Google’s Remote Desktop – A Free Tool Allegedly Used to Download the Keys to the Kingdom
In a case recently filed in federal court in Norfolk, a Virginia Beach construction company and government contractor claims a former employee stole trade secrets and provided them to a competitor. What is interesting about this case is the company does not claim the employee, Christopher McGrath, stole papers and information while he was there. Rather, the claim is that he stole trade secrets after being fired by using a popular, free computer program. The company claims McGrath installed Google Chrome Remote Desktop, a program we use at our law firm, on his work computer, without company approval before he was terminated. After termination, the company claims he logged on remotely to the company’s computer system at least 16 times.
According to the complaint, both Atlantic Marine and McGrath’s new employer, C&C Contractors, compete for the same government contracts at Fort Benning, Georgia. The complaint alleges McGrath used trade secrets, including proposals used in bidding for work, formulas used to calculate costs and overhead, and historical data from past company contracts. The company alleges McGrath viewed and downloaded its trade secrets each time he connected remotely the company’s network, and provided them to his new employer for commercial advantage. The computer program gave him a full-access key to the company’s network.
The lawsuit makes claims under federal and state computer-age torts and an old-fashioned tort: the company alleges violations of the federal Computer Fraud and Abuse Act and Virginia’s Virginia Computer Crimes Act and Uniform Trade Secrets Act, and also claims a trespass to chattels (personal property).
The lesson learned here is that simply deleting an employee’s username and password from your company’s network may not be enough. It is not usually feasible to remove a former employee’s computer from the network. However, companies should at least check whether the computer the departing employee used has Google Chrome Remote Desktop or a similar program, such as LogMeIn, installed. As more employees work remotely from home, the risk for unauthorized (and undetectable) access to your company’s systems will grow.