The value of stolen information
I can't believe people still equate illegally copying data with theft. Unless she somehow took the only copy in existence...?
A California woman has been sentenced to 60 days home detention and a year of probation for breaching the mail system of a former employer and posting confidential company documents to public websites. Ming Shao, who was 44 years old according to court documents filed last week, pleaded guilty to one count of felony computer …
"If I get into a taxi and don't pay what crime would you say that was[?]"
Uh... theft (and possibly fraud). You incur a debt for the cab driver's time - that's what you're paying for. You're not leasing the cab, you're paying the driver for a service. Unless you have some way of giving the cab driver the minutes of his life you've used up, you have to pony up the cash. Same as if you go into a restaurant, eat a meal then stick two fingers down your throat and puke it up all over the table. Every atom of the original meal may be pebble-dashed over the tablecloth but you still owe for the meal and the service.
..it's called potential loss of business.
If a potential customer realises that a) your trading figures are really low and may go bust, or b) you are being shafted, there is every chance that a potential customer will pull out and deal with someone else.
Run your own business, publish how much profit you make from each customer in detail, combined with detailed losses and gains and see how long you last.
It's not that it was illegally copied; it's that the information has value. If two companies are bidding on a contract, then the internal discussions of one are likely to be very interesting to the other. They have value, in that the information could be sold; and they also have value because making it public may cause the company to lose a contract. In this case, it looks like the publication of the information that she illegally obtained and published was an important factor in causing her former employer to lose a customer.
She said that she did it to get revenge. If the information didn't have financial value (the ability to cause financial damage) then how was it going to give revenge?
Well, in the sense that it's taking something that isn't yours, it is theft. But you're right that "stealing" a copy doesn't deprive the owner of the "original". But then you might realise that the information could be worth most when nobody else has it, or when it remains unused, and the picture gets all murky again. This is the stuff spying is made of and it's rather hard for most people to wrap their heads around.
The valuation part is just as much crap. Parallels with drug crime come to mind, where large captured hauls' worth is invariably calculated on the diluted retail "street" price by the cops, probably adding a nice fat law enforcement "look how successful we are being!" fudge factor, conveniently forgetting wholesale wouldn't get even half that, which is strangely accepted practice on the legal side of things.
On the computer-y side of things the numbers come from hiring the most expensive and incompetent consultants to "clean up", racking up as big of a bill as they can, which is then put on the convicted's tab. Normally you'd get a chance to fix it yourself or have someone of your choice fix it for you before the other side would do that, but not here. Leaving the why aside, it does mean the numbers are bunk again.
Here, the curiously specific restitution sum might be because that one "between $30k and $50k" valued deal fell through after the negotiation deals leaked, but who's to say the deal wouldn't've fallen through later on? Negotiations are fickle like that.
So again without knowing much more detail I can't tell wether the values are reasonable, or as is more likely, made up out of hot air. If there's one thing we know about the US justice system it's that monetary figures tend to go asplode at the drop of a hat and small companies and individuals will be more than likely unable to meet the orders. As such $25k seems not terribly low but for someone with a reasonable tech worker's salary not insurmountable either. But then there'll be the legal bills.
Illegal copying of data or theft, which would you prefer to type or say?
Apart from that one semantic issue of it not being the only copy, theft is nigh on identical in intended meaning.
Also, the dodgy brand of file sharing would come in under the illegal data copying flag, which this most certainly needs to be distinguished from.
Data theft, anyone? Or, for the William Gibson fans, cybertheft?
If she was technical enough to have pulled a hard drive she should have used a USB memory loaded with Portable Firefox and then there wouldn't be much to look at on the rest of the computer.
Better still, just keep the OS on the hard drive and use USB hard drives for everything else.
If you were really looking to hide the data you would use some micro SD cards or similar which you would colour code so that you knew which one to swallow when the door burst in. The capacity of these now is quite phenomenal and more than enough for a few confidential documents.
Not that I have done anything like this you understand, but if you don't have the imagination to think of this then how will you plan to stop it.....is my defence.
Now, do I Anon this........ah what the heck, it's not like I'm anywhere they can find m
You haven't stolen the only copy in existence. However you *have* reduced the value of the information - a trade secret may become worthless once your competitors get it, or other information may create other risks which damage the company.
For something which might work for you, suppose I illegally took a copy of your credit card details and posted them on the web. All I've done is copy a string of numbers - but the result is not going to be fun for you...
If all you did was make a copy of my credit card number, then you have done no harm at all. The real crime would be in making use of that number, or selling it on. The former is fraud, and the latter is something specific, which slips my mind, but neither is theft.
I would imagine that skipping out on a cab, or a restaurant bill would technically constitute breach-of-contract, again definitely not theft.
"If all you did was make a copy of my credit card number, then you have done no harm at all. The real crime would be in making use of that number, or selling it on."
Sooooo...if I had you CC info, banking info, etc and posted it all over the web, but did not use it for financial gain you would be OK with it? Please...feel free to post it all here. Surely no one would use it for any personal gain. The point is that this would put you in a bad position and increase the likelihood that a fraud was committed against you. Same thing when a financial company allows records to be compromised and peoples' account info, tax info, mother's maiden name, etc. goes into the wild.
In the case here, while she did not gain financially herself, she did cause potential harm to the business when she posted confidential info that customers and competitors could access, and she certainly intended it to cause the company harm.
"...had access to two employee email accounts for months following her dismissal..."
Feckin WHAT? PanTera ought to be fined right there too. In fact I'd even say there was a case for a dumbo defence: "My account still worked, so I thought it was OK..."
I'm not condoning what she did, but people that fail to secure their networks - especially in a case where there's likely to be a beef - deserve every damn thing they get.
I would imagine that skipping out on a cab, or a restaurant bill would technically constitute breach-of-contract, again definitely not theft.
How is that not theft . You ate the food it's gone. You took some thing physical with out permission and can not give it back. Explain how that is not. For the taxi cab what you stole was time and fuel.