Re: "Employees cannot delete files without permission, says U.S. court"

["S.f.Stover" <sam.stover () gmail com>]

Paul Vixie wrote:
> http://www.tgdaily.com/2006/03/11/deletingfiles_appealscourt_citrin_reversed/

I've been intrigued by this case, and in trying to piece together the
real impact to secure delete users, I end up with this:

It was OK for Citrin to secure delete the files as long as he was an
employee.

<his employment contract authorized him to "return or destroy" the data
in the laptop">

It was only after he had violated the contract by moonlighting that he
put himself in a position to be prosecuted.

If I'm right, then if he had done it by the books (i.e. quit his job
BEFORE starting his own company), then the charge wouldn't stick?

<Citrin's deletion violates the Computer Fraud and Abuse Act because he
accessed a protected computer without authorization. Even though the
laptop was in his possession, his authorization ceased when he violated
his company's loyalty.>

If he hadn't "violated his company's loyalty" then he wouldn't have
accessed the laptop "without authorization" - so he would have been golden?

If that's the case, then we all just need to make sure that A) our
employment contracts give us the right to securely delete data and B) we
remain vigilant in our efforts to secure delete our data PRIOR to
violating those employment contracts.  ;-)



-- 
S.f.Stover
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5C4DAB68
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.