Never Tick Off a Redbird

This article was republished with permission from Tom Fox’s FCPA Compliance and Ethics Blog.

At a press conference today, Satan officially announced that Hell has frozen over. He made this stunning announcement after the New York Times reported that the baseball team with the most World Series wins in the history of the National League (NL), the St. Louis Cardinals, had hacked those paragons of virtue, enormity and the very symbol of baseball greatness, the Houston Astros, to view confidential information. The Cardinals have managed to win five World Series in the past 50 years; how many World Series have the Astros won? That would be a big fat nada, ZERO, none, zilch. The NL team with the most World Series wins in the past 50 years was caught hacking into the innermost secrets of one of the worst teams in that same time period. Where are Tom Brady’s deflated balls when you need them?

As reported by Michael Schmidt, in a piece entitled “Cardinals Face F.B.I. Inquiry in Hacking of Astros’ Network,” Major League Baseball asked the FBI and Department of Justice (DOJ) to investigate the hacking of the Astros. “Last year, some of the information was posted anonymously online, according to an article on Deadspin. Among the details that were exposed were trade discussions that the Astros had with other teams.” No doubt expecting that nefarious rogue agents of the Chinese government (or worse, the Chinese military) were seeking to wreak havoc on the game once known as ‘America’s pastime’ or “Believing that the Astros’ network had been compromised by a rogue hacker, Major League Baseball notified the FBI, and the authorities in Houston opened an investigation. Agents soon found that the Astros’ network had been entered from a computer at a home that some Cardinals officials had lived in. The agents then turned their attention to the team’s front office.” Oops, those darn Chinese; they are never around to blame when you need them.

So move aside, New England Patriots, with your petty attempts to manipulate footballs in a championship game. Stop allowing your quarterback to dictate how he uses the tools of his trade, footballs. Do not cheat and call it getting an edge; all of this makes you look like rank amateurs next to the St. Louis Cardinals. Act like a real team and enlist your front office executives to steal information from the worst team in football. For long-term pathetic-ness, you might try the Oakland Raiders or just go with the current joke of a team, the Tampa Bay Buccaneers, whose number one draft pick and current face of the franchise was one of the most “ethically challenged” college players in recent years. If you really want great information about poor football, steal it from the Jacksonville Jaguars. Bill Belichick, you are only limited by your imagination!

As to the Cardinals, what on earth could the Astros have that they could possibly want? Take the Astros’ record over the past five years; it’s the worst in baseball. You want a piece of that? How about secret information on the leadership savoir fare of the Astros owner, “Mr. I-am-smarter-than-everyone-in-the-room-because-I-made-$100-million-in-business” Jim Crane. Why be one of the best-run sports franchises when you can mimic the Astros? First you can tell everyone how stupid they are because they do not understand how it is in your interest to try and lose; next, why you should cut off over 70 percent of your fan base from even watching games on television so they will not see your joke of a team play; and finally, how to sue the prior owner who sold you the team for misrepresenting the quality of the assets.

But do not stop with the owner. The apparent ire of St. Louis (never underestimate a pissed off Redbird) was directed at a former Cardinal employee who left to become the General Manager of the Astros, Jeff Luhnow. Apparently the Cardinals were upset that the baseball knowledge in Luhnow’s head was now being used by the Astros. (Did I mention the Astros had baseball’s worst record for the past five years?) Of course, perhaps the Cardinals could learn how make an offer to the top draft pick in the annual amateur draft and then withdraw the offer so they could make a lower one, thereby losing two top draft picks. That certainly was a brilliant move by the Astros that you would want to use going forward.

The Cardinals’ action brings up one of the greatest areas of corporate angst: when a business gets its feelings hurt. Heaven forbid. No doubt having recently seen a recent late night showing of the movie Animal House, the Cardinals decided not to get mad; they decided to get even. So with this newfound information gleaned from the Astros, it now clear how the Cardinals have been so successful. Not simply being content to cheat, they broke the law to hack into the confidential information of another baseball team to learn that other team’s secret. Now I know why the Astros have been so bad over the years; they had all their confidential information sucked out of their organization by the evil Cardinals. So that giant sucking sound you hear from south Texas is not American jobs going to Mexico because of NAFTA, but all the confidential information being sucked out of the Houston Astros.

What are the lessons for a Chief Compliance Officer or compliance practitioner? This points to the myriad of reasons that companies and individuals engage in bribery and corruption. It is laughable to think that the St. Louis Cardinals, one of the best-run franchises in all of sports (or so we thought), could learn anything from the idiots who run the Astros. Yet here we are; out of spite, vindictiveness or just plain old malevolence, front-office executives of the Cardinals engaged in conduct that has drawn the scrutiny of the FBI and DOJ. This points to other motivations than fidelity to monetary gain as reasons for bribery and corruption.

Also, cybersecurity is a compliance concern. What protocols to you have in place to protect your data? How will you respond to a breach? What happens if another member of the cartel your business is in engages in criminal activity against you? Will you demand that they are kicked out of the cartel?

I think it also points up how actually doing compliance differs from having a paper compliance program in place, whether you use the McNulty’s Maxims formulations (What did you do to prevent it? What did you do to detect it? What did you do after you found out about it?) or the FCPA Guidance formulation that a best practices compliance program should prevent, detect and remedy violations. I am relatively certain the St. Louis Cardinals had a policy against breaking the law by hacking into the database of another baseball team. With equal certainty, I am sure the Cardinals had no program to prevent or detect such illegal conduct, for if they did it would certainly appear they conveniently looked the other way.

Finally, American businesses need to wise up. Stop all the whining, moaning and complaining about data breaches from Chinese/Russian/Bulgarian/the Galactic Empire/the Borg/(name your Evil Empire); you are most at risk from other U.S. companies. For if the best team in the history of the NL will break the law to steal the trade secrets and confidential information of one of the worst teams, is anyone safe? Further, what are the odds that the Cardinals have been trying to steal trade secrets from winning teams? That would be a number way too high for me to even imagine. Quit crying to Congress that it is unfair for you to be required to protect your own data or that it would cost you money or jobs; secure your data now.

Now for a free tip from my consulting company, Advanced Compliance Solutions: if you have super-secret confidential information, make sure it is password protected. But more than simply password protected, change your password every 90 days. That is a good first step in case the St. Louis Cardinals come hacking your company.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business advice, legal advice or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author gives his permission to link, post, distribute or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at [email protected]