletion program.

In a three to none decision the court said that Citrin violated the Computer Fraud and Abuse Act by installing a secure delete program. In addition the court said that Citrin effectively terminated his employment, not when he turned in the laptop, but when he started doing personal business while still being employed at IAC.

Despite hype elsewhere, it's been well-analyzed by: Groklaw: IAC v. Citrin - Deleting Files a Crime?, so I'll just point to that:

I know if I were on the jury, I'd find it hard to view such a [secure delete] program as a cracker tool, since I use the Mac OSX secure delete option every time I delete anything from trash. So, unlike Judge Posner, I just can't view it as an evil hacker tool, the way he does. However, if the guy deliberately destroyed the materials so as to prevent IAC from being able to compete, and the materials belonged to them and they had no other copy, obviously that isn't right either, and the wording of the CFAA [Computer Fraud and Abuse Act] then might well seem to cover what he did. But their other claims under state law are certainly sufficient to deal with that kind of behavior. What happened was, as I see it, a dance to keep it in federal court. That doesn't mean that in the end he'll be found guilty of violating the CFAA necessarily, but it does mean that anyone in the Seventh Circuit now can be, if the circumstances are right.

However, I personally found the most interesting part of the analysis to be:

And you'll notice that he bases his argument not on the parts of the CFAA that the plaintiffs cited but on [a different section]. When you see judges helping one side out like that it generally means that they are looking for a way to pin the guilty party, in their estimation. Frankly, if a judge wants to get you, you're going to get got. They know how.

In the past, I've had long arguments over risks regarding "authorization" and the Computer Fraud and Abuse Act. The problem is that any truth residing between pseudojournalistic wolf-criers, and overconfidence in the opposite direction, still ends up in a bad place.

By Seth Finkelstein | posted in legal | on March 13, 2006 11:59 PM (Infothought permalink)
Seth Finkelstein's Infothought blog (Wikipedia, Google, censorware, and an inside view of net-politics) - Syndicate site (subscribe, RSS)

Subscribe with Bloglines      Subscribe in NewsGator Online  Google Reader or Homepage