The Expanding Definition of Company Property

In an era when the comic strip Dilbert—which doesn't even pick on a particular corporation, just corporations in general—is banned in a growing number of cubicle farms, it should come as no surprise that employers are willing to go to great lengths to prevent their employees from saying nasty things about them, regardless of whether or not the comments were made when the employee was on company property or engaged in company business.

Until recently, the damage that you could do by badmouthing your employer was relatively limited. If you work in a small town, you might be able to start a whispering campaign that has the potential of damaging your employer's reputation or business prospects. But you probably would be unable to mount a campaign widespread enough to effectively attack or undermine even a midsize business.

In this respect, at least, the World Wide Web has dramatically altered the balance of power between employers and employees. You don't even have to own a computer to be able to spread damaging words about your company across the nation; all you have to do is stop off at your local library on your lunch hour, log onto a message board, and post a message to a newsgroup. For example, a few well-chosen words about a publicly traded company can dramatically affect a company's stock price. And that's just the beginning. The Web offers an almost limitless number of possibilities for mischief, from ginned-up Web pages with phony news stories to entire websites devoted to savaging a company's reputation. And in the course of a chat room conversation, you could accidentally (or intentionally) reveal valuable intellectual property secrets to a competitor.

Needless to say, the tools that technology has made available to employees raise some interesting questions: Is a corporation entitled to know the identity of people who use anonymous accounts to post critical comments about the corporation or management to Internet message boards? Can a corporation monitor Internet chat rooms or Internet relay chat (IRC) channels and use information gathered there to discipline employees? In other words, how far can a business go in protecting what it perceives to be its property interests?

Trespass: It's Not Just for Real Property Any More

In the eyes of the law, corporations are people, with nearly all of the same rights and responsibilities. The analogy only goes so far, of course: When a corporation breaks the law, as Arthur Andersen did in 2001 when it shredded Enron documents in an attempt to frustrate a Securities and Exchange Commission probe, it can't be thrown in jail—real live company executives are needed for that. ^[7]

Nonetheless, a corporation's status as a person under the law gives it the ability to enforce the same rights that an individual can enforce, including those dealing with real property. Typically, the right that owners of real property are keenest on enforcing is the one against trespass, i.e., the ability to determine who can and cannot come onto their property. If you own property in a rural area and you're dead set against people in bright orange clothing trying to thin out the deer herd each year, you can post your land and forbid hunters from trespassing on your property. If a corporation doesn't want you on its property, it is entitled (assuming that it's not illegally discriminating) to have its security personnel use all reasonable force to keep you out.

It used to be that easy to keep people off a company's computer system. For the first two decades or so of the computer revolution, you couldn't trespass on a company's computer system without trespassing on the company's property at the same time—there was simply no way to get access to the computer without having physical access to the machine itself.

But a series of inventions—networking, the modem, the Internet, and e-mail—have created new ways for people to gain access to a computer system. The result is that there is now a new type of property for companies to protect: the virtual space existing within the corporate computers. Obviously, a limited amount of public access to a corporate computer system is an asset: The value of e-mail, for instance, lies in the fact that it can be sent to and received from any other Internet-connected computer in the world.

The downside, of course, is that just as in the physical world, unfettered access exposes a company to the risk that its assets and resources will be damaged or destroyed. As businesses grow increasingly aware of the potential harm that can be caused by unauthorized access, they are spending large amounts of money on firewalls and gateways in an effort to protect their networks.

Companies are also increasingly interested in filtering or blocking e-mail based on its content. Much of the effort is aimed at blocking the ubiquitous spam; most companies don't see much value in multilevel marketing schemes and ads for adult websites, and few employees would disagree. And logically enough, companies are also interested in blocking e-mails that could create liability or reveal trade secrets.

But does ownership of a network over which e-mail travels give a business an unfettered right to filter or block an e-mail message because it disapproves of its political or ideological content? One ongoing case that directly raises that question involves Kourosh Kenneth Hamidi, a former engineer for Intel Corporation. Hamidi is also the principal spokesman of Former and Current Employees of Intel (FACE-Intel), a nonprofit organization that exists to give current and former Intel employees an opportunity to air their grievances about the company's working conditions. ^[8] According to the Sacramento Bee, Hamidi was fired in 1995 after a long disagreement with Intel management over workers' compensation. ^[9]

In his capacity as FACE-Intel spokesman, Hamidi sent e-mails to large numbers of Intel employees describing Intel's allegedly "abusive and discriminatory employment practices." Court documents indicate that Hamidi sent six mass mailings, reaching between 8,000 and 35,000 Intel employees each time. Intel unsuccessfully tried to block Hamidi's e-mails and subsequently filed suit against him, alleging nuisance and trespass to chattels ("chattels" is defined as "tangible movable property").

In November 1998, Sacramento Superior Court Judge John R. Lewis ruled that Hamidi had committed trespass to chattels (the nuisance claim was dropped) and ordered him to stop sending unsolicited e-mails to Intel employees over Intel's network. The injunction was upheld by the California Court of Appeals, which found that Hamidi's e-mails harmed Intel through a loss of productivity, based on the time spent by employees reading the FACE-Intel mailings and the time spent by Intel technical support personnel in trying to block them.

The lawsuit filed by Intel against Hamidi illustrates the difficulty of applying age-old legal doctrines to the brave new world of cyberspace. Under principles of common law, there are two different kinds of trespass: trespass to real property, and trespass to chattels. As we saw in Chapter 1, the protection of real property is one of the fundamental goals of our legal system; when someone enters onto someone else's property without permission, it's considered a threat to public order. As a result, a property owner can sue for trespass to real property even when there has been no harm at all to the property itself. In contrast, if someone sues for trespass to chattels, he must demonstrate that there has been some actual harm to the moveable property, or that he has been deprived of its use for a period of time.

Since no one can credibly argue that a computer network is "real property" in the same sense that an acre of land is, Intel based its suit on a claim that Hamidi committed trespass to its chattels, i.e., its computer system. In his brief to the California Supreme Court, Hamidi argued strenuously that the transmission of his e-mails through the Intel system did not cause any harm to the Intel computer system, nor did they deprive Intel of its use:

It is undisputed that Mr. Hamidi's e-mails caused no physical harm or disruption to Intel's computer equipment, nor was Intel dispossessed, even temporarily, of its computer equipment by reason of receipt of Mr. Hamidi's e-mails.... But the Court of Appeal ruled that the "loss of productivity" that Intel suffered as a result of the time spent by technical personnel attempting to block Mr. Hamidi's messages, or as a result of time that Intel employees spent reading the messages, constituted sufficient injury for purposes of trespass to chattel.... In other words, the court created a trespass to chattel doctrine that completely ignores the physical status of the chattel itself.

In doing so, the court reversed age-old legal authority. Its decision is flatly inconsistent with every decision by the California courts to consider the trespass to chattel doctrine, which requires the owner to prove either physical harm to his property, or that he has been dispossessed of his property for a period of time. ^[10]

Apart from corporate criticism, the other major e-mail trespass conflict between employers and employees involves union activities. Union leaders have discovered that e-mail offers a fast, convenient, and inexpensive means of communicating with large numbers of employees at once. Not surprisingly, employers frequently object to a union's use of the corporate e-mail system. Some argue that it cuts into workplace productivity, since the union e-mails are inevitably read at work. Others argue that to the extent that union e-mails are unwanted by the business, they constitute a trespass of the company's property.

A typical situation occurred in the summer of 1997, when the Florida Professional Association tried to form a union among the engineers at the Pratt & Whitney plant in Palm Beach, Florida. Two officers of the nascent union, Kenneth Coolidge and Brian Waldron, sent out organizing e-mails to each of the company's 2,000 engineers over the company e-mail system. Coolidge and Waldron said that they were able to send out ten mailings before Pratt & Whitney officials found out; both men were then suspended by the company for using the company e-mail system for "personal business." ^[11] Two years later, the union (which did successfully form) and Pratt & Whitney reached a settlement in which the union agreed to drop an unfair labor practice complaint and the company agreed to allow limited use of the Pratt & Whitney e-mail system for union-related e-mails.

To date there has been no specific ruling by the National Labor Relations Board about whether e-mail is protected under the terms of the National Labor Relations Act, although that appears to be the direction in which the Board is moving. In the absence of a statutory pronouncement by Congress, the question will be whether e-mail use by unions is considered to be more analogous to "one-on-one solicitation," which is permitted anywhere on company property as long as it takes place during a work break, or the "distribution of literature," which companies are entitled to regulate more closely.

Employers Lurking on the Web

Regardless of whether a business is entitled to block particular e-mails that enter its computer system, it shouldn't come as a terrible shock that the company is at least aware of what's being said. As we've seen repeatedly throughout this book, companies have powerful reasons to be aware of what's traveling across their computer network.

The next level of inquiry is the extent to which employers should monitor what employees say about them when the messages don't necessarily travel across the company network. You can use a home or public computer to post messages about your employer in Usenet newsgroups, on website message boards and chat rooms, and on IRC channels. With relatively little difficulty, you could set up an entire website devoted to criticizing your company, without coming anywhere near your employer's computer system. But that may not offer you much greater protection; because of the potential impact on their business interests, companies take an active interest in what's being said about them, regardless of the source.

Of course, Internet newsgroups, message boards, chat rooms, and websites are generally public forums; anyone, including the management of your company, can visit them. In fact, monitoring relevant news groups, message boards, and websites is a good way for a company to learn about consumer and shareholder concerns.

Tension arises chiefly when a corporation reads something it doesn't like, particularly when the comment or information has been (or the corporation thinks it has been) posted by an employee. The conflict that arises at such times is between a corporation's right to defend itself and an employee's right to exercise her right to free speech under the First Amendment.

As a practical matter, employees are at a tremendous disadvantage in resolving that type of conflict. It's unequivocally clear that employees have very limited constitutional rights while on company property. Outside of the workplace, employees have a slightly greater level of protection, at least if they get sued in one of the nineteen states that has passed a so-called anti-SLAPP (Strategic Lawsuits Against Public Participation) statute. ^[12] However, employees have relatively little protection if their employer decides to terminate them because the company's management disliked what the employee was saying online. While there are fairly solid federal and state protections against various types of discrimination, there's really nothing that extends the protections of the First Amendment to the workplace.

Of course, even if the First Amendment or SLAPP statutes protected statements by employees, they wouldn't protect statements intended to manipulate the price of a publicly traded stock. Calhoun Consulting Group (CCG), a Waltham, Massachusetts, company that advises other businesses on stock fraud, routinely reviews postings made to investment websites. In one typical case, CCG came across postings by an engineer at 3M Corporation to Silicon Investor, a popular stock bulletin board, in which the engineer boasted about 3M's new products and bargain stock price. While there was no indication that the engineer was making the postings for his own benefit, such disclosures could nonetheless expose the company to sanctions by the Securities and Exchange Commission. ^[13]

Even if a corporation is not directly liable for the actions of its employees, apparent manipulation of the company's stock price can have a devastating effect on the company and its reputation. Take the case of Gary Dale Hoke, a midlevel engineer for PairGain Technologies, Inc., an Irvine, California-based telecommunications equipment company. With only a few hours work, Hoke was able to significantly affect the price of PairGain's stock. Although Hoke did not benefit from his manipulation, it would have been a fairly simple matter for him to try to do so. Of equal if not greater interest is the daunting rapidity with which Hoke was identified and arrested. It's an object lesson not merely in how seriously both companies and law enforcement take these types of activities, but also in the tremendous investigatory tools that are now available.

On the morning of April 7, 1999, visitors to the Yahoo! finance bulletin board regarding PairGain saw a posting from someone purporting to be Stacey Lawson of Knoxville, Tennessee. The message stated that PairGain was about to be purchased for roughly $1.35 billion by the Israeli company ECI Telecom, Ltd. The message also contained a link to an article on Bloomberg L.P.'s news site, which purported to have an announcement about the sale. In reality, the Bloomberg "article" was a phony page created by Hoke.

Following the Yahoo! posting, the price of PairGain's stock rose from $8 1/2 to $11, an increase of more than 30 percent. When PairGain issued a statement that afternoon that the report of a buyout was false, the price of the company's stock fell back to $9. In the process, some investors lost thousands of dollars.

That same afternoon, the U.S. Attorney's Office in Los Angeles and the Los Angeles branch of the FBI began an investigation. An inquiry by the Securities and Exchange Commission revealed no unusual trading activity either before or after the hoax, so the investigation focused on the Web activity. The messages posted to the Yahoo! finance board and other stock discussion sites were clearly fake, so they offered little potential evidence. However, the fake Bloomberg site was hosted by a free website hosting company called Angelfire, which provided the FBI with some useful information.

Specifically, Angelfire gave the FBI the IP (Internet protocol) addresses of the computer used to post the fake Bloomberg article onto the Angelfire system. The FBI then compared those IP addresses to a public directory of IP addresses and learned that some were associated with computers at Pair-Gain and some were associated with an Internet service provider called Mindspring. The IP addresses and access times were presented to Mindspring, which matched them up with activity on a Mindspring account by someone with the user name "ghoke." As it turned out, Mindspring also maintained something called "radius logs" (similar to consumer caller ID), which tracks the phone numbers used to call into the service. The calls made by user "ghoke" were made from a telephone owned by one Gary Hoke, a PairGain employee at the company's Raleigh, North Carolina, branch.

Armed with that information, the FBI was able to obtain a search warrant for Hoke's home and during the search, seized a laptop that contained portions of the fake Bloomberg website. Hoke was arrested by the FBI just one week after posting the fraudulent messages, and he pleaded guilty to two counts of securities fraud on June 21, 1999. Two months later, on August 30, Hoke was sentenced to five months of home detention and five years' probation. He was also ordered to pay $93,000 in restitution to investors who lost money due to the fraudulent report.

Proving once again that timing is everything, the impact of Hoke's hoax was heightened by the fact that when he posted his fake messages on the Yahoo! finance bulletin board, the PairGain headquarters in California was still closed. In addition, April 7, 1999, was an Israeli holiday, so there was no way to verify the posting with ECI Telecom. Not wanting to be left out of a possible stock surge, a number of investors plunged ahead and bought PairGain stock before the company opened for business on the West Coast and refuted the buyout announcement.

Bulletin boards and newsgroups are obviously a potential source of concern, but companies are also paying close attention to online chat rooms and IRC channels. The chief danger for businesses is that conversations in those forums take place in real time, which increases the likelihood of inappropriate disclosures and makes it more difficult to prevent them from occurring.

While it's not difficult to understand why companies want to monitor employee Web postings, the methods they use can be troubling. For instance, companies often hire people to secretly monitor chat rooms and newsgroups (a phenomenon known on the Web as lurking), or instruct trusted employees to pose as consumers or disaffected employees in an effort to draw out unguarded comments by other employees. ^[14]

This practice backfired recently for Hawaiian Airlines, which was in a disagreement with the union representing its pilots. Robert Konop, a Hawaiian Airlines pilot, set up a website so that he and his fellow pilots could exchange information and freely criticize airline management. To protect the identity of message posters, Konop password-protected his website.

Frustrated by his inability to view Konop's site, a Hawaiian Airlines vice president persuaded two airline pilots to let him use their passwords. In the lawsuit that Konop later filed against the company, he claimed that the vice president had disclosed the contents of his site to a rival faction within the pilot's union (one that was allegedly more sympathetic to management), and that he had threatened to sue Konop personally for defamation. Konop also argued that by viewing his site without permission, the airline violated the federal Wiretap Act and the Stored Communication Act.

In a decision handed down at the end of this summer, the U.S. Court of Appeals held that Hawaiian Airlines did not violate the Wiretap Act because the law only covers "interceptions" that occur at the same time that a transmission takes place. Since the vice president was looking at stored data, his actions did not constitute an "interception."

By contrast, the court found that the airline may have violated the Stored Communication Act, which forbids unauthorized access to stored material. Hawaiian Airlines argued that since it had the permission of a password holder, its viewing of the site was authorized. However, the court ruled that it was unclear whether the pilots who turned over their passwords were actually "users" of Konop's site.

More significantly, the court ruled that Konop's website constituted "union activity" under the terms of the Railway Labor Act (which also covers airlines), and that by viewing the password-protected site, the Hawaiian Airlines executive was engaged in unlawful surveillance.

The Struggle for Anonymity

Given the potential for retaliation by an angry employer, it's not particularly surprisingly that employees will go to great lengths to remain anonymous when they post critical comments online. The simplest method is to sign up with one of the many e-mail services that permit anonymous registrations, like Yahoo!, America Online, or Hotmail.

Another technique is to use an anonymous remailer to post messages. An anonymous remailer is a service that receives e-mail messages, strips away identifying information about the sender, substitutes an anonymous term or code, and then forwards the message on to its destination. To the frustration of law enforcement, corporations, and despotic regimes around the world, a well-constructed anonymous remailer is effectively a one-way door: Once a message passes through the remailer, there is no way for anyone, including the remailer itself, to tell where the message originated. ^[15]

Legitimate concern over the myriad illicit uses of online anonymity (libelous statements, sexual harassment, stalking, fraud, child pornography, etc.) has encouraged lawmakers to draft legislation that would outlaw the use of anonymous remailers. The Georgia state legislature, for example, made it illegal to send out computer transmissions that "falsely identify" the sender, but the law was declared unconstitutional by a U.S. District Court in 1997. However, many of the antispam laws that have been passed or are currently under consideration around the country include provisions that make it illegal to use software designed to falsify "electronic mail transmission information." Whether those provisions are constitutional is still an undecided question. ^[16]

Because of the potential damage to a business's reputation, interests, or stock price, employers are becoming increasingly aggressive in their efforts to uncover the true identities of the people who are posting critical messages. While an employer's ability to track down the source of messages posted to Internet bulletin boards through anonymous remailers is fairly limited, that's not true for messages posted by employees using "anonymous" e-mail accounts. Internet e-mail services have shown little desire to get in the middle of a potentially protracted and certainly expensive battle over user privacy. Currently, the practice at Yahoo!, for instance, is to notify a user if a request for his identity has been made; if the user does not respond, then Yahoo! turns over the information.

Appropriately enough, one of the first cases to test the strength of online anonymity involved Raytheon, which manufactures an electronic surveillance program called SilentRunner. Raytheon's monitoring program allows network administrators to track everything that passes over a corporate network without notice to the network's users.

In February 1999, Raytheon filed a lawsuit, Raytheon v. John Does 1–21, in which it sought $25,000 each from twenty-one "John Does," anonymous individuals that Raytheon claimed had made disparaging comments about the company on Yahoo! message boards. Raytheon also claimed that the John Does were employees who were leaking proprietary information online in violation of company policy.

Having filed a lawsuit, Raytheon was entitled to subpoena Yahoo! for the names of the individuals as part of its discovery process. As soon as Yahoo! handed over the names of the message posters, Raytheon dropped the lawsuit. Not long afterwards, four Raytheon employees (including a vice president of the company) resigned. The remainder of the employees entered what Raytheon coyly described as "corporate counseling." ^[17]

Employees and other individuals who want to remain anonymous online took a great deal of comfort from a ruling last year by a U.S. District Court in Los Angeles in the case of Global Telemedia International v. Does. The telecommunications firm, upset by critical comments posted to Internet message boards and chat rooms, filed a libel action to recover damages not only from the individual message posters, but from the online services themselves. In addition, Global Telemedia served subpoenas aimed at uncovering the identity of the message posters.

In a decision issued on February 23, 2001, Judge David O. Carter dismissed the lawsuit, ruling that the messages and chat room conversations were statements of opinion and not fact. In order for a statement to be libelous, the court noted, it must reasonably appear to a listener to be a statement of fact and not opinion. To support his conclusion that no reasonable reader could have interpreted the online statements as fact, Judge Carter quoted a representative passage from the Raging Bull website:

This company has put it up your arse again this week with no filing no nothin (sic) no chance to buy it off shore on international exchanges ... stupid flippin puss I got info comin at you that will make you puke about this stock and then you can thank me.

The court made its opinion of the postings clear:

To put it mildly, these postings, as well as the others presented to the Court, lack the formality and polish typically found in documents in which a reader would expect to find facts. It is unlikely, for example, that a corporation would express the view that investors should "up the volume for some of that 2 dollar love." ... Nor would the SEC ever state that GTMI is "steering the sinking ship but don't worry they are headed for the calmer waters of the Caribbean where your money will be safe from federal authorities." ... the general tone and context [and content and style] of these messages strongly suggest that they are the opinions of the posters. ^[18]

Despite the potentially valuable support of the Global Telemedia decision, lawsuits against John Doe continue to be a tremendously active area of the law. In general, the primary purpose of these lawsuits remains an effort to identify the senders, not to recover monetary damages. However, in at least one instance, a company succeeded in obtaining a monetary verdict: In 1998, a Texas conglomerate called American Eco won an $8.3 million verdict against one "John Doe" for comments that he had posted anonymously. There's no word on the success of American Eco's efforts to collect on its judgment.

^[7]The corporation was given five years' probation, however, and fined $500,000 for its obstruction of justice.

^[8]Opening Brief on the Merits, Intel Corp. v. Hamidi, Cal. Supreme Ct. No. S103781, May 16, 2002.

^[9]Claire Cooper, "High court to hear Intel e-mail case," Sacramento Bee (March 28, 2002).

^[10]Opening Brief on the Merits, Intel Corp. v. Hamidi, Cal. Supreme Ct. No. S103781, May 16, 2002 (citations omitted). A decision by the California Supreme Court is expected some time in 2003.

^[11]Noam S. Cohen, "Corporations Try to Bar Use of E-Mail by Unions," The New York Times (August 23, 1999).

^[12]Under the terms of a SLAPP statute, a defendant (usually an individual employee) can compel the plaintiff (usually a corporation) to demonstrate that it is likely to prevail on the merits of its defamation claim before the suit can go forward. The statute is intended to reduce the ability of well-heeled corporations from intimidating Web posters with the threat of an expensive lawsuit.

^[13]Joann Muller, "Trouble on the Internet ...", Boston Globe (October 23, 1998).

^[14]Law enforcement uses the same techniques. Officers and federal agents are trained to lurk in sexually-oriented chat rooms, pretending to be young children, and to track down users who solicit them for sex.

^[15]Employees should keep in mind that as a practical matter, there is little chance of remaining anonymous if they use their employer's computer and network to post messages, even if they use an anonymous e-mail account or remailer. Using a variety of software, an employer can easily record the content of messages long before they are dispatched to the anonymous remailer.

^[16]Pamela Mendels, "The Two Faces of Online Anonymity," The New York Times (July 21, 1999).

^[17]Tom Kirchofer, "Raytheon Drops Internet Chat Suit," Yahoo! News (May 21, 1999).

^[18]Order Granting Defendants' Special Motion to Strike, Global Telemedia International, Inc. v. Doe 1 et al., 132 F. Supp. 2d 1261 (C.D. Calif. February 23, 2001) (citations omitted).