Summary C841 - Task1 Parts A & B TechFite Case Study.docx.docx

In this paper, I will discuss the TechFite case study. We will discuss the Computer Fraud and Abuse Act and the Electronic Communications Privacy Act and certain aspects of this case study that violated these Acts. Next we discuss a few laws/ regulations/ legal cases that show that legal action is justified in this case study. Then we will discuss two instances in which due case C841 Task 1 3 was lacking. Next, we will describe how the TechFite case study show example of TechFite employs breaking the rules of SOX Act. After that, we will show detailed activity that warrants criminal action, and who was complicit and who was just a victim. We will then explain how existing cyber security policies and procedures failed to prevent the criminal activity. Lastly, we will show claims for negligence, who was complicit and who was a victim, and how current policies and procedures failed to prevent the negligence. A. Application of Law A1. CFAA & ECPA The Computer Fraud and Abuse Act (CFAA), was originally enacted in 1986 by the US Congress (Freeman, 2017). It has since been amended many times. This act criminalizes actions like knowingly accessing a computer without authorization and accessing a computer with the intent to obtain anything with the value of over $5,000 within a year (Freeman, 2017). This act was broken when employees like Sarah Miller for the Business Intelligence Unit used dummy admin accounts to access restricted information from the legal, HR, and finance departments. This is a violation of the CFAA. The CFAA was also broken when fake companies were used to move money into TechFite’s accounts. Based off the information in the case study, Carl Jaspers sold proprietary information from at least two companies after having signed an NDA. The Electronic Communications Privacy Act (ECPA) was also enacted in 1986 by the US Congress (Epic, N.D.). This act helps people have a right to their privacy from other individuals and the government, except in certain situations. This act criminalizes actions like intercepting electronic communications (Epic N.D). This is the section of the act that was broken by employees at TechFite. The Metasploit tool was found to be used by Business Intelligence staff. They penetrated into other companies’ networks without permission. This is a violation of the ECPA. A2. Three Laws/ regulations/ legal cases that justify legal action The first case that justifies legal action is case that happened at Intel in 2008. Biswamohan Pani was sentenced to three years in jail for stealing trade secrets from Intel to take to his new job at AMD (FBI, 2012). Pani illegally downloaded trade secrets from Intel on his last few weeks at work, and lied to them about where he would work next. Once Intel learned he was going to their competitor they started looking at his activity and noticed the large amount of files that were downloaded (FBI, 2012). This case shows that the actions of Carl Jasper were criminal. We signed an NDA with companies and then stole their proprietary information and trade secrets to sell them to their competitors. Carl Jasper knowingly and illegally took property that did not belong to him. In the TechFite case study, Carl Jasper also violated the Economic Espionage Act. The Economic Espionage Act of 1996 makes the theft of trade secrets a federal crime (LaMance, 2018). The act specifically makes the transmission of company trade secrets illegal if authorization is not obtained from the owner (LaMance, 2018). Carl Jasper knowingly and illegally sold trade secrets of Orange Leaf Software LLC without their authorization. This was in direct violation of the Economic Espionage Act. C841 Task 1 4 Another case study that shows the criminal actions of Carl Jaspers is Jawbone Vs. Fitbit. Six current and former employees were charged with stealing confidential intellectual property from Jawbone. All six Fitbit employees were former Jawbone employees (Moon, 2018). Fitbit was cleared from using the intellectual property, but the six employees were all charged. These six employees were all found to have confidential intellectual property of Jawbone on their computers (Moon, 2018). While Carl Jasper had legally obtained the information via the questionnaire, he was not allowed to distribute it of sell it without permission. After companies like Orange Leaf Software decided not to use TechFite their trade secret showed up in their competitors software. Based off the payments and tracking of activity, Carl Jaspers illegally sold or gave away this confidential intellectual property. A3. Duty of Care Duty of care is a legal obligation that is to be upheld by an individual to adhere to a standard of reasonable care when their actions could bring harm to others. Two distinct instances in which duty of due care was lacking in the TechFite case study are as follows in the examples. The first instance of a lack of duty of care was TechFite’s lack of security and separation of sensitive and proprietary information of their existing clients. TechFite had no plan or method of safeguarding and segregating this data. The second instance of a lack of duty of care is the absence of internal controls in the Business Intelligence Unit. Auditing user’s accounts, checking for escalation privileges, enforcing data loss prevention, and monitoring internal traffic was not being done by IT staff in the Business Intelligence Unit. The company failed to protect and secure the information that could cause the most harm to its clients. A4. SOX SOX (Sarbanes-Oxley) Act was quickly passed in 1992 after Enron was being investigated for fraud. The law hold upper level management like CEOs, CFOs, and the board of directors accountable for their companies financial misleading’s (Smartsheet, 2019). According to SOX, a public company must establish and comply with internal controls of financial data. This is to ensure the integrity of the financial annual report (Smartsheet, 2019). This was clearly violated at TechFite. Staff in Business Intelligence Unit had access to all of the data of the financial department. TechFite exhibits a clear lack of controls and auditing over their financial information. This is in direct violation of Section 302 of SOX. Staff from the Business Intelligence Unit was also violating section 802 of SOX. The case study indicates that they were examining financial and executive documents. It can be deduced that they were altering financial records in order to conceal payments from Freeworkers Bank. B. Legal Theories B1a. Who committed criminal acts and who were victims In this section, we will cover who committed criminal acts, what laws they violated, who the criminal acts hurt, and who were victims. According to the case study, Carl Jaspers committed criminal acts while at TechFite. Jaspers violated trade secret laws when he stole proprietary information from multiple companies. He also was complicit in violating the SOX