Previous Table of Contents Next


Criminal Liability

Remedies in criminal cases are spelled out by the statute that was violated and the sentencing guidelines that jurisdictions often issue to accompany the laws. The most common punishments include fines, community service, and incarceration. Incarceration can take many forms: county, state, or federal prisons; and a growing number of other more innovative programs such as confinement to one’s home.

Courts have sometimes gone to great lengths in computer-related crimes to remove a convicted defendant’s access to the tools of the computer trade. The incorrigible nature of some defendants and the magnitude of the harm they caused, combined with their lack of remorse, have often induced judges to impose heavier and more creative sentences than in comparable cases of non-computer-related crimes.

Lawyer Liability

Lawyer liability is a phrase that the author uses to describe other harm. Time spent with and money spent on attorney’s fees are not trivial. In the days of downsizing and rightsizing, employee productivity is zealously guarded. Time spent that does not either increase revenue or decrease costs is wasted time. The effort and resources needed to pursue and win a legal action should be considered before the action is undertaken. Fees for attorneys, as well as other expenses, such as court costs and expert fees, are substantial. Often plaintiffs have to spend an inordinate amount of time educating their counsel about the nature of their businesses and the nature of this action. Combine this time investment with the uncertain nature of law as related to the Internet and the general lack of computer literacy in the legal profession and there are the makings of a true disaster in terms of the expenditure of resources vs. the likelihood of benefit or gain.

This approach could be applied to computers as well. Given the seemingly pro-right wing and pro-conservative American electorate and the noncommittal nature of leading politicians and their desire to win the family vote, a strong push to repeal such infringements is not likely to come from elected officials. Rather, it will be up to pioneering plaintiffs, perhaps aided by the EFF or CPSR or other similar rights advocates to step up to employ legal action to block enforcement.

Such activity is not unprecedented. The California proposition 187 limiting educational and other entitlements of immigrants, which, although passed by the electorate, was blocked due to potential constitutionality problems, could be a model for such protestations. However, computer and information freedom does not have a readily identifiable homogenous group of affected persons who will take direct, immediate, and costly action, at least not at this time. Furthermore, championing of pornography is not a popular view that will capture the hearts and minds of the electorate or the media.

AVOIDING PROBLEMS

System administrators must be mindful of the need for notice and disclosure. They must ensure that users or subscribers are fully aware of who has access to the system. They must indicate clearly how monitoring and control may be or is exercised on the system. Employee handbooks should spell out exactly what employees are expected to do in terms of use of the company’s information resources. All employees should sign an acknowledgment that they have read the rules, understand them, and agree to be bound by them.

Prosecution of Hackers

It is important to remember that a criminal prosecution is run by the office of the local DA, not by the victim. The goal of the DA is to get a conviction, not to ensure that the victim is compensated; nor is his or her goal to prevent similar occurrences in the future. A decision to proceed with prosecution is also a decision to cooperate fully with law enforcement authorities. Cooperation may require a significant amount of time, money, and resources from the company. This commitment may not fit with the company’s goals of minimizing bad publicity, fixing the leak, and controlling the course of legal events.

Should the decision be made to proceed, it is important to be mindful of the rules of evidence and the critical need to keep a pure chain of custody. One person’s opinion that a piece of evidence is damning does not mean that it is and, more importantly, it does not mean that it will be admissible and, if it is, that it will be understood by the trier of fact, whether judge or jury.

It is important to recognize that experts may be needed and that they may come from the ranks of the company or the company’s suppliers. Victims may not be in a position either to recommend, to supply, or to compensate needed experts, and the District Attorney’s budget may not permit hiring the “right” kind of talent.

History has shown that a defendant with financial muscle is not to be taken lightly. Should the defendant be well funded, he or she might not get convicted, and might turn around and sue the plaintiff for defamation or malicious prosecution.

Before opting for a criminal prosecution, a lot of good information can be found in a Government Printing Office document: the Criminal Justice Resource Manual, prepared by the Department of Justice. It contains good advice concerning the types of computer crimes, evidence, likely perpetrators, and other related material.

Companies contemplating this type of prosecution should also be sensitive to the track record of the local DA with respect to this type of white-collar crime case. Obviously, some jurisdictions (such as Austin, TX; Boston, MA; and Santa Clara, CA) are better venues for technology-related cases due to the high population of computer literate potential jurors and high-tech companies.

It is critical to remember that when the lawyer is called, whether a civil counsel, corporate counsel, or the local DA, someone loses time, resources, and money.

CONCLUSION

An organization should determine its goals early on in the process and balance the practical results that it wants to achieve against the legal hurdles that will have to be navigated to get them. Often, compromise is a faster, cheaper, and better alternative than pursuing legal remedies. Simple themes are always better than complex ones.


Previous Table of Contents Next

Copyright © CRC Press LLC