CyberTech, an established leader in forensics investigation, with a reputation of being unbiased, is faced with a dilemma in trying to determine how to handle a lawsuit in which some of its clients are found on opposite sides of a case. CyberTech has to make a decision on the best possible course of action to take so as to preserve its reputation, and protect the future growth, and prosperity of the company as it strives to satisfy its clients in an intertwined case it is currently handling. In this case, CyberTech has been contracted to investigate the 2015 hack of the Office of Personal Management (OPM), in which Anomalous, a non-US-based grey hat hacking group is the main suspect for the hack. On the other hand, Anomalous is filing claims against Equation Set, a US-based company for attempted hack into its facilities. This paper is to analyze the situation, and present possible solutions to prevent to issue of conflict of interest in part of CyberTech, and preserve its reputation of being an unbiased company.
Explanation of the Issue
The 2015 breach of OPM’s network led to the theft of millions of confidential data involving government employees, and this is a major issue in the USA. CyberTech is the company in charge of conducting the cyber forensics involved in the case. Anomalous is the grey hat hacker group accused of carrying out the hack, which means CyberTech will be conducting investigations against Anomalous. Also, Anomalous wants CyberTech to conduct another investigation on its behalf as Anomalous has accused Equation Set of an attempt to hack its facilities. In this case, Anomalous is the only non-US based group in all the entities involved in the investigation, and may prove as a potential for discrimination as CyberTech decides on how to handle this case having clients on both sides of the case. Since Anomalous is a suspect in the breach of OPM’s network, it could be seen as a conflict in interest for CyberTech to also have Anomalous as a client in another unrelated lawsuit.
Analysis of the Information
Looking at the information about the case which is available, there are a few ways the information can be analyzed to come up with a desirable outcome. CyberTech has to take into consideration its reputation, its clients, ethics, and future growth and development as it decides on how to handle this dilemma. Given that it has clients on opposing ends of the case, in order to avoid the idea of conflict of interest, CyberTech could drop one client and focus on the other. In this case, CyberTech could drop Anomalous as a client and focus on the OPM case. The OPM breach case is a well-known case involving major entities and it will be a good option if CyberTech was looking at dropping one of its clients in favor of the other.
On another hand, CyberTech could terminate its involvement in the investigation of Anomalous regarding the OPM breach. In this situation, it will only have Anomalous as a client, and will be able to concentrate on that single client, and eliminate the aspect of conflict of interest. But, given the high-profile nature of the OPM hack, this solution would not be a popular one with the general public, and particularly US-based clientele.
A third option will be to continue its investigations, and represent both clients. This solution may present the potential problem of conflict of interest as CyberTech will have to represent clients on opposite sides of an investigation. This solution may cause a major problem if not handled properly. But, if CyberTech is able to come up with a solution to handle both clients, it will go a long way to solidify its reputation of being unbiased, which will be a great thing for the company.
Consideration of alternative viewpoints and conclusions
One of the main points to take into consideration is that of conflict of interests as CyberTech tries to represent Anomalous in the case against Equation Set, and at the same time, analyzing data in the OPM case which could determine if Anomalous is guilty or innocent. Although CyberTech has to represent organizations on opposite sides of a lawsuit, I believe both cases are clearly distinct and should not represent a conflict of interests. But, on a general viewpoint, some people may still see this as a conflict of interest, and will prefer that CyberTech pick one client over the other. This makes sense in that the same company resources will be used to investigate both cases, and could lead to disclosure of evidence from either case to the other, and this may undermine confidentiality. A solution to this may be to have separate teams handle both cases, where they have to use separate resources, and exert the maximum level of confidentiality so that they can be able to satisfy both of their clients. This also eliminates the aspect of being biased. Better still, CyberTech could subtract the case with Anomalous which has a potential to cause conflict of interest to another forensics firm so the investigation can be done separately from that done for the OPM breach.
Generally, some individuals view grey hat hackers as criminals, as they do not always follow the law, and claim to act in the best interest of the greater good. Therefore, CyberTech can voluntarily drop Anomalous based on ethical believes that the client may be engaged in fraudulent conducts (Chelst, 2013). In this case, this viewpoint will prefer CyberTech to terminate its commitment to Anomalous in investigating Equation Set, and focus on the case on OPM against Anomalous. Given that CyberTech is also trying to preserve its public image, apart from this looking like conflict of interests, the general public could view this as though CyberTech is trying to defend a criminal non-US based group if they were to stop their investigation on the OPM breach, and instead keep Anomalous as the sole client.
In order to be able to make the best decision in this situation, CyberTech has to align its priorities, and know exactly what outcome it wants to achieve. Thus far, we know they want to preserve their public image of being a top unbiased cyber forensics company, and also be able to protect future growth of the company without undermining trust from its clients. Although every business seeks to make the greatest profit as possible, it should not always be the case in every situation as sometimes they have to limit the profit that could be potentially made in a single transaction, to preserve the potential for greater profit in the future. Therefore, there should be the balance between company interests (that is growth and profit), client requirements, and ethics.
According to Chelst (2013), and represented in figure 1 below, CyberTech leadership can utilize the following decision process to determine the optimal outcome.
Fig 1: Decision Tree Model
Conclusions and Recommendations
Given the criteria put forth by CyberTech on how it wants to be perceived, and to maintain its reputation, and based on the recommendations of the decision tree model, the best course of action will be to retain Anomalous as a client, but subcontract the case with Equation Set to in house sub-contractors. In this case, the investigation will be independently handled by an external cyber forensics team which will conduct a parallel analysis and oversight in order to independently confirm CyberTech’s findings and to ensure potential conflicts of interest are addressed. This solution is one which may lead to lower profits for CyberTech, but it is the right one to take, as it establishes that CyberTech can handle future problems involving the issue of conflict of interests, and portrays the fact that they are a well-established unbiased organization. This solution also represents the fact that CyberTech doesn’t consider any of its clients guilty until it has been proven with adequate facts, which will make it biased if it had to dump Anomalous because of public opinion that it is a criminal organization.
- Goodman, N. (2016). When Can an Attorney Withdraw in the Middle of a Case? Retrieved from Lawyers.com: http://research.lawyers.com/when-an-attorney-must-or-may-withdraw-mid-case.html
- Chelst, K. (2013). The soft side of making decisions. Industrial Engineer: IE, 45(1), 35.