Prison term possible over use of spyware

CLEVELAND (AP) — A northeast Ohio man faces prison time after he used legal software to spy on an unknowing woman’s computer activities, accidentally retrieving confidential information from the computer system at the children’s hospital where the woman worked.

The type of crime has been rare, but some expect to see more of it because of a lack of knowledge about what’s legal and what’s not in the realm of electronic spying.

Early last year, Scott Graham of Avon Lake sent an e-mail with an attachment containing spyware to a woman whom he wanted to spy on. The woman opened the attachment on two computers at work at Akron Children’s Hospital, and the spyware picked up confidential information about medical procedures and patients — as well as financial records for four employees — over the course of about three weeks.

The spyware slowed the computer network system down, leading to its discovery by hospital officials. The FBI was called in, and Graham eventually pleaded guilty to a felony charge of intercepting electronic communications in U.S. District Court.

He is scheduled to be sentenced early next year and will receive prison time or probation.

Akron Children’s Hospital executive Shawn Lyden said Graham didn’t use the information to compromise patient privacy.

Graham’s attorney, Ian Friedman, said his client sent the e-mail to the woman to investigate allegations she had made about certain doctors and professionals.

Friedman fears that much of the public may believe that using spyware such as his client did is legal.

“This case may be a sign of more to come,” Friedman said, “but to date this has been a common prosecution.”

Graham bought the software over the Internet from SpyTech Software and Design Inc. of Red Wing, Minn. The company’s Web site says it is legal to use the software as long as it’s installed on a computer owned by the purchaser.

Valid uses include parents’ efforts to monitor the Internet habits of their children and companies’ installing it on computers they own to monitor the actions of employees on company time, said SpyTech founder Nathan Polencheck.

It’s also up to companies and organizations with sensitive data to make sure they have working software to protect against spyware attacks.

When Graham’s spyware was opened, Akron Children’s Hospital was in the process of upgrading its system and putting up a firewall on all computers that would have blocked the spyware, Lyden said.

The firewall had not been activated on the two computers used to open Graham’s e-mail attachment.