In this paper, I will discuss the TechFite case study. We will discuss the Computer Fraud
and Abuse Act and the Electronic Communications Privacy Act and
... [Show More] certain aspects of this case
study that violated these Acts. Next we discuss a few laws/ regulations/ legal cases that show that
legal action is justified in this case study. Then we will discuss two instances in which due case
C841 Task 1 3
was lacking. Next, we will describe how the TechFite case study show example of TechFite
employs breaking the rules of SOX Act. After that, we will show detailed activity that warrants
criminal action, and who was complicit and who was just a victim. We will then explain how
existing cyber security policies and procedures failed to prevent the criminal activity. Lastly, we
will show claims for negligence, who was complicit and who was a victim, and how current
policies and procedures failed to prevent the negligence.
A. Application of Law
A1. CFAA & ECPA
The Computer Fraud and Abuse Act (CFAA), was originally enacted in 1986 by the US
Congress (Freeman, 2017). It has since been amended many times. This act criminalizes actions
like knowingly accessing a computer without authorization and accessing a computer with the
intent to obtain anything with the value of over $5,000 within a year (Freeman, 2017). This act
was broken when employees like Sarah Miller for the Business Intelligence Unit used dummy
admin accounts to access restricted information from the legal, HR, and finance departments.
This is a violation of the CFAA. The CFAA was also broken when fake companies were used to
move money into TechFite’s accounts. Based off the information in the case study, Carl Jaspers
sold proprietary information from at least two companies after having signed an NDA.
The Electronic Communications Privacy Act (ECPA) was also enacted in 1986 by the US
Congress (Epic, N.D.). This act helps people have a right to their privacy from other individuals
and the government, except in certain situations. This act criminalizes actions like intercepting
electronic communications (Epic N.D). This is the section of the act that was broken by
employees at TechFite. The Metasploit tool was found to be used by Business Intelligence staff.
They penetrated into other companies’ networks without permission. This is a violation of the
ECPA.
A2. Three Laws/ regulations/ legal cases that justify legal action
The first case that justifies legal action is case that happened at Intel in 2008.
Biswamohan Pani was sentenced to three years in jail for stealing trade secrets from Intel to take
to his new job at AMD (FBI, 2012). Pani illegally downloaded trade secrets from Intel on his last
few weeks at work, and lied to them about where he would work next. Once Intel learned he was
going to their competitor they started looking at his activity and noticed the large amount of files
that were downloaded (FBI, 2012). This case shows that the actions of Carl Jasper were criminal.
We signed an NDA with companies and then stole their proprietary information and trade secrets
to sell them to their competitors. Carl Jasper knowingly and illegally took property that did not
belong to him.
In the TechFite case study, Carl Jasper also violated the Economic Espionage Act. The
Economic Espionage Act of 1996 makes the theft of trade secrets a federal crime (LaMance,
2018). The act specifically makes the transmission of company trade secrets illegal if
authorization is not obtained from the owner (LaMance, 2018). Carl Jasper knowingly and
illegally sold trade secrets of Orange Leaf Software LLC without their authorization. This was in
direct violation of the Economic Espionage Act.
C841 Task 1 4
Another case study that shows the criminal actions of Carl Jaspers is Jawbone Vs. Fitbit.
Six current and former employees were charged with stealing confidential intellectual property
from Jawbone. All six Fitbit employees were former Jawbone employees (Moon, 2018). Fitbit
was cleared from using the intellectual property, but the six employees were all charged. These
six employees were all found to have confidential intellectual property of Jawbone on their
computers (Moon, 2018). While Carl Jasper had legally obtained the information via the
questionnaire, he was not allowed to distribute it of sell it without permission. After companies
like Orange Leaf Software decided not to use TechFite their trade secret showed up in their
competitors software. Based off the payments and tracking of activity, Carl Jaspers illegally sold
or gave away this confidential intellectual property.
A3. Duty of Care
Duty of care is a legal obligation that is to be upheld by an individual to adhere to a
standard of reasonable care when their actions could bring harm to others. Two distinct instances
in which duty of due care was lacking in the TechFite case study are as follows in the examples.
The first instance of a lack of duty of care was TechFite’s lack of security and separation of
sensitive and proprietary information of their existing clients. TechFite had no plan or method of
safeguarding and segregating this data. The second instance of a lack of duty of care is the
absence of internal controls in the Business Intelligence Unit. Auditing user’s accounts, checking
for escalation privileges, enforcing data loss prevention, and monitoring internal traffic was not
being done by IT staff in the Business Intelligence Unit. The company failed to protect and
secure the information that could cause the most harm to its clients.
A4. SOX
SOX (Sarbanes-Oxley) Act was quickly passed in 1992 after Enron was being
investigated for fraud. The law hold upper level management like CEOs, CFOs, and the board of
directors accountable for their companies financial misleading’s (Smartsheet, 2019). According
to SOX, a public company must establish and comply with internal controls of financial data.
This is to ensure the integrity of the financial annual report (Smartsheet, 2019). This was clearly
violated at TechFite. Staff in Business Intelligence Unit had access to all of the data of the
financial department. TechFite exhibits a clear lack of controls and auditing over their financial
information. This is in direct violation of Section 302 of SOX. Staff from the Business
Intelligence Unit was also violating section 802 of SOX. The case study indicates that they were
examining financial and executive documents. It can be deduced that they were altering financial
records in order to conceal payments from Freeworkers Bank.
B. Legal Theories
B1a. Who committed criminal acts and who were victims
In this section, we will cover who committed criminal acts, what laws they violated, who
the criminal acts hurt, and who were victims. According to the case study, Carl Jaspers
committed criminal acts while at TechFite. Jaspers violated trade secret laws when he stole
proprietary information from multiple companies. He also was complicit in violating the SOX [Show Less]