CHRISTMAS COMES EARLY FOR EMPLOYEES UNDER RECENT NLRB RULING—EMPLOYEES WITH ACCESS TO COMPANY EMAIL SYSTEMS NOW HAVE A RIGHT TO USE THAT ACCESS (DURING NON-WORK TIME) TO DISCUSS CONDITIONS OF EMPLOYMENT AND ATTEMPS TO UNIONIZE

On December 11, 2014, the National Labor Relations Board (NLRB) issued a decision that will have a far-reaching impact on employers’ ability to control their employees’ use of company email systems.  Specifically, the NLRB held that “employee use of email for statutorily protected communications on nonworking time must presumptively be permitted by employers who have chosen to give employees access to their email systems.”  Therefore, if an employer allows its employees to use the company email system for work, then that employer must also permit those employees with email access to use the company email system (during non-work time) to discuss (1) the terms and conditions of employment, and (2) efforts to unionize.

Many employers, especially small companies, think of the NLRB—if at all—in terms of striking Appalachian coal miners and manufacturing plants, such as the textile mill where Sally Field so famously folded towels in the movie Norma Rae.  However, even small employers that would never anticipate any involvement with a labor union must be aware of the NLRB’s recent decision, because of its broad application.

Although the NLRB believes that its recent decision “is carefully limited,” its decision will, instead, require employers throughout the country to reconsider their email policies for employees.  While employers may, understandably, want to limit their employees’ use of a work email system to work matters, such policies will have to permit (or at least not expressly prohibit) employees’ use of the company email system to discuss the terms and conditions of their employment and efforts to unionize, during non-working hours.

The NLRB’s decision does not require an employer to grant email access to employees; however, the decision will apply to all employees who have such access.

Also, although the NLRB acknowledges that “an employer may justify a total ban on nonwork use of email [for all purposes], . . .  by demonstrating that special circumstances make the ban necessary to maintain production or discipline,” it is highly likely that this potential exception offer much, if any, relief to employers.

Therefore, employers with company email systems, must be careful to ensure that their email policies are not overly restrictive in light of the NLRB’s recent decision, which is a true about-face with regard to its prior and long-standing position regarding email.

IT’S JULY; DO YOU KNOW WHERE YOUR COPPA DISCLOSURES ARE? FTC’S NEW COPPA RULE IS IN EFFECT

As noted in a prior post, the Federal Trade Commission’s (FTC’s) new rule for compliance with the Children’s Online Privacy Protection Act (COPPA) went into effect on July 1, 2013.  If you operate a website or online service directed at, or known to be viewed by, children under 13, then you need to be aware of the heightened application of the new COPPA Rule.

Although the new Rule has many changes, the most notable change is the FTC’s attempt to make operators of child-directed sites strictly liable for the acts of third parties (i.e., apps, advertisers, and plug-ins). So, if you operate a child-directed site and use a third-party advertising company that collects personal information from children, you are responsible (read, liable) for making sure that disclosures are properly displayed and parental consent is obtained—even if it is just for the third-party advertising provided by someone else.  Strict liability means that the FTC will hold the site operators liable for mistakes or violations of the COPPA Rule based on content and information practices of third-party content providers.  Therefore, operators of child-directed sites must be keenly aware of third-party content that may be provided through the operator’s site, and third-party providers must be aware of disclosures and practices employed by operators of sites through which the providers publish ads and other content.  Given the serious liability issues at stake, both site operators and content providers should clearly address obligations and responsibilities under COPPA in their agreements. 

Fortunately, the FTC has published a helpful Six Step Compliance Plan (linked here) to provide guidance.  In addition to these basic steps, all providers of child-directed content would be wise to have their sites and agreements reviewed to ensure full compliance with the new COPPA Rule, including clear allocation of responsibility for compliance.

FTC LETTER SHOWS INCREASED CONCERN ABOUT DISCLOSURE OF SPONSORED SEARCH RESULTS, AND AN EXPANDING VIEW OF ADVERTISERS, MARKETERS, AND OTHERS THAT MUST COMPLY WITH DISCLOSURE REQUIREMENTS

On June 24, 2013, the Federal Trade Commission (“FTC”) sent an open letter (linked here) to search engine companies to emphasize that they must clearly disclose search results whose ranking or placement depends upon advertising or sponsorship, as opposed to “natural search results . . . ranked based on relevance to a search query,” according to the letter. The FTC sent its letter due to concern that search engines’ sponsorship-disclosure practices have grown ever more subtle, causing consumer confusion about whether search results are sponsored or natural. Although the FTC sent a similar letter to the search engine industry in 2002 (linked here), its concerns about current practices prompted it to send a reminder.

The FTC’s decision to turn its crosshairs to this issue is a signal to internet search engine companies and online advertisers to review their practices and ensure they clearly disclose sponsorship of search results. Another important, though less obvious, point of the letter is to put internet advertisers and marketers on notice of the ever-expanding application of these disclosure requirements, to include unsolicited online suggestions and recommendations to users of social media and mobile apps.

LETTER SUGGESTS EXPANDING GROUP OF “SEARCH ENGINES” THAT MUST COMPLY WITH SPONSORSHIP DISCLOSURES

Although the FTC refers to its June 24 letter as one intended for the “search engine industry,” the letter indicates that the FTC has an expanding view of “search engines” which will apply more and more to online advertisers and marketers that suggest results to a user, even if the user wasn’t actually “searching.” Specifically, the last section of the letter is entitled “New Search Platforms,” which the FTC describes as follows:

Online search is far from static, and continues to evolve. Indeed, in the past few years, the growth of social media and mobile apps, and the introduction of voice assistants on mobile devices, have offered consumers new ways of getting information. Regardless of the precise form search may take in the future, the long-standing principle of making advertising distinguishable from natural results will remain applicable. For example, if a social network were to stream recommended restaurants based on what a particular consumer’s social contacts have enjoyed, it should clearly distinguish as advertising any information feeds included or prioritized based in whole or in part on payments from a third party.

Although you can quibble with the FTC’s use, above, of the “social network” scenario as an accurate example of “online search,” since the stream of recommended restaurants didn’t respond to a search query, the import is clear: advertisers and marketers responsible for suggestive online content must pay close attention to the disclosure requirements, even for unsolicited suggestions.

FTC GUIDANCE ON DISCLOSURES

The FTC’s guidance appears to be a common sense response to increasingly subtle disclosure practices. Although consumer advocates view many current disclosure practices as devious, much of this issue derives from the evolution of bandwidth and screen resolution, which have greatly expanded the options for the display of online information. The FTC’s bottom line is that disclosures must be made in a manner that is “sufficiently noticeable and understandable to consumers.” Areas of focus for determining whether disclosures meet this standard include the color, size, placement, and content of disclosures as they appear on a web page. These requirements are also fully explained in the useful FTC guide entitled .com Disclosures in Digital Adverting (linked here) that provides insight into the FTC’s expectations.

Another interesting and important issue in the FTC’s recent letter involves the placement and appearance of disclosures as they appear across different platforms and devices. For instance, a well-intending company may have a beautifully designed search-result page that fully complies with the disclosure rules, when viewed on a computer. However, the automated conversion of the same search results modified for display on, say, a smartphone may cause problems if the conversion unintentionally changes the appearance and/or location of disclosures. This is exactly the kind of “Gotcha!” that could serve as the basis for a nasty and expensive class action, like so many others that seek relief for insignificant and unintentional online practices.

IMPORTANT POINTS TO CONSIDER

• Search engine companies must be careful to clearly disclose sponsorship, advertising, and other practices that alter the display of natural search results.

• Advertisers, marketers, and others that provide online suggestions should comply with the FTC’s disclosure requirements, even though they may not consider themselves part of the “search engine industry” to which the FTC directed its letter.

• Providers of content covered by the disclosure rules must ensure that disclosures are clearly displayed across all platforms and devices where search results may be displayed.

BUSINESS BELEAUGERED BY BAD YELP REVIEWS? BUYING BOGUS GOOD ONES MAY BE A BAD IDEA

I was aware that you could buy bogus Twitter followers through sites which operate through bots (i.e., www.wedofollowers.net, which sounds more like a tawdry movie than a site for enlarging your Twitter presence), but I just discovered a new case involving a business that allows one to buy batches of favorable Yelp reviews, designed to bury legitimate—but bad—reviews among the bought ones. According to court records, the site is www.AdBlaze.com and boasts of allowing users to “buy Yelp reviews from the best in the business” to “drown out” bad reviews by “pushing them down where nobody will see them.”

Although a seemingly clever and novel idea (unlike my hackneyed use of alliteration), the message of this case may be caveat emptor (“buyer beware”), because Yelp is clearly out to shut this practice down. In a case filed late last week, Yelp’s barrister brought suit against this business model on numerous grounds—including a seemingly brawny claim for breach of contract based on Yelp’s terms of service (accepted by every user that posts a Yelp review), which prohibit payment in exchange for reviews. The case is Yelp, Inc. v. Catron, Case No. 4:13-cv-2859, filed in the U.S. District Court for the Northern District of California on June 20, 2013. (Complaint linked here.)

Businesses thinking about buying reviews from this or similar outfits should think twice, at least before making a long-term investment, because your payment could end up paying for a service that's shut down by the courts. Even those looking for a short-term bounce in their online standing should be careful, as it wouldn't make great press to be identified through discovery in a lawsuit that you had to buy fake good reviews because you couldn't get bona fide ones on your own.

Also, one can only imagine that the Federal Trade Commission (FTC) will not smile upon the practice of using bogus reviews to prop-up one’s business, which is similar to the FTC's current emphasis on disclosing behind-the-scenes endorsements of internet search results.  For example, see the FTC’s June 24, 2013 letter to search engine companies that stresses the importance of clearly disclosing when a business has paid for its site to appear at the top of search results. More on this in a post coming later this week.)

RECENT CASE TEACHES IMPORTANT CAN-SPAM LESSONS: DON’T USE REMOTELY STORED IMAGES FOR REQUIRED DISCLOSURES; DON’T HIDE BEHIND PROXY SERVERS

A May 31, 2013 decision by a federal district court in Utah serves as a helpful CAN-SPAM primer, using a $1.6 million damage award to teach the following lessons:

• Emailers can't use remotely stored images to provide required CAN-SPAM disclosures; instead, disclosures must be part of the body of an email;

• Emailers can't hide behind a proxy server that obscures the sender’s true identity; and

• Emailers violate CAN-SPAM when they obtain a domain name for purposes that are prohibited by the domain-provider’s registration agreement.

The case also provides helpful guidance about the standing requirement that a private company must meet in order to sue for damages under CAN-SPAN--proving that it is a “bona fide Internet access service” that has been “adversely affected by spam emails.”  (The case, linked above, is ZooBuh, Inc. v. Better Broadcasting, LLC, U.S. District Court for the District of Utah, Case No. 2:11-cv-00516.)

FACTS

Plaintiff ZooBuh, Inc. provides email, chat, and blogging services to approximately 35,000 customers worldwide, using its own servers and other equipment.  ZooBuh sued to collect damages for approximately 13,000 commercial emails that it received from the defendants, based on the cost and inconvenience caused by their spam.  The court agreed with ZooBuh and awarded it approximately $800,000 in damages, which the court doubled to $1.6 million based on a finding that defendants’ actions justified aggravated damages.

CONTENT VIOLATION:   REMOTELY STORED IMAGES NOT OK FOR REQUIRED DISCLOSURES

CAN-SPAM requires that commercial email messages “clearly and conspicuously”:

• Identify that the message is an advertisement or solicitation;

• Provide notice of the opportunity to decline to receive further emails; and

• List a valid physical postal address for the sender.

Courts interpret the “clear and conspicuous” requirement to mean that these disclosures must be “unavoidable,” meaning that “any visual message shall be of a size and shade, with a degree of contrast to the background against which it appears, and shall appear on the screen for a duration and in a location sufficiently noticeable for an ordinary consumer to read and comprehend it.”

Because the defendants placed their CAN-SPAM disclosures in “remotely stored images” (which are linked to, but not actually part of, an email), the court had to decide whether remotely stored images satisfy the “clear and conspicuous” requirement. Based on industry standards and practices, the court held that remotely stored images are not unavoidable and therefore do NOT comply with CAN-SPAM.

The court noted that both the Department of Homeland Security and private industry advise against automatically downloading remotely stored images linked to emails, meaning that recipients likely would not see the images unless they took the extra step of downloading them.  The court also questioned the permanence of linked images since they typically have a short shelf life and may be unavailable for downloading and viewing by an email recipient.

Therefore, commercial emailers should be careful to include required disclosures in the body of emails to make sure recipients can see them without relying on linked content.  When it comes to CAN-SPAM disclosures think of the old Woody Allen quote about how "80% of success is just showing up."  The disclosures have just got to be there.

HEADER VIOLATION NO. 1:   HIDING BEHIND A PROXY SERVER IS NOT OK

Looking to a California state court case for guidance, the Utah court took issue with the defendants’ use of domain names in the “sender” portions of the challenged spam.  Specifically, the court held that “where an email contains a generic ‘from’ name and is sent from a privacy-protected domain name, such that the recipient cannot identify the sender from the ‘from’ name or the publicly available WHOIS information,” the email is “materially misleading” and violates CAN-SPAM.

In the Utah case, the violation was pretty clear, given that the defendants’ emails were sent via privacy-protected domains that prevented the recipients from using WHOIS to identify the actual sender.  Furthermore, many of the “from” lines in the defendants’ spam simply listed email “addresses” such as “Accounting Degree,” “Add a Sunroom,” “Adult Education,” “Air Conditioner,” “Airline Tickets,” “Ink Cartridges,” and “Ultrasound Technician.”   Pretty clever, huh?

HEADER VIOLATION NO. 2:   DOMAIN OBTAINED THROUGH FRAUD

Header violations under CAN-SPAM are not limited to false or misleading header information. Even header information that is technically accurate violates CAN-SPAM, when an email includes an originating email address, domain name, or IP address that was obtained by means of false or fraudulent representations.  Not surprisingly, the defendants also ran afoul of this requirement because their registration agreement with their domain-provider required them to represent that they wouldn’t use the domain to send spam.  Therefore, service providers looking to sue spammers should not give up simply because a challenged email accurately identifies the sender.

STANDING TO SUE UNDER CAN-SPAM

A person or company wanting to sue for CAN-SPAM violations must satisfy must satisfy specific standing requirements.  Specifically, CAN-SPAM standing requires a plaintiff to be (1) “a bona fide internet access service” that (2) is “adversely affected” by spam.

Even where companies have been damaged by spam, the standing requirement can be problematic because of courts' strict interpretation of the first prong of this standing analysis.  With regard to CAN-SPAM, Congress intended “that internet access service providers provide actual internet access service to customers.”  Courts including the Ninth Circuit have found that there is also a required “ownership and control counterpart” to the first prong of the standing requirement.

When deciding whether ZooBuh was a "bona fide internet access service," the Utah court considered another case where an email provider had failed to satisfy that standing requirement because the provider simply accessed an online control panel through internet service provided by Verizon to work with email accounts hosted by GoDaddy on GoDaddy's servers. Gordon v. Virtumundo, 575 F.3d 1040, 1052 (9th Cir. 2009). In contrast, the Utah court found that ZooBuh is a bona fide internet access service, because:

"Every ZooBuh email account is registered, hosted and serviced through ZooBuh’s own hardware.  ZooBuh has sole ownership of all the hardware, complete and uninhibited access to the hardware, and sole physical control over the hardware.  ZooBuh also provides each of its customers with their own web-based email portal (which ZooBuh designed, configured, and maintains) through which the ZooBuh customers access their selected web-based services (i.e., email, blogs, chat)."

Having found that ZooBuh satisfied the first prong of the standing analysis, the court proceeded to find that ZooBuh also satisfied the second, “adversely affected” requirement for CAN-SPAM standing due to its “financial expense and burden; lost time; lost profitability; decreases in the life span of ZooBuh’s hardware; server and bandwidth spikes; server crashes; and pre-mature hardware replacements.”

DIGITAL MARKETERS: WHEN TARGETING A MARKET, KNOW WHAT YOU’RE SELLING; DIRECTING A CAMPAIGN AT A PARTICULAR PLACE MAY SUBJECT THE CLIENT TO SUIT THERE BY CREATING JURISDICTION

Lookout for the law of unintended consequences. An otherwise effective digital marketing campaign targeted at customers in a distant region might create more than just sales and awareness; it might also subject your client to lawsuits by creating jurisdiction there.

As explained in more detail below, and as evidenced by a recent court decision, a company’s maintenance of “passive” websites, including Facebook and Twitter pages, is generally not enough to subject a company to jurisdiction in an area simply because the company’s promotions are viewed there. Stepped-up efforts that specifically target customers in a particular area can, however, create jurisdiction.

Therefore, digital marketers must consider the jurisdictional effects of geo-targeted campaigns. If concerned about a client’s desire to make inroads into a distant area, marketers should make clear in their contracts that they are not providing any representations or advice about the jurisdictional effect of their work. In today’s world of geo-location, location based marketing, and similar technologies aimed at niche markets, jurisdiction is a factor worth consideration. And, as non-lawyers, marketers can shine in a client’s eyes by identifying jurisdiction as an issue, thus passing it to that smarmy in-house counsel to handle (or not) at his peril.

Jurisdiction determines where an entity or person can be sued. It’s a big deal because the only thing more costly and inconvenient than being sued at home is having to face the added costs, time, and inconvenience of defending a case in a land far, far away—finding competent counsel, getting him up to speed, and traveling to attend depositions, hearings, and trial. As a lawyer, there’s nothing like suing a company or person far from its or her home court, because the mere cost and inconvenience of a distant lawsuit often provide immediate leverage sufficient to force a resolution of even a weak case. As an extreme example, consider the fears of a fledgling New York startup that’s required to defend a case in, say, Hawaii. Even if the case is weak, the defendant is immediately staring down the barrel of thousands of dollars in travel costs and lost time, simply to show up and put on a defense. In this way, jurisdiction can be a game-changer.

Jurisdiction generally turns upon concepts of fairness and looks to whether a defendant should reasonably expect to be hailed into a court in a particular area based on the defendant's actions and presence there. Basically, the more that one does in a place, the more likely it is that he may be sued there.

Courts divide jurisdiction into two broad categories—general and specific jurisdiction. General jurisdiction exists where a person or entity has such a substantial presence in an area that she or it should fairly foresee being sued on any matter in that area’s courts. For instance, a large industrial company with a massive plant in Scranton should expect to be sued there for all manner of claims, even if it’s a Delaware corporation with its headquarters on Wall Street. Specific jurisdiction, on the other hand, considers whether a particular lawsuit is related to a person’s or company’s purposeful contacts with an area. For instance, a Georgia fertilizer company that specifically targets horseradish farmers in Collinsville, Illinois (the self-proclaimed horseradish capital of the world), and sells products there should reasonably expect to be sued there in relation to its fertilizer sales, contracts, and marketing.

Time was, complex issues of media-based jurisdiction turned on questions of whether a tabloid published in one state and circulated throughout the U.S. caused sufficient harm to a celebrity located far away, to justify the celebrity’s right to sue the publisher in the celebrity’s home court. Now, in the digital world, specific jurisdiction has become problematic, because information published on the internet is immediately available for viewing and consideration by people all over the country.

Although specific jurisdiction based on internet contacts is a matter of degree, courts generally find that “passive” content which can simply be viewed in a particular area is insufficient to create specific jurisdiction.  Accordingly, a California federal court recently held, the mere fact that a company is “advertising in national publications or on Facebook and Twitter . . . is not sufficient to support a finding of purposeful availment,” which (in non-lawyer speak effectively means “jurisdiction”). (Court’s opinion linked here, for those interested.)

Although jurisdiction often involves a case-specific analysis that depends upon the unique facts of each situation, marketers must keep in mind that the more a campaign is tailored to a particular area, the more likely it is that the campaign can serve as a basis for jurisdiction over the client there.

For the same reason, lawyers seeking to establish jurisdiction based on an adversary’s marketing efforts should use discovery to dig deeply into targeted marketing practices, especially with regard to third-party marketers using geolocation and content-based marketing.

WHAT’S UP, DOC?! PATIENTS BEWARE—SOME DOCTORS ARE TRYING TO OWN YOUR RIGHT TO COMMENT ABOUT THEIR PRACTICES ONLINE

You’ve got to love this one:   A dentist who went way too far in trying to prevent negative online reviews has caused a lawsuit that has only reinforced a patient’s right to negatively comment on his practice and has shown even more light on the negative review. Patients, look closely at what you sign at the doctor’s office. Doctors, work with competent counsel to protect your online reputations through a policy that is both legally effective and makes good business sense.

According to court records, Stacey Makhnevich is a New York dentist who practices as Aster Dental. His intake procedures include a “Mutual Agreement to Maintain Privacy” (the “Agreement”), which takes a two-fisted approach to preventing patients from criticizing him online. The Agreement requires patients to waive their right to comment publicly on Makhnevich's services and, to be safe, requires them to assign to him the copyright to any subsequently published online criticism or comments by them. In fact, the Agreement even attempts to muzzle patients’ family members and friends:

“Patient agrees to refrain from directly or indirectly publishing…commentary upon Dentist and his practice, expertise and/or treatment…. If Patient does prepare commentary for publication about Dentist. the Patient exclusively assigns all Intellectual Property rights, including copyrights, to Dentist for any…commentary…. In addition, Patient will not denigrate, defame, disparage, or cast aspersions upon Dentist; and…will use all reasonable efforts to prevent any member of their immediate family or acquaintance from engaging in any such activity.”

In return for these patient promises, Makhnevich magnanimously agreed not to do what HIPAA already prohibits—exploit loopholes to provide patient information to third-party marketers.

Plaintiff Robert Allen Lee was a patient of Makhnevich’s who came to him for treatment of a painful, infected tooth. Lee signed an Agreement and was apparently charged over $4,000 for treatment that he contends should have cost only $200. After encountering problems with Makhnevich, Lee published an online summary of his dissatisfying experience on sites including Yelp and Doctorbase. The next day, Makhnevich’s practice sent Lee a letter that threatened to sue him for breach of the Agreement and defamation, including a draft complaint against him seeking $100,000 in damages. Incredibly, the practice also sent Lee an invoice demanding payment of $100/day for “copyright infringement.”

Because of Makhnevich’s threats to sue Lee for the questionable terms of the Agreement, Lee struck first and sued Makhnevich in federal court seeking a declaration that the Agreement is unenforceable and, in the alternative, that Lee’s publication of his posts were protected under the “fair use” defense to copyright infringement claims. Makhnevich responded by filing a motion to dismiss based on two arguments that backfired on him, causing the court to dismiss his motion in a recent order and allowing the case to proceed.

Makhnevich first argued that dismissal was proper because Lee failed to meet the $75,000 requirement for federal diversity jurisdiction. Whereas Makhnevich had threatened to sue Lee for $100,000 in a prior letter, Makhnevich now conveniently argued that he was only seeking approximately $5,000 for breach of contract. In a “back at ya,” the court deemed Makhnevich’s $100,000 threat as sufficient to satisfy the “amount in controversy” requirement.

Makhnevich next sought dismissal by challenging the court’s jurisdiction to hear a case regarding Lee’s “fair use” defense.   Makhnevich based this argument on law requiring a copyright to be registered with the Copyright Office before any party can bring a “civil action for infringement of the copyright.” 17 U.S.C. § 411(a).  Thus, Makhnevich sought to take advantage of his own failure to register his alleged copyright to Lee's comments.  Because the case was one filed by Lee, however, it was not an “action for infringement” and therefore didn’t require copyright registration to proceed. Quickly rejecting this argument, the court noted that it attempts to “turn[] the law upside down.”

Understandably, the good doctor Makhnevich recognized the possible damage that can result from online ratings and criticisms. However, his chosen means of addressing this problem has only cost him time and money and brought Lee’s gripes to an ever-growing audience which now includes the likes of you. 

Isn’t “first do no harm” still a tenet of the medical profession?

This somewhat comical story demonstrates the very real need to take a cautious and well-thought-out approach to customers’ online commentary. Here, we see a flawed policy that is bad under both a legal and a business analysis. And, it seems that Makhnevich’s practices may have cost him more than a patient, as a recent check of the docket indicates that his lawyers recently asked the court for permission to withdraw as his counsel for the case.

UNAUTHORIZED ACCESS TO A DATABASE STORED ON A COMPUTER NETWORK MIGHT SUPPORT A CLAIM UNDER THE STORED COMMUNICATIONS ACT

A recent case out of Illinois suggests an interesting argument that may expand the scope of the Stored Communications Act ("SCA") by applying it to files stored on a server or network.  (See IBEW, Local 134 v. Cunningham, No. 12 C 7487, 2013 U.S. Dist. LEXIS 61083 (N.D. Ill. Apr. 29, 2013).)

The SCA has traditionally served as an arrow in the quiver of companies looking to recover damages for unauthorized access to emails and other electronic communications.  The SCA does a fine job of addressing unauthorized access to emails and other "communications" because the SCA is limited in its application to a "facility through which an electronic communication service is provided."  Thus, courts have generally interpreted the SCA to apply to telephone companies, internet or email service providers, and bulletin board services.

Consequently, the SCA is not a catch-all hacker statute that applies whenever someone accesses a computer without authorization to obtain data.  The limiting factor to the SCA’s application is determining whether the hacked machine is in fact a "facility through which an electronic communication service is provided."  For instance, as the Cunningham court noted, the SCA "does not apply to the act of hacking into a personal computer to download information stored on the hard drive, because a personal computer does not constitute ‘a facility through which an electronic communication service is provided.’"

What is interesting in Cunningham is that the court was faced with a somewhat hybrid situation where the unauthorized data was a both (i) a computer database, akin to a file saved on the hard drive of a personal computer, and (ii) data saved on a network that could arguably be used to communicate information to others on the network.  As the Cunningham court noted, "unlike a simple hard drive, networks and servers can provide an electronic communication service."  Based on this distinction, the court allowed the SCA claim to survive a motion to dismiss.  (A copy of the court's order is linked here.)

Mind you, the Cunningham court did express some doubt about whether such a "network file" theory could ultimately support a valid SCA claim, once the parties had discovered more evidence and argued the matter further.  But, the court did nonetheless recognize a possibility that such a theory could work--holding that the "plaintiff may not be able to eventually prove that its servers constitute facilities covered by the statute; however, it would be premature to dismiss the claim at the motion to dismiss stage."

While the "network file" theory of Cunningham may ultimately prove to be unsuccessful under the facts of that case, Cunningham nevertheless offers some hope that businesses may be able to get relief under the SCA when a file (rather than an email) has been hacked.  Because the SCA is limited in its application to a "facility through which an electronic communication service is provided," a business wishing to argue an SCA violation based on a "network file" theory would be wise to find evidence showing that the particular, hacked file at issue was something like a database that was used and edited by different people or departments in a communicative way--as opposed to something more isolated, such as a memorandum or set of notes that was merely used to record rather than to communicate.

NEGATIVE RANTS ABOUT YOUR BUSINESS ON CONSUMER GRIPE SITES CAN BE ACTIONABLE AS DEFAMATION IF BASED UPON FACTS THAT ARE VERIFIABLY FALSE

Businesses are understandably worried about their online reputations, especially in the current era of consumer gripe sites such as Ripoff Reports.  Business clients are often frustrated because these sites typically contain rants that are opinions rather than factual allegations.  This presents a problem for the criticized business because opinions (while still harmful) generally won't support an action for defamation, whereas factual statements (if false) will.

A May 17, 2013 decision in a California lawsuit between warring competitors engaged in retaliatory online smear campaigns shows that, while posts on consumer gripe sites are generally opinionative and therefore not subject to claims for defamation, gripe posts that presume or contain verifiably false facts can cross the line and become actionable. Specifically, the court rejected a gripe-poster’s argument “that internet message boards such as Ripoff Report are inherently hyperbolic and postings therein are presumptively non-actionable opinion.”

What does this mean?  If you want to smear someone on a gripe site without subjecting yourself to liability for defamation, be sure only to state opinions.  Even words such as “crook” or “criminal” can have shades of fact which can support a claim for defamation because of inherent assumptions that one has stolen and/or been convicted of a crime.  On the flipside, a business concerned about a bad post on a consumer gripe site can state a claim for defamation against the author, if the post contains factual elements or assumptions that are verifiably false.

The case referenced above is Piping Rock Partners, Inc. v. David Lerner Associates, Inc., pending as case no. C-12-04634-SI in the United States District Court for the Northern District of California.  It involves a nasty fight between two players in the real estate investment trust (REIT) market and includes some pretty funny and harsh language.  The problem for the author of one of the objectionable posts, however, was that he based his post upon an alleged “deal gone wrong” that admittedly never occurred and was thus false.  Accordingly, the court held that “taken as a whole, [the] statements cross the line from opinion to fact.  Although statements of opinion are not per se actionable, an opinion loses its constitutional protection and becomes actionable when it is ‘based on implied, undisclosed facts’ and ‘the speaker has no factual basis for the opinion.’”

Having covered the boring legalities above, we can end with an entertaining excerpt of the one of the posts quoted by the court.  And, who knew that fish odor emanates from a particular piscatory part?

"If you are looking to invest in real estate or need to do a 1031 exchange stay far away from Piping Rock Partners and especially Christopher Germain the president of the company…They say a fish stinks from the head well this must be true for Piping Rock Partners.   They tout their decades of experience which is laughable…If this report spares one person from the financial problems and the anxiety about losing your retirement nest egg to a shyster then it is worth it.  Chris had a Wall St. background, maybe Bernie Madoff was his mentor.  I’m sure Bernie would be proud of him."

LAWYERS: GROUPONS AND COUPONS ARE NOT AN OPTION FOR MARKETING LEGAL SERVICES

The Arizona State Bar recently joined other state bar associations by finding that Groupon and other social media coupon programs should not be used to market legal services because of inherent eithical problems.  As noted in Arizona Eithics Opinion 13-1, these problems include the ability to screen clients for conflicts of interest, confidentiality, ensuring a lawyer is competent to handle matters that come in blindly without any screening, and fee-sharing concerns based upon the presence of non-lawyer marketing companies such as Groupon in these transactions.