Some Now Suggesting Cardinals Hack May Have Violated The Economic Espionage Act
from the uh-oh dept
After the revelation that the St. Louis Cardinals are being investigated by the FBI for hacking into the Houston Astros’ networks and grabbing a whole bunch of proprietary statistical and scouting data, much of the speculation centered around one or two rogue employees, who may have used old passwords to get into the Astros’ systems. Those systems had been set up by the Astros’ new GM, who was a former Cardinals employee and who presumably just reused his passwords. With that speculation in mind, the focus then turned to how the feds might look to use the CFAA to go after those employees for having committed a federal crime. All of that would be serious enough in and of itself, except some of the details coming out of the investigation and some of the expert opinions on which laws may be brought to bear are making all of this look much more serious than even most people’s first take.
Much of the speculation that only an employee or two will face punishment under the CFAA has taken the form of something like this, from Alexander Southwell, a cybersecurity expert for law firm Gibson Dunn.
Southwell said the most likely charge would involve violation of the federal Computer Fraud and Abuse Act. The Cardinals would be unlikely to face criminal charges unless it could be proven that the team, and not an employee or group of employees, was behind the act, Southwell said.
“The entity can’t be held responsible for the acts of rogue employees,” he said.
But not everyone agrees with that. Much in the way that Sarbanes-Oxley was constructed to keep high-level executives from shirking their responsibility for the actions of the businesses they oversee, there are laws on the books that could be used to go after the Cardinals’ leadership not only if they had direct knowledge of this alleged hack, but also if they should have known about it but didn’t. Serious negligence would have to be proven on the part of the higher-ups still, but the bar is lower. Here’s the take from Nathaniel Grow, an Assistant Professor of Legal Studies at the University of Georgia.
The alleged hacking may have also violated the Economic Espionage Act of 1996, which criminalizes the theft or misappropriation of trade secrets. The data allegedly accessed by the Cardinals would appear to satisfy the legal definition of a trade secret, which covers any information that provides a business with a competitive advantage over its competitors and is not generally known by the public (for example, the recipe for Coca-Cola). The Astros’ proprietary statistical analysis and internal scouting reports would almost certainly qualify as trade secrets under this definition. . . Under the EEA, anyone who steals, copies, or downloads someone else’s trade secret information without permission faces a monetary fine and possible jail sentence of up to 10 years in prison per offense.
Perhaps more significantly, however, the EEA would also potentially allow the government to charge the entire Cardinals organization with criminal activity. As Section (b) of the law provides, “Any organization that commits any offense described in subsection (a) shall be fined not more than $5,000,000.“ In order to charge the entire organization with criminal activity, however, prosecutors would likely have to show that high-level Cardinals executives were aware of the hacking, or at least should have known that it was going on. If that is the case, then the entire team could face criminal prosecution. But if the hacking were simply carried out by a few lower-level team officials, without the knowledge of any higher-ups, then any organization-wide criminal case would be unlikely.
Complicating all of this further is the combination of Major League Baseball’s antitrust status, which in part hinges on the notion that MLB acts as an umbrella organization under which the franchises operate. One of the questions that’s been raised is whether or not the EEA could be invoked in this situation due to that organizational architecture. After all, two different people might own McDonald’s franchises, but it would hardly make sense if one sued the other for stealing “trade secrets” when they’re both McDonald’s. Are the two teams competitors or are they different entities within the same organization?
Either way, the more that comes out, the more it’s becoming clear that the FBI has someone or some people in the Cardinals organization dead to rights. The question is going to end up being how many are punished and under what laws they are prosecuted.
Filed Under: astros, cardinals, cfaa, criminal, economic espionage, trade secrets
Companies: houston astros, major league baseball, st. louis cardinals
Comments on “Some Now Suggesting Cardinals Hack May Have Violated The Economic Espionage Act”
double standard?
It seems strange to me that such a law would exist, one where the leaders of an organization are held responsible if they should have known about egregious acts, for the private sector, but nothing similar for the public sector. Consider the somewhat recent case of Brennan denying knowledge of the CIA hacking senate staffers’ computers. Any reasonable person would agree the director of an agency should reasonably have knowledge of such actions and you’d think, or hope rather, that knowledge or not, he would be held responsible for those actions.
I know the cynics will echo “duh! and… ?” and the one in me would agree, but it’s still disheartening to see such an unabashed display of the dichotomy between government and private executives.
RICO?
How about using the RICO act against the Cardinals?
But seriously, to be equivalent to other people who did much lesser hacks, some people should be looking at possible sentences measured in decades.
Re: RICO?
I can’t see any need for the gov’t to be involved at all. Don’t these people sign NDAs? If not that, then isn’t this plain old theft by someone who’d transferred from one org to another? Why’re the feds even involved? Maybe they should instead go after the idiots who let the old login credentials stand after an employee left.
The administration is fond of plain-vanilla Espionage act prosecutions, so why not throw in an EEA prosecution to keep things lively?
Those were literally “trade’ secrets.
That would be an much less interesting question if they were both in the same league and thus literally competed with each other on a regular basis, but since they’re not, this becomes a bit tricky. But who says they can’t be both?
First FIFA now the Cardinals. No sports organization is safe from Obama’s justice department!
Stop wasting tax payer money sorting shit out between professional sports teams. Literally some of the most unimportant shit the FBI could be looking into.