Former Uber CISO Joseph Sullivan, convicted in 2023 of attempting to cowl up an information breach, is looking for a brand new trial, citing procedures omissions from his unique trial that his attorneys mentioned tainted the decision.
Sullivan was initially convicted on costs associated to Uber’s 2016 information breach and was sentenced to three years of probation for his function within the subsequent coverup.
Sullivan was additionally ordered to pay a $50,000 effective and carry out 200 hours of neighborhood service. These penalties had been thought-about too delicate by the prosecution, which argued {that a} 15-month jail time period would have been extra useful in deterring different executives in comparable conditions.
Now, Sullivan’s protection attorneys argued that the jury was not knowledgeable of two “key limitations” within the nexus requirement, when Sullivan was initially tried. To convict a defendant below part 1505, the federal government should show there was an company continuing; that the defendant was conscious of that continuing; and that the defendant deliberately tried to corruptly affect, impede, or impede that continuing. In keeping with the protection, these necessities weren’t a part of the jury’s directions, which undermined all the conviction and referred to as for a reversal.
“However at a minimal, every of those errors infects one of many authorities’s core theories of guilt and require a brand new trial,” Sullivan’s attorneys argued throughout this week’s listening to.
The prosecution countered that any potential errors in jury instruction had been innocent and, in the end, Sullivan’s actions of falsifying paperwork and authorizing hush cash within the type of bug bounties had been a transparent obstruction of justice.
The court docket made no resolution in the present day, however CISOs, boards of administrators, and authorized students shall be watching the ruling, given how Sullivan’s conviction has led to extra authorized scrutiny of and costs in opposition to CXOs, particularly the place compliance with data-handling legal guidelines is worried.
