How Not to Investigate a Suspected Data Theft

more+
less-

There are few reported cases that reflect the problems that can result from computer investigations being inexpertly performed. U.S. v. Koo, 2011 WL 777965 (D. Or. March 1, 2011), decided this month by an Oregon federal district court, illustrates what can go wrong when a novice directs a computer investigation.

The underlying facts of the case are not atypical. Lawrence Hoffman, the owner of a manufacturer and distributor of after-market auto parts known as the Hoffman Group, discovered on eBay that JES Suppliers, LLC was offering to sell one of his products. A corporate records check revealed that JES Suppliers had been incorporated by a former Hoffman employee and two current employees, including Shegbao Wu who worked for a Hoffman Group subsidiary in China where he managed the design and manufacture of products. Id. at * 1.

As part of his investigation, Hoffman asked Wu to return from China to company headquarters in the U.S. under the pretext of discussing company business. While Wu was at the company office, Hoffman asked Wu to leave his company-owned laptop computer in order to replace it with an upgraded computer. The individual who took possession of Wu’s computer was an outside computer analyst hired to examine Wu’s computer. In examining the computer, “the computer analyst opened a folder named "private" [in Wu’s laptop containing documents allegedly relating to JES Suppliers, LLC] and moved it to the laptop desktop” from which he “copied selected parts of the "private" folder onto a USB external hard drive device using” regular business software that was not one of the standard forensic softwares. Id. at *2.

Thereafter, “Hoffman took the laptop home and, over the course of two days, periodically booted it up and looked around.” Id. Hoffman later “testified he "could have" moved files, but did not delete files and did not run the defragmentation utility” and “made "screen shots" of a chat program contact list, which he saved to a subfolder in the "private" folder he named ‘QQ.’” Id.

Hoffman provided both the laptop and the software backup of the private file to the FBI. As a result, Wu and the other two incorporators of JES Suppliers were indicted for various federal crimes including conspiracy, wire fraud, theft of trade secrets and computer fraud. As part of their pretrial motions, the defendants moved to exclude the back up of the personal file and the laptop from evidence to be offered by the government at their criminal trial. The court held a pre-trial evidentiary hearing on the motion.

LOADING PDF: If there are any problems, click here to download the file.

Published In: Criminal Law Updates, Labor & Employment Updates, Intellectual Property Updates, Science, Computers & Technology Updates, Business Torts Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Nick Akerman, Dorsey & Whitney LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »