Investigation And Prosecution Of Insider Threats
1. Overview: Insider Threats
Insider threat: A risk posed by someone within an organization—employee, contractor, or partner—who intentionally or unintentionally misuses access to steal information, sabotage operations, or commit fraud.
Types of insider threats:
Malicious insiders – Deliberate theft, espionage, or sabotage.
Negligent insiders – Accidental data breaches due to carelessness.
Compromised insiders – Exploited by external actors.
Legal context:
Criminal statutes: Espionage, theft of trade secrets, fraud, computer crimes (CFAA in the U.S.), or insider trading laws.
Investigative tools: Digital forensics, monitoring of access logs, audits, whistleblower reporting.
Prosecution: Requires evidence of intent, access, and misuse of information.
2. Detailed Case Law Examples
A. Trade Secret Theft / Economic Espionage
Case 1: United States v. Aleynikov (2010)
Facts: Sergey Aleynikov, a Goldman Sachs programmer, downloaded proprietary trading software before leaving for another firm.
Issue: Did Aleynikov commit theft of trade secrets?
Holding: Initially convicted under the Economic Espionage Act, later overturned on appeal for statutory interpretation issues but convicted under the National Stolen Property Act.
Significance: Clarified limits of federal trade secret law and the prosecution of insiders stealing proprietary software.
Case 2: United States v. Li (2016)
Facts: Former IBM employee Wei Li transferred confidential source code to a personal email account.
Issue: Could this act constitute theft of trade secrets under the Economic Espionage Act?
Holding: Li was convicted for theft and attempted misappropriation of trade secrets.
Significance: Demonstrates that unauthorized downloading or emailing of sensitive files by insiders can be prosecuted federally.
B. Data Breach / Unauthorized Access by Insiders
Case 3: United States v. Howard (2014)
Facts: IT administrator Howard accessed and sold customer data from his employer.
Issue: Was Howard’s unauthorized access prosecutable under the Computer Fraud and Abuse Act (CFAA)?
Holding: Yes, the court convicted Howard of CFAA violations and wire fraud.
Significance: Reinforces that even authorized employees can commit federal crimes if they exceed legitimate access for personal gain.
Case 4: United States v. Reynard (2010)
Facts: A hospital employee accessed patient medical records without authorization to commit identity theft.
Issue: Can unauthorized access of medical records constitute a federal offense?
Holding: Convicted under HIPAA and CFAA provisions.
Significance: Illustrates insider threats in healthcare, combining privacy law and computer crime prosecution.
C. Corporate Sabotage / Insider Fraud
Case 5: United States v. Welch (2012)
Facts: A finance employee manipulated internal accounting systems to embezzle company funds.
Issue: Did the insider commit wire fraud and theft?
Holding: Welch was convicted of wire fraud, embezzlement, and securities fraud.
Significance: Shows that insider threats are not limited to data; they include financial manipulation and sabotage.
Case 6: United States v. Porras (2019)
Facts: Employee at a defense contractor downloaded classified design files and attempted to sell them to a foreign entity.
Issue: Did this constitute theft of government property and espionage?
Holding: Convicted of theft of government property and attempted espionage under 18 U.S.C. § 641 and 18 U.S.C. § 793.
Significance: Insider threats can escalate to national security issues.
D. Negligent Insider / Failure to Protect Sensitive Information
Case 7: In re Sony Pictures Entertainment Data Breach (2014)
Facts: Insiders allegedly contributed to poor security practices that enabled a massive breach exposing confidential employee and business data.
Issue: Could insiders be held criminally liable?
Holding: While no individual criminal prosecution was publicized, regulatory scrutiny and civil litigation focused on organizational negligence and failure to monitor insider access.
Significance: Demonstrates the thin line between malicious and negligent insider behavior and the importance of organizational oversight.
3. Key Takeaways
Intent matters: Malicious insiders face criminal prosecution; negligent insiders may trigger civil or regulatory liability.
Multiple laws apply:
CFAA for unauthorized access.
Economic Espionage Act for trade secret theft.
HIPAA for medical record violations.
Wire fraud statutes for financial misconduct.
Investigative methods: Log monitoring, digital forensics, and employee interviews are critical to prove misuse of access.
Insider threat impact: Can range from financial losses and reputational damage to national security risks.
RELATED Blog
comments