Last week, the Wall Street Journal Law Blog wrote about a recent New York ethics opinion approving legal advertising on Groupon and other group coupon sites.  These services allow consumers to pay one price up front for a service that is more valuable. A restaurant, for example, may offer a $50 meal for $25 that is paid immediately. An attorney, like this one, for example, may offer to provide a will for $99.  New York wasn’t the first state to weigh in on the issue--South Carolina has, too--and it probably won’t be the last. 

Listen up, all you internet users (which is basically everybody but my mother, who still views the Internet as the work of the devil, and will quote from the book of Revelation in support of her theory).  Three bills you need to be aware of, because they may change the way you view (or more correctly, the way you are allowed to view) the Internet.  and from what I’m reading, there are some pretty darned big sites and companies that are ready to either “go dark” in protest (Wikipedia, for example, which is where I do most of my legal research) or lend a big supporting hand to the protests of the current bills being considered (Google is one – who can live a day without Googling something?  I mean for cryin’ out loud the Company has made itself into a verb!!).  Those bills are:

In the wild, wild west of the internet, it looks like the Federal Trade Commission is saddling up to play the role of sheriff. On November 29, 2011, the FTC announced its proposed settlement of claims against the social networking goliath, Facebook. (By the way, you can read about it on the Commission’s Facebook page. http://www.facebook.com/federaltradecommission?v=wall.) The settlement resolves an eight-count administrative complaint charging Facebook with misleading their users by telling them they would protect the privacy of personal information, but repeatedly allowing that information to be shared with third parties or made public without the users’ knowledge or consent.  (In the matter of Facebook, Inc., File no. 092 3188.) Coming on the heels of the FTC’s March 2011 settlement of charges that Google, Inc. violated its own privacy promises to consumers when it rolled out its social network site, Google Buzz (In the Matter of Google, Inc., File no. 102 3136), the Facebook case demonstrates the agency is willing to use consumer protection laws to “make sure companies live up to the privacy promises they make to American consumers.” http://ftc.gov/opa/2011/11/privacysettlement.shtm.)

This week, the FDIC and SEC approved the Volcker Rule and released a draft for public comments.  Bank regulators will have to solidify the Rule in the coming months, as the Rule is set to take effect in July, 2012 – although banks would have three years to comply with the Rule. 

California Insurance Commissioner Dave Jones announced August 19, 2011 that Susana Ragos Chung, 60, a Los Angeles area based attorney has been sentenced in Alameda Superior Court for Insurance Fraud. Chung entered pleas of no contest on two felony counts for violations of Section 549 of the Penal Code, recklessly submitting fraudulent insurance claims. She was sentenced to five years formal probation and to also pay $117,561 in restitution to insurance companies for 15 separate fraudulent claims. In addition, she was ordered to pay $235,123 to the state restitution fund. Chung agreed to place herself on inactive status with the California State Bar pending its mandatory investigation into her criminal conduct, which may result in her disbarment.

In August 2003, the California Department of Insurance (CDI), Benicia Regional Office, Fraud Division, Urban Auto Fraud Task Force initiated an investigation known as "Phantom Menace" into organized automobile insurance fraud in the Bay Area. The Task Force included Investigators from the California Highway Patrol, and Alameda and San Francisco County District Attorney's Offices. As a result of the information and evidence gathered by the Task Force CDI began an undercover investigation in July 2004, which included contacting numerous auto body shops, medical offices and law offices.

Task force members were able to infiltrate a sophisticated auto fraud organized crime ring operating in the Bay Area. This ring was working with law offices in the Los Angeles area. One of these law offices was owned and operated by Chung. In November 2004, task force members acting in undercover capacities were solicited to participate in staged collisions. Numerous collisions were staged and undercover officers were referred to auto body repair shops, medical offices and law offices in an effort to file false automobile insurance claims and secure substantial bodily injury claim settlements.

Between 2003 and 2007, Chung participated in this fraud ring by submitting insurance claims for suspects who staged these collisions for profit. Chung represented the claimants who were allegedly "injured" in these fake collisions. The majority of the people she represented never met her, and many did not even know they had an attorney. Nearly 100 people have been convicted in Alameda County over the last several years as part of this conspiracy, including more than 90 staged collision participants, and three chiropractors. The majority of the participants in these staged collisions readily admitted to law enforcement that no accident had ever occurred.

I understand that California jails are crowded and criminals are being let loose to ease the crowding but running a major fraud ring, in the opinion of ZIFL, requires some real jail time and seizure of the guilty lawyer’s assets. Mr. Jones should not be bragging about this result he should be complaining that the court is being too kind.

From Zalma's Insurance Fraud Letter, September 1, 2011 available free at – http://www.zalma.com/ZIFL-CURRENT.htm.

Arturo Fonseca, 47; Isis Torres, 37; Francisco Portillo, 41; Eduardo Romero, 44; and William Madrigal, 56, five South Floridians pleaded guilty in Miami federal court to their roles in a massive Medicare fraud scheme.

Fonseca, Torres, Portillo, Romero and were among 26 suspects in three states indicted in December 2009 on charges of running the scheme that totaled $61 million, according to the U.S. Department of Justice. At the plea hearing, Fonseca admitted to being an owner and operator of Courtesy Medical Group Inc., a purported medical clinic in Miami. According to court documents, Courtesy provided medical documents so that the home health agencies could bill the Medicare program for expensive home health services and therapy for beneficiaries that did not need and in some cases did not receive the treatments. According to the indictment, approximately 344 prescriptions were issued through Courtesy and signed by Fonseca’s co-defendant, Dr. Fred Dweck. As a result, the Medicare program was fraudulently billed approximately $16.6 million for home health services.

According to plea documents, Romero admitted to being a patient recruiter for ABC Home Health Care Inc., and Florida Home Health Care Providers Inc., two Miami-area home health care agencies. Romero admitted that in his role as a patient recruiter, he would solicit and receive kickbacks and bribes from the owners of ABC and Florida Home Health in return for providing Medicare beneficiaries that the home health agencies could use to bill the Medicare program for unnecessary home health care services. Romero also admitted to paying kickbacks and bribes to the owners and operators of Courtesy in return for the prescriptions for unnecessary home health care services.

Medicare was billed approximately $391,593 for home health care services that were not medically necessary or were not rendered for the patients recruited by Romero and one of his co-defendants. The owners and operators of ABC and Florida Home Health pleaded guilty in a separate case and are awaiting sentencing.

According to plea documents, Portillo and Torres were nurses and falsified patient files for ABC and Florida Home Health to make it appear that the patients qualified for home health care services, when they did not and in some instances never received any treatments. According to court documents, Portillo was responsible for approximately $142,000 in fraudulent Medicare billing and Torres was responsible for approximately $528,400 in fraudulent Medicare billing. According to plea documents, Madrigal, a Medicare beneficiary, admitted that he solicited and received kickbacks and bribes in return for allowing ABC and Florida Home Health to bill Medicare for home health care services for which he did not qualify. Madrigal admitted that as a result of his role in the scheme, approximately $68,760 was fraudulently billed to Medicare for unnecessary home health care and therapy.

Why are these people allowed to plea to obtain smaller sentences and keep a good chunk of their ill-gotten gains? Is it time for the anti-fraud effort to go nationwide instead of just a few states?

From Zalma’s Insurance Fraud Letter, available free at http://www.zalma.com/ZIFL-CURRENT.htm

Willie Sutton, the infamous bank robber, when asked why he robbed banks is credited with responding "Because that's where the money is." In today's market place, the money is in a company's information, e.g., customer lists, pricing, methodology, know-how, research, development, and related proprietary and confidential information. And like the banks in Mr. Sutton's day, companies are increasingly finding they are being robbed of their information by unscrupulous departing employees and competitors. For example, in a recent BusinessWeek article (BW, Feb. 16, 2009), To Catch a Corporate Thief, an employee resigned, but reported his company issued laptop stolen. It turned out this employee had been poached by the former employer's competitor and the stolen laptop was actually the get-away-car for business methodologies, system designs, customer lists, and related proprietary information.

While there are a number of measures companies can take to prevent or otherwise minimize business theft/unfair competition (For a great summary of  non-compete considerations click here, Eight Ways to Lost a Non-compete Case), companies that fail to take such steps are left with the unsatisfactory choice of litigation or waiting for a "thank you" card from the benefactor of the competitive advantages you've bankrolled over the years. In regard to litigation, companies have in recent years relied upon the Computer Fraud and Abuse Act  (CFAA) to combat the theft of business information. See Adding to the Playbook.

The CFAA creates civil liability under specified conditions. For employers bringing suit against former employees engaged in wrongful conduct, the relevant conditions are generally where someone:

(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains- ...

(C) information from any protected computer if the conduct involved an interstate or foreign communication; [or] ...

(4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value ...; [or]
...
(5)(A)(ii) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage FN2; or
(iii) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage.
18 U.S.C. § 1030(a)(2), (4), (5)(A)(ii) and (iii); see also § 1030(g) (providing for civil liability for violations involving certain conduct, including conduct causing a loss of at least $5,000 in value). Thus, paragraphs (a)(2) and (a)(4) apply only if the defendant accesses the computer "without authorization" or "exceeds authorized access," while paragraph (a)(5)(A)(ii) or (iii) applies only if the defendant accesses the computer "without authorization."

There are two schools of judicial thought as to what "without authorization" or "exceeds authorized access" means.

The first approach focuses on the defendant's intent or use of the information in finding liability under the CFAA. See, e.g., International Airport Ctrs., L.L.C. v. Citrin, 440 F.3d 418, 420-21 (7th Cir.2006); Shurgard Storage Ctrs., Inc. v. Safeguard Self Storage, Inc., 119 F.Supp.2d 1121, 1124 (W.D.Wash.2000). In Shurgard, the court, in concluding that the plaintiff had stated a claim under paragraph (a)(2)(C) of the CFAA, held that the plaintiff's former employees had acted without authorization when they obtained information from the plaintiff's computers because, under agency law,  the  employee's authorization terminated when he allegedly became an agent of the defendant competitor during the act. See Shurgard, 119 F.Supp.2d at 1124. In Citrin, the court similarly held that the defendant's authorization to access the plaintiff's computer files had terminated when he violated his duty of loyalty to his employer imposed by agency law. See Citrin, 440 F.3d at 420-21.

In contrast, under the second approach a number of courts have rejected the Shurgard and Citrin courts' reliance on agency law in applying the authorization provisions of the CFAA. These courts generally find that a "without authorization" violation under the CFAA only occurs when initial access is not permitted and an "exceeding authorized access" violation occurs only when the defendant has permission to access the computer in the first place, but then accesses certain information to which he is not entitled. See Condux Int'l, Inc. v. Haugum, (D. Minn. Dec.15, 2008); Black & Decker (US), Inc. v. Smith, 568 F. Supp.2d 929, 933-36 (W.D.Tenn.2008); Shamock Foods Co. v. Gast, 535 F.Supp.2d 962, 963-68 (D.Ariz.2008); Diamond Power Int'l, Inc. v. Davidson, 540 F.Supp.2d 1322, 1341-43 (N.D.Ga.2007); Brett Senior & Assocs., P.C. v. Fitzgerald, 2007 WL 2043377, at *3-4 (E.D.Pa. July 13, 2007); Lockheed Martin Corp. v. Speed, 2006 WL 2683058, at *4-7 (M.D.Fla. Aug.1, 2006); International Ass'n of Machinists & Aerospace Workers v. Werner-Masuda, 390 F.Supp.2d 479, 498-99 (D.Md.2005).

So what is the take-away for employers?

Returning to Mr. Sutton, he packed a gun -- either a pistol or a Thompson sub-machine gun -- when he robbed financial institutions, noting, "You can't rob a bank on charm and personality." Mr. Sutton, however, reportedly never carried a loaded gun because somebody might get hurt. In contrast (and metaphorically speaking) companies cannot afford to shoot blanks when it comes to protecting business critical information. At the outset, proper and reasonable measures should be implemented for protecting such information. For examples and considerations, click here. However, if when these measures are not sufficient to prevent the theft of business assets, the CFAA is a great resource to have as backup. And even where courts have taken a narrower view of its applicability, proper planning in advance of litigation can provide a solid factual basis for a CFAA claim - just don't plan on relying on charm and personality: It didn't work for Willie Sutton (he spent half his life in prison) and it probably won't work for your company and (certainly not) your attorney.

Jason M. Shinn
Lipson Neilson Cole
jshinn@lipsonneilson.com