IT Worker Loses Argument Justifying Sabotage

01-11-2018

The Fifth Circuit Court of Appeals recently upheld a trial court verdict against an employee who used his position to sabotage his employer’s computer network.

Michael Thomas was the IT operations manager for ClickMotive, a software company. When one of his co-workers was fired, Mr. Thomas deleted hundreds of back up files; tampered with the system’s notifications so that employees would not know of problems; interfered with back-up procedures, deleted internal “wiki” files that employees used; changed the authentication settings for remote desktops; and removed employees from the e-mail distribution groups so that requests for support were unanswered. ClickMotive had to pay $130,000 to repair the damage. Mr. Thomas resigned his employment.

A jury convicted Mr. Thomas of the Computer Fraud and Abuse Act (CFAA). CFAA makes it illegal to access or damage protected computers “without authorization” or “exceeding authorized access.” Mr. Thomas challenged the verdict, arguing that his conduct was not illegal because his IT position provided him full access to the system and empowered him to “damage” the system by deleting files or taking the system offline. Thus, any acts were not “without authorization.” The Fifth Circuit rejected this argument, finding that the statute’s prohibition against exceeding authorized access applies to insiders who go beyond the permission granted them in order to cause damage.