Information Technology Professionals

What Happens When the Smoking Gun is Thrown in the Recycling Bin?

In January 2014, the Hon. Lawrence E. Kahn in the U.S. District Court for the Northern District of New York granted plaintiff Dataflow, Inc.’s motion for sanctions in a case regarding deleted email correspondence.  Sanctions took the form of the often-case-ending adverse inference, with the judge reserving on the specific language of the adverse inference jury instruction until trial.  Defendant Peerless Insurance Co. might not wait that long, as even the neophyte lawyer can tell when blood is in the water. Dataflow’s claim arose out of a discovery request for production of documents that “targeted, inter alia internal communications and investigations regarding Plaintiffs’ claim.” Dataflow, Inc., v. Peerless Ins. Co., No. 3:11-cv-1127 (LEK/DEP), 2014 WL 148685, *2 (N.D.N.Y. Jan. 13, 2014).   When the defendant failed to produce any internal communications responsive to the document request, the plaintiffs tried again.  After the plaintiffs submitted an even narrower request for production, the defendants still didn’t produce anything responsive. Perhaps smelling something fishy, Dataflow started taking depositions and asking questions about the internal communications at Peerless.  The plaintiffs quickly learned that email was routinely used to communicate about claims.  The emails that Dataflow already asked for.  The emails that Dataflow was told didn’t exist.  The plot thickens. Hon. David E. Peebles, the Magistrate Judge handling discovery in this matter filed a Report and Recommendation urging sanctions be granted and fees shifted.  The District Court, reviewing Judge Peebles’s ruling de novo determined that the Magistrate got it right—and that sanctions are appropriate. The court analyzed the facts of the case under the spoliation framework set forth in Residential Funding Corp. v. DeGeorge Fin. Corp., 306 F.3d 99, 107 (2d Cir. 2002): On a motion for sanctions due to spoliation, the moving party must show that: (1) the party having control of the evidence had an obligation to preserve it at the time it was destroyed; (2) that party had a culpable state of mind; and (3) the destroyed evidence was of a nature that a reasonable trier of fact could find that it would support the moving party’s claim or defense. Dataflow, at *2 (citing Residential Funding Corp, at 107). Here, the duty to preserve for an insurance party was triggered when a claim was submitted.  As such, any internal communication regarding that claim is obviously supposed to be preserved.  The culpable state of mind can be inferred by the gross negligence displayed by email deletion resulting from a “system change.”  A “system change” that also conveniently “changed” the methods of preservation of documents related to paid and unpaid claims.  Finally, since the plaintiff was able to prove that the contents of the internal email conversations likely would have supported the plaintiffs’ theory of the case, sanctions in the form of an adverse inference just make sense. Perhaps it’s time for Peerless to have a “system change” with regards to their general counsel. Kevin received a B.S. in Political Science from the University of Scranton (2009), and will receive his J.D. from Seton Hall University School of Law in 2015.  Prior to joining the Seton Hall community, Kevin worked as an eDiscovery professional at two large “white-shoe” law firms in Manhattan. Want to read more articles like this?  Sign up for our post notification newsletter, here.

Recycling—Helps the Earth, Saves Lives, and Destroys Electronic Evidence

“Recycle,” “conserve,” “waste,” and “pollution” are terms that were implanted into the minds of each of us at a young age and are now they are being instilled into companies worldwide as a measure to reduce operational costs. Companies such as JPC Equestrian, Inc. have begun recycling and reusing “cleaned” electronic devices from former employees, which would normally not be an issue if companies had a company-wide server or cloud-based software that held all of the information stored within the device. However, since JPC Equestrian, Inc. does not have a company-wide server, once an employee leaves, the company has a procedure in place to “scub” the computer and reassign it to another without care for the electronic information within the device. In Kearney v. JPC Equestrian, Inc., Mark Kearney, a former employee, sued JPC Equestrian, Inc. (“JPC”) for the failure to produce emails relevant to the claim he is asserting. Kearney commenced this lawsuit against JPC when they wrongfully terminated his employment, and breached his sales agreements by either failing to pay him sales commissions or by paying reduced commissions that did not satisfy contractual obligations. Kearney through the discovery process received email documentation from numerous employees and executives dating back to 2005. The discovery submission included JPS turning over 250 pages of documents relevant to the parties and situations involved. However, Kearney requested information for "all relevant emails," which in his original discovery requests, were defined as "[a]ll emails that mention, or refer to the Plaintiff, however, marginally, in any way shape or form from 2002 through 2010." Kearney v. JPC Equestrian, Inc., 2014 U.S. Dist. LEXIS 153975, *5 (M.D. Pa. Oct. 30, 2014). Kearney was missing three years of discovery. Kearney only received documentation dating back to 2005 because the information dating back to 2002 did not exist or does not exist anymore and cannot be recovered. JPS claims that the information cannot be recovered because the computers that would have held that data were wiped clean and erased before the device was transitioned to another employee. JPS has found loopholes around document retention and the court agreed. The court held that JPS’ procedure of document retention was acceptable and the court has, “no basis to conclude that the defendants have withheld responsive documents, or that there is any basis to compel a further response regarding potentially relevant email communication.” Id. at *7. Unfortunately, this holding allows companies an avenue to discard potential and relevant information pertaining to potential litigation that otherwise would have been saved if not for the guise of recycling and employee cost saving. This holding should be reversed and JPS should be penalized for its failure to maintain adequate records for an appropriate period of time. The court should not excuse a company, no matter the size or market capitalization, for not maintaining the electronic information of employees who work within the company. Not only is that bad preservation practice, its poor business practice. Recycling and the protection of our planet is important but those ideals should not give rise to loopholes of common electronic document preservation practices, which are becoming as worldwide and important as protecting the planet itself. Timothy received his B.A. from Rutgers University in 2011. He began his post-college life working in Trenton, New Jersey, at a lobbying and non-profit management organization before attending law school in the fall of 2012. He will receive his J.D. from Seton Hall University School of Law in 2015. Timothy has had a diverse set of experiences during his time in law school and has found his calling in Tax Law. Want to read more articles like this?  Sign up for our post notification newsletter, here.

When Is An Employer Permitted To Monitor and Review An Employee’s Internet Activity and Usage?

On March 10, 20108, Marc Liebeskind began working at Rutgers Facilities Business Administration Department.  By March 28 of that year, Liebeskind was terminated for lacking the basic skill set needed to perform his job in addition to having a poor attitude while on the job. Liebeskind’s supervisors had suspected he was spending an unreasonable amount of time on non-work related activities on his work computer. Having doubts about Liebeskind’s work performance, his supervisors reviewed the browsing history on Liebeskind’s computer by using an application called IEHistoryView. It is important to note that this search only entailed browsing history, and there is no evidence that Liebeskind’s supervisors were granted any access to his personal or password-protected information and accounts. After his termination, Liebeskind filed suit against Rutgers University and his supervisors, claiming invasion of privacy, among other claims. On appeal, the New Jersey Superior Court Appellate Division affirmed the lower court’s ruling, which ruling struck down all claims that Liebeskind’s privacy was violated as a result of his supervisors’ investigating the browser history on his computer. The appellate court referenced the New Jersey Supreme Court’s Stengart ruling, which had set the precedent for an employer’s right to monitor employee Internet activity and usage. Closely followed in previous eLessons Learned posts, the 2010 Stengart ruling held that an employee’s email communication with her attorney, using a company-issued computer, but via a personal, password-protected email account was held to be protected by the attorney-client privilege. However, the court’s decision to uphold Stengart’s privacy was not intended to forbid employers from monitoring employees’ actions on company-issued computers or devices in the future. In Stengart, New Jersey’s highest court stated: “Companies can adopt lawful policies relating to computer use to protect the assets, reputation, and productivity of a business and to ensure compliance with legitimate corporate policies.” As noted in Liebeskind, Rutgers’ “Acceptable Use Policy for Computing and Information Technology Resources” was in effect during the time of Liebeskind’s employment. This policy expressly stated that an employee’s privacy “may be superseded by the University’s requirement to protect the integrity of information technology resources, the rights of all users and the property of the University.” Additionally, Rutgers University “[r]eserve[d] the right to examine material stored on or transmitted through its facilities.” Unlike the findings in Stengart, the court established that Liebeskind did not have a “reasonable expectation of privacy.” In addition, the court agreed that Rutgers had a “legitimate interest in monitoring and regulating plaintiff’s workplace computer.” All companies can learn from this case and the policies in place at Rutgers that protected its right to monitor and search an employee’s computer. One of the most important lessons to be learned here is the need for a written internet usage policy. At the very least, these written policies should mandate that employees are expected to use the Internet and their work issued computers for work related activities only. Additionally, the possible disciplinary actions for any violation of this policy should be made available to employees. As seen in in this case, the existence of an internet usage policy and the reserved right of a company to monitor its employee’s Internet activity is the key to eliminate an employee’s reasonable expectation of privacy.

Can Your Facebook Page Be Used Against You? Social Media and the Criminal Trial

We all have personal social media pages. No matter who you are, you likely have an online presence in the form of a profile on one of the many sites available on the Internet. One who simply forgets about a newly created social profile can be the subject of worldwide scrutiny—the page is available for all to see. Who cares, right? Most likely, you will not have anything important on there. However, what happens when you are facing a criminal charge and the prosecution uses your social media profile in order to prove your guilt? Meet Aliaksandr Zhyltsou, a Ukrainian native living his life in Brooklyn, New York. All was well until Zhyltsou allegedly furnished Vladyslav Timku with a forged birth certificate, which claimed that Timku was the father of a baby daughter. Timku, as a cooperating witness for the government, admitted that he had sought the forged birth certificate in order to skirt his responsibility to military service in his native Ukraine. During the trail, Timku offered testimony that Zhyltsou had sent him the forged document from the gmail account “” However, the prosecution was unable to offer any other evidence other than Timku’s testimony that tied Zhyltsou to this e-mail address. Therefore, more evidence was necessary in order to corroborate Timku’s claim. Special Agent Cline, from the State Department’s Diplomatic Security Service, provided the prosecution with the link between the e-mail address and the profile (the Russian equivalent of Facebook). Cline asserted that this profile on VK belonged to the defendant and was linked to the very same gmail account used to send the forged document to Timku. To prosecutors, it seemed like a slam-dunk:  here was the evidence needed to corroborate Timku’s testimony and sufficiently tie Zhyltsou to the Gmail account in question. Everything seemed in order; the profile contained a picture of the defendant, his work experience, and most importantly the “azmadeuz” Gmail account. Furthermore, the district court agreed that this was the Zhyltsou’s profile page and therefore the prosecution could use it as evidence to establish the link between the defendant and the gmail account. However, one pesky evidence rule could ruin it all in an instant, Federal Rule 901. Simply, Federal Rule 901 requires that in order to “authenticate or identify” a piece of evidence, a proponent asserting any form of evidence “must produce evidence sufficient to support a finding that the evidence is what the proponent claims it is.” Therefore, in the instant case, the prosecution had the duty to prove that this VK profile page belonged to Zhyltsou alone and was not created by any other person. However, in his haste to provide this vital piece of evidence, the prosecutor failed to adhere to this rule and the case was ultimately overturned on appeal. This case is a prime example of the need for all lawyers to have a firm understanding of electronic discovery. While it may be easy to access social media profiles and the like in order to obtain evidence against an opponent, that is only part of the process. It must be proven that the profile actually belongs to your opponent before you may use it against them as evidence in a court of law. In today’s world, it is not difficult to create fake profiles on such sites and therefore the court was correct in overturning this ruling. However, it is not outside of the realm of possibility that the prosecution could have tied Zhyltsou to this VK profile, it would have simply taken a little more digging and investigative work. A.S. Mitchell received his B.A. in Political Science from the University of Central Florida (2008). He will receive his J.D. from Seton Hall University School of Law in 2015. Presently, A.S. clerks for the Monmouth County Office of the Public Defender.  Want to read more articles like this?  Sign up for our post notification newsletter, here.

Court Protects Against Requested Deposition of An IT Witness for Fear of Opening Floodgates

Philips and Hunt may have been debating the ownership of the tagline “Sense and Simplicity,” but it seems the U.S. District Court for the District of New Jersey was more interested in exploring the sense and simplicity of Rule 26 of the Federal Rules of Civil Procedure when it handed down the ruling in Koninklijke Philips N.V. v. Hunt Control Systems.  After noting that Rule 26 permits a broad scope of permissible discovery, Magistrate Judge James B. Clark, III held that a responding party need not use every tool in their toolbox in order to comply with a Fed.R.Civ.P. 30(b)(6) deposition request. In his memorandum opinion, Judge Clark held that an alternative approach to ESI collection, as requested by Hunt, was burdensome and likely to be unproductive.  The collection was such a burden, in fact, that Judge Clark granted Philips’ motion for a protective order against further such requests. Hunt had previously interviewed “a Philips IT/ESI discovery professional” regarding Philips’ ESI practices.  Months later, Hunt noticed a deposition for an IT witness claiming that Philips’ responses for eight questions were not adequately answered by the interviewee.  Philips objected to the deposition request and petitioned the court for a protective order. Hunt argued that the IT deposition was necessary in order to discover whether Philips was using appropriate search tools for the ESI discovery requests.  Hunt’s argument was supported by an IT professional who opined that Philips’ “cloud-based IT structure” and Philips’ “sophisticated and comprehensive state-of-the-art document search and location tools” meant that Philips was obligated to use a particular method to accommodate Hunt’s electronic discovery requests.  Hunt further argued that the deposition did not create an undue burden on Philips so as to outweigh the likely benefits. In seeking a protective order, Philips counters that the provided answers were accurate and that Philips has consistently used “a custodian-based approach to collecting ESI” and thus, shouldn’t be required to employ alternative approaches at the request of Hunt.  The court agreed with Philips, citing three individual reasons.  First, the Court found that Hunt failed to carry its burden of showing that Philips’ production has been materially deficient.  Significantly, Judge Clark wrote that just because Hunt was dissatisfied with the result of Philips’ production, such dissatisfaction was “not enough to reopen the door to the collection of ESI discovery under an entirely different method.”  Because Philips’ responses were true and accurate, there was “no compelling reason” to force Philips to use Hunt’s preferred method of production. Second, the court held that even if an alternative approach to ESI collection was more appropriate than Philips’ “custodian-based” search, Hunt still failed to produce evidence showing that conducting another search under their preferred methods would substantially alter the results Philips already produced.  Again, Judge Clark takes the opportunity to emphasize that employing multiple methods of production would be “duplicative” and “an inefficient use of time and resources.” Third, and most importantly for future cases involving these circumstances, Judge Clark wrote that it was not Hunt’s requested deposition that caused an undue burden on Philips, but rather “the possibility of opening the door to more (and likely unproductive) discovery with no apparent end in sight.” Putting a stern period on the end of a judicial statement, Judge Clark concluded by noting that the proposed deposition contained only a “marginal benefit” to Hunt that is “heavily outweighed” by the “tremendous burden” to Philips.  Judge Clark made it clear (and seemingly warned future litigators) that the court will not entertain duplicative and seemingly petty disputes over the method of e-discovery production, so long as the information produced is not “materially deficient.” In light of this decision, parties requesting discovery would be wise to make their requests as specific as possible in the first instance, including a specified or desired approach to collecting ESI.  Such specificity (accompanied with reasonability) may result in more beneficial discovery as well as preventing the scorn of wasted judicial time. Nicole was a 2010 magna cum laude graduate of Northeastern University located in Boston, Massachusetts, where she earned her B.A. in English and Political Science.  In 2015, Nicole will receive her J.D. from Seton Hall University School of Law.  After graduation, Nicole will serve as a clerk to a trial judge of the Superior Court of New Jersey in the Morris-Sussex Vicinage.

Should I Obstruct Discovery?—A Classic Pyrrhic Victory Problem

A pyrrhic victory is defined by winning an early battle but eventually losing the war because of the costs and expenses of that earlier battle. Everyone has heard the phase, “you may have won this battle but I will win the war.” Victory in life, business, and litigation is achieved by obtaining a favorable outcome in the end, and not defined by winning an early battle over discovery where you exhaust resources by attempting to try to obstruct your opponent. Individuals who fail to comply and purposely try to hide or destroy a document can trigger serious legal consequences and significantly hurt their chances for long term success in the litigation. In Klipsch Group, Inc. v. Big Box Store Ltd., Klipsch Group, Inc. sued Big Box Store (“BBS”) for the spoliation of relevant documents as well as other discovery misdeeds. Klipsch commenced a lawsuit against BBS for infringement of their trademark on a particular headphone in 2012. BBS conceded that they sold some counterfeit headphones but claimed that the sales were innocent and yielded almost no profit. Klipsch’s main claim against BBS is that they failed to hold or preserve relevant documents pertaining to the pending lawsuit when they became aware of the litigation in August 2012 (a requirement by law).    Every litigant has an obligation to take reasonable measures to preserve all potentially relevant documents once it has noticed that a lawsuit has been filed. Specifically, that obligation may arise even prior to litigation being formally filed if "the party 'should have known that the evidence may be relevant to future litigation.'" MASTR Adjustable Rate Mortgages Trust 2006-OA2 v. UBS Real Estate Secs., Inc., 295 F.R.D. 77, 82 (S.D.N.Y. 2013) (quoting Kronisch v. United States, 150 F.3d 112, 126 (2d Cir. 1998)). Here, BBS should have known about the possibility of future litigations since they were knowingly infringing onto Klipsch’s patent by selling counterfeit headphones. Klipsch suspected that BBS’ actions warranted, at a minimum, a forensic investigation into their company for documents that could reveal if a larger quantity of counterfeit headphones were sold. Klipsch, correctly believed, that based on the information they received through discovery it seemed that large quantities of documents (emails, transactional documents, sales reports) were missing or altered. This belief was verified during subsequent depositions of BBS employees. The depositions revealed that BBS employees produced contradicting stories than the information revealed in discovery. In deciding Klipsch Group, Inc. v. Big Box Store Ltd., the court refused to levy a severe punishment against BBS although it was discovered that they had broken numerous discovery laws. Instead, the court took a passive approach and applied “the mildest of available remedies” that allowed the parties leave to pursue additional discovery, except this time with an experienced forensic computer expert. However, the court could have imposed stricter penalties onto BBS, such as, termination, preclusion of testimony, or a mandatory adverse-inference charge after it discovered BBS’s possible attempt to destroy evidence. Instead, the court chose a more cautious route and tabled those actions until the forensic discovery was completed. This ponders the question, if the aim of any remedy is to deter the parties from engaging in spoliation and restore the aggrieved party to the same position then why not have automatic forensic discovery? The answer? Costs. Klipsch suggested that the imposition of costs, including fees should be shifted to BBS. The court disagreed and held that the costs would first be borne by Klipsch and could be reallocated or apportioned based on the findings of the expert’s report. The court could better deter abuse of discovery by always imposing costs for forensic experts onto defendants who are found to have wrongfully withheld information requested in discovery. This action and precedent would cause all parties to become forthcoming with unaltered information due to the fear of additional costs levied in litigation. Ultimately, the expert’s report will produce the information needed for Klipsch to move forward in their litigation against BBS, or it will prove unfruitful and Klipsch will drop their litigation. This entire matter could have been avoided if BBS did not attempt to hide information during discovery. BBS could have avoided a pyrrhic problem by not exhausting valuable resources into possibly altering evidence of the sale of counterfeit headphones. However, this case could be used as future precedent to prevent future companies from pursuing this option as a method of strategy if they automatically shift the costs of forensic experts to the litigant in situations where inaccuracies of discovery occur. Timothy received his B.A. from Rutgers University in 2011. He began his post-college life working in Trenton, New Jersey at a lobbying and non-profit management organization before attending law school in the fall of 2012. He will receive his J.D. from Seton Hall University School of Law in 2015. Timothy has had a diverse set of experiences during his time in law school and has found his calling in Tax Law. Want to read more articles like this?  Sign up for our post notification newsletter, here.

Will A Tangled Web of Preservation Failures Lead to Sanctions?

Preserving electronic data can be a challenge for companies with multiple data centers.  However, what we have here is a failure to communicate.  The case at issue is an ERISA class action against UnumProvident. On November 26, plaintiffs' counsel wrote to request a conference to present their request for a preservation. The court then outlined principles that would serve as the basis for the parties' draft of a proposed order. The court observed, without contradiction from UnumProvident, that UnumProvident already had a duty to preserve any tapes containing emails as of November 4, the date litigation commenced. The order required all back-up tapes or other back-up hard drives, disks or other hardware containing material back-up by the defendants regarding Y2K, regardless of the date or dates of the internal or external e-mails, computer information, or electronic media contained thereon to be preserved.  Specifically the plaintiffs requested all internal and external e-mails, generated, created, or dated October 14, 15, and 16 of 2002, and November 18, 19, and 20 of 2002.  If the defendants alleged these e-mails were no longer in existence due to routine destruction or otherwise, the defendants had to provide an affidavit explaining circumstances of the unavailability. UnumProvident’s Enterprise Security Architect decided instead of preserved the data to implement a special “snapshot” back-up which would back-up those emails that were on the system as of the day or days the snapshot was taken.  UnumProvident could also have directed IBM, their data vendor, to copy email back-up tapes from existing unexpired tapes to other back-up tapes that would contain no expiration date. Similarly, it could have copied the data onto a hard drive or into other computer media.  Instead, this snapshot inadvertently caused all of the data on the back-up tapes to be overwritten. The court found that no enterprise officers of UnumProvident had sufficient expertise to discuss the preservation project in a meaningful way. Neither of them took the steps that they needed to take to get sufficiently informed advice on the issues involved. Similarly, there was insufficient supervision of the Enterprise Software Architect's efforts.  The officer had also never ordered IBM to preserve emails regarding the six dates. Additionally, the law department of UnumProvident never instructed its officers to confirm that email for the six days had been preserved by IBM. As this issue developed relatively early in discovery, the court found it difficult to determine the extent to which the plaintiffs have suffered any prejudice from the failure to capture all of the UnumProvident emails for the six days.  Throughout the whole opinion, the court was very skeptical of the testimony of UnumProvident’s officers.  The court determined most of UnumProvident’s actions were inadequate.  However, it also determined the accelerated expiration problem that occurred because of the creation of the snapshot was inadvertent and unintended.  Therefore, the court did not award any sanctions.  It can still be assumed the court would be less trusting of UnumProvident after this debacle and less likely to give them the benefit of the doubt.

Want to Produce Documents? Produce Something Else First.

The plaintiff, Torrington Co., sought to challenge a final determination made by the International Trade Administration of the United States Department of Commerce. The case centered upon the discovery requests made by the plaintiff. The plaintiff argued that it was entitled to three things: 1) a computer tape of computer instructions, 2) a computer tape of SAS data sets, and 3) a hard copy for each file transmitted by tape. The plaintiff maintained that it was entitled to this discovery because it was part of the administrative record. The court disagreed. The court found that the computer tape of computer instructions, computer tape of the SAS data sets, and the hard copies were not a part of the administrative record because not only were they not “obtained by” or “presented to” the administrative agency (the International Trade Administration), but they did not even exist. If the materials did not exist (and never existed) they are clearly not part of the administrative record. In fact, the computer tapes and hard copies could only be created after the determination by the agency; they could not possibly be part of the administrative record at all. The defendant agreed to give the plaintiff microfilmed computer printouts which contained both the computer programming instructions and the SAS data sets. Note that these microfilmed computer printouts were not the same as computer tapes (which were requested by the plaintiff.) The court cited previous cases that established two principles. First, the court was not obliged to force a defendant to produce data in a format that was most convenient for a plaintiff. Second, the court should balance the plaintiff’s need for the specific type of information with the hardship placed upon the defendant. The court held that not only had plaintiff failed to show its need for the computer tapes, but that the defendant had shown that it would suffer “extreme hardship” if it were forced to produce the computer tapes. The plaintiff attempted to bolster its position by citing Daewoo v. United States, 10 CIT 754, 650 F. Supp. 1003, in which the court ordered that all computerized data be produced including “all further refined forms of electronic storage of the data involved.” However the court distinguished the case at hand from the facts in Daewoo by pointing out that in that case, the government did not demonstrate any kind of hardship. In the present case, the requested computer tapes did not exist and requiring the defendant to produce them would have been burdensome and expensive. The court notes that according to one source it would take 7,500 hours to create a computer tape containing 15,000 pages of the printout that was already created. By the account of one affidavit, it was estimated that it would take defendant’s department staff no less than a full two weeks to produce the computer tapes. Administrative agencies have many tasks and aim for efficiency – such a discovery request would doubtless be taxing on the agency’s resources. The plaintiff also claims that it would be equally burdened if it had to produce the tapes.] The court held that when the cost, burden, and time of creating the tapes is equal on both parties, then the burden of producing the tapes falls on the party making the request. Accordingly, the court held that the defendant did not have to make the computer tapes and that the parties were obliged to use the “more convenient, less expensive or less burdensome” computer printouts that were already in existence. What should have the plaintiff done in this scenario? It is unclear why the printouts were insufficient such that computer tapes were necessary. The plaintiff should have come prepared to show why production of the computer tapes would be more taxing on itself than on the defendant-agency. Rocco Seminerio is a Seton Hall University School of Law graduate (Class of 2014). Mr. Seminerio focused his studies in the areas of Estate Planning, Elder Law, and Health Law. He graduated from Seton Hall University in 2011 with a degree in Philosophy.

How Can You Be Found Guilty of Computer Sabotage When You’re No Longer Working For the Company? Easy; Put A Timed Virus Into The System Before You Leave.

On July 31, 1996, plaintiff Omega Engineering Corp. ("Omega"), a New Jersey based company, lost its computer programs relating to design and production permanently from its system. Omega manufactured “highly specialized and sophisticated industrial process measurement devices and control equipment” for NASA and the United States Navy.  The deletion of these programs debilitated their ability for manufacturing as well as costed the company millions of dollars in contracts and sales. From 1985 to July 10, 1996, defendant Timothy Lloyd worked as the computer system administrator at Omega.  He trained with the Novell computer network and installed it to Omega’s computer system.  The program worked to ensure that all of Omega’s documents could be kept on a central file server. Lloyd was the only Omega employee to maintain the Novell client and have “top-level security access” to it; however, the defense asserted that others at the company had access.  According to a government expert, access "means that ... [an] account has full access to everything on the server."  Lloyd was also the only employee in charge of backing up the information to the server. In 1994 or 1995, Lloyd became difficult.  The company moved him laterally in hopes of improving his behavior. A government witness testified that even though it was a lateral move, it was in fact, considered a demotion by the company.  Lloyd’s new supervisor asked him about the back-up system and wanted him to loop a couple more people in but he never did.   Moreover, he instituted a company-wide policy that employees were no longer allowed to make personal backups of their files. On top of the above issues, there was also a “substandard performance review and raise.”  The combination of the two factors, according to the government, showed Lloyd that his employment with the company would soon be terminated.   This established Lloyd’s motive to sabotage the Omega computer system.  On July 10, 1006, Lloyd was terminated. On July 31, 1996, Omega’s file server would not start up.  On July 31, “Lloyd told a third party, that "everybody's job at Omega is in jeopardy.” days later it was realized that all of the information contained on it were permanently lost.  More than 1,200 of Omega’s programs were deleted and, as per Lloyd’s policy, none of the employees had their own personal backups.  There was no way for any of these programs to be recovered. A search warrant conducted on Lloyd’s house turned up some backup tapes and a file server master hard drive.  Experts hired by Omega found that the deletion of information was “intentional and only someone with supervisory-level access to the network could have accomplished such a feat.”  The commands necessary to pull off such a purge were characterized as a “time bomb” set to go off on July 31st when an employee logged into the system.   There was evidence found by these experts of Lloyd testing these specific commands three different times.  This string of commands was further found on the hard drive that was in Lloyd’s home. Lloyd was convicted of a federal count of computer sabotage.  It was remanded due to a jury member’s claimed use of outside knowledge during deliberations. Julie received her J.D. from Seton Hall University School of Law in 2014. Prior to law school, she was a 2008 magna cum laude graduate of Syracuse University, where she earned a B.A. in History and a minor in Religion and Society. After law school, Julie will serve as a law clerk to a judge of the Superior Court of New Jersey.

Should One IT Person Hold the Keys to the Kingdom? How the “Philippine Love Bug” Case Highlights the Vulnerability of Such a Policy

Background Omega Engineering Corporation, an international company based in New Jersey, was once the employer of Timothy Lloyd. To put Omega’s importance into perspective, the U.S. Navy and NASA were two of their clients for highly specialized and sophisticated industrial process measurement devices. According to testimony during the trial, Lloyd worked at Omega as its sole system administrator from 1985 through 1996. In 1995, Lloyd had undergone Novell network training and installed Novell software on Omega’s computer system. Additionally, Lloyd was the only person who maintained and had top-level access to the Omega network. Between 1994 and 1995, Lloyd became belligerent and increasingly truculent. Due to his poor interpersonal skills, he was demoted in May 1995 from manufacturing to  support engineer. A woman who had once been Lloyd’s subordinate and had engaged in a romantic relationship with Lloyd, was the individual responsible for replacing Lloyd as manufacturing supervisor. In June 1996, Lloyd instituted a policy to “clean up” all of the individual computers in Omega’s manufacturing department. It was unclear as to why Lloyd was implementing company policies after his demotion. Nonetheless, the policy required employees to save their files to the company’s file server and prohibited them from making their own backups. Lloyd’s manager became suspicious of this policy and requested from Lloyd access to the file server. Lloyd never complied. By the end of June, upper management had enough of Lloyd’s behavior and terminated him in early July 1996. On July 31, Omega’s file server would not boot up. All of Omega’s manufacturing programs on the server, which contained instructions for operating the machines, were gone. Multiple computer experts were brought in to recover the files, but to no avail. The files had not only been deleted, but also had been “purged,” meaning that they were rendered unrecoverable.  A leading expert on Novell networking testified at trial that this could only have been done intentionally and by someone with supervisory-level access. The government’s theory included that on July 30, anyone who would log on to the server at any time after that date would “detonate” a program installed by Lloyd that would destroy the information on the Omega file server. The government’s theory was bolstered by the fact that the Secret Service recovered missing Omega backup tapes that had been reformatted as well as a master hard drive from the file server. This had the same string of commands that had functioned as the time bomb program found on the Omega file server. The Decision Ultimately, Lloyd was found guilty of computer sabotage. The jury had deliberated for over twelve hours over the span of three days and had requested testimony in the jury room before they reached their verdict. However, three days after the verdict, one juror said that she had seen on the news, during the trial, about a computer virus called the Philippine “love bug” which allowed the perpetrator to cause great harm by flooding the victim computers and causing them to crash. Whether this affected her decision is unclear; however, the defendant claimed that his 6th Amendment rights had been violated. The district court agreed, granting a new trial. On review, the Court of Appeals reversed the district court’s holding. After a lengthy discussion, the court said that there were significant dissimilarities between the “love bug” and the “time bomb” and most jurors would not confuse the two. Therefore, the appellate court found, the defendant was not prejudiced. Lloyd’s managers should never have allowed a single employee hold as much power as they did. This case highlights the vulnerabilities the company subjects itself to if that is allowed to happen. For example, Omega lost over 1,200 programs and many current and potential clients as well. Akiva Shepard received his J.D. from Seton Hall University School of Law in 2014. Akiva has worked for a New York State Supreme Court Judge in Kings County, and for a NJ real estate firm. 

  • Find an eLesson

  • Register for Post Notifications

    Subscribe to receive updates whenever a new eLesson is published.

    Manage Subscriptions
  • Let Us Blog Your Event!

    eLessons Learned is fast becoming the site of choice for employers, employees, judges, lawyers, and journalists who are interested in learning more about these areas without being intimidated by the complexity of the topic. In fact, organizations and event coordinators often feature eLessons Learned as their official eDiscovery blog. Fill out our simple registration form to have eLessons Learned be the official blog of your organization or event.

    Register Now
  • Recent Praise

    The blog takes a clever approach to [e-discovery]. Each post discusses an e-discovery case that involves an e-discovery mishap, generally by a company employee. It discusses the conduct that constituted the mishap and then offers its ‘e-lesson’ — a suggestion on how to learn from the mistake and avoid it happening to you.

    Robert Ambrogi

    Legal Tech Blogger and creator of LawSites

    Although I may have missed some, yours is the first article that I have seen addressing Zubulake II. It is often the lost opinion amongst the others.

    Laura A. Zubulake

    Plaintiff, Zubulake v. UBS Warburg

    Click here to see more.
View in: Mobile | Standard