Computers Case Analysis

Listen to this article

The court acknowledges at one point that it cannot “stretch[] the statute too far (especially since it provides criminal as well as civil sanctions for its violation).” The statute provides for imprisonment of up to 10 years (20 for repeat offenders).

The court also noted dual purposes of the statute: to criminalize computer hacking and virus spreading; and to criminalize the conduct of the programmer who decides “to trash the employer’s data system on the way out.”

However, Citrin’s conduct falls into neither category, and given the criminal sanctions available, even applying the statute to Citrin “stretches the statute too far.”

Consider what conduct is appropriately covered by the Act. The only Seventh Circuit case to consider it is U.S. v. Mitra, 405 F.3d 492 (7th Cir. 2005).

In Mitra, a prankster used his computer to interfere with the City of Madison’s police, fire, and ambulance services, so that instead of being able to communicate with each other, the city employees heard sexual moaning instead.

That is clearly an appropriate application of the statute. Another is YourNetDating, Inc. v. Mitchell, N.D.ILL.2000, 88 F.Supp.2d 870 (N.D.Ill. 2002), in which the defendant interfered with the computer system of a dating service by diverting its clients to a porn site.

In the case at bar, however, the defendant caused no real damage to the plaintiff. He didn’t “trash” the employer’s mainframe or “data system”; he just deleted the data from one laptop.

Suppose an employee is loaned a laptop by his employer, and uses it for personal business. Or suppose he uses it for personal business during times he should have been working. Either way, he would likely want to wash the laptop clean before he returns it to the employer; it shouldn’t be a federal crime punishable with up to 10 years imprisonment.

Suppose, unlike Citrin, an employee doesn’t know what a secure-erasure program is, and he doesn’t want his employer to know he has been playing online poker during working hours, so he physically destroys the laptop, or simply fails to return it.

This would not be covered by the Act, because the employee neither “accessed” the computer nor “transmitted” anything to it. It would be a misdemeanor theft or criminal damage to property.

Yet Citrin, who merely erased all the data on the computer, and returned it still in usable condition, is guilty of a federal crime.

Nor should it matter that, according to the complaint, if the laptop had not been erased, the data on it would have indicated “improper conduct in which he had engaged before he decided to quit.”

	Related Links 7th Circuit Court of Appeals Related Article Deleting data violates law

Even assuming that this is true — that Citrin breached the duty of loyalty that he owed to his employer, and the computer would reveal such information if it hadn’t been erased — it does not change the analysis.

Erasing the computer is clearly spoliation of evidence in any underlying lawsuit between Citrin and his employer, but it should not be considered an independent tort, much less a criminal offense.

The court’s decision thus extends this statute far beyond its intended purpose.

– David Ziemer

Click here for Main Story.

David Ziemer can be reached by email.