Reverse hacker case gets costlier for Sandia Labs
On top of $4.7M jury award, post-judgment interest adds $60,000 a month
Computerworld - A wrongful termination lawsuit against Sandia National Laboratories that resulted in a jury award of more than $4.7 million in damages to Shawn Carpenter, a former security analyst at the organization, may be getting even more costly for the labs.
A district court judge in the state of New Mexico, where the case was heard, recently awarded 15% per year post-judgment interest on the original award as allowed under state law. The amended final judgment means that interest in the amount of almost $60,000 per month is accumulating while Sandia's appeal against the jury award works it way through the courts.
Following that judgment, "Sandia is posting a supersedeas bond in the amount of $5.8 million to cover a year and a half of interest and the judgment," Carpenter said. Such a bond allows Sandia to delay payment of a judgment until the appeals process is over.
"The purchase price of the bond is face value, plus additional fees, and guarantees that they will pay the judgment should the appeals fail," Carpenter said. "We are trying to find out who is paying for all of this. The answer is most likely the taxpayers," he added.
Sandia officials have said they intend to appeal the amended final judgment to the New Mexico Court of Appeals and, if necessary, to the Supreme Court of New Mexico.
A Sandia spokesman today said the organization would "take all steps necessary" to pursue its right of appeal in the case. "While Sandia respects the jury process, Sandia maintains that the verdict in this case was erroneous," the spokesman said in an e-mailed comment.
"Like all employers, Sandia must retain the ability to discipline its employees when they take action in violation of law, refuse supervisory instructions or act without authorization," he said.
The spokesman said Sandia officials could not comment further because of the ongoing legal proceedings.
Carpenter worked as a network intrusion detection analyst at Sandia. He was fired in January 2005 for sharing information related to an internal network compromise with the FBI and the U.S. Army. Sandia alleged that Carpenter had inappropriately shared confidential information he had gathered in his role as a security analyst for the laboratory.
Carpenter said he had done so only for national security reasons. He said his independent investigations of a May 2004 breach had unearthed evidence showing that the intruders who had broken into Sandia's networks belonged to a Chinese hacking group called Titan Rain, which also had attacked other sensitive networks and stolen U.S. military and other classified documents. He claimed that he had tried in vain to get the information to the other agencies through proper channels at Sandia before deciding to share the information on his own.
After getting fired, Carpenter filed a wrongful termination lawsuit against Sandia. In February 2007, a New Mexico jury awarded Carpenter a total of more than $4.3 million in punitive damages and more than $400,000 in other damages. During the trial, the jury heard testimony about how a Sandia official had told Carpenter he would've been "decapitated" or how there "would at least be blood all over the office" if Carpenter had been working directly for him.
After the verdict, Sandia filed several post-trial motions, including one that asked for a new trial and another that asked the judge to reduce the amount of the jury award.
"During the course of litigation, we made several settlement offers, and they ignored all of them," Carpenter said. "The one offer they made wasn't even worthy of consideration," he said.
Read more about Security in Computerworld's Security Topic Center.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!