Misuse of Your Office Computer Network--Guess Who is Liable?

So, you're in your office and then suddenly a large contingent of Feds break in with a warrant for . . . your computer. This is not so far fetched. If one of your employees is doing something he or she shouldn't be (say, downloading child porn or spamming people with your servers for a side business), your company is on the hook. If you are suddenly confronted with this situation, don't panic. A good disaster plan can protect you from just about any unforeseen catastrophe, be it a direct meteor hit or criminals in your own lunch room. Here are some steps to follow to protect your business, both before and after you get served with the warrant.

1. Call Your Lawyer. Hopefully the firm you use has an attorney experienced in cybercrime. If not, the firm probably has people they can talk to. It's a good idea to talk to an attorney before the cops are at the door. You should also screen current and prospective employees. If they have criminal proclivities, chances are these tendencies have surfaced before. Check references and run actual background checks. If the federales are already in your lobby, don't say anything and call your lawyer fast.

2. Implement Written Computer Policies. A written policy is crucial to your ability to handle whatever comes up from civil suits to criminal charges to employee complaints about your computer policies. Any policy must include clear directives on Fair Use, document retention, privacy policies and e-mail. A comprehensive and well-drafted policy will also discourage employees from doing naughty things in the first place or being confused when they are sacked for violating the policy in the second place. Once you have a policy in place, do not deviate. Creating exceptions and looking the other way can cause worse problems. Here again, if you have a policy, have your attorney look it over. If you don't have one, have your attorney help you draft it. It is money well spent. As part of the policy, include a comprehensive document retention and archiving policy for all electronic documents, records and e-mail. Don't delete users from the system who have left the company until all their e-mails and documents are fully preserved. Only then can you purge them from the system.

3. Do Not Destroy the Evidence. As some of my prior posts have noted, missing electronic evidence is potentially more damaging and costly than the evidence would have been in the first place. The Federal Rules of Civil Procedure contain harsh penalties for failing to comply with discovery requests. Criminal rules are just as harsh plus they have the added incentive of jail time if you destroy evidence. If they've gotten a warrant, chances are your rotten employee is already under investigation and has been for some time. Your fingerprints on the missing files will implicate you.

4. Be Honest with the Heat. If you and your company get pulled into something like this, honesty is the best policy. Again, talk to your lawyer FIRST, but if he gives his blessing the best approach is to come clean. The cops (federal or otherwise) don't generally like to shoot you without good reason and they don't like to shut down legitimate businesses. They just want to catch the rats. They will generally work with you if you haven't tried to hide anything. Remember what happened to Martha Stewart. She was convicted not of shady stock deals, but of lying to the Feds. They really don't like that. Lie to them and they will tase you, then shoot you, and then throw you in jail just for fun. Remember, if you have nothing to hide, you probably have nothing to hide.

5. Have a Comprehensive Disaster Recovery Plan. If the Feds march in and haul off your network servers and all your workstations, that qualifies as a disaster. It's no different than if a meteor hits your server room or if a tsunami washes your hardware out to sea. Every business needs to have a comprehensive backup and recovery system in place. Backup all software on at least a weekly basis. This way, if you lose the servers (for whatever reason), you've only really lost a week of payroll, data, and e-mail.

And just as importantly, make sure your backup system is usable. Just because you are carefully backing up all your data to tape on a nightly basis and meticulously storing it off-site does not mean you are ready to set up shop across the street in the event of a disaster. Have you ever tried to recover data from a backup tape? It ain't easy. To do it, you need a server running the same backup software as the one that made the backup tape and an identical (working) tape drive to retrieve it. Plus you need the other software you use ever day (be it Outlook, MS Word, Excel, or your time and billing program) just to read the data after the catastrophe. Be absolutely certain that you can access the precious data you have taken such great pains to save. Remember all those post-apocolyptic movies where some poor guy is trying to get a 2,000 year-old DVD to play in a 2,000 year-old machine with no power while giant, mutant bugs or talking monkeys close in for the kill? Okay, that's you after a computer disaster where you can't access your data. Without a plan, the monkeys will win.

Schedule a drill with your IT people a couple of times a year to see if you can actually retrieve the data off-site. Absolutely do a drill every time you change your backup or other important software. Use a laptop or isolated workstation for the test. If it doesn't work, you have a problem. Get with your IT folks and fix it.

And lastly, make sure the non-guilty employees (or, in the alternative scenario, those employees who survive the meteor hit) have the ability to continue working, off-site if need be. The disaster plan should include access to a remote server where your data can be stored. You should also have web access of some kind so your employees can get to the data and telecommute for a while if need be.

Computers are incredibly powerful tools that can be used for good or for evil. Employees come in all flavors, too. A good, comprehensive contingency plan can protect your business from almost any disaster, be it a meteor hit or a criminal hiding in your midst.

A Holiday Wish

At this time of year it is worth pausing for a moment and remembering how lucky we all are. Life comes at us so very fast. It is all too easy to become completely immersed in our daily grinds. As we struggle to stay above water between work, family obligations, school, health problems, politics, world events, and money matters, it is easy to forget the small things.

So, rather than write a pithy commentary on some legal item, I thought I would just ask you, dear reader, to take a moment and take in all that we have. Whatever the problems and challenges of these times, we are lucky beyond comprehending to here in this wonderful country, at this amazing time.

And therefore, no matter whether you celebrate Christmas, Chanakah, Kwanzaa, something else, or nothing at all, may you have a happy holiday season and a healthy, prosperous New Year. God bless us, everyone.

Kreiner Claims Another Victim--Michigan Court of Appeals Rear-Ends Another Critically Injured Plaintiff

The Michigan Court of Appeals continues to use the hideous Kreiner v. Fisher decision to rob injured Michigan citizens of their right to recover for legitimate injuries sustained in auto accidents. The most recent atrocity is a decision called Jones v. Jones (Unpublished per curiam, No: 274627, Nov. 15, 2007). Dr. Evil would be proud.

Since the Kreiner decision came down from the Supreme Court in the summer of 2004, hundreds of plaintiffs have been denied any recovery from the negligent drivers who injured them. No less than 200 of those cases have been taken up on appeal and each time the injured plaintiff has lost. The plaintiffs have only prevailed in 30 such cases.

To illustrate the point, a closer look at Jones v. Jones may be instructive. Cynthia Jones was crossing the street one day when she was hit by a car. The car was being piloted by Sharon Jones (no relation, apparently). Sharon was negligent. The impact caused severe leg fractures that required a very serious open reduction surgery in which stabilizing plates and screws were surgically inserted. All this stabilizing hardware remain there in her leg to the present day and probably always will. (Woe to the poor traveler who finds himself behind Ms. Jones in the airport screening line). She required a wheelchair for an extended period, finally graduated to a walker, and endured months of in-home nursing attendant care to assist her with even the most basic daily needs. She also missed several months of work. She testified in her deposition that she still has pain and problems with standing and walking, even years after the accident.

Cynthia Jones brought suit against the negligent driver to recover for her pain and suffering. Unfortunately, the trial judge granted the defendant's motion for summary disposition and dismissed the case on the ground that, under the Kreiner decision, Cynthia Jones did not suffer a "serious impairment of an important body function." In other words, her injuries were not serious enough to meet the no-fault threshold requirement. She appealed. The Court of Appeals agreed that Cynthia Jones' injuries were not serious enough as a matter of law and affirmed the dismissal. There you have it. Case dismissed. End of story. Like the hundreds of plaintiffs just like her, unlucky enough to be injured through the negligence of others, Cynthia Jones faces the rest of her life with no compensation. The negligent driver gets off free, and Cynthia Jones is left to contemplate her broken body, scars, plates, syndesmotic screws, arthritis and pain. Victims of drunk or negligent drivers are being systematically victimized again by our courts. This is not fair. This is not justice. This is Michigan.

And lest we all forget, this is why we have insurance. To protect ourselves (and those we injure) from our mistakes. We are forced to have the insurance. But to what end? Have your rates gone down? The legislature has promised a fix for the ongoing scandal that is festering quietly, largely unnoticed in the Michigan courts. Let's hope it comes--and soon.

For an excellent discussion of the Kreiner dilemma, see Steven Gursten's article in the December 10, 2007 Lawyer's Weekly. The analysis is spot on.

Tattoos and Body Piercing Establishments to be Licensed

Have you kept up with the number of tattoo and piercing reality shows on cable these days? It's astonishing. I've noticed one from Miami ("Miami Ink", Tuesdays at 10:00 p.m. on TLC), one from Los Angeles (L.A. Ink, Tuesday at 8:00 on TLC), and now there is another one coming from London (with the unpredictable title, "London Ink") that is supposed to start soon. Evidently it stars the guy who tattooed David Beckham (whoever he is). Blimey.

Michigan has its own tattoo establishments, too. But they aren't regulated by the state. It looks like Lansing is finally going to get around to regulating them. Amazingly, with the exception of a parental consent rule and a prohibition on tattooing drunk people, there are no laws regulating tattoo and piercing parlors in Michigan. This, despite that the fact that tattoos and piercings can carry with them a host of undesired consequences (hepatitis, methicillin-resistant Staphylococcus aureus--a.k.a. MRSA--staph, and other sundry infections to name just a few).

That could soon change if, as expected, Governor Jennifer Granholm signs legislation passed last week requiring body art shops to get a $500 state license. They must also meet safety and sanitary standards. As it stands, local governmental units decide whether to license and inspect body art shops or not. Wayne and Oakland counties in southeast Michigan are among the few that have their own regulations and inspectors to enforce them. But most other counties (up to two-thirds of Michigan Counties) don't have any such regulations. Starting in 2009, all county health departments would have to conduct annual inspections under the proposed law.

Tattoo artists and body piercers seem to be generally in favor of the move. "We are dealing with blood and body fluids. We're not just cutting hair," said Kris Lachance, who owns the tattoo and body piercing studio in East Lansing near Michigan State University.

Maybe we'll be seeing a "Detroit Ink" show soon, now that we're going legitimate.

How Free is Blog Speech?

An age-old controversy has come to the Blogosphere, courtesy of a chemistry teacher in Wisconsin. Protected free speech vs. speech that incites violence is on the front page. Free speech proponents from all over are coming to the defense of James Buss, a teacher in the Oak Creek school district. Oak Creek is a suburb outside Madison. Recently Buss was arrested for leaving a provocative post on a conservative political website: www.bootsandsabers.com. The anonymous post praised the boys responsible for the Columbine High School shooting that took place in Colorado in 1999. Twelve students were killed and another 23 were wounded. Law and order types who are more sensitive to this kind of behavior are calling for Buss' head, urging that he be prosecuted or at least fired.

The post caused one teacher to call police in West Bend, Wisconsin where the blog's administrator lives. The administrator gave up Buss' IP address. Police tracked down Buss and arrested him. Now prosecutors are deciding whether to file charges or not.

The offending comment was made during a discussion over teacher salaries after some other commentators complained teachers were underworked and overpaid. Buss, who is a former president of the local teacher's union, apparently wrote that teacher salaries made him sick because they are lazy and work only five hours a day. He then went on to praise diabolical work of Eric Harris and Dylan Klebold, the two teen gunmen who killed 12 students and a teacher before committing suicide in the April 1999 attack at Columbine High School. Here is the text of the post left on November 16: "They knew how to deal with the overpaid teacher union thugs. One shot at a time!" he wrote, adding they should be remembered as heroes.

Washington County District Attorney Todd Martens is now considering whether to charge Buss with disorderly conduct and unlawful use of computerized communication systems.

Not everyone was alarmed by the post. Some observers said it was merely a sarcastic attempt to discredit critics of education spending. Buss was merely trying to mock the conservative view on teacher salaries, or so the theory goes. After his arrest, Buss spent an hour in the Washington County jail before he was released on $350 bail.

Police Capt. Toby Netko stands by the decision to arrest. He said the teacher who complained was disturbed by the reference to "one shot at a time." Other teachers agreed it was a threat.
Netko likened Buss' statement to saying "bomb" or "terrorist" in an airport. People are taken into custody all the time for that sort of behavior. If you don't believe it, try it sometime.

Now, for the most part all kinds of offensive, controversial, intolerant, hateful, ugly and stupid speech is protected by the First Amendment. In order for the speech not to be protected (i.e., for the speech to be illegal), it has to be intended to incite violence. The constitution protects most speech, even this comment if it was tongue-in-cheek or a bad joke.
Under the circumstances, it is unlikely that the prosecution will succeed. Though it was in very poor taste, it's a stretch to make this moronic statement into a call to violent action. However, it is likely that Buss could be disciplined by the school district (perhaps even fired) for his comments. The chemistry teacher has been placed on paid administrative leave while his school district considers what action to take.

It is hard to forget the images of teachers and students as they fled the horror that was unfolding inside Columbine High School. As dumb as this comment was, and as much poor judgment as it shows coming from a teacher, he shouldn't be prosecuted for it. However, public comments like this do have consequences. Words do have meaning. At the very least he owes an apology to the victims of the Columbine shooting and to the families of those who didn't survive.

Mind Your P's and Q's on MySpace--They're Watching You

It seems that increasingly MySpace is the focus of unwanted publicity. Either young people are doing things on MySpace that get them into trouble, or others are using MySpace for illicit purposes. Don't put anything on MySpace you don't want the whole world to see. Okay, there are probably a few people out there who don't know what MySpace is. MySpace is one of a number of internet sights that offer an interactive, user-submitted network of friends, personal profiles, blogs, groups, photos, music and videos internationally. Started in 2003, the popularity of the sight exploded among high school and college students as a way to post pictures and meet people of similar interests. In 2005 MySpace, with 45 million users, was purchased by Rupert Murdoch's News Corporation for $580 million. In August 2006 the MySpace accounts passed the 100 million mark.

But MySpace is not all just good clean fun anymore. Just this week a prosecutor announced he would not be filing charges against a Missouri woman who used a fake MySpace account to pose as a young boy named "Josh" in order to contact, Megan Meier, a 13-year-old girl living down the street. Turns out this woman actually wanted to do a little spying on Megan, who was also a friend of the woman's daughter. The woman believed that Megan was spreading rumors about her own daughter and created the fake profile to find what was being said.

In September 2006 Megan and the fake Josh began exchanging messages and struck up a friendship. Then, after a month of on-line corresponding, "Josh" suddenly broke off the relationship and told Megan she was a bad person and cruel. Megan suffered from attention deficit disorder and depression. Distraught over the way her relationship with Josh ended, the next day Megan committed suicide by hanging herself in her bedroom.

Megan's family learned later that Josh never actually existed; he was created by members of a neighborhood family that included a former friend of Megan's. The girl's mother, Tina Meier, said she doesn't think anyone involved intended for her daughter to kill herself. "But when adults are involved and continue to screw with a 13-year- old, with or without mental problems, it is absolutely vile," she told the Suburban Journals of Greater St. Louis. The prosecutor cannot find any law on the books with which to charge the woman.

More recently, in Belleville, Michigan, four Belleville High School students were were expelled after photos of them with guns, drugs and piles of cash appeared on a MySpace website.
Van Buren Public Schools Superintendent Pete Lazaroff has said that the photos shown on the social networking Web site were taken after a limo picked the students up from a school dance. After the posted photos were discovered, the school district commenced expulsion procedures. The students were expelled following a closed hearing.

The students appealed the hearing, alleging that the way in which it was conducted violated their constitutional rights to due process. A Wayne County Circuit Court Judge agreed. Judge Cynthia Stephens criticized the district for failing to keep a record of the closed Nov. 3 disciplinary hearing that led to the expulsions. She reversed the expulsion and ordered the teens be readmitted to school, but also ruled the expulsion hearings could be reconvened if done according to constitutional standards. The school district did so and one of the expulsions was upheld. Oh, and the parents are suing for a million dollars per kid. Just a little parental responsibility sometimes would be nice.

In a similar episode, three students were expelled from a Kamiakin, Washington high school for posting photos of themselves on MySpace flashing gang signs. The district has a zero-tolerance policy for gangs. Read more: Kamiakin.

I suppose the lesson here is two fold. First, if your children are creating profiles on MySpace, FaceBook, YouTube or any of the other social networking websites, carefully monitor their activity. You never know who they could run into. These sites are prowled by undesirables of every stripe looking for victims. The nature of cyberspace makes it nearly impossible for the sight administrators to monitor their millions users. Cyber bullies can attack their victims almost at will with little fear of any consequences. Cyberspace has become an extension of the playground. Report unusual activity.

And second, if you or your children are posting to these sights, remember that you never know who could be seeing the post. School administrators and police do monitor these sites. Incriminating photos, statements or other information can be used in court and other proceedings. While a photos of a drunken college binge may seem funny now, a prospective employer probably won't think so. And many do check.

E-Discovery and the Legal Nightmare It Can Become--A Cautionary Tale

Pretty much everyone in the legal and corporate worlds is aware that the legal landscape is changing and electronic discovery (e-discovery or EDD) is driving that change. E-discovery refers to any process by which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case. Even a small company can have millions of electronic and paper documents which somehow need to be located, copied, digitized, reviewed and, if necessary, produced during litigation. While existence of this data in a digital form can greatly speed review and searching, the penalty for a poorly designed system or poorly trained litigation team is extreme.

In the process of electronic discovery and recovery, data of all types can serve as evidence. This can include text, images, calendar files, databases, spreadsheets, audio files, animation, web sites, and computer programs. And as the lines between different technology hardware gets more and more blurry, potentially any electronic device can become a source of potential electronically stored data. The obvious sources are PC's, network servers and laptops. But now data is also stored on jump drives, portable hard drives, CD's, DVD's, Blue Ray Disks, memory chips, PDA's, and even i-Pods and cellular phones.

Most lawyers, even those who don't practice in Federal Court, are vaguely aware of recent amendments to the Federal Rules of Civil Procedure, including 16, 26, 33, 34 and 37. As a result of these amendments, the old "The dog ate my homework" excuse won't work anymore. There is no excuse for failing to maintain or produce electronic data and a party can be severely sanctioned for failing to comply. Many states are also bringing their own rules of civil procedure and into line with the Federal Rules--with similar penalties for violations.

The recent case in involving Qualcomm is instructive. Based in San Diego, Qualcomm licenses semiconductor technology and software to cell phone and DVD makers that makes the devices work. But there are other companies in this business. One competitor of Qualcomm's is Broadcom and for several years the two companies have been engaged in a pitched battle over who has infringed whose patents. One of the battle fronts is in the San Diego Federal District Court. Qualcomm was sued Broadcom over two of these patents covering technology that Broadcom had incorporated into its video players.

You can imagine the e-discovery issues involved when two giant chip/software/hardware makers with thousands of patents go after each other. Broadcom alleged as an affirmative defense that Qualcomm had waived its right to assert patent infringement, arguing that Broadcom's products were based on the JVT (Joint Video Team) international standards. Companies are entitled to base their products on such standards without fear of being sued for infringement. This is why your DVD movie can play in virtually any DVD player because they all use the same standards.

Broadcom claimed that Qualcomm waived its patent rights by participating in the standards process without disclosing that the resulting standard would violate existing patents held by Qualcomm. Broadcom's argument was essentially that Qualcomm engaged in a giant game of sandbag. On the one hand, Qualcomm helped to establish an industry standard that all companies could use, while at the same time knowing (without disclosing to the JVT committee) that it also held the patents on the very technology being incorporated into the standard. The secret ownership of these patents would, in turn, allow Qualcomm to sue any company using the standard for patent infringement. Smart if it works--REALLY dumb if you get caught. Qualcomm got caught.

The San Diego case went to trial and in January a jury ruled that the Qualcomm loses: it had violated Broadcom’s patents to the tune of $8.5 million. But even before the verdict, Qualcomm sustained a huge (and apparently unforseen) body blow as the trial was drawing to a close. One of Qualcomm's engineers revealed the existence of a mere 200,000 pages of e-mails that were not previously disclosed during discovery. Broadcom contended these e-mails should have been produced. Discovery is the pre-trial process where the parties take depositions and exchange documents. About 21 of the e-mails that should have been produced were the smoking gun kind that every lawyer dreams of. Qualcomm's lawyers said "Oops--Our bad" and sent letters of apology to the judge. They explained that they had used an improper "keyword search" during the review process that failed to kick out these e-mails so they remained buried in the millions of other documents being poured over and were never produced to Broadcom.

So all is forgiven, right? Qualcomm lost, afterall. End of story. Well, not exactly. That apology and dog-ate-the-emails fable wasn’t enough for the judge on the case, Rudi Brewster. On August 6 he issued a savage 54-page ruling accusing Qualcomm of not only of failing to turn over the more than 200,000 pages of relevant email and electronic documents during discovery, but of engaging in a long campaign of "constant stonewalling, concealment and repeated misrepresentations." He described it as "an organized program of litigation misconduct" and asked the federal magistrate in the case to consider sanctions against the outside attorney. Brewster ordered Qualcomm to pay Broadcom’s litigation costs, and voided two of its patents that had been incorporated into the JVT. David Rosmann, the vice-president of intellectual property litigation at victorious Broadcom, estimates that its fees will be around $10 million.

Bottom Line in this cautionary tale: Even assuming that Qualcomm's excuse for why it didn't produce the e-mails was legitimate (doubtful, but plausible even for parties who are trying hard to play by the rules), the penalties for that mistake are staggering. So, if you find yourself in a litigation situation, make sure your attorneys, IT department and any third-party e-discovery management company are all on the same page. If you don't have a spare $10 mil lying around, a mistake like the one in Qualcomm's case could put you out of business. Oh, and, not surprisingly, Qualcomm has new legal counsel now. So e-discovery mistakes can be just as deadly for the lawyers as for the actual parties.