Any DBA worth his/her salt will tell you an untested backup is not a backup. This was in all likelihood intentional, and it is highly likely the court will direct any jury that they may infer same during deliberations.
Failed blood-testing unicorn Theranos trashed vital incriminating evidence of its fraud, prosecutors said on Monday. The imploded startup's extensive testing data over three years, including its accuracy and failure rate, was “stored on a specially-developed SQL database called the Laboratory Information System (LIS),” …
From an IT point it's rather obvious what's going on here. The filing suggests that the cops have suspicions but proving that to the standard required in a court of law might be more difficult.
The defendants can always claim that they weren't intending to be deliberately obstructive, they were just incompetent.
Precisely! This almost certainly reaches the level of criminal negligence. It also quite likely will be considered obstruction of justice, and US courts have a tendency to punish that at a similar level as the original crime - _vis_ Andersen Consulting. Judges _hate_ being insulted like that.
(icon because this is going to be fun to watch from a very, very long way away and the local effects will be similarly devastating)
One lady got a Theranos blood test which indicated that her cancer had come back with a vengeance. She was distraught, but had the good sense to get a 2nd opinion from a traditional lab company. That test was negative, and so she was fine and felt reassured. Thing is, that is medical malpractice concerning a life and death issue. So when Elizabeth Holmes had the gall to say, "We are the only lab company out there that is focused on being totally transparent", we are dealing with lying in connection with serious medical testing. Forget about the investors, this is life and death stuff.
...and there are so many examples of such incompetence in IT, that this could be an entirely believable defence. However, there must be rules/law on corporate responsibility around things like DR that make a business a going concern that apply. At least, one would hope so...........
For the supremely incompetent even testing that data can be recovered holds no guarantee.
I worked with one chap who thought he was doing a backup to tape. When requested he was able to load a tape and restore deleted files perfectly, however as the month went on I noticed that only recent files were recoverable. It transpired that despite the fact he was changing the tape each day and had a robust tape cycling strategy the data never got to tape. Thanks to a tiny typo in his backup/restore script he was backing up to file instead of the tape device. The file was overwritten each day so recent files were recoverable but in reality there was no true backup and all the tapes he had been shuffling around were blank.
Early in my career as a field support type with an unnamed (mainframe) database vendor (not IBM), I was called to an organization that couldn't get their backups to restore. Seems they were taking month-end financial backups, and then at end-of-year restoring in order to run year-end reports.
After some poking around and detective work I discovered there was a disconnect between our backup software and the (DOS) tape management software (EPAT) they were using. The result of that disconnect is instead of writing database blocks to tape, it was writing unused buffers to tape.
I sadly told them there was no way to get that data back. I left quickly (and silently).
Had they ever tried a restore, they would have seen this in time to fix things.
BTW; 'fault' was in EPAT making assumptions on where data is being written from is the same location as where the DTF was pointing at OPEN, our software was using (legal) facilities to change that, post-OPEN.
Another story elsewhere under "Technology": https://www.bbc.co.uk/news/technology-55613452
"Stickers supposed to protect users against mobile-phone radiation have no effect, scientists have found."
Scientists! So it counts as science!
is a Catholic. (Scientists find.)
While lying in press releases and interviews is reprehensible, it’s not necessarily a crime. However, lying in presentations to people in order to pull in investment is.
And whenever those presentations result in one being elected into, and maintaining well paid public office?
All of them never lie to their real investors - who are not those voting for them. After all you put a piece of paper into the ballot box, not money. Those putting their money into politicians careers ensure they get what they wish - those who lie to them don't last long.
I thought that the Theranos concept was weird when it was first published and became a product, reading about it in the medical journals it seems that it would be fantastic if it could be made to work but there were a lot of issues. Holmes was working on a theory, employees were trying to get it to work and the investors were busy sell the concept of huge sums of money in the future even though the predictions of success were poor - but this irrelevant to Venture Capitalists.
It looks like Homes was just trying to make a good idea work that couldn't because her theory was weak, while the corporate money makers were doing their job and profiting nicely - so Homes was a criminal while the Venture Capitalists are heroes? As for the database backup issue - there are two classes of users in the world, those who have lost data, and those who are going to.
"Working on a theory" is fine, but lying through your teeth about the capabilities of your product isn't. And the core of the article is that the database destruction seems to be deliberate, with the intent of destroying evidence, rather than a simple "oops".
What reason would they have for dismantling their database system 3 months after a (not-yet-fulfilled) subpoena for it was issued, and then waiting until after the dismantling to discuss the need for the password, unless it was to make sure it was totally unreadable?
You can read the investigative reports. Tharanos were actively promoting an idea known to be un-workable. The perpetration of the fraud exends to everyone who understood the facts. That may include their lawyers and the board and the investorts, but someone has to be prosecuted first.
At the very least the judge can infer that to be so, and weigh it in passing the judgment.
But IT. Or the UK's interpretation where failure to hand over passwords can result in lengthy jail time, regardless of whether the dog ate the post-it note the password was written on many years ago. Then again, being able to plausibly deny remembering any way to access evidence that may be used against you is a bit of a problem.
I've vaguely dreaded this approach though. Back in probably 2008, a friend sent me a string of digits for this exciting new currency called 'Bitcoin'. I remember being a bit curious about it, and one snag was at the time, 1 coin was worth a fraction of $1. Or possibly a fraction of 1c. But it intrigued me, and I remember slapping a bitcoin miner onto my PC(s) to run as a variation on Seti@home.
But that was then. I vaguely remember stopping at 50, 500, or 5000 coins because they still were worth burger all, and it was taking longer to mine each one. Now, they'd come in rather handy, but the disks they would have been on are long, long, gone*. Which on the plus side, also means I don't have to try to figure out what any tax liability may have been & at what point in time any tax liability may have arisen. And I'm certainly glad that HMRC can't (currently) establish any liability given I've had zero benefit, other than wear & tear on some long junked fans.
*as in copying what I wanted to keep off the old disks, then drillng a few holes in those and giving them a good blast with a blow torch. Damn my diligent data deletion directive!
Isn't there a general principle - if you are asked to provide information, and you don't or can't, then the judge can legally assume that the information would hurt your case?
No, there is no such general principle, and nor should there be. Otherwise an adversary could simply request you to provide something they know you cannot provide in order to have a court shift to a presumption of guilt.
Cannot provide the receipt for the TV you bought 5 years ago? In that case you must have stolen it ...
I don't think the judge can assume info would be harmful. I do know that if the court tells you to present evidence (or to preserve specifice evidence in case it may be subpoenaed later on, like in a litigation hold) and you subsequently destroy the evidence, things will not go well for you.
While lying in press releases and interviews is reprehensible, it’s not necessarily a crime.
For companies it usually is, though there is leeway. Publically traded companies have to follows the rules of the SEC but even private ones can be held accountable by various agencies including, and probably most relevant here, the Food and Drugs Administration. Protecting patients should, hopefully, be considered more important than protecting investors.
"Protecting patients should, hopefully, be considered more important than protecting investors."...
LOL! Investors would roast children over an open fire if it would protect their investments. Certainly compromising patient's health for shareholder returns is not a problem.
Holmes should be ordered to decrypt the database and held for Contempt of Court until she does. Just like various password and locked phone cases.
N.B. I disagree with the basic concept of Contempt of Court in these cases but as long as it's there I can't think of a better defendant than Holmes to use it on. And it's not subject to bail.
Lost a password or lost a unguessable password? Perhaps the government should release the encrypted version and put a reward on cracking the encryption. Anyone up for using John the Ripper? https://github.com/openwall/john
This is the reason why I removed my name from a companies software. I thought they were going to get sued and would go after the patsy dba. Left the company to y2k work.
Even worse than that, my brain thinks, "Hmm, that's a word I'm sure I've heard before", and then realises that I was thinking of Thanatos, the ancient Greek personification of death.
Perhaps not the sort of connection that the name of a "healthcare" company ought to give you... Usually companies try to think through all the potential nuances that their choice of name might have, before they make a final decision on it.