Feeds

Court protects firms from employees' noxious emails

Agilent couldn't agree more

Boost IT visibility and business value

Silicon Justice Some companies in California don't have to worry about their employees' online activity as much as they used to - at least for the time being.

In a recent judgment, an appellate court in California ruled that Agilent Technologies, a high-tech spin-off of HP, couldn't be held accountable for the online shenanigans of one of its employees. The court's logic extended to employers generally, and companies in that part of California now have immunity for publication infractions committed by their employees over employer-provided email and Internet access under an increasingly utilitzed law, Section 230 of the Communications Decency Act.

The plaintiffs in the suit against Agilent, however, have petitioned the California Supreme Court for a review of the appellate court's decision. The lower court's ruling represents the first time that any court has extended the immunity usually reserved for ISPs to an employer, and the plaintiffs think they can convince the high court to exclude employers from the statute's protections.

They are woefully mistaken. While the appellate court's interpretation of the law has its problems - and could possibly be overturned at some point in the future - it is unlikely that the California Supreme Court will take up the issue so close on the heels of its landmark Section 230 decision in Barrett v. Rosenthal.

So why waste the effort, you ask? Money, of course.

The plaintiffs, ex-Varian employees, were harassed by an Agilent employee who used the company-provided Internet access and email system to send and post threatening messages directed against the plaintiffs. In a separate judgment entered against the employee, the plaintiffs won $1m. The chances that the employee will ever pay up are slim to none, so the plaintiffs' only hope at any pay-off for suffering through the employee's noxious behaviour is to go after the large, cash-filled pockets of the employer, Agilent.

The only problem is that, even without Section 230 immunity for Agilent, the plaintiffs didn't have much chance of proving Agilent's liability. With Section 230 involved, the case becomes a shipwreck.

Section 230 grants immunity to providers and users of "interactive computer services" for offenses based on another's publication of information on or through the service. This has applied to ISPs and web services in the past (eg, this case involving Craigslist,) but never an employer, up until now.

The California court determined that Agilent met the definition of a provider of an "interactive computer service," since it provided multiple users (its employees) with access to a computer server that in turn provides access to the Internet. As such, it is immune from any suit that treats it as the publisher or speaker of another's information.

That result seems fine in a case like this one, where the issue was Agilent's liabilty for the plaintiffs' emotional distress over the threatening messages, but what happens in other situations? Can a company avoid liability for the actions of an employee who extends a fraudulent offer on the company's behalf through an email or web posting? What about sexual harassment that occurs exclusively over email?

The plaintiffs raised the situations above, and others, in their initial appellate documents. They represent the strongest arguments for overturning the extension of Section 230 immunity to employers.

That is unlikely to happen, however. The case would first have to be accepted for review by the California Supreme Court, and the court will almost certainly choose not to revisit Section 230 so soon after its decision in Barrett.

That suit, decided last November, involved the distribution of defamatory comments made by third parties over the Internet. The Supreme Court held that Section 230 immunity applied to the distributor, even if she should have known that the comments were libelous.

The California Supreme Court has decided precious few Internet-related cases (only four, by some counts,) so it will likely skip the chance to weigh in on a Section 230 issue again until a conflict arises among the lower courts, if even then.

And even if the plaintiffs can succeed in having the Supreme Court hear the case and overturn the Section 230 ruling, their cause doesn't have much chance of success. The harassment was so far outside the scope of the employee's work with Agilent, that there would not be any liability on the part of Agilent for the employee's actions. Agilent had no duty to protect the plaintiff when hiring the employee, either, and it never ratified the employee's actions. In fact, it eventually fired him for violation of company email policies in relation to the activities leading to this case.

Any reversal of the Section 230 decision in this case might help future parties who wish to get at an employer's deep pockets, but it won't have much effect in the current case against Agilent.

So that leaves the plaintiffs, while eggregiously wronged by the employee, with a dead-end case against the employer. And all the hype over Section 230 is starting to look like a tilt at a windmill. ®

Kevin Fayle is an attorney, web editor and writer in San Francisco. He keeps a close eye on IP and International Law issues.

Build a business case: developing custom apps

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
Detroit losing MILLIONS because it buys CHEAP BATTERIES – report
Man at hardware store was right: name brands DO last longer
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.