Google acted as a “publisher” for CDA purposes for including third-party content in search resultsMmubango v. Google, Inc., 2013 WL 664231 (E.D. Pa. Feb. 22, 2013)

Google successfully obtained dismissal of a defamation lawsuit filed by a person (Mmubango) who found derogatory comments about him posted online.  Mmubango discovered anonymous statements about himself on the “Wikiscams” website.  Mmubango asked Google to remove the statements from its search engine and to give him information about the poster of the comments.  Google refused.

Mmubango sued Google and others for defamation, and Google defended by moving to dismiss the claim based on Communications Decency Act (CDA) immunity.  The federal district court for the Eastern District of Pennsylvania agreed that Google met the requirements for CDA immunity.  First, Google is an interactive computer service provider.  Second, Google did not author the allegedly defamatory content, but instead, was provided with it by another information content provider (i.e., Wikiscams).  The defamation claim alleged that  Google was liable for storing and broadcasting the derogatory comments about Mmubango.  Third, Mmubango was seeking to treat Google as the publisher of third-party statements.  Deciding whether to provide access to third-party content or, alternatively, to delete the content is an act of publishing.  Under section 230 of the CDA, Google could not be held liable for defamation based on its decision to publish a third party’s statements.  The court dismissed Google from the case.

Hawai‘i has jumped on the bandwagon of states (along with 31 other states, according to the National Conference of State Legislatures) introducing legislation to ban employers from requesting access to social media accounts of job applicants.  Several bills on the subject were introduced in this year’s legislative session, but the one that appears to have the best chance of becoming law is HB713 H.D. 2 S.D. 1 (HB713).  The bill has passed the House and gained the approval of two Senate committees.  Next up for the bill is review by the Senate Judiciary Committee.  As HB713 gains traction, let’s take a look at what it says and some issues it raises in its current form.

SUMMARY OF HB713, H.D. 2

HB713 would insert a new section into the Hawai‘i statute governing discriminatory employment practices, Hawai‘i Revised Statutes (HRS) chapter 378, part I.  The proposed law would apply to both job applicants and existing employees.  Employers are prohibited from gaining access to a “personal account,” which is defined as:

An account, service, or profile on a social networking website that is used by an employee or potential employee exclusively for personal communications unrelated to any business purposes of the employer.  This definition shall not apply to any account, service, profile, or electronic mail created, maintained, used, or accessed by an employee or potential employee for business purposes of the employer or to engage in business-related communications.

Specifically, an employer may not “require, request, suggest, or cause” an employee or job applicant to: (1) turn over access to his or her personal account; (2) access his or her personal account while the employer looks on; or (3) divulge any personal account.  An employer also may not fire, discipline, threaten, or retaliate against an employee or job applicant for turning down an illegal request for access.

There are exceptions, however.

  • An employer may conduct an investigation to ensure compliance with law, regulatory requirements, or prohibitions against work-related employee misconduct based on receipt of specific information about activity on a personal online account or service by an employee or other source.
  • An employer may conduct an investigation of an employee’s actions based on the receipt of specific information about unauthorized transfer of the employer’s proprietary information, confidential information, or financial data to a personal online account or service.
  • An employer may monitor, review, access, or block electronic data (a) stored on an electronic communications device that it pays for in part or in whole, or (b) traveling through or stored on an employer’s network, in compliance with state and federal law.
  • An employer may get an employee’s login credentials to access an electronic communications device supplied or paid for in whole or in part by the employer.
  • An employer may get an employee’s login credentials to access accounts or services provided by the employer or “by virtue of the employee’s employment relationship with the employer” or that the employee uses for business purposes.
  • HB713 specifies that the proposed law is not intended to prevent an employer from complying with other law or the rules of self-regulatory organizations, and that the proposed law should not be construed to conflict with federal law.

OBSERVATIONS AND CONCERNS

Shoulder surfing nixed.  The bill appears to make “shoulder surfing” by an employer illegal per se.  Suppose an employee tells his boss, “Man, you cannot believe the whales my friend saw on her boat this weekend!  She sent me a video of it on Facebook.”  Intrigued, the boss says he wants to see the video.  The employee obliges by logging on to her Facebook account while her boss watches over her shoulder.  Did the boss unlawfully “request” that the employee grant him access to her “personal account”?  Technically, yes.  Note that HB713 has no exception for voluntary consent of the employee.

“Friending” employees might become illegal.  Employers and employees sometimes connect on the same social network.  While it isn’t always a good idea for an employer to “friend” an employee, it’s not illegal to do so—unless, perhaps, HB713 becomes the law.  HB713 bans an employer from requesting that an employee “divulge any personal account.”  Yet, that’s exactly what a friend request does—it requests access to portions of a social media account that can be viewed only by the account owner’s “friends.”  The “divulge” language probably was intended to reach situations where an employer demands that an employee hand over access to another employee’s personal account.  But as written, HB713’s prohibition against divulging any personal account could be interpreted to apply to innocent “friending.”

The line between personal and private is blurry.  In a perfect world, employees would use business social media accounts strictly for business purposes and conduct all of their personal social media activity using separate social media accounts.   That’s a best practice, not necessarily reality.  The line between personal and business can get blurry in the social media space.  It’s not unusual for employees to talk about work or promote their company within their personal social networks.  If the employee uses his or her personal account for work purposes, shouldn’t the employer, who might have responsibility for the actions of its employee, be entitled to access the employee’s personal account in certain circumstances?  On the other hand, to what extent must an employee use his or her personal account for work-related interactions before the employer should be allowed access to the account?  These are difficult issues.

To address the issue, the latest draft of the bill tightens up the definition of “personal account” a bit and specifies that an employer may obtain login credentials from an employee to access “[a]ny accounts or services provided by the employer or by virtue of the employee’s employment relationship with the employer or that the employee uses for business purposes.”  This language is somewhat vague.  For example, what does “by virtue of the employer’s employment relationship with the employer” mean?  It might well be that HB713 is trying to draw artificial distinctions between personal and work social media accounts when in practice, the distinction is sometimes fuzzy at best.

HB713 still has a few hurdles to overcome before it becomes law.  Here at LegalTXTS, we’ll keep an eye out for the status of the bill.

Federal court has no jurisdiction over PeopleBrowsr’s lawsuit against Twitter for shutoff of the “Firehose”PeopleBrowsr, Inc. v. Twitter, Inc., 2013 WL 843032 (N.D. Cal. Mar. 6, 2013)

Big Data equal big assets, and in 2012, Twitter made significant moves toward putting a premium on its assets by restricting access to its data to third-party services (count Instagram and Tumblr among those affected).  Social analytics provider PeopleBrowsr was one of the services affected by the changes in Twitter’s data access policies.  In 2012, Twitter shut off PeopleBrowsr’s access to the “Firehose,” the nickname for the full stream of every tweet posted on Twitter.  PeopleBrowsr mines data from the Firehose to derive insights about consumer reactions and identify social influencers for its clients.  PeopleBrowsr fought back against the impending Firehose shutoff by suing Twitter in California state court and successfully obtaining a temporary restraining order to stop the shutoff.

The next chapter in the lawsuit unfolded in federal court.  Twitter removed the lawsuit to federal court and then filed a motion to dismiss the action.  But the lawsuit’s stay in federal court will be brief because federal district judge Edward Chen recently issued a decision sending the lawsuit back to state court.  Twitter invoked federal jurisdiction on the ground that PeopleBrowsr’s claim for violation of California’s Unfair Competition Law (UCL) is based in part on the Sherman Act, over which federal courts have exclusive jurisdiction.  Not so fast, said Judge Chen.  At best, the Sherman Act might give Twitter a defense to the UCL claim.  Unlike an affirmative claim for relief, a defense under federal law is not enough to support federal jurisdiction.  The alleged violations of the UCL were based entirely on California law.  Since federal courts have no jurisdiction over the lawsuit, the fight over the Firehose will continue in California courts.  The court awarded attorneys’ fees to Peoplebrowsr for opposing the removal of the case to federal court.

Now that the 2013 legislative session in Hawai‘i is in full swing, let’s take a look at what new measures are in the pipeline to regulate Internet activity.  A chart of relevant information about each bill is available here.  Here’s a summary of the Internet-related proposals working their way through the legislature.

Social Media and Internet Account Passwords

A set of bills (SB207 and HB713) proposes to join other states in banning employers from asking employees or job applicants to disclose the passwords to their personal social media accounts.  Another set of proposals (HB1104 and HB1023) would extend the ban to educational institutions and their students or prospective students.

Privacy Policies

Two bills (HB39 and SB729) would make it a legal requirement for operators of a commercial website or online service to post a privacy policy on their website.

Cyberbullying

Three bills (HB1226, SB525, and HB397) would require the board of education to adopt various policies and programs to combat cyberbullying in public and charter schools.

Teacher/Student Interactions

Apparently responding to incidents in which teachers and students conducted inappropriate relationships online, HB678 would allow a teacher in a public or charter school to engage in electronic communication with a student (including cell phone calls) only on Department of Education networks and systems.

Identity Theft

SB325 would require businesses to implement a comprehensive, written policy and procedure to prevent identity theft and train all employees in implementation of the same.

Cybersecurity

HB462 would establish a statewide cybersecurity council to identify and assess critical computer infrastructure, identify cybersecurity “best practices,” recommend incentives for voluntary adoption of such best practices, evaluate the efficacy of such practices, and report annually to the legislature.

We’ll be tracking these bills, reporting on their status periodically, and posting revisions to the chart.  Stay tuned!