Will a sponsor prevent the posting of a message that violates a law?
How can a company contact a sponsor to remove a message?
Can a sponsor remove a message if a company can demonstrate a legitimate reason for its removal?
Will a sponsor remove a message if a company can demonstrate a legitimate reason for its removal?
What are the terms and conditions in sponsor policies?
What types of conduct are prohibited in sponsor policies?
Where are sponsor policies found?
Can sponsors be held liable for the messages posted on their boards?
Can a sponsor sue an author for messages posted on the sponsor's Web site?

E. Deciding Whether to Unmask an Author

What risks does a company face if it tries to unmask an author?
What risks does a company face if it files a lawsuit to unmask an author?
Which companies have filed lawsuits to unmask an author?
Who are the privacy advocates that are assisting anonymous authors?

F. How Can a Company Unmask an Anonymous Author

How can companies determine the identity of an anonymous author?
Can a company convince a sponsor to voluntarily reveal an author's identity?
What alternatives does a company have to contacting a sponsor to unmask an author?
What type of information does a sponsor have about an anonymous author?
Do sponsors cooperate with subpoena requests?
Will a sponsor contact an anonymous author before removing its message?
What might an author do if it's informed that a subpoena has been obtained?

G. Filing Lawsuits to Unmask Authors

Where should a company file a John or Jane Doe lawsuit?
Have companies successfully unmasked authors of messages through lawsuits?
What are examples of authors fighting back in court?

H. How to Handle Employees Who Post Messages About Their Employer

Should a company care if its employees participate on message boards?
How can a company regulate how employees use message boards?
Can a company enforce a policy that restricts employees from posting messages?
How can a company determine if an employee posts a message?
Can a company ever be certain that an author is an employee?

I. Potential Employer Obligations Arising from Employee Messages

Can a company be liable for messages posted by an employee?
What should a company do if an employee posts an inappropriate message?
What if an employee posts material non-public information about its employer in a message?
Why should employees not post messages with "selective disclosure" on a board?
Does posting information on the Web make it "public"?
Does a company have a duty to correct misleading rumors that circulate on a message board?
Can a company correct misleading rumors that circulate on a message board if it has a "no comment" policy?
What is control person liability?
Why should a company care about control person liability?
How can companies avoid incurring control person liability?
What is aiding and abetting?
What is respondeat superior?
What are corporate best practices to reduce the likelihood of employee problems on message boards?

J. Companies Who Participate on Message Boards

Should a company communicate with investors on message boards?

A. Understanding Message Boards

What is a "message board"?

A message board is a place on a Web site where a visitor can type a message (known as a "post").

Upon accessing a board, visitors will see a list of message titles sorted by the time and date posted as well as the author's name-in most cases, an alias. Clicking on the title brings up the message for review.

Visitors can easily navigate around a board - ranging from message replies to keyword searchs for a particular topic or author.

Once posted, a message can be viewed by any visitor to the message board. Visitors may reply to the message by posting another message. In this way, message boards enable exchanges of information, ideas or opinions - as well as a great deal of gossip and rumors.

Message boards also are known as bulletin boards or BBSs. Note that "chat rooms" are different than message boards. See more @ chat rooms.

Where can message boards be found?

On numerous Web sites that cater to investors - as well as other online communities. There also are "Clubs" where investors with similar interests gather (such as Yahoo! Clubs).

Message boards are attractive to investors as a way to anonymously share opinions and insights about the stock market generally as well as individual stocks.

A company that operates a Web site that hosts message boards is known as a "sponsor," "host," or "board operator."

How much does it cost to post messages or visit a board?

In almost all cases, messages can be posted for free - although normally a visitor must first register to become a "member" of the Web site.

Registration for membership is free - but requires that a visitor provides personal data. However, the data is often not confirmed - and visitors create bogus identities.

Most sponsors permit visitors to freely view messages without registering as a member - but several sponsors do require registration even for viewing.

Source: As examples of atypical sponsors, E*Trade requires member registration to view messages and visitors must pay to subscribe to AOL's Internet service before accessing their boards.

How can someone become a "member" of a message board community?

By registering on the sponsor's Web site, which typically is free.

Membership can be terminated by a sponsor for any reason - but most likely would only happen if a member violates the sponsor's policies, including its "terms and conditions." See more @ sponsor terms and conditions.

What are the most popular message board communities?

The most popular sponsors host hundreds of boards. On most of these sites, separate boards are dedicated to discussions about particular companies and their stock.

The most active boards have thousands of messages posted about particular companies - but these companies are not necessarily the most widely held; they tend to be technology companies (many with small market capitalizations).

The following sponsors have the most popular boards for investors:

Yahoo Finance! - nearly 8000 individual company message boards messages.yahoo.com/yahoo/Business___Finance/index.html
Motley Fool - thousands of individual company message boards boards.fool.com/
AOL - subscription-based, but 22 million people subscribe
Microsoft Investor - hosts chat rooms but not message boards moneycentral.msn.com/investor/home.asp
Silicon Investors - broken out by industries and topics www.siliconinvestor.com/stocktalk/ and www.techstockinvestor.com/
E*Trade - www.etrade.com/cgi-bin/gx.cgi/Applogic+Community
Vault.com - thousands of individual message boards designed specifically for current, former or potential employees at www. vault.com/forums/messageintro.cfm.
Raging Bull - numerous individual company message boards, including penny stocks www.ragingbull.com

Note that most of these sponsors do not host boards dedicated to companies whose stock is traded over-the-counter or are penny stocks (i.e., stock price is below $5) - primarily due to a higher propensity for fraud and manipulation on these types of boards. Also note that some message boards have reputations of having more - or less - "legitimate" messages than others. For example, the boards at Raging Bull and Yahoo! Finance tend to have more inflammatory messages than other sponsors.

Source: Raging Bull (also known as "Raging B.S.") is one of the few sponsors that host boards for companies whose stock is traded over-the-counter or are penny stocks. Several other sponsors, such as Motley Fool, used to sponsor these types of boards - but discontinued the practice.

How are messages posted?

Quite easily. Most sponsors require visitors to register with them (which is free) before they can post. Then, a member just needs to type a message and submit.

Note that most sponsors do not require visitors to register to view messages (known as "lurking").

What are the differences between "message boards" and "chat rooms"?

A "chat room" is a place on a Web site where visitors can exchange messages in real time - if they are logged on to the Web site at the same time - and then the messages are automatically deleted.

On a "message board," visitors leave messages to be viewed and replied to at a later time.

Note that there is a third type of discussion forum - the newsgroup. Its popularity has been dwindling - even as the ability to access newsgroups has become quite easy because the software to access them is now built into most browsers. The most popular set of newsgroups is the Usenet.

B. How Messages Can Harm a Company

What is happening on message boards?

Most messages are conversational and do not contain useful information - probably because anyone can post any type of message (subject to a sponsor's discretion to remove a message). Although there is a lot of meaningless banter on boards, some kernels of knowledge do exist.

Messages are posted by many types of persons - including investors, stockholders and employees.

What is a "cybersmear"?

A common description for messages that contain false and disparaging information about someone or something. Cybersmears can significantly impact a company's stock price.

Source: An excellent article on cybersmears and public companies is Blake Bell, "Dealing with False Internet Rumors: A Corporate Primer," wallstreetlawyer.com (December 1998).

Why would someone want to post a cybersmear?

Probably for the same reasons why anyone would circulate a rumor off-line, including:

Manipulate a stock price
Provide misinformation about a competitor
Complain about services or products
Revenge for termination or working conditions
Inadvertently because someone is innocently blowing off steam
Mistakenly repeated because the author believe the information is true

What are examples of how cybersmears can impact a stock price?

Thousands of cybersmears are posted each year, many of which are relatively harmless - but relatively few materially impact a company's stock price or reputation.

Probably the earliest example of the impact of cybersmears was Motley Fool's 1995 April Fools joke. It concocted a fake company and claimed its stock was listed on a fictional exchange and then posted 50 messages about the company - and a number of investors tried to trade the fictional company's stock. Motley Fool played a similar prank on Aprils Fool Day 2000 and had the same results.

A real life example involved Imaginon Inc. - a small-cap company whose stock rose from 41 cents to $15.25 (a 3700% increase!) during a 3-month period in late 1998 due to message board rumors about a reverse acquisition.

Source: For an article about Imaginon's miraculous rise and the messages that caused it, see "Stemming the Tide of Touts on Stock Message Boards," New York Times on the Web (February 21, 1999).

C. What Can Companies Do about Harmful Messages

What are companies doing about harmful messages?

Depends on the company - and the facts and circumstances. Some companies take action, even legal action. Some companies do nothing.

Many companies are not even aware that a cybersmear against them has been made - mainly due to the difficult task of monitoring the Internet (which includes the Web, intranets and e-mail). See more @ monitoring the Internet.

Even if a company becomes aware of a cybersmear, many don't know what to do since they are relatively novel - and "best practices" have not yet been developed. It appears that a developing trend is to file a lawsuit to unmask anonymous authors and then confront them in private - but this can have adverse consequences. See more @ unmasking authors.

What types of legal actions can be brought against harmful messages?

There are numerous types, many of which are state law actions, including:

Fraud
Defamation or libel
Trade secrets
Harassment
Invasion of privacy
Stock manipulation
Breach of fiduciary duty
Breach of contract
Respondeat superior for employee's misconduct
Copyright or trademark infringement

How can a company monitor what is posted about it on message boards?

By making a conscious decision to do so and devote resources to it.

The first step is designating a department or person to be responsible for monitoring and training them what to look for - even if a third party monitoring service is used, someone still must direct the service as well as review their findings.

Due to the breadth of information available on the Web, it's close to impossible to monitor all boards - even hiring a third party monitoring service doesn't solve these immense task since someone must review the reports that these services generate. Companies should establish priorities about what to monitor - and fine tune these parameters over time as more experience is obtained. See more @ why companies hire third party monitoring services.

Why do some companies hire third party monitoring services?

Because they want to keep track of more than just the message boards - and monitoring the entire Web can be daunting since even the best search engines scan only one-third of the Web's content.

These monitoring services also can more easily separate the wheat from the chaff. Most third party services use sophisticated software to make this task easier and more cost efficient - although these services can cost significant amounts of money.

Another benefit of these services is their neutrality. If employees are responsible for monitoring the Web, they may be more prone to be enraged over inflammatory - but not illegal - messages than a third-party.

However, the most important part of hiring a monitoring service is providing the right search parameters to them and taking the time to look at what they find. Even for the services that offer analysis, companies still will need someone - probably a lawyer - involved in interpreting the results and deciding what action to take.

Who are the third party monitoring services?

At this time, there are more than a half dozen, including:

PR Newswire's E-Watch (www.ewatch.com) - is a full service monitoring company that is over 5 years old. It monitors the Web daily to provide reports to its clients and builds profiles to help clients identify the persons who have posted messages.
Cyveillance (www.cyveillance.com) - is a full service monitoring company that uses sophisticated technology to search deep within communities to provide results depending on what a company's needs are. The company's services range beyond those offered by the other providers to include legal services for responses to trademark abuse and copyright and patent infringement. Cyveillance's monitoring services focus chiefly on maintaining a positive corporate image. The company offers strategies for problems ranging from rumor management to defamation control to hate references.
The Edge - ChaseMellon's service
Webclipping.com (www.webclipping.com) provides a more affordable alternative, with prices ranging between $100 and $250 per month. The company also monitors. Results are delivered via a daily or weekly e-mail report with full text generated from online findings.
Cyber Alert (www.cyberalert.com) provides similar services. It specializes in instant information dissemination by monitoring 425 news sources every four to six hours. The service provides subscribers with a daily e-mail for up to five users for $295 per month.
Company Sleuth (www.companysleuth.com) is one of the cheapest ways to monitor public companies. The service provides free daily e-mails with information on Usenet and chat room postings, SEC filings, analyst reports, and other publicly available information. Company Sleuth offers two particularly interesting features. First, the service monitors domain name registrations. This feature has become popular among day traders, who monitor registrations for potential merger activity under the premise that corporations are likely to register new domain name variations in advance of public disclosure of takeover or merger plans. Second, Company Sleuth monitors a range of legal filings, including new patent and trademark registrations as well as federal litigation activity.
NetMind (www.netmind.com) - is another free service that monitors Web pages on a daily basis for changes or the appearance of keywords selected by the user. When a page changes, NetMind sends the user an e-mail with a hyperlink directly to the changed page. Monitoring the "What's New" page of a Web site is an effective means of keeping current with changes to that site.

D. Sponsors Involvement and Liability for Harmful Messages

Will a sponsor prevent the posting of a message that violates a law?

No - sponsors do not pre-screen or approve message content.

All sponsors have policies that prohibit certain types of conduct on their boards - as well as disclaim any requirement to screen messages before they are posted. However, sponsors universally reserve the right in their policies to monitor their boards and remove messages at their discretion.

Some sponsors randomly review messages after they have been posted - this practice appears to fall within a publisher's traditional editorial duties and is protected by a federal law that immunizes sponsors for messages on their boards (and by recent cases that have upheld a broad interpretation of this law). See more @ sponsor liability for messages.

How can a company contact a sponsor to remove a message?

Most sponsors provide e-mail addresses on their Web sites - but no other contact information, such as a contact name or phone number.

As of March 2000, the following sponsors provided the following contact information on their Web sites:

Yahoo - complaint form at add.yahoo.com/fast/ help/abuse/cgi_abuse
Motley Fool - FoolBoards@fool.com
Silicon Investors - comments@investorguide.com
E*Trade - no contact information for complaints
AOL - online complaint form
Vault.com - community@staff.vault.com, or for copyright violations, contact Louis Black at lblack@staff.vault.com or 212/366-4212
Raging Bull - Rusty Szurek at rusty@ragingbull.com or by phone at (978) 684-3760 and an online complaint form at Raging Bull.

Source: Yahoo! and Raging Bull also have "Ignore" functions to allow visitors to self-censor any messages posted by a particular member. For Raging Bull, the drop down box for "Select a Violation" only offers 4 types of violations, none of which pertain to the type of complaints that companies would raise.

Can a sponsor remove a message if a company can demonstrate a legitimate reason for its removal?

Most sponsor policies allow them to remove a message for any reason - even if the author complies with the policy's terms and conditions.

Note that most sponsors reserve the right to change their policies at any time without notice to members.

Will a sponsor remove a message if a company can demonstrate a legitimate reason for its removal?

It's possible - but some sponsors do not remove messages without some type of legal action initiated by a company.

Companies may be able to convince a sponsor to voluntarily remove a message - if it can demonstrate a legitimate reason for removal. The more legitimate the reason - such as an obvious violation of a law - the more likely that a sponsor will voluntarily remove a message. Note that even in these cases, a sponsor probably still won't reveal an author's identity. See more @ sponsors voluntarily identifying an authorF.

Under their policies, sponsors have complete discretion to remove messages-without providing a rationale or even if the author complies with the sponsor's terms and conditions. However, sponsors rarely exercise this discretion as noted above.

Source: As an example of sponsor discretion, Yahoo voluntarily removed controversial messages regarding Lockheed Martin Corp. and its largest customer, without either party requesting that the sponsor remove the messages as noted in "Yahoo Censors Internet Postings," Boston Globe (November 3, 1999).

What are the terms and conditions in sponsor policies?

Although each sponsor's terms and conditions vary, typical terms and conditions include:

members cannot share their memberships with others (i.e. can't share user names and passwords)
members can maintain only one membership with a sponsor at a time
members must be at least 18 years old

See more @ where sponsor policies are found.

What types of conduct are prohibited in sponsor policies?

Although each sponsor's policy differs in some manner, they typically prohibit:

Breaking the law
Breaking the securities law
Advertising
Threats
Sexually explicit material
Impersonations
Viruses
Offer to buy or sell stock

If a sponsor believes that an author has violated its policies - it has the discretion to remove the message and terminate the membership of the author.

Where are sponsor policies found?

On their Web sites - typically called "Terms of Use." For example, the following sponsors post their policies at the following URLs:

Yahoo - docs.yahoo.com/info/terms/
Motley Fool - www.fool.com/Help/FoolsRules.htm
Silicon Investors - www.siliconinvestor.com/misc/tou.html
Tech Stocks - xinvestorville.futurequest.net/termsofuse.htm
Microsoft Investor - www.msn.com/help/legal/terms.htm
AOL - on the subscription based site
Raging Bull - www.ragingbull.com/member/TermsOfUse.html
Vault.com - www.vault.com/vstore/pages/message/PrivacyPolicy.cfm

Can sponsors be held liable for the messages posted on their boards?

Probably not for defamation and other publication torts - particularly if a sponsor does not take actions that go beyond a traditional publisher's editorial role. However, sponsors may be found liable for copyright infringements or trademark violations.

Congress has enacted a law to protect sponsors - and this law has been upheld in the courts so far. The cases have broadly interpreted the law to protect sponsors - allowing sponsors to decide whether to publish, delete, postpone or alter content provided by third parties without liability.

There still are some open issues, such as how far can a sponsor edit content before it's deemed to have conducted activities not contemplated in the law - and how inclusive is the protection for providers of "interactive computer services"?

In addition to the protections provided by this federal law, each sponsor's policy disclaims liability for the content of any of the messages on their boards. These disclaimers can serve as another defense against liability.

Source: Under Section 230(c) of the Communications Decency Act of 1996 (known as the "Good Samaritan" provision), sponsors are immune from liability for messages posted on their boards by third parties. Cases that have upheld the Good Samaritan provision include: Prodigy Communications Corp. v. Lunney, 723 N.E. 2d 539 (NY 1999)(sponsor held not liable for defamatory messages on its site without its knowledge or participation) and Zeran v. America Online, Inc., 129 F.3d 327 (4th Cir. 1997), cert. denied U.S. Supreme Court (1998)(AOL held not liable for allegedly acting unreasonably slow to delete alleged defamatory messages).

Can a sponsor sue an author for messages posted on the sponsor's Web site?

Many sponsors have provisions in their policies that purport to have authors who violate their policies indemnify the sponsor for any liability for their infractions. However, there are no written contracts between authors and sponsors - and there are very few cases of a sponsor suing an author.

E. Deciding Whether to Unmask an Author

What risks does a company face if it tries to unmask an author?

If the author probably is an employee, a company should evaluate the potential impact on suing an employee on the morale of the other employees: will the employer be perceived as using "Gestapo" tactics?

Companies also should be prepared for negative media coverage - since privacy and free speech on the Internet are timely and sensitive topics. Online privacy advocates have aligned themselves with John and Jane Does - and these advocates know how to leverage the power of the media.

In addition, some jurisdictions have anti-SLAPP statutes that may be the basis for an author to preserve its anonymity - if the author can show that the lawsuit likely is frivolous. These statutes are meant to prevent litigation designed to stifle public debate - and often apply to John Doe suits. See more @ lawsuits to unmask authors.

Source: The Electronic Privacy Information Center (also known as the Electronic Frontier Foundation (www.eff.org) and the American Civil Liberties Union (www.aclu.org) are quite active in helping John and Jane Does preserve their anonymity in these lawsuits.

What risks does a company face if it files a lawsuit to unmask an author?

Litigation costs - and a higher likelihood that the media will cover the matter and that third parties will get involved, such as online privacy advocates.

If a court finds that the case is frivolous - companies may be hit with sanctions and pay the author's attorney fees. Courts often levy these if a lawsuit is filed on mere suspicion - since the judicial system is not supposed to be used to engage in "fishing expeditions" (i.e. lawsuit filed merely to obtain subpoenas to determine that a tort in fact has been committed).

Source: One Web site is devoted to anonymous author rights, www.johndoes.org. In addition, Yahoo Clubs! has a John Does Club (that had 98 members in Spring 2000) where messages regarding related lawsuits are posted and online chats and conferences regarding unmasking authors are promoted at clubs.yahoo.com/clubs/johndoes.

Which companies have filed lawsuits to unmask an author?

Reportedly, over 200 companies have filed these lawsuits.

For example, in early 1999, Raytheon filed a highly publicized John Doe breach-of-contract suit and sought to identify 21 anonymous authors whom company officials believed were employees.

After learning that some of the authors did indeed work for the company, Raytheon dropped the suit and opted instead to handle the matter internally - and eventually 3 employees left the company. One year later, the "Raytheon 21" still communicate on the Web and it's reported that the widespread publicity of the lawsuit impacted employee morale at Raytheon for some time.

Source: This incident is discussed in "Raytheon Employees Resign in Wake of Lawsuit Protesting Internet Postings," Wall Street Journal (April 5, 1999). The complaint filed in Raytheon Co. v. John Does 1-21, a/k/a "AT_THE_EDGE," Mass. Super. Ct. No. 99-816, is available online at http://www.intelico.com/johndoe1.htm.

Who are the privacy advocates that are assisting anonymous authors?

At the forefront of the battle to maintain privacy are non-profit advocacy organizations. These advocates are particularly troubled about online developments that have raised serious questions regarding free speech, anonymity and privacy. For example, they believe that companies increasingly bring John Doe lawsuits just to intimidate pseudonymous authors and silence any critics.

Some of these advocates have been around for decades and are very proficient at fighting for their causes, such as the American Civil Liberties Union. Some of these advocates only recently have opened shop, in the wake of the Web's birth.

Not only do advocates make speeches and raise awareness of pertinent issues, but they actively participate in the legal process - either by providing legal advice directly to defendants, filing amicus briefs or lobbying federal or state legislatures. Under the right circumstances, they will file a lawsuit themselves to challenge what they deem to be an unjust lawsuit or law. On more than one occasion, they have been willing to withstand the financial burdens to pursue a case all the way up to the Supreme Court.

These advocates include:

Electronic Frontier Foundation (www.eff.org) - founded in 1990, it is a nonprofit public-interest organization devoted to defending privacy, fair use and free expression. It has a wealth of content related to free expression, particularly on protecting one's online privacy. Its "EFF Archive" contains thousands of white papers, legal briefs and reports regarding eight timely topics. There also is a chronological list of upcoming events regarding free expression issues and an explanation of the different ways that visitors can get involved. Visitors can use a simple form on the site to subscribe to an e-zine, "EFFector" which has over 20,000 subscribers.
Electronic Privacy Information Center (www.epic.org) - founded in 1994, it is a public interest research center established to focus attention on emerging civil liberties issues as well as lobbying for these issues. Under its "Policy Archives," there is a wealth of news content regarding various civil liberty issues. There is a "Litigation Docket" that lists the latest cases involving these issues, including actions in which EPIC is actively involved. The "EPIC Bill Track" lists and links to Congressional activity related to these issues. A "Resources and Guides" section includes, among other items, back copies of its free popular newsletter, the "EPIC Alert."
American Civil Liberties Union (www.aclu.org) - over 80 years old, it is the grandparent of the civil liberty movement. Its Web site is extremely comprehensive. Its "Cyber-Liberties" section is merely a drop in the bucket of its wealth of content. This section contains news highlights and litigation information (primarily related to ACLU's involvement in lawsuits) as well as information about privacy, censorship, and opinion pieces.
Global Internet Liberty Campaign (www.gilc.org) - formed in 1997, it is an international coalition whose more than 50 members consist of other advocacy organizations from around the world. It was created to promote international discussion and consensus on civil liberty issues related to the Internet as well to coordinate lobbying efforts. Available in six languages (English, Spanish, French, German, Arabic and Swedish), this advocate's Web site principally focuses on international agreements and other government actions related to internet free speech, privacy, cryptography, and access. Some topics are so popular, such as "Free Speech," that the content is divided up so that each continent has a "Regional Web Page." The content then is further divided by country. Perhaps most valuable is the "GILC Alert," which is a free monthly newsletter that is archived on the site.
Free Expression Network, operates the FEN Clearinghouse (www.freeexpression.org) - another coalition that focuses on Internet censorship issues that arise on the Internet as well as in Congress, courts and schools. Its Web site primarily provides news but also contains Congressional testimony and trends/analysis reports drafted by other organizations. Interestingly, it allows visitors to "sign" petitions electronically as well as review a list of who else has signed. This is powerful since a list of several hundred signatories probably works to persuade others to follow suite and sign. The FEN's membership consists of media and civil liberties organizations.
Internet Free Expression Alliance (www.ifea.net) - a coalition that specializes in Internet free speech issues and is comprised mainly of other civil liberty and media organizations. Unlike other advocacy Web sites, its site is relatively limited, merely focusing on news and containing documents created by other organizations. Member organizations, however, are heavily involved in lobbying and other policy efforts relating to IFEA's mission, namely opposition to mandatory "censorware" (Internet content filtering software) on terminals in libraries and other public places.
Digital Future Coalition (www.dfc.org) - itdoes not have a comprehensive Web site, with the exception of brief descriptions of copyright and other publishing laws in its "Learning Center." Like IFEA, most of DFC's work is done in the offline political process. The DFC strives to strike a balance between intellectual property and fair use rights in the ongoing debate regarding the appropriate application of intellectual property law to the Internet and other electronic networks.
Privacy Rights Clearinghouse (www.privacyrights.org) - the purpose of this Web site is to provide information to the public about privacy. They do not actively engage in policy process beyond participating in coalitions. The site boasts a laundry list of relevant speeches, testimony and other documents. An affiliated portion of the site contains the Identity Theft Resource Center, where you can test your identity theft IQ and join identity theft support groups.

Source: As plaintiffs, the ACLU and the Electronic Frontier Foundation (and their allies), played a central role when the U.S. Supreme Court struck down the major censorship provisions of the Communications Decency Act of 1996 (CDA). In Reno v. ACLU, 521 U.S. 844, 117 S.Ct. 2329 (1997), the Supreme Court established that the Internet is entitled to broad 1st Amendment protections like traditional media (such as books and newspapers) and not merely the more limited 1st Amendment protections accorded typical broadcast media.

F. How Can a Company Unmask an Anonymous Author

How can companies determine the identity of an anonymous author?

Obtaining information from a sponsor can be difficult.

It's difficult to find someone at the sponsor to contact. Most sponsors provide only e-mail address contacts on their Web site - not contact names or phone numbers. See more @ contacts at sponsors.

Since time likely will be "of the essence" for companies seeking to remove a message, e-mail contact information is not particularly useful - particularly since it can take several hours or even days (if at all) for a sponsor to respond to an e-mail.

In addition, most sponsors are hesitant to divulge any information - unless a company first obtains a subpoena. Sponsors normally don't voluntarily reveal whatever information they have about an author or a message - because they take great pains to limit their liability for the content of the messages posted on their boards - and they fear that an author will allege a breach of privacy if they turn over this information.

Sponsors may be even more hesitant to divulge information after a recent lawsuit. In May 2000, an anonymous author filed a John Doe lawsuit against Yahoo! for responding to a subpoena for information about him in another lawsuit. Yahoo! provided no notice of the subpoena to the John Doe before providing his personal information. The author had posted messages criticizing his employer and was fired after Yahoo! complied with the subpoena. This case settled with the terms of the settlement under seal.

Source: The May 2000 lawsuit over Yahoo! complying with a subpoena is Acquacool v. Yahoo! - the complaint can be found at http://techlawjournal.com/courts/aquacool/20000511com.htm.

Can a company convince a sponsor to voluntarily reveal an author's identity?

It's very unlikely that a company will voluntarily reveal an author's identity - particularly after authors have begun to sue sponsors who have turned over identifying information (unless law enforcement officials make the request).

These lawsuits have been filed even though the sponsors were responding to a subpoena. Authors have sued because they were not informed by the sponsor of the subpoena's existence and did not get an opportunity to quash it to preserve their anonymity. See more @ do sponsors cooperate with subpoena requests.

If a company can provide a legitimate reason, the sponsor arguably has a basis to demonstrate a good faith belief that disclosure of an author's identity to the company was acceptable - either in the absence of a subpoena or to comply with the legal process.

Despite having complete discretion, most sponsors require that companies obtain a subpoena before they will cooperate with efforts to unmask an author. Based on recent lawsuits filed by anonymous authors against sponsors for revealing their identity without informing them first (even though they were responding to subpoenas), it's unlikely that sponsors will turn over any information about an author without a subpoena. See more @ sponsors being sued for identifying authors.

Note that it may not be a good idea to send a cease and desist letter to a sponsor urging them to remove a message - it's unlikely that this can accomplish much over a phone call and it's possible that the letter will end up on the message board itself and cause embarrassment (not posted by the sponsor, but these things somehow seem to leak out).

Source: An example of a sponsor voluntarily taking action is Yahoo Finance's process to block spam from its message boards as noted in "Yahoo Curbs Message Board Spam," c/netnews.com (July 27, 1999).

What alternatives does a company have to contacting a sponsor to unmask an author?

Cybersleuth - or hire an investigative firm to do it for the company.

A company may be able to track an author using publicly available clues. These clues can be derived from various sources, such as:

the nature of the message itself (i.e. quasi-handwriting analysis based on the terminology in the message),
through data mining (e.g. reviewing prior messages created by the same author for identification information), or
other electronic traces left behind - such as engaging the author in an online dialogue on a message board to reveal clues about the author's identity.

None of these methods rely on illegal activity, such as hacking.

Once a company unmasks an author, it can deal directly with the author and may be able to avoid having to file a subpoena - which significantly reduces the risk of media attention and adverse legal consequences.

Source: Investigation firms are springing up to help companies unmask authors, including the Internet Crimes Group (www.internetcrimesgroup.com) which was founded by an ex-member of the FBI. Depending on the complexity of a search, Internet Crimes Group charges between $2.5k-$5k to track an author and typically can turn around a request in several weeks.

What type of information does a sponsor have about an anonymous author?

A sponsor may or may not have relevant information about an anonymous author - since an author may have registered with the sponsor using fictional contact information. However, most sponsors verify an author's e-mail when they register - by requiring the author to receive an e-mail back from the sponsor before an account is activated.

So long as a sponsor has an author's e-mail address (which can indicate which Internet service provider the author uses) or the unique Internet Protocol address associated with the author's Internet service provider account, it's normally possible to locate the computer from which an author submitted its message to the board.

Do sponsors cooperate with subpoena requests?

To varying degrees. Sponsors play a pivotal role in unmasking an anonymous author - if a sponsor chooses to fight a subpoena, a company may choose to forego uncovering the identity of the author due to the heightened potential for media publicity.

After a recent lawsuit filed by an author against a sponsor, most sponsors now routinely attempt to notify an author of a subpoena's existence before complying with it. See more @ informing authors of subpoenas.

Occasionally, even if a sponsor is unable to notify an author - it still may negotiate with the company to narrow the scope of the subpoena. But in most cases, a sponsor will provide the information that it has, since sponsors typically are not in a position to evaluate the merits of the numerous subpoenas they receive.

Will a sponsor contact an anonymous author before removing its message?

More often than not - particularly in light of a recent highly publicized lawsuit where an author sued Yahoo! for complying with a subpoena without contacting the author first. See more @ authors suing sponsors for unmasking them.

Sponsors typically wait 14 days after informing an author of a subpoena before it will comply with it - this gives authors 2 weeks to take action (i.e. file a motion to quash the subpoena).

Almost all of the sponsors' publicly posted policies don't require that they notify authors of a subpoena - but most sponsors have indicated that it's their informal policy to do so anyways. After the recent lawsuit, Yahoo! has stated that it will follow an informal policy to notify authors - but will not change its formal policy to require contacting an author before complying with a subpoena.

In deciding whether to inform an author of a request or a subpoena to remove a message, sponsors may consider various factors:

the nature of the complaint;
the type of relationship it has with the author; and
whether it has some type of valid contact information.

Even if a sponsor attempts to contact an author, it may take some time to decide whether to do so - and this process may take so long that it's too late for an author to assert its legal rights to attempt to quash a subpoena.

Interestingly, a judge in a recent case required the plaintiff to make a good faith effort to communicate with anonymous defendants by posting a notice on the Yahoo! boards regarding the subpoena the plaintiff had obtained.

Source: The May 2000 lawsuit over Yahoo! complying with a subpoena is Acquacool v. Yahoo! - the complaint can be found at http://techlawjournal.com/courts/aquacool/20000511com.htm. Yahoo Finance! receives the lion's share of subpoena as noted in "Yahoo Suits Could Chill Speech," TechWeb (March 12, 1999).

What might an author do if it's informed that a subpoena has been obtained?

Most likely nothing - since most authors are not sophisticated or are not interested in hiring a lawyer to battle a company.

Some authors are hiring lawyers and using procedural maneuvers to quash a subpoena - they argue that since a constitutional right is involved, there is no reason to pierce an author's anonymity until the plaintiff can show that it's likely to meet the high standards of evidence that are required to prevail. See more @ authors fighting subpoenas.

Source: In Xircom v. John Doe (case no. CIV 188724 (Ventura County Cal. Superior Court 1999), a defendant successfully squashed a subpoena on procedural grounds.

G. Filing Lawsuits to Unmask Authors

Where should a company file a John or Jane Doe lawsuit?

In the county in the state where the sponsor's headquarters is located - since personal jurisdiction can be difficult to obtain based solely on where a message resides on a server.

In addition, some jurisdictions have anti-SLAPP statutes that may be the basis for an author to preserve its anonymity - if the author can show that the lawsuit likely is frivolous. These statutes are meant to prevent litigation designed to stifle public debate - and often apply to John Doe suits.

Source: SLAPP stands for "strategic lawsuits against public participation." The California Anti-SLAPP Project has a list of jurisdictions with anti-SLAPP laws at www.sirius.com/~casp/welcome.html.

Have companies successfully unmasked authors of messages through lawsuits?

Yes. Reportedly, over 200 companies have filed lawsuits against John and Jane Does to find out who posted a message and to seek redress - and obtained information from a subpoena to unmask an author.

Note that not all lawsuits have been successful. See more @ risks of filing a lawsuit.

Source: Some of these lawsuits are discussed in "Firms Sue to Unmask Online Attackers," The Business Journal of San Jose (August 10, 1998).

What are examples of authors fighting back in court?

Authors have successfully quashed a subpoena. In 1999, Xircom, Inc. filed a lawsuit over a message that criticized one of Xircom's new products and claimed that the product's defects had been kept quiet (Xircom v. John Doe case no. CIV 188724 (Ventura County Cal. Superior Court, May 1999). Xircom erroneously believed that the author was an employee. Based on a motion from the anonymous author, the judge effectively quashed the subpoena for undisclosed reasons. The judge did allow the plaintiff to amend its complaint - but the plaintiff declined.
Authors have successfully countersued. In September 1998, Itex filed suit alleging defamation against 100 John Does (case no. 98-09-06393 Circuit Court of Oregon for the County of Multnomah in Portland, Oregon, filed Aug. 31, 1998). After identifying and serving four Does, Itex reached a quick settlement with one of them. But two other posters filed pro se motions to dismiss the case for lack of personal jurisdiction. The fourth author, a former employee, really caused Itex to regret bringing the lawsuit. Not only did he file an answer with affirmative defenses, he also filed counterclaims and third-party claims against Itex, alleging that Itex's operations violated state securities law and seeking damages for more than $1.5 million among other relief. This defendant founded communities on the Web to discuss his case and opened the door for the Securities & Exchange Commission to investigate Itex for the alleged securities law violations. This fourth author settled its countersuit for money that he used to establish a Web site devoted to John Doe issues (www.johndoes.org).
Authors have successfully gotten companies to dismiss their lawsuits. In Thomas & Betts (case no: GIC 748128 (Superior Court of the State of California for the County of San Diego filed May 12, 2000), the company dismissed its complaint after Ralph Nader's "Public Citizen" had supported the john does. The company publicly stated it wanted to avoid the chilling effect on speech that the lawsuit created.

H. How to Handle Employees Who Post Messages About Their Employer

Should a company care if its employees participate on message boards?

Probably. It should at least educate employees about the risks to themselves and the company - and monitor boards to understand what is being said about the company.

Employers should remind employees that they owe a duty to loyalty to protect confidential information and not contribute to discussions that could lead to rumors (and that even the perception that someone is an "insider" of a company likely carries unwarranted credence on a board).

Employees may come across messages that can help them perform better in their jobs. Unfortunately, companies can wind up liable for messages that employees post - even though companies do not sponsor the boards, review their employee's messages before posting, or control their employees outside the workplace.

In particular, employees that post messages that relate to their jobs or employers can raise a myriad of securities law problems - such as control person liability, aiding and abetting, misleading disclosure and selective disclosure. See more @ potential employer liability for employee messages.

How can a company regulate how employees use message boards?

With Internet use policies or through other corporate policies - or by denying access to Web sites that sponsor boards with filtering software.

In the wake of published reports of problems caused by employee posts, growing numbers of companies have established or amended their Internet use policies to address message board use.

Although these policies can help educate employees about the dangers of posting messages, questions remain regarding the enforceability of certain provisions in these policies.

In addition, some companies have used technological solutions by filtering Web sites that contain boards. Of course, this can negatively impact employee morale and does not solve problems caused by message board use outside the workplace.

Can a company enforce a policy that restricts employees from posting messages?

It probably depends on how the policy is drafted - but there still is uncertainty in this grey area. Some matters can not be prohibited, such as preventing employees from organizing a labor union through message boards from their homes.

Companies should be sensitive to not violating the First Amendment to the U.S. Constitution. On their own free time, employees arguably can engage in any lawful speech that they desire, including communicating on message boards.

Since freedom of speech considerations may be difficult to overcome - policies should be flexible to withstand court scrutiny. For example, the First Amendment's "opinion privilege" protects expressions of opinion as not being defamatory - the tricky analysis is determining whether a message appears to be an opinion or fact.

In addition, companies need to consider the rapidly changing state of privacy law. The first cases in this area have upheld the right for authors to communicate anonymously on the Internet - so long as the speech itself isn't illegal. It may be difficult for employers to legally monitor their employees' online activity when they don't use corporate assets (i.e. at home).

Source: An example of employees fighting back against their employers through lawsuits is discussed in "Ex-Varian Employees Cry SLAPP," The Business Journal of San Jose (November 1, 1999). The cases upholding the right to communicate anonymously on the Internet are ACLU v. Miller (N.D. Georgia 1997) and ACLU v. Johnson (Dist. New Mexico 1998).

How can a company determine if an employee posts a message?

Even though most messages are anonymously posted, a message's content may indicate that the author is an employee - either by an explict statement or by the type of information provided.

Only in rare cases can companies find profile information about an author on a message board. To verify that an author is an employee, a company needs to either:

contact the sponsor to ask for whatever information about the author it may have,
file a lawsuit to compel the sponsor to provide the information, or
hire a private investigation firm.

See more @ types of information that sponsors have about authors.

Source: On AOL and Yahoo!, it's possible to review an author's profile - but this information comes from the author and typically isn't truthful.

Can a company ever be certain that an author is an employee?

Without a confession, it's unlikely that a company can be absolutely certain that an author is an employee.

In fact, even if the message contains information that indicates that author clearly is an employee, it may be someone who obtained information from an employee - maybe without the employee's knowledge.

For example, someone may have "spoofed" the employee's identity. "Spoofing" is when someone monitors all of a victim's activities including any passwords or account numbers that the victim enters into its computer. The attacker can also cause false or misleading data to be sent in the victim's name or to the victim in the name of someone else.

I. Potential Employer Obligations Arising from Employee Messages

Can a company be liable for messages posted by an employee?

Probably - under the right circumstances. This is a gray area so anything potentially can happen.

Arguably, someone could sue a company for an employee's acts under any of the following causes of action:

Control person liability
Aiding and abetting
Selective disclosure
Misleading disclosure
Respondeat superior

See more @ lawsuits filed based on messages.

What should a company do if an employee posts an inappropriate message?

If the message is unlawful or violates corporate policy, a company should consider taking disciplinary action against the employee - as well as consider whether the employee's actions have triggered obligations that the company must fulfill. See more @ an employer's obligation for an employee's message.

What if an employee posts material non-public information about its employer in a message?

The employer may need to broadly dissimenate the information by issuing a press release - since some employee messages may be considered attributable to the employer, so that the employer is deemed to have selectively disclosed information to whomever accesses the messages.

To determine whether the employee's posting is attributable to the employer - the analysis focuses on whether the employee was acting within its scope of employment when it posted the message.

Under the SEC's selective disclosure rules, an employee would be acting on behalf of the company if a message was posted within the scope of the employee's authority. However, Regulation FD distinguishes between cases where a properly authorized employee makes a selective disclosure - and cases where an employee discloses material nonpublic information for its own benefit.

Under Regulation FD, if a senior officer or an employee that typically deals with market professionals (i.e. someone in the investor relations or corporate communications department) was acting within its authority and not for its own benefit, the company could have a violation if the disclosure was intentional. If unintentional, a company would have to promptly widely dissimeniate the inadvertant disclosure through a press release, telephonic conference call or Webcast (after a reasonable notice) or Form 8-K filing. See more @ authorized spokespersons under Regulation FD.

Source: The SEC addressed the definition of a "person acting on behalf of an issuer" in its selective disclosure rulemaking in Section II.B(1)(b) of Release 33-7881 (August 15, 2000).

Why should employees not post messages with "selective disclosure" on a board?

An employee can be liable for insider trading if it posts material non-public information on a board - and receives a personal benefit (perhaps even something as far-fetched as an enhanced reputation in the message board community).

If the message is indeed selective disclosure, Rule 10b-5 liability can result for both the employee and employer (if attributable to the employer) - if the message is the basis for a trade. See more @ selective disclosure.

Does posting information on the Web make it "public"?

No - making information more widely available on the Web is not sufficient for it to be considered adequately disseminated as required by the rules of the exchanges.

The NASD has clarified that companies' online communications can supplement - but not replace - placing information on the wire services to be considered adequate dissemination.

If an employee posts material non-public information in a message, a company should issue a press release as soon as possible to reduce the likelihood and magnitude of potential liability.

Source: The NASD clarified its dissimenation policy in the Internet context in 64 Fed. Reg. 5331 (February 3, 1999). NYSE Manual Section 202.06 "Procedure for Public Release of Information" states that information should be given to the wire services and the press for it to be considered widely dissimenated.

Does a company have a duty to correct misleading rumors that circulate on a message board?

It depends - probably not if a rumor is not attributable to the company.

Caselaw has supported a company's ability to institute a "no comment" policy to respond to rumors - so long as the company consistently follows the policy and does not selectively address rumors (including rumors on the Internet).

Before saying "no comment," a company should investigate the message to ensure that it's not attributable to the company. See more @ when an employee's message is attributable to the employer.

Note that if a company's stock price moves significantly in the absence of any Other Breaking News, the company's stock exchange may call and ask for an explanation. Under the exchange rules, companies have a duty to respond to rumors if unusual market activity occurs prior to an announcement - but in practice, companies may not be forced to address a rumor by its exchange if it has a valid business reason to remain silent. Note that listed companies that fail to respond to rumors under this duty make their lawsuits susceptible to attack. See more @ risks of filing a lawsuit.

By monitoring the message boards, a company will be better prepared to timely respond to a rumor inquiry from its exchange.

Source: The seminal rumor case is State Teachers Retirement Board v. Fluor Corp., 654 F.2d 843 (2d Cir. 1981). The NYSE requires that listed companies provide a frank and explicit announcement regarding a rumor if it appears that information has been leaked in NYSE Manual Section 202.03 "Dealing with Rumors or Unusual Market Activity."

Can a company correct misleading rumors that circulate on a message board if it has a "no comment" policy?

Probably not - if the company wants to be able to continue to rely on the policy.

Caselaw has supported a company's ability to institute a "no comment" policy to respond to rumors - so long as the company consistently follows the policy and does not selectively address rumors. If a company posts a message, a court may find that the company is no longer consistently following its policy.

This issue has not been addressed by the courts or the SEC. It's possible that a court may find that addressing slander about a senior officer can be distinguished from addressing rumors about the company's performance. However, trying to distinguish between types of rumors is a slippery slope and may not hold up in court.

Note that it's possible that a company may have trouble winning a case if it sues over a problematic message if it does not take action to correct the rumor. Otherwise, a court may not look at these facts kindly - the problem then is that taking action would conflict with a "no comment" policy.

Source: The seminal rumor case is State Teachers Retirement Board v. Fluor Corp., 654 F.2d 843 (2d Cir. 1981).

What is control person liability?

When a "control person" knowingly or recklessly fails to take appropriate action to prevent a federal securities law violation by someone it controls.

"Control person" isn't defined in the federal securities laws. However, "control" is defined as the power to direct or cause either the direction of management or the policies of a company - whether through ownership, by contract or otherwise. Since this is not an objective test, it can be difficult to determine what "control" actually is in practice.

The courts have interpreted "control person" broadly - it includes more than just an employee's supervisor - and definitely would include the employer itself. A control person can raise a good faith defense.

If a supervisor knows or should have known that an employee was violating the securities laws with its messages - the company, supervisor and employee can be secondarily or vicariously liable for the inappropriate messages.

To be successful, a plaintiff likely will need to show that a control person induced or substantially assisted an employee to post a harmful message - which can be difficult to prove. However, the reckless standard arguably impedes the ability of control persons to raise a good faith defense.

Source: Control person liability is established in Section 15 of the Securities Act of 1933 and Section 20 of the Securities Exchange Act of 1934. Rule 405 of Regulation C defines "control."

Why should a company care about control person liability?

For control person violations, the SEC can impose penalties on the company up to the greater of:

$1 million, or
three times the profits realized or losses avoided

Source: Section 21A of the Securities Exchange Act of 1934 sets forth these potential penalties.

How can companies avoid incurring control person liability?

Take appropriate steps to prevent violations by employees - including adopting policies to ensure that employees are educated and follow the law.

Supervisors should ensure that members of their staff and their families (relating to tipper liability) remain aware of their responsibilities in this area, including following the applicable corporate policy.

Companies may need to update their insider trading policies to address message boards, chat rooms and newsgroups. They should not necessarily rely on their existing Internet use policies to handle these issues - since these policies typically address employee use of computer assets only in the workplace - and some employee participation on message boards takes place outside the workplace.

What is aiding and abetting?

Substantially assisting or acting through another person to violate the federal securities laws.

For example, if a supervisor asks an employee to post a message or assists in any way, the employer may be liable for the message. This also may result in control person liability. See more @ control person liability.

Only the SEC staff can enforce an aiding and abetting violation - no private right of action exists.

Source: Section 20 of the Securities Exchange Act of 1934 is the basis for a SEC enforcement action for aiding and abetting - the U.S. Supreme Court struck down a private right of aiding and abetting in Central Bank of Denver v. First Interstate Bank of Denver, 511 U.S. 164 (1994).

What is respondeat superior?

An employer is responsible for an employee's acts in certain circumstances - the concept is that an employer has responsibility for the actions or omissions of its employees.

The key issue is whether an employee posting a message was committed in the course of carrying out the employer's business - in most circumstances involving employee messages, it would appear that this would not be the case.

It's unknown whether respondeat superior liability survived a 1994 U.S. Supreme Court decision - but some courts have held that this type of action remains viable.

Source: The U.S. Supreme Court made it uncertain whether this legal theory still exists in Central Bank of Denver v. First Interstate Bank of Denver, 511 U.S. 164 (1994).

What are corporate best practices to reduce the likelihood of employee problems on message boards?

To be prepared for message board problems, companies should:

Designate who owns the process - appoint staff to monitor the Web (or if a third party is hired, have several people dedicated to review what it finds).
Conduct a mock problem solving session - including representatives from legal, investor relations and corporate communications, to determine if the company is truly ready to act fast.
Employee education through training - many employees may participate on message boards without being aware of the legal and corporate policy parameters. Provide regular training, distribute training materials and maintain a set of materials on an intranet.
Update and carefully draft policies - update insider trading policies to address message boards. Don't rely on an existing Internet use policy since it may only address employee use of computer assets only in the workplace and message board transgressions can occur at home.

J. Companies Who Participate on Message Boards

Should a company communicate with investors on message boards?

Probably not - but several companies have tried it.

There are several ways that company participation on boards can expose a company to liability for its messages. For example, if a company chooses to post a message - even to counter or correct employee misstatements - the issue of selective disclosure arises since dissemination of information on the Web does not comply with exchange rules. See more @ wide dissemination. Then, the company must consider if it has a duty to update its messages. See more @ whether a company has a duty to update.

Perhaps even more important is that a company may not be able to follow its "no comment" policy once it posts a message. See more @ ability to say "no comment" after posting a message.

There is also the practical issue of cost. The few companies that have tried to respond to investor queries on boards found that the practice is time consuming - particularly since investors tend to post more questions if they know that a company responds.

Some commentators believe that the SEC should adopt measures that would limit liability for companies that participate on boards solely for the content of the messages that they post - they would not have liability for what other parties post. They also argue that companies should not be liable if they do not monitor message boards.

Source: An article that includes interviews with companies that tried to respond to messages is "Who are these People? Investor Chat Rooms Give Companies Fits," Signals (September 10, 1998) at www.signalsmag.com. The Committee on Federal Regulation of Securities of the Business Law Section of the ABA noted that the SEC should take action to limit liability for monitoring and third-party messages in its August 2, 2000 comment letter on Release 33-7856 (May 4, 2000).