Information circulates on the internet in many unofficial forms, including message boards, chat rooms and blogs. These beehives of web chatter are havens for rumor, innuendo and outright lies. Hidden behind assumed identities, anyone is free to lurk – and post. And that presents companies with a challenge: how to counter untruths before they impact both business and investment.
Every negative so-called ‘John Doe’ posting is as unique as each John Doe’s motive. Some postings are designed to impact the company’s reputation, drive stock up or down or air grievances by employees or customers. Other individuals strike simply because they can do it under a cloak of anonymity – much like virtual vandalism. Known collectively as ‘cybersmears’, these attacks can take on a life of their own, impacting morale and stock.
In 2001 the SEC took a 25-year-old named Sean St Heart to court for a false internet posting. The SEC says St Heart placed a message on a Yahoo! board in which he described a fake $20 mn lawsuit against Nasdaq-listed NCO Group. The SEC says that NCO, which specializes in business accounts receivable, had contacted St Heart over a debt, prompting his retaliation.
One person. One posting. Not much to worry about. Except that over the two days following St Heart’s actions, NCO’s stock price dropped 28 percent, wiping out $200 mn in market cap.
When companies like NCO find themselves targeted by cybersmears, they have several choices. In addition to contacting the SEC, they can ignore the attacks, refute them, counter with press releases or take legal action. But trying to control anonymous speech is an iffy proposition at best, with a spotty track record of success. When it comes to lawsuits, defendants have been chalking up courtroom wins.
The case of the Visa VP
That’s what happened when Zixit, now known as ZixCorp, sued Visa for just under $2 bn in real and punitive damages. Zixit, an e-communications company, alleged that a Visa vice president posted more than 400 negative internet messages about the smaller firm and its web-based credit card authorization system. Zixit cried foul, claiming Visa had tried to undermine the competition – an assertion Visa vigorously denied. The case went to a jury trial and Zixit lost.
Dallas attorney Michael Lynn of Lynn Tillotson & Pinker, the firm that represented Visa, says one pivotal aspect of the case was that although the Visa executive admitted he wrote the posts, Visa neither condoned his actions nor had any prior knowledge of them. The jury found the executive had acted alone, not as the credit card company’s agent, and that was one of the keys to Visa’s successful defense.
Lynn says protecting a company’s interests when one of its employees attacks another company can be a challenge. Fortunately for Visa, the credit card company had a built-in advantage that helped convince the jury the company wasn’t involved in the cyber mud-slinging. ‘In our case,’ Lynn explains, ‘a large number of postings were from home.’
Modus operandi
Still, it’s not exactly unusual for employees to use their company computers for purposes other than business – a fact that vastly increases corporate vulnerability.
Eric Sinrod, a partner in the San Francisco office of Duane Morris, specializes in litigation in the tech industry. He forecasts a rough road for companies trying to control the flow of employee internet traffic. Sinrod recommends formulating policies for on-the-job employee internet use, but warns that one size won’t fit all.
‘Companies have to assess who they are and what kind of environment they have,’ he says. ‘There’s no single boilerplate policy that applies to everyone.’
But simply having a policy on web access won’t safeguard a company from lawsuits. Sinrod says the search for ‘deep pockets’ continues to make the private sector a choice target for litigation.
‘Employers are doing the best they can to insulate themselves from rogue employees,’ he says, adding: ‘The most common scenario is people on their own free time saying negative things about companies or individuals.’
Chilling effects
The First Amendment is the guiding light for communication in the US. Because the courts go out of their way to avoid tampering with freedom of speech issues, much of what is posted – even if done anonymously or under a pseudonym – is considered protected speech. Lyrissa Lidsky, professor of law at the University of Florida’s Levin College of Law, says: ‘Anonymity encourages whistleblowers to share their information and citizens to speak out against repressive regimes. Historically, anonymous or pseudonymous authors have made valuable literary and political contributions.’
John Does also enjoy protection in some states under ‘anti-Slapp’ laws. Slapps (strategic lawsuits against public participation) are civil actions filed in connection with free speech issues. Anti-Slapp laws are designed to make it more difficult to sue individuals who speak out.
Paul Clifford, an attorney with the California Anti-Slapp Project, says: ‘The law concerning internet usage is still in its infancy and is evolving. However, in case after case, the right of an individual to speak out has been vindicated.’
Critics say efforts to unmask secret posters have a chilling effect on free speech. ‘We have a long tradition of people speaking out in America,’ Clifford says. ‘The internet is like the old pamphlets people used to hand out in pre-web days.’
But both Clifford and Lidsky say that, despite what some may think, there are limits to what can be said on the net. ‘Although anonymous speech is protected, fraud and defamation and other kinds of tortious or criminal behavior are not,’ Lidsky says. Posters can still be held accountable when their speech harms others.
Course of action
Many investors monitor the net with a close eye. Often, the slightest mention of a company can affect stock prices. In addition to policies governing the use of a company’s computers and the dissemination of privileged information, IR officers can guard the hen house by keeping an eye on financial message boards, chat rooms, newsgroups and blogs. If that proves too difficult or time-consuming, some internet-based public relations firms will track and forward corporate mentions online.
No matter how misinformation is distributed – blog, message board, chat room or e-mail – it’s important to avoid legal missteps by vetting the company’s response through an attorney. The floor of the internet is covered with quicksand, so tread carefully. Jumping into a case of cybersmears too fast can take a company’s reputation and
resources right to the bottom.
Carole Moore is a former law enforcement officer who specializes in criminal justice issues. She is a contributing editor and columnist for Law Enforcement Technology magazine.
