Most employers now have some web presence, through their own internet sites and also as an internet portal for employees who use the internet at work. Used illegally to spread defamatory statements or publish trade secrets, the internet has the potential to do significant damage to a business. Employers need to consider two related subjects: how to respond if defamatory or privacy-protected information about the organization is released on-line; and how to manage their own internet resources to avoid liability.

Discovering the Identity of Anonymous Internet Users

Internet privacy law is very much like the rules of Mexican lucha libre wrestling. Mexican wrestlers are frequently known only by their masks, and keep their true identities secret. Being unmasked by an opponent is the ultimate insult, and can only properly be done with the sanction of the governing body.

Current and former employees, competitors, and others have a number of forums on the internet in which they may criticize employers. An organization can file a lawsuit against someone who harms a business by his or her statements. In Krinsky v. Doe 6, the California Court of Appeal refined its rules for unmasking internet message board participants alleged to have made unlawful statements.

The Krinsky case dealt with an anonymous Yahoo! stock market message board user known as “Senor_Pinche_Wey” who allegedly made scandalous comments about the officers of a corporation. The executives of the corporation sued him under the name “Doe 6,” and requested a court order compelling Yahoo! to identify Senor_Pinche_Wey. Senor_Pinche_Wey responded (through his lawyers) to protect his anonymity. The Court of Appeal had to decide when an internet user can be forced to reveal his or her true identity.

The court noted that there is an historic constitutional right to publish pamphlets, leaflets, and brochures anonymously, which now includes the internet. The court also recognized that on the internet, anonymous “hyperbole and exaggeration are common” and “this informal ability to äóÖsound off,’ often in harsh an unbridled invective, that opens the door to libel and other tortious conduct.”

However, free speech does not protect defamation, so the court made a rule that the identity of the author of an anonymous online post can be discovered only if the plaintiff can state facts that would entitle her to relief, assuming they were not disproved (called a prima facie case, in legal terms).

The court set a high standard for what counts as enough to support a prima facie case of defamation: “juvenile name-calling cannot reasonably be read as stating actual facts . . . Rather they fall in the category of crude, satirical hyperbole which, while reflecting on the immaturity of the speaker, constitute protected opinion under the First Amendment.” In the Krinsky case, because the statements were not actionable as defamation, the executives were unable to unmask Senor_Pinche_Wey.

The location of the website and the home office of the internet service provider that hosts it may affect how much a complaining party can find out about an anonymous internet user. The plaintiffs in the Krinsky case were residents of Florida and filed suit there. California law applied to their action to unmask Senor_Pinche_Wey, however, because Yahoo! had the information and it is based in California.

The Arizona Court of Appeals recently decided a similar case arising out of Washington: Mobilisa, Inc. v. John Doe 1. In that case, an anonymous individual forwarded an e-mail revealing the company CEO’s extramarital relationship, along with the comment, “Is this a company you want to work for?” The Arizona Court of Appeals held that before Mobilisa could unmask John Doe 1, it must prove: (1) the speaker had notice of the discovery request, (preferably, notice is to be delivered by the same means as the contested statements); (2) the cause of action could survive a motion for summary judgment; and (3) a balance of the parties’ competing interests favors disclosure. As a result of this decision, Arizona now provides slightly more protection for anonymous internet speech than California does.

Illegal Electronic Communication In the Workplace

Sometimes, the controversial activity takes place inside the employer’s own servers. In 1998, Varian Medical Systems, Inc. fired an employee named Michelangelo Delfino for harassing his co-workers. He and Mary Day, another former employee, retaliated by posting derogatory comments on an online discussion of Varian’s stock. Varian brought a lawsuit alleging libel, invasion of privacy, breach of contract and conspiracy, along with a request for an injunction to prevent the ex-employees from making any more similar comments.

In the meantime, Delfino and Day made enemies of their own, one of whom used the pseudonyms “crack_smoking_jesus,” “dr_dweezil2000″ and “dreamcaster.” It turns out those messages were sent by a Cameron Moore, evidently an aggressive investor in technology stocks. Moore threatened to have Delfino and Day “stomped” for hurting the value of investments in Varian. The FBI traced the threatening e-mails back to computers owned by Agilent Technologies. Agilent cooperated with the government to identify Moore. Although he originally denied sending any threatening messages, he was later arrested and fired from Agilent for misuse of the computer system and lying about it. Agilent and the former employee were sued by Delfino for intentional and negligent infliction of emotional distress. In Delfino v. Agilent Technologies, Inc., Moore ended up liable to Delfino and Day.

The court of appeal found Agilent was immune from liability under the Communication Decency Act of 1996 (CDA) as an internet service provider (even though it is not in the business of providing internet service.) Agilent could not be liable simply for supplying the computer and network that Moore used to make his threats. Because Moore’s threats were unrelated to his job at Agilent, the company was not responsible for his actions toward Delfino and Day.

Limits of CDA Immunity

Senor_Pinche_Wey used an internet discussion board sponsored by Yahoo! to make the allegedly defamatory comments. Crack_smoking_jesus used his employer’s servers to send threatening e-mails. John Doe 1 sent the message about the CEO’s affair to Mobilisa, Inc. using a website designed to send anonymous messages. Those internet hosts were all protected from liability. But CDA protection does not apply if the website solicits users to provide illegal postings.

In Fair Housing Council of San Fernando Valley v. Roommates.com LLC, the operators of a website were sued because the site relied on illegally discriminatory questions for its roommate matching service. Unlike internet service providers, internet content providers do not have CDA immunity. A content provider is “any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet.” A website can be both. If the website simply publishes information provided by others, the CDA protects it from any liability under state or federal law. “But if it is responsible, in whole or in part, for creating or developing the information, it becomes a content provider and is not entitled to CDA immunity.”

Discrimination in housing is illegal. Much like an employer, a housing provider may violate the law when it asks about an applicant’s race, gender, family status, and sexual orientation. Roommates.com required users to enter their sex, sexual orientation, and family status to obtain information about rentals. The Ninth Circuit distinguished it from “craigslist” (sued in a different case in Chicago) which allows, but does not require, users to make discriminatory statements and conduct discriminatory searches.

CDA immunity is broad, but may not cover a website if the owner actively encourages or requires users to post illegal comments. The safe approach is still for employers to make sure that their own websites, blogs, and the like do not include any defamatory or offensive comments, particularly comments that suggest the company tolerates unlawful employment practices. Employers accused of discrimination can expect to see e-mails, chat sessions, instant messages, and internet and intranet data used as evidence at trial.

It may even be necessary to ensure that employee’s own work-related blog postings do contain any material that would make the employer liable for illegal conduct. In Richerson v. Beckon, one employer in Washington state reassigned an employee for posting blog entries on her personal blog that were offensive, and arguably discriminatory, about her co-workers. Because it was a school district, the employee complained that she was being retaliated against for exercising her right to free speech. The court disagreed; the employer was entitled to reassign her to non-supervisory duties because of her offensive blog entries.

Conclusion

Employers seeking to uncover internet critics face tough burdens of proof. That means that unpleasant, offensive speech concerning their management and operations often will escape punishment. When an internet user crosses the line, the organization must be ready to demonstrate that internet criticism is actionable in court. Of course, when the employer knows the identity of a user, it does not have to make the additional showing necessary to uncover an anonymous user’s identity.

The CDA may protect employers from liability to third parties when employees use internal servers and internet access to post offensive information on the Internet. However, employers must remain vigilant to ensure employees do not engage in conduct that violates equal employment opportunity and other laws while they are working.

X