Feeds

Court protects firms from employees' noxious emails

Agilent couldn't agree more

High performance access to file storage

Silicon Justice Some companies in California don't have to worry about their employees' online activity as much as they used to - at least for the time being.

In a recent judgment, an appellate court in California ruled that Agilent Technologies, a high-tech spin-off of HP, couldn't be held accountable for the online shenanigans of one of its employees. The court's logic extended to employers generally, and companies in that part of California now have immunity for publication infractions committed by their employees over employer-provided email and Internet access under an increasingly utilitzed law, Section 230 of the Communications Decency Act.

The plaintiffs in the suit against Agilent, however, have petitioned the California Supreme Court for a review of the appellate court's decision. The lower court's ruling represents the first time that any court has extended the immunity usually reserved for ISPs to an employer, and the plaintiffs think they can convince the high court to exclude employers from the statute's protections.

They are woefully mistaken. While the appellate court's interpretation of the law has its problems - and could possibly be overturned at some point in the future - it is unlikely that the California Supreme Court will take up the issue so close on the heels of its landmark Section 230 decision in Barrett v. Rosenthal.

So why waste the effort, you ask? Money, of course.

The plaintiffs, ex-Varian employees, were harassed by an Agilent employee who used the company-provided Internet access and email system to send and post threatening messages directed against the plaintiffs. In a separate judgment entered against the employee, the plaintiffs won $1m. The chances that the employee will ever pay up are slim to none, so the plaintiffs' only hope at any pay-off for suffering through the employee's noxious behaviour is to go after the large, cash-filled pockets of the employer, Agilent.

The only problem is that, even without Section 230 immunity for Agilent, the plaintiffs didn't have much chance of proving Agilent's liability. With Section 230 involved, the case becomes a shipwreck.

Section 230 grants immunity to providers and users of "interactive computer services" for offenses based on another's publication of information on or through the service. This has applied to ISPs and web services in the past (eg, this case involving Craigslist,) but never an employer, up until now.

The California court determined that Agilent met the definition of a provider of an "interactive computer service," since it provided multiple users (its employees) with access to a computer server that in turn provides access to the Internet. As such, it is immune from any suit that treats it as the publisher or speaker of another's information.

That result seems fine in a case like this one, where the issue was Agilent's liabilty for the plaintiffs' emotional distress over the threatening messages, but what happens in other situations? Can a company avoid liability for the actions of an employee who extends a fraudulent offer on the company's behalf through an email or web posting? What about sexual harassment that occurs exclusively over email?

The plaintiffs raised the situations above, and others, in their initial appellate documents. They represent the strongest arguments for overturning the extension of Section 230 immunity to employers.

That is unlikely to happen, however. The case would first have to be accepted for review by the California Supreme Court, and the court will almost certainly choose not to revisit Section 230 so soon after its decision in Barrett.

That suit, decided last November, involved the distribution of defamatory comments made by third parties over the Internet. The Supreme Court held that Section 230 immunity applied to the distributor, even if she should have known that the comments were libelous.

The California Supreme Court has decided precious few Internet-related cases (only four, by some counts,) so it will likely skip the chance to weigh in on a Section 230 issue again until a conflict arises among the lower courts, if even then.

And even if the plaintiffs can succeed in having the Supreme Court hear the case and overturn the Section 230 ruling, their cause doesn't have much chance of success. The harassment was so far outside the scope of the employee's work with Agilent, that there would not be any liability on the part of Agilent for the employee's actions. Agilent had no duty to protect the plaintiff when hiring the employee, either, and it never ratified the employee's actions. In fact, it eventually fired him for violation of company email policies in relation to the activities leading to this case.

Any reversal of the Section 230 decision in this case might help future parties who wish to get at an employer's deep pockets, but it won't have much effect in the current case against Agilent.

So that leaves the plaintiffs, while eggregiously wronged by the employee, with a dead-end case against the employer. And all the hype over Section 230 is starting to look like a tilt at a windmill. ®

Kevin Fayle is an attorney, web editor and writer in San Francisco. He keeps a close eye on IP and International Law issues.

Combat fraud and increase customer satisfaction

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Reprieve for Weev: Court disowns AT&T hacker's conviction
Appeals court strikes down landmark sentence
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.