Reverse hacker case gets costlier for Sandia Labs
On top of $4.7M jury award, post-judgment interest adds $60,000 a month
Computerworld - A wrongful termination lawsuit against Sandia National Laboratories that resulted in a jury award of more than $4.7 million in damages to Shawn Carpenter, a former security analyst at the organization, may be getting even more costly for the labs.
A district court judge in the state of New Mexico, where the case was heard, recently awarded 15% per year post-judgment interest on the original award as allowed under state law. The amended final judgment means that interest in the amount of almost $60,000 per month is accumulating while Sandia's appeal against the jury award works it way through the courts.
Following that judgment, "Sandia is posting a supersedeas bond in the amount of $5.8 million to cover a year and a half of interest and the judgment," Carpenter said. Such a bond allows Sandia to delay payment of a judgment until the appeals process is over.
"The purchase price of the bond is face value, plus additional fees, and guarantees that they will pay the judgment should the appeals fail," Carpenter said. "We are trying to find out who is paying for all of this. The answer is most likely the taxpayers," he added.
Sandia officials have said they intend to appeal the amended final judgment to the New Mexico Court of Appeals and, if necessary, to the Supreme Court of New Mexico.
A Sandia spokesman today said the organization would "take all steps necessary" to pursue its right of appeal in the case. "While Sandia respects the jury process, Sandia maintains that the verdict in this case was erroneous," the spokesman said in an e-mailed comment.
"Like all employers, Sandia must retain the ability to discipline its employees when they take action in violation of law, refuse supervisory instructions or act without authorization," he said.
The spokesman said Sandia officials could not comment further because of the ongoing legal proceedings.
Carpenter worked as a network intrusion detection analyst at Sandia. He was fired in January 2005 for sharing information related to an internal network compromise with the FBI and the U.S. Army. Sandia alleged that Carpenter had inappropriately shared confidential information he had gathered in his role as a security analyst for the laboratory.
Carpenter said he had done so only for national security reasons. He said his independent investigations of a May 2004 breach had unearthed evidence showing that the intruders who had broken into Sandia's networks belonged to a Chinese hacking group called Titan Rain, which also had attacked other sensitive networks and stolen U.S. military and other classified documents. He claimed that he had tried in vain to get the information to the other agencies through proper channels at Sandia before deciding to share the information on his own.
After getting fired, Carpenter filed a wrongful termination lawsuit against Sandia. In February 2007, a New Mexico jury awarded Carpenter a total of more than $4.3 million in punitive damages and more than $400,000 in other damages. During the trial, the jury heard testimony about how a Sandia official had told Carpenter he would've been "decapitated" or how there "would at least be blood all over the office" if Carpenter had been working directly for him.
After the verdict, Sandia filed several post-trial motions, including one that asked for a new trial and another that asked the judge to reduce the amount of the jury award.
"During the course of litigation, we made several settlement offers, and they ignored all of them," Carpenter said. "The one offer they made wasn't even worthy of consideration," he said.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts