Feeds

back to article Woman sentenced for breaching former employer's PCs

A California woman has been sentenced to 60 days home detention and a year of probation for breaching the mail system of a former employer and posting confidential company documents to public websites. Ming Shao, who was 44 years old according to court documents filed last week, pleaded guilty to one count of felony computer …

COMMENTS

This topic is closed for new posts.

The value of stolen information

I can't believe people still equate illegally copying data with theft. Unless she somehow took the only copy in existence...?

2
8
Bronze badge

Theft of Service

If I get into a taxi and don't pay what crime would you say that was. He still has the taxi. Would say thats not a form a theft. Theft in the state of California is defined as taking some thing which does not belong to you.

3
1
Bronze badge
Unhappy

Well, legally, maybe, it ain't theft....

...but I can assure you that there have been several occasions when people have just cut'n'pasted the words from one of my websites and published it as their own. When you find that, it damn well FEELS like someone's stolen something from you.

4
1
Silver badge

@Adam White

...it helps if you can read. So, my words may be wasted...

This case is not about a copy right issue or theft but company secrecy. She published confidential information and in doing so prevented some business from taking place and hence the damage.

2
0
Stop

Simple...

..it's called potential loss of business.

If a potential customer realises that a) your trading figures are really low and may go bust, or b) you are being shafted, there is every chance that a potential customer will pull out and deal with someone else.

Run your own business, publish how much profit you make from each customer in detail, combined with detailed losses and gains and see how long you last.

1
1
Anonymous Coward

Knowledge has no value?

It's not that it was illegally copied; it's that the information has value. If two companies are bidding on a contract, then the internal discussions of one are likely to be very interesting to the other. They have value, in that the information could be sold; and they also have value because making it public may cause the company to lose a contract. In this case, it looks like the publication of the information that she illegally obtained and published was an important factor in causing her former employer to lose a customer.

She said that she did it to get revenge. If the information didn't have financial value (the ability to cause financial damage) then how was it going to give revenge?

1
0

Not the value of 1's and 0's

It's the financial impact of what she has done with those 1's and 0's

0
0
Bronze badge

It's not the physical value of the data that's the problem....

...it's the value of that data to the company. For example a copy of a text file containing an innocuous list of part numbers isn't worth as much as a copy of a text file containing customer details and their order details.

0
0
Anonymous Coward

Computer crime valuation is pants anyway.

Well, in the sense that it's taking something that isn't yours, it is theft. But you're right that "stealing" a copy doesn't deprive the owner of the "original". But then you might realise that the information could be worth most when nobody else has it, or when it remains unused, and the picture gets all murky again. This is the stuff spying is made of and it's rather hard for most people to wrap their heads around.

The valuation part is just as much crap. Parallels with drug crime come to mind, where large captured hauls' worth is invariably calculated on the diluted retail "street" price by the cops, probably adding a nice fat law enforcement "look how successful we are being!" fudge factor, conveniently forgetting wholesale wouldn't get even half that, which is strangely accepted practice on the legal side of things.

On the computer-y side of things the numbers come from hiring the most expensive and incompetent consultants to "clean up", racking up as big of a bill as they can, which is then put on the convicted's tab. Normally you'd get a chance to fix it yourself or have someone of your choice fix it for you before the other side would do that, but not here. Leaving the why aside, it does mean the numbers are bunk again.

Here, the curiously specific restitution sum might be because that one "between $30k and $50k" valued deal fell through after the negotiation deals leaked, but who's to say the deal wouldn't've fallen through later on? Negotiations are fickle like that.

So again without knowing much more detail I can't tell wether the values are reasonable, or as is more likely, made up out of hot air. If there's one thing we know about the US justice system it's that monetary figures tend to go asplode at the drop of a hat and small companies and individuals will be more than likely unable to meet the orders. As such $25k seems not terribly low but for someone with a reasonable tech worker's salary not insurmountable either. But then there'll be the legal bills.

0
0
Headmaster

@Adam White: Convenience

Illegal copying of data or theft, which would you prefer to type or say?

Apart from that one semantic issue of it not being the only copy, theft is nigh on identical in intended meaning.

Also, the dodgy brand of file sharing would come in under the illegal data copying flag, which this most certainly needs to be distinguished from.

Data theft, anyone? Or, for the William Gibson fans, cybertheft?

0
1
Headmaster

Incurring a debt

"If I get into a taxi and don't pay what crime would you say that was[?]"

Uh... theft (and possibly fraud). You incur a debt for the cab driver's time - that's what you're paying for. You're not leasing the cab, you're paying the driver for a service. Unless you have some way of giving the cab driver the minutes of his life you've used up, you have to pony up the cash. Same as if you go into a restaurant, eat a meal then stick two fingers down your throat and puke it up all over the table. Every atom of the original meal may be pebble-dashed over the tablecloth but you still owe for the meal and the service.

2
1
Silver badge
Unhappy

Must be a first: Underpants fitted with hard drive!

If she was technical enough to have pulled a hard drive she should have used a USB memory loaded with Portable Firefox and then there wouldn't be much to look at on the rest of the computer.

Better still, just keep the OS on the hard drive and use USB hard drives for everything else.

1
0
Bronze badge

USB?

If you were really looking to hide the data you would use some micro SD cards or similar which you would colour code so that you knew which one to swallow when the door burst in. The capacity of these now is quite phenomenal and more than enough for a few confidential documents.

Not that I have done anything like this you understand, but if you don't have the imagination to think of this then how will you plan to stop it.....is my defence.

Now, do I Anon this........ah what the heck, it's not like I'm anywhere they can find m

2
0

Pants != underpants in USA

Bear in mind that "Pants" in the US usually means "trousers".

1
0
WTF?

Yeah...

Yeah 'cus the FBI aren't going to take all her USB drives with them, are they?

Although, they would be easier to hide, but then again, most people don't get tipped off if they're about to be searched.

0
0
Joke

Re: Pants != underpants in USA

Damn, you spoiled my erotic fantasy ... :(

0
0
Bronze badge
FAIL

TL;DR

If you fire someone, you delete their access codes IMMEDIATELY, preferably before they've left the building!

2
1
Jobs Horns

A Cupertino resident?

She can be glad she didn't work at the big Cupertino company. They'd have her dragged out and shot with a glossy white .22 :p

2
1

Is she allowed out to buy food?

Or is that one of those coy US death sentences, like Megan's Law?

Nick data: local paper.

Stick hard drive down your knickers: global infamy.

Not that the world's media are shallow or anything.

1
0
Silver badge
Alert

@Tron

I think this is US "pants", i.e. trousers, slacks etc, rather than UK "pants", i.e. knickers, briefs (or in the US vernacular "panties"). Unorthodox, but not quite so kinky.

If it was her undergarments, I would hope it was a 2.5" drive rather than a 3.5". Ouch.

1
0
Coat

Wait for it...

Axing always results in a breach.

0
0
FAIL

PanTerra security?

I hope PanTerra have also learned the importance of securing email accounts when employees leave (especially when they are fired).

0
0
FAIL

Party tricks?

To quote the article “After several minutes of silence, Shao reached into her pants and pulled the hard drive out.”

A real woman would have hidden it in her bra, hence "rack mounted storage"...

I'll get my coat...

1
0

@Adam White

You haven't stolen the only copy in existence. However you *have* reduced the value of the information - a trade secret may become worthless once your competitors get it, or other information may create other risks which damage the company.

For something which might work for you, suppose I illegally took a copy of your credit card details and posted them on the web. All I've done is copy a string of numbers - but the result is not going to be fun for you...

0
0
Bronze badge
Stop

@Graham Bartlett @Adam White

If all you did was make a copy of my credit card number, then you have done no harm at all. The real crime would be in making use of that number, or selling it on. The former is fraud, and the latter is something specific, which slips my mind, but neither is theft.

I would imagine that skipping out on a cab, or a restaurant bill would technically constitute breach-of-contract, again definitely not theft.

0
1
Boffin

@The First Dave

"If all you did was make a copy of my credit card number, then you have done no harm at all. The real crime would be in making use of that number, or selling it on."

Sooooo...if I had you CC info, banking info, etc and posted it all over the web, but did not use it for financial gain you would be OK with it? Please...feel free to post it all here. Surely no one would use it for any personal gain. The point is that this would put you in a bad position and increase the likelihood that a fraud was committed against you. Same thing when a financial company allows records to be compromised and peoples' account info, tax info, mother's maiden name, etc. goes into the wild.

In the case here, while she did not gain financially herself, she did cause potential harm to the business when she posted confidential info that customers and competitors could access, and she certainly intended it to cause the company harm.

2
1
Flame

letters and/or digits

"...had access to two employee email accounts for months following her dismissal..."

Feckin WHAT? PanTera ought to be fined right there too. In fact I'd even say there was a case for a dumbo defence: "My account still worked, so I thought it was OK..."

I'm not condoning what she did, but people that fail to secure their networks - especially in a case where there's likely to be a beef - deserve every damn thing they get.

1
0
Thumb Up

If she had used a USB stick...

She could have hidden it properly.

Just sayin'

2
0

Jail .

She got off too light. Should have got jail time, first offense or not.

0
0
Bronze badge

@The First Dave

I would imagine that skipping out on a cab, or a restaurant bill would technically constitute breach-of-contract, again definitely not theft.

How is that not theft . You ate the food it's gone. You took some thing physical with out permission and can not give it back. Explain how that is not. For the taxi cab what you stole was time and fuel.

0
0
Joke

is there a hard drive with stolen data in your pants or ...

are you pleased to see me.

0
0
This topic is closed for new posts.