eDiscovery Daily Blog

Former IT Administrator Found Guilty for Deleting Files, Faces Possible Jail Time: eDiscovery Trends

Last month, we covered the case of a former IT administrator who was charged with hacking into the computer system of his former employer and deleting files.  Here’s a case where another former IT administrator was found guilty by a Texas jury for deleting files – while still employed by the company – and faces possible jail time!

As covered by Wired (A Texas Jury’s Guilty Verdict Should Worry IT Admins, written by Andy Greenberg), last week, a jury in the trial of 37-year-old Michael Thomas found him guilty of violating the Computer Fraud and Abuse Act, a verdict with a maximum sentence of 10 years in prison and up to $250,000 in restitution payments.  However, in this case, he’s accused of deleting a collection of his employer’s files before leaving his job as a systems administrator at the auto dealership software firm ClickMotive in 2011.

As Thomas’ lawyer Tor Ekeland has pointed out, Thomas wasn’t charged with the usual CFAA violation of “unauthorized access” or “exceeding authorized access,” but rather “unauthorized damages”.  Thomas’s guilty verdict, argues Ekeland, is “dangerous for anyone working in the IT industry. If you get in a dispute with your employer, and you delete something even in the routine course of your work, you can be charged with a felony.”

Prosecutors, on the other hand, called the case a victory. “The jury’s verdict in this case sends an important message to IT professionals everywhere: an employee in the defendant’s position holds the proverbial keys to the kingdom and with that power comes great responsibility,” wrote U.S. Attorney Bales in a press statement. “Intentionally causing damage to a computer system without authorization is a criminal act that can and will be prosecuted.”

During the trial, the prosecution presented evidence that Thomas intentionally harmed ClickMotive by combing through executives’ email, tampering with the network’s error-alert system, and changing authentication settings that disabled the company’s VPN for remote employees. He also deleted 615 backup files and some pages of an internal wiki.  ClickMotive claimed that those changes caused $140,000 in damages as they struggled to determine the extent of Thomas’s tampering.

The defense detailed at trial how Thomas went into the company’s offices the weekend before he quit—just days after layoffs—to help defend the company against a denial-of-service attack on its website and to repair a cascading power outage problem. And the 615 backup files he deleted were all replicated elsewhere on the network.  Ekeland also points out that the prosecution never entered Thomas’s employment agreement as evidence, and yet used that agreement to define the “unauthorized damages” that constitute his crime. “There was not a single communication produced at trial, a single written document that showed he wasn’t authorized to do what he did,” says Ekeland. “After the fact, your boss says ‘that wasn’t authorized,’ you violated an unwritten policy, and bang, you’re hit with a felony.”

Thomas’s defense team says they plan to ask the judge in the trial to overrule the jury under a Rule 29 motion, and if that fails, to seek an appeal.

So, what do you think?  Should IT administrators be held criminally liable for deleting employer files?  Or should their liability be limited to civil damages?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.