As the article (via @Law360) points out, Ex-Massey Exec Gets 42 Months In Mine Blast Case this Massey mining manager pleaded to “pre-notifying” about MSHA inspections (and conspiracy pertaining thereto). It’s interesting that, in his plea colloquy, he was was apparently careful and narrow, almost ascribing a business-culture source for the conduct:
“I’m sorry for what I’ve done — pre-notifying about mine inspections,” Hughart said at his sentencing, according to the Associated Press. “I grew up that way. I accepted it as common practice. I know better now, and I apologize.”
That kind of approach needs to be handled gingerly, though. The larger case landscape is important for sentencing considerations (implicitly, if not explicitly):
Hughie Elbert Stover, Massey’s former security chief, was sentenced to three years in prison in February 2012, after being convicted of lying to members of the FBI and the MSHA as well as directing the destruction of security-related documents in order to stymie the investigation into the causes of the mining disaster.
In March 2012, former mine superintendent Gary May pled guilty to charges that he hid from federal investigators hazards at the Upper Big Branch mine such as excessive coal dust piles and poor air flow. The disaster killed all but two miners working in the mine, making it the worst mining accident in the U.S. since 1972.
The combination of the deaths of the miners; the document-destruction; and the false statements was overwhelming.
Here’s another take (via @WSJ): Former Massey Coal Executive Sentenced to Prison
Here’s a story (via @nytimes) about how the border is a back door for device searches.
There is, of course, a “border exception” to the Fourth Amendment, a constitutional doctrine that came of age when national physical borders were also, usually, information-borders as well. Although the discussion in the article takes place in the national-security context, it’s worth American companies giving more careful thought to how they address the way their executives and employees work and travel. Employees usually love using their own devices and storing company data in ways that are readily accessible to and productive for them.
At the border, though, all that corporate data is free game.
As the article notes:
TECS is a computer system used to screen travelers at the border, and includes records from law enforcement, immigration and antiterrorism databases. A report from the Department of Homeland Security about border searches of electronic devices says a traveler may be searched “because he is the subject of, or person-of-interest-in, an ongoing law enforcement investigation and was flagged by a law enforcement ‘lookout’ ” in the Immigration and Customs Enforcement computer system.
For now, the law remains murky about any limits on intrusive border inspections, including how long travelers can be detained, whether they are required to provide passwords for their devices . . . and whether they must answer any question an agent asks. Responses may be recorded in a traveler’s TECS file and shared with other government agencies.
Detention is an inconvenience. To answer (or not answer) an agent’s question is another matter entirely, one that implicates both the company’s legal exposure and the individual’s Fifth Amendment rights.
If you find yourself in a lawsuit or prosecution based on a seizure at the border, it’s worth asking for this document from ICE:
Generous comments from Professor Michael Greve at Liberty Law Blog:
You can follow much of the current action [regarding banking and regulation] on WhiteCollarWire, which provides sage advice to bankers and, indeed, any American citizen: “Don’t read us because you’re a criminal. Read us because, some time or other, someone may think you are.” (In addition, the site provides fine literature reviews and martini recipes.)
From The Wall Street Journal Risk & Compliance blog (and Samuel Rubenfeld @srubenfeld): Good news for corporate compliance officers whose officers or employees lie to them or mislead them: SEC Stands Up For Compliance Officers
The Securities and Exchange Commission took the side of compliance officers — after a Colorado-based investment adviser was caught lying to one.
Earlier this week, the SEC said its own probe found that Carl Johns, an investment adviser in Louisville, Colo., concealed several hundred trades in his personal accounts after failing to report them by altering brokerage statements and other documents. He later created false documents that purported to be pre-trade approvals, and misled his firm’s chief compliance officer in her investigation into the trading.
Mr. Johns agreed to pay more than $350,000 and be barred from the securities industry for at least five years, the SEC said. The case is the SEC’s first made under a rule of the Investment Company Act that prohibits misleading and obstructing a chief compliance officer.
“Compliance officers should be happy that this case was brought because it will help them fulfill their duties,” said Stephen M. Quinlivan, a shareholder of law firm Leonard Street and Dainard. “If people do lie to them, the SEC’s not going to stand for it.”
Mr. Quinlivan said he believes that the SEC has generally stepped up its examinations of investment advisers, particularly when it comes to hedge funds and private equity.
If a good compliance officer is being lied to, the SEC “could certainly” bring a similar case, Mr. Quinlivan said.
Of course, if you’re a compliance officer and the SEC thinks you’re the one lying or misleading — or just being willingly duped — that’s another problem.
Five years of a court-appointed monitor for Apple is “lighter” than 10 years, true — DOJ Suggests Lighter Penalty for Apple — but it’s still a long time
From @WSJRisk, see this white-collar corruption roundup — WSJ Risk and Compliance Corruption Currents — and especially the bribery section. Very useful for organizations with global concerns.
From Professor Susan Brenner at Cyb3rCrim3: Once again, in a dispute between a company and a former employee — The Shit-Canned Laptop — under the federal Computer Fraud and Abuse Act, the federal district court finds that the narrow interpretation of “exceeds access” is the appropriate understanding of the statute. The court in Dresser-Rand Co. v. Jones, 2013 WL 3810859 (2013), recognized a
split between what is cast as a broad versus a narrow interpretation of the term `without authorization.’ Under the narrow view, an employee given access to a work computer is authorized to access that computer regardless of his or her intent to misuse information and any policies that regulate the use of information. . . .
Under the broad view, if an employee has access to information on a work computer to perform his or her job, the employee may exceed his or her access misusing the information on the computer, either by severing the agency relationship through disloyal activity, or by violating employer policies and/or confidentiality agreements. . . .
The lesson seems to be that, in many such situations, the best option is for the aggrieved company to proceed foremost under trade-secrets and state-law theories, rather than the hybrid criminal/civil structure of the CFAA.
In an era of flat or barely budging general-counsel or risk-management budgets, the question of Balancing Budgets and Growth, especially for a multinational company, can be brutal. Creating a compliance structure that looks cool on paper (or digitally) is one thing; testing actual performance is another. As in most areas that test human willfulness and weakness against human laws, only the overriding culture and ethos will save the day (or cause the day to fail).
For companies in disputes with former employees, like this: Korn/Ferry, CFAA and Trade Secrets the best approach may be a trade-secrets claim, not the Computer Fraud and Abuse Act.
This is a compelling question: FCPA Professor on Trust in the Corporation
Can a culture of trust — of honor — work better as a corporation’s FCPA defense than a labyrinth of rules? This is not merely a “tone at the top” kind of question. Rather, it requires a commonly-shared landscape of what is honorable conduct; a handful of commonly-shared principles of comportment; everyone’s understanding that this system works to the benefit of all; and a single-sanction intolerance for whatever wanders outside that ethical landscape.
Even if the honor-culture is more effective than checking-off-the-boxes in your department’s compliance template, how does a company in an FCPA case defend the honor-culture to investigating Government agents and lawyers? Won’t they desire to see how many boxes were (or were not) checked?