Feeds

Court protects firms from employees' noxious emails

Agilent couldn't agree more

Security for virtualized datacentres

Silicon Justice Some companies in California don't have to worry about their employees' online activity as much as they used to - at least for the time being.

In a recent judgment, an appellate court in California ruled that Agilent Technologies, a high-tech spin-off of HP, couldn't be held accountable for the online shenanigans of one of its employees. The court's logic extended to employers generally, and companies in that part of California now have immunity for publication infractions committed by their employees over employer-provided email and Internet access under an increasingly utilitzed law, Section 230 of the Communications Decency Act.

The plaintiffs in the suit against Agilent, however, have petitioned the California Supreme Court for a review of the appellate court's decision. The lower court's ruling represents the first time that any court has extended the immunity usually reserved for ISPs to an employer, and the plaintiffs think they can convince the high court to exclude employers from the statute's protections.

They are woefully mistaken. While the appellate court's interpretation of the law has its problems - and could possibly be overturned at some point in the future - it is unlikely that the California Supreme Court will take up the issue so close on the heels of its landmark Section 230 decision in Barrett v. Rosenthal.

So why waste the effort, you ask? Money, of course.

The plaintiffs, ex-Varian employees, were harassed by an Agilent employee who used the company-provided Internet access and email system to send and post threatening messages directed against the plaintiffs. In a separate judgment entered against the employee, the plaintiffs won $1m. The chances that the employee will ever pay up are slim to none, so the plaintiffs' only hope at any pay-off for suffering through the employee's noxious behaviour is to go after the large, cash-filled pockets of the employer, Agilent.

The only problem is that, even without Section 230 immunity for Agilent, the plaintiffs didn't have much chance of proving Agilent's liability. With Section 230 involved, the case becomes a shipwreck.

Section 230 grants immunity to providers and users of "interactive computer services" for offenses based on another's publication of information on or through the service. This has applied to ISPs and web services in the past (eg, this case involving Craigslist,) but never an employer, up until now.

The California court determined that Agilent met the definition of a provider of an "interactive computer service," since it provided multiple users (its employees) with access to a computer server that in turn provides access to the Internet. As such, it is immune from any suit that treats it as the publisher or speaker of another's information.

That result seems fine in a case like this one, where the issue was Agilent's liabilty for the plaintiffs' emotional distress over the threatening messages, but what happens in other situations? Can a company avoid liability for the actions of an employee who extends a fraudulent offer on the company's behalf through an email or web posting? What about sexual harassment that occurs exclusively over email?

The plaintiffs raised the situations above, and others, in their initial appellate documents. They represent the strongest arguments for overturning the extension of Section 230 immunity to employers.

That is unlikely to happen, however. The case would first have to be accepted for review by the California Supreme Court, and the court will almost certainly choose not to revisit Section 230 so soon after its decision in Barrett.

That suit, decided last November, involved the distribution of defamatory comments made by third parties over the Internet. The Supreme Court held that Section 230 immunity applied to the distributor, even if she should have known that the comments were libelous.

The California Supreme Court has decided precious few Internet-related cases (only four, by some counts,) so it will likely skip the chance to weigh in on a Section 230 issue again until a conflict arises among the lower courts, if even then.

And even if the plaintiffs can succeed in having the Supreme Court hear the case and overturn the Section 230 ruling, their cause doesn't have much chance of success. The harassment was so far outside the scope of the employee's work with Agilent, that there would not be any liability on the part of Agilent for the employee's actions. Agilent had no duty to protect the plaintiff when hiring the employee, either, and it never ratified the employee's actions. In fact, it eventually fired him for violation of company email policies in relation to the activities leading to this case.

Any reversal of the Section 230 decision in this case might help future parties who wish to get at an employer's deep pockets, but it won't have much effect in the current case against Agilent.

So that leaves the plaintiffs, while eggregiously wronged by the employee, with a dead-end case against the employer. And all the hype over Section 230 is starting to look like a tilt at a windmill. ®

Kevin Fayle is an attorney, web editor and writer in San Francisco. He keeps a close eye on IP and International Law issues.

Intelligent flash storage arrays

More from The Register

next story
Scrapping the Human Rights Act: What about privacy and freedom of expression?
Justice minister's attack to destroy ability to challenge state
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
Hey Brit taxpayers. You just spent £4m on Central London ‘innovation playground’
Catapult me a Mojito, I feel an Digital Innovation coming on
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
EU probes Google’s Android omerta again: Talk now, or else
Spill those Android secrets, or we’ll fine you
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.