Reverse hacker case gets costlier for Sandia Labs
On top of $4.7M jury award, post-judgment interest adds $60,000 a month
Computerworld - A wrongful termination lawsuit against Sandia National Laboratories that resulted in a jury award of more than $4.7 million in damages to Shawn Carpenter, a former security analyst at the organization, may be getting even more costly for the labs.
A district court judge in the state of New Mexico, where the case was heard, recently awarded 15% per year post-judgment interest on the original award as allowed under state law. The amended final judgment means that interest in the amount of almost $60,000 per month is accumulating while Sandia's appeal against the jury award works it way through the courts.
Following that judgment, "Sandia is posting a supersedeas bond in the amount of $5.8 million to cover a year and a half of interest and the judgment," Carpenter said. Such a bond allows Sandia to delay payment of a judgment until the appeals process is over.
"The purchase price of the bond is face value, plus additional fees, and guarantees that they will pay the judgment should the appeals fail," Carpenter said. "We are trying to find out who is paying for all of this. The answer is most likely the taxpayers," he added.
Sandia officials have said they intend to appeal the amended final judgment to the New Mexico Court of Appeals and, if necessary, to the Supreme Court of New Mexico.
A Sandia spokesman today said the organization would "take all steps necessary" to pursue its right of appeal in the case. "While Sandia respects the jury process, Sandia maintains that the verdict in this case was erroneous," the spokesman said in an e-mailed comment.
"Like all employers, Sandia must retain the ability to discipline its employees when they take action in violation of law, refuse supervisory instructions or act without authorization," he said.
The spokesman said Sandia officials could not comment further because of the ongoing legal proceedings.
Carpenter worked as a network intrusion detection analyst at Sandia. He was fired in January 2005 for sharing information related to an internal network compromise with the FBI and the U.S. Army. Sandia alleged that Carpenter had inappropriately shared confidential information he had gathered in his role as a security analyst for the laboratory.
Carpenter said he had done so only for national security reasons. He said his independent investigations of a May 2004 breach had unearthed evidence showing that the intruders who had broken into Sandia's networks belonged to a Chinese hacking group called Titan Rain, which also had attacked other sensitive networks and stolen U.S. military and other classified documents. He claimed that he had tried in vain to get the information to the other agencies through proper channels at Sandia before deciding to share the information on his own.
After getting fired, Carpenter filed a wrongful termination lawsuit against Sandia. In February 2007, a New Mexico jury awarded Carpenter a total of more than $4.3 million in punitive damages and more than $400,000 in other damages. During the trial, the jury heard testimony about how a Sandia official had told Carpenter he would've been "decapitated" or how there "would at least be blood all over the office" if Carpenter had been working directly for him.
After the verdict, Sandia filed several post-trial motions, including one that asked for a new trial and another that asked the judge to reduce the amount of the jury award.
"During the course of litigation, we made several settlement offers, and they ignored all of them," Carpenter said. "The one offer they made wasn't even worthy of consideration," he said.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts