The American Intellectual Property Law Association (AIPLA) will host its annual Trade Secret Law Summit at the American Express Company in New York City’s Financial District on March 21-22, 2019.

Seyfarth is a proud sponsor of the Summit, at which partners Erik Weibust (Vice Chair of AIPLA’s Trade Secret Law Committee) will be speaking on Protection of Trade Secrets in the Social Media Era,  and moderating a panel on Trade Secrets and Restrictive Covenants in the Financial Services Industry, on which Scott Humphrey will be speaking.  Other Seyfarth attendees will include James Yu, Jeremy Cohen, and Dawn Mertineit.

We hope you can join us there.  For more information and to register, please click here.

Seyfarth Shaw Partner Erik Weibust and Associate Alex Meier published a Law360 article about trade secret protections related to social media. Weibust and Meier discuss risks employers face when employees access social media accounts, as well as some e-discovery considerations for social media. To learn more, check out “Trade Secret Protection and Social Media: A 5-Year Update” from Law360 here.

Throughout 2017, Seyfarth Shaw’s dedicated Trade Secrets, Computer Fraud & Non-Competes Practice Group hosted a series of CLE webinars that addressed significant issues facing clients today in this important and ever-changing area of law. The series consisted of six webinars:

  1. 2016 National Year in Review: What You Need to Know About the Recent Cases/Developments in Trade Secrets,
    Non-Compete and Computer Fraud Law
  2. Simple Measures for Protecting Intellectual Property and Trade Secrets
  3. Protecting Confidential Information and Client Relationships in the Financial Services Industry
  4. Protecting Your Trade Secrets in the Pharmaceutical Industry
  5. Trade Secret Protection: What Every Employer Needs to Know
  6. Protecting Trade Secrets in the Social Media Age

Continue Reading 2017 Trade Secrets Webinar Series Year in Review

There is no denying that social media continues to transform the way companies conduct business. In light of the rapid evolution of social media, companies today face significant legal challenges on a variety of issues ranging from employee privacy and protected activity to data practices, identity theft, cybersecurity, and protection of intellectual property.

Seyfarth Shaw is pleased to provide you with the 2017–2018 edition of our easy-to-use guide to social media privacy legislation and what employers need to know. The Social Media Privacy Legislation Desktop Reference:

  • Describes the content and purpose of the various states’ new social media privacy laws.
  • Delivers a detailed state-by-state description of each law, listing a general overview, what is prohibited, what is allowed, the remedies for violations, and special notes for each statute.
  • Provides an easy-to-use chart listing on one axis the states that have enacted social media privacy legislation, and on the other, whether each state’s law contains one or more key features.
  • Offers our thoughts on the implications of this legislation in other areas, including trade secret misappropriation, bring your own device issues and concerns, social media discovery and evidence considerations, and use of social media in internal investigations.
  • Concludes with some best practices to assist companies in navigating this challenging area.

How To Get Your Desktop Reference

To request the 2017–2018 Edition of the Social Media Privacy Legislation Desktop Reference as a pdf or hard copy, please click the button below:

In Seyfarth’s final webinar in its series of 2017 Trade Secrets Webinars, Seyfarth attorneys Justin Beyer, Dawn Mertineit, and Ryan Behndleman presented Protecting Trade Secrets in the Social Media Age. The panel focused on how to define and protect trade secrets on social media.

As a conclusion to this well-received webinar, we compiled a summary of takeaways: Continue Reading Webinar Recap! Protecting Trade Secrets in the Social Media Age

Social media and related issues in the workplace can be a headache for employers. There is no denying that social media has transformed the way that companies conduct business. In light of the rapid evolution of social media, companies today face significant legal challenges on a variety of issues, ranging from employee privacy and protected activity to data practices, identity theft, cybersecurity, and protection of intellectual property.

On September 28th at 12:00 p.m. Central, in Seyfarth’s fifth installment in its Trade Secrets Webinar Series, Seyfarth attorneys Justin Beyer, Ryan Behndleman, and Dawn Mertineit will discuss the relationship between trade secrets and social media.

The panel will specifically address the following topics:

  • The interplay between social media privacy laws and workplace investigations and how developing internal company policy and/or contracts can protect company assets
  • Defining, understanding, and protecting trade secrets in social media
  • How courts are interpreting ownership of social media accounts and whether social media sites constitute property
  • How to prevent trade secret misappropriation or distribution through social media channels
  • The interplay between protection of company information and ownership of company accounts in the social media age

Please join us for this informative webinar.

shutterstock_533123590Continuing our annual tradition, we present the top developments/headlines for 2016 in trade secret, computer fraud, and non-compete law. Please join us for our first webinar of the New Year on February 2, 2017, at 12:00 p.m. Central, where we will discuss these new developments, their potential implications, and our predictions for 2017.

1. Defend Trade Secrets Act

One of the most significant developments of 2016 that will likely have a profound impact on trade secret cases in the coming years was the enactment of the Defend Trade Secrets Act (“DTSA”). The DTSA creates a new federal cause of action for trade secret misappropriation, albeit it does not render state law causes of action irrelevant or unimportant. The DTSA was passed after several years and many failed attempts. The bill was passed with overwhelming bipartisan, bicameral support, as well as backing from the business community.

The DTSA now allows trade secret owners to sue in federal court for trade secret misappropriation, and seek remedies previously unavailable. Employers should be aware that the DTSA contains a whistleblower immunity provision, which protects individuals from criminal or civil liability for disclosing a trade secret if such disclosure is made in confidence to a government official or attorney, indirectly or directly. The provision applies to those reporting violations of law or who file lawsuits alleging employer retaliation for reporting a suspected violation of law, subject to certain specifications (i.e., trade secret information to be used in a retaliation case must be filed under seal). This is significant for employers because it places an affirmative duty on them to give employees notice of this provision in “any contract or agreement with an employee that governs the use of a trade secret or other confidential information.” Employers who do not comply with this requirement forfeit the ability to recoup exemplary damages or attorneys’ fees under the DTSA in an action against an employee to whom no notice was ever provided.

At least one federal district court has rejected an employee’s attempts to assert whistleblower immunity under the DTSA. In Unum Group v. Loftus, No. 4:16-CV-40154-TSH, 2016 WL 7115967 (D. Mass. Dec. 6, 2016), the federal district court for the district of Massachusetts denied a defendant employee’s motion to dismiss and held that a defendant must present evidence to justify the whistleblower immunity.

We anticipate cases asserting claims under the DTSA will be a hot trend and closely followed in 2017. For further information about the DTSA, please see our webinar “New Year, New Progress: 2016 Update on Defend Trade Secrets Act & EU Directive.”

2. EU Trade Secrets Directive

On May 27, 2016, the European Council unanimously approved its Trade Secrets Directive, which marks a sea-change in protection of trade secrets throughout the European Union (“EU”). Each of the EU’s 28 member states will have a period of 24 months to enact national laws that provide at least the minimum levels of protections afforded to trade secrets by the directive. Similar to the DTSA, the purpose of the EU’s Trade Secrets Directive was to provide greater consistency in trade secrets protection throughout the EU. For further information about the EU’s Trade Secrets Directive, please see our webinar “New Year, New Progress: 2016 Update on Defend Trade Secrets Act & EU Directive.”

3. Government Agencies Continue to Scrutinize the Scope of Non-Disclosure and Restrictive Covenant Agreements

Fresh off of signing the DTSA, the Obama White House released a report entitled “Non-Compete Reform: A Policymaker’s Guide to State Policies,” which relied heavily on Seyfarth Shaw’s “50 State Desktop Reference: What Employers Need to Know About Non-Compete and Trade Secrets Law” and contained information on state policies related to the enforcement of non-compete agreements. Additionally, the White House issued a “Call to Action” that encouraged state legislators to adopt policies to reduce the misuse of non-compete agreements and recommended certain reforms to state law books. The Non-Compete Reform report analyzed the various states that have enacted statutes governing the enforcement of non-compete agreements and the ways in which those statutes address aspects of non-compete enforceability, including durational limitations; occupation-specific exemptions; wage thresholds; “garden leave;” enforcement doctrines; and prior notice requirements.

With those issues in mind, the Call to Action encourages state policymakers to pursue three “best-practice policy objectives”: (1) ban non-competes for categories of workers, including workers under a certain wage threshold; workers in occupations that promote public health and safety; workers who are unlikely to possess trade secrets; or workers who may suffer adverse impacts from non-competes, such as workers terminated without cause; (2) improve transparency and fairness of non-competes by, for example, disallowing non-competes unless they are proposed before a job offer or significant promotion has been accepted; providing consideration over and above continued employment; or encouraging employers to better inform workers about the law in their state and the existence of non-competes in contracts and how they work; and (3) incentivize employers to write enforceable contracts and encourage the elimination of unenforceable provisions by, for example, promotion of the use of the “red pencil doctrine,” which renders contracts with unenforceable provisions void in their entirety.

While some large employers have embraced the Call to Action, even reform-minded employers are likely to be wary of some of these proposals. Moreover, this initiative may die or be limited with the new Trump administration.

On October 20, 2016, the Department of Justice (“DOJ”) and the Federal Trade Commission (“FTC”) jointly issued their “Antitrust Guidance for Human Resource Professionals.” The Guidance explains how antitrust law applies to employee hiring and compensation practices. The agencies also issued a “quick reference card” that lists a number of “antitrust red flags for employment practices.” In a nutshell, agreements (whether formal or informal) among employers to limit or fix the compensation paid to employees or to refrain from soliciting or hiring each other’s employees are per se violations of the antitrust laws. Also, even if competitors don’t explicitly agree to limit or suppress compensation, the mere exchange of compensation information among employers may violate the antitrust laws if it has the effect of suppressing compensation.

In recent years, the National Labor Relations Board (“NLRB”) has issued numerous decisions in which workplace rules were found to unlawfully restrict employees’ Section 7 rights. Last year, the U.S. Court of Appeals for the D.C. Circuit denied Quicken Loans, Inc.’s petition for review of an NLRB decision finding that confidentiality and non-disparagement provisions in the company’s Mortgage Banker Employment Agreement unreasonably burdened employees’ rights under Section 7 of the NLRA.

4. New State Legislation Regarding Restrictive Covenants

Oregon has limited the duration of employee non-competes to two years effective January 1, 2016. Utah has enacted the Post-Employment Restrictions Amendments, which limits restrictive covenants to a one-year time period from termination. Any restrictive covenant that is entered into on or after May 10, 2016, for more than one year will be void. Notably, Utah’s new law does not provide for a court to blue pencil an agreement (i.e., revise/modify to the extent it becomes enforceable), rather the agreement as a whole will be deemed void if it is determined to be unreasonable.

In what appears to have become an annual tradition, Massachusetts legislators have attempted to pass legislation regarding non-competes, to no avail. Two other states in New England, however, are able to claim accomplishments in that regard. Specifically, Connecticut and Rhode Island each enacted statutes last summer imposing significant restrictions on the use of non-compete provisions in any agreement that establishes employment or any other form of professional relationship with physicians. While Connecticut’s law limits only the duration and geographic scope of physician non-competes, Rhode Island completely banned such provisions in almost all agreements entered into with physicians.

5. Noteworthy Trade Secret, Computer Fraud, and Non-Compete Cases

In Golden Road Motor Inn, Inc. v. Islam, 132 Nev. Adv. Op. 49 (2016), the Supreme Court of Nevada refused to adopt the “blue pencil” doctrine when it ruled that an unreasonable provision in a non-compete agreement rendered the entire agreement unenforceable. Accordingly, this means that employers conducting business in Nevada should ensure that non-compete agreements with their employees are reasonably necessary to protect the employers’ interests. Specifically, the scope of activities prohibited, the time limits, and geographic limitations contained in the non-compete agreements should all be reasonable. If an agreement contains even one overbroad or unreasonable provision, the employer risks having the entire agreement invalidated and being left without any recourse against an employee who violates the agreement.

The Louisiana Court of Appeal affirmed a $600,000 judgment, plus attorneys’ fees and costs, against an ex-employee who violated his non-compete when he assisted his son’s start-up company compete with the ex-employee’s former employer. See Pattridge v. Starks, No. 50,351-CA (Louisiana Court of Appeal, Feb. 24, 2016) (Endurall III).

A Massachusetts Superior Court judge struck down a skin care salon’s attempt to make its non-compete agreement seem prettier than it actually was. In denying the plaintiff’s motion for a preliminary injunction, the court stressed that employees’ conventional job knowledge and skills, without more, would not constitute a legitimate business interest worth safeguarding. See Elizabeth Grady Face First, Inc. v. Garabedian et al., No. 16-799-D (Mass. Super. Ct. March 25, 2016).

In a case involving alleged violations of the Kansas Uniform Trade Secrets Act (“KUTSA”) and the Computer Fraud and Abuse Act (“CFAA”), a Kansas federal district court granted a defendant’s motion for summary judgment, holding that (a) payments to forensic experts did not satisfy the KUTSA requirement of showing an “actual loss caused by misappropriation” (K.S.A. 60-3322(a)), and (b) defendant was authorized to access the company’s shared files and, therefore, he did not violate the CFAA. See Tank Connection, LLC v. Haight, No. 6:13-cv-01392-JTM (D. Kan., Feb. 5, 2016) (Marten, C.J.).

The Tennessee Court of Appeals held that the employee’s restrictive covenants were unenforceable when the employer had not provided the employee with any confidential information or specialized training. See Davis v. Johnstone Group, Inc., No. W2015-01884-COA-R3-CV (Mar. 9, 2016).

Reversing a 2-1 decision of the North Carolina Court of Appeals, the state’s Supreme Court held unanimously that an assets purchase-and-sale contract containing an unreasonable territorial non-competition restriction is unenforceable Further, a court in that state must strike, and may not modify, the unreasonable provision. See Beverage Systems of the Carolinas, LLC v. Associated Beverage Repair, LLC, No. 316A14 (N.C. Sup. Court, Mar. 18, 2016).

The Ohio Court of Appeal upheld a non-compete giving the former employer discretion to determine whether an ex-employee was working for a competitor. See Saunier v. Stark Truss Co., Case No. 2015CA00202 (Ohio App., May 23, 2016).

In a clash between two major oil companies, the Texas Supreme Court ruled on May 20, 2016, that the recently enacted Texas Uniform Trade Secrets Act (“TUTSA”) allows the trial court discretion to exclude a company representative from portions of a temporary injunction hearing involving trade secret information. The Court further held a party has no absolute constitutional due-process right to have a designated representative present at the hearing.

A Texas Court of Appeals held on August 22, 2016, that a former employer was entitled to $2.8 million in attorneys’ fees against a former employee who used the employer’s information to compete against it. The Court reached this ruling despite the fact that the jury found no evidence that the employer sustained any damages or that the employee misappropriated trade secrets.

In Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., Case No. 4:13-CV-4021 (7th Cir., Jan. 21, 2016), the Seventh Circuit Court of Appeals affirmed a district court’s conclusion that a plaintiff had produced no evidence refuting the defendant’s contention that it honestly believed it was engaging in lawful business practices rather than intentionally deceiving or defrauding the plaintiff. Even though the plaintiff’s technology did not expressly permit third parties to access the digitized records and use the information without printing copies, thereby avoiding payment of fees to plaintiff, such access and use were not prohibited.

A divided Ninth Circuit panel affirmed the conviction of a former employee under the CFAA, holding that “[u]nequivocal revocation of computer access closes both the front door and the back door” to protected computers, and that using a password shared by an authorized system user to circumvent the revocation of the former employee’s access is a crime. See United States v. Nosal, (“Nosal II”) Nos. 14-10037, 14-10275 (9th Cir. July 5, 2016).

The Ninth Circuit in Facebook v. Power Ventures, Case No. 13-17154 (9th Cir. Jul. 12, 2016), held that defendant Power Ventures did not violate the CFAA when it made copies and extracted data from the social media website despite receiving a cease and desist letter. The court noted that Power’s users “arguably gave Power permission to use Facebook’s computers to disseminate messages” (further stating that “Power reasonably could have thought that consent from Facebook users to share the [Power promotion] was permission for Power to access Facebook’s computers”) (emphasis in original). Importantly, the court found that “[b]ecause Power had at least arguable permission to access Facebook’s computers, it did not initially access Facebook’s computers ‘without authorization’ within the meaning of the CFAA.”

6. Forum Selection Clauses

California enacted a new law (Labor Code § 925) that restrains the ability of employers to require employees to litigate or arbitrate employment disputes (1) outside of California or (2) under the laws of another state. The only exception is where the employee was individually represented by a lawyer in negotiating an employment contract. For companies with headquarters outside of California and employees who work and reside in California, this assault on the freedom of contract is not welcome news.

We also continued to see federal district courts enforcing forum selection clauses in restrictive covenant agreements. For example, a Massachusetts federal district court last fall transferred an employee’s declaratory judgment action to the Eastern District of Michigan pursuant to a forum-selection clause in a non-compete agreement over the employee’s argument that he had signed the agreement under duress because he was not told he would need to sign it until he had already spent the money and traveled all the way from India to the United States.

7. Security Breaches and Data Theft Remain Prevalent

2016 was a record year for data and information security breaches, one of the most notably being WikiLeaks’ release of emails purportedly taken from the Democratic National Committee’s email server. According to a report from the Identity Theft Resource Center, U.S. companies and government agencies saw a 40% increase in data breaches from 2015 and suffered over a thousand data breaches. Social engineering has become the number one cause of data breaches, leaks, and information theft. Organizations should alert and train employees on following policy, spotting potential social engineering attacks, and having a clear method to escalate potential security risks. Employee awareness, coupled with technological changes towards better security will reduce risk and exposure to liability. For technical considerations and best practices and policies of attorneys when in the possession of client data, please view our webinar, “A Big Target—Cybersecurity for Attorneys and Law Firms.”

8. The ITC’s Extraterritorial Authority in Trade Secret Disputes

In a case involving the misappropriation of U.S. trade secrets in China, the U.S. Supreme Court was asked to decide whether Section 337 of the Tariff Act does, in fact, authorize the U.S. International Trade Commission (“ITC”) to investigate misappropriation that occurred entirely outside the United States. See Sino Legend (Zhangjiangang) Chemical Co. Ltd. v. ITC. The crux of Sino Legend’s argument was that for a statute to apply abroad, there must be express congressional intent. Not surprisingly, Sino Legend argued that such intent was missing from Section 337 of the Tariff Act. In Tianrui Group Co. Ltd. v. ITC, 661 F.3d 1322 (Fed. Cir. 2011), the Federal Circuit held that such intent was manifest in the express inclusion of “the importation of articles … into the United States” which evidenced that Congress had more than domestic concerns in mind. On January 9, 2017, the Supreme Court denied Sino Legend’s petition for certiorari, thereby keeping the ITC’s doors open to trade secret holders seeking to remedy misappropriation occurring abroad. For valuable insight on protecting trade secrets and confidential information in China and other Asian countries, including the effective use of non-compete and non-disclosure agreements, please check out our recent webinar titled, “Trade Secret and Non-Compete Considerations in Asia.”

We thank everyone who followed us this year and we really appreciate all of your support. We will continue to provide up-to-the-minute information on the latest legal trends and cases in the U.S. and across the world, as well as important thought leadership and resource links and materials.

shutterstock_236620168On July 12, 2016, the Ninth Circuit filed its published opinion in Facebook, Inc. v. Power Ventures, Inc., et al., Case No. 13-17154 (“Power Ventures”).  Power Ventures is the latest in a series of decisions from the Ninth Circuit relating to the type of activities potentially giving rise to liability under the Computer Fraud and Abuse Act (18 U.S.C. §1030) (“CFAA”). Power Ventures has potentially important implications for the ways that businesses create, store, and monetize data through computers and web-based applications. Unlike the court’s Nosal line of decisions, Power Ventures is focused more on internet-based conduct that may violate the CFAA.

The underlying legal dispute between the parties began in 2008, when Facebook filed suit against Power Ventures, Inc. (“Power”) in the USDC for the Northern District of California. Power, which aggregated data from different social networking sites using, among other things, automated scripts (i.e., “scraping”), enabled people with various social media accounts to access all of their information in one place. Power used user-provided social media log-in information to import people’s information to a Power portal. In an effort to promote itself and attract users, Power then contacted via e-mail Facebook users’ friends, making it appear as if the e-mails came from Facebook.

Upon learning of Power’s activities, Facebook sent Power a cease and desist letter and used IP blocks in an attempt to prevent Power from obtaining Facebook data (IP blocking is a process by which a computer or network is directed to ignore all communications from a particular IP address). But Power continued to copy Facebook data and took measures to evade the IP blocks.

Although the Ninth Circuit analyzed whether Power’s conduct violated the federal CAN-SPAM Act (finding that it did not, and reversing District Court Judge Lucy Koh), the court’s analysis of the CFAA issues are most noteworthy. The court first walked through its United States v. Nosal CFAA decisions (from 2012 and July 5, 2016; see our coverage of these decisions here and here) to “distill two general rules” in analyzing the issue of authorized access under the CFAA:

(1) “a defendant can run afoul of the CFAA when he or she has no permission to access a computer or when such permission has been revoked explicitly” (noting that “once permission has been revoked, technological gamesmanship or the enlisting of a third party to aid in access will not excuse liability”); and

(2) “a violation of the terms of use of a website—without more—cannot be the basis for liability under the CFAA.”

Applying these rules, the court noted that Power users “arguably gave Power permission to use Facebook’s computers to disseminate messages” (further stating that “Power reasonably could have thought that consent from Facebook users to share the [Power promotion] was permission for Power to access Facebook’s computers”) (emphasis in original). Importantly, the court found that “[b]ecause Power had at least arguable permission to access Facebook’s computers, it did not initially access Facebook’s computers ‘without authorization’ within the meaning of the CFAA.”

The court declined, in a footnote, to “decide whether websites such as Facebook are presumptively open to all comers, unless and until permission is revoked expressly” (citing to a law review article asserting that “websites are the cyber-equivalent of an open public square in the physical world”).
Instead, the court found that a cease and desist letter sent to Power by Facebook expressly rescinded the permission granted by Facebook users to Power and put Power on notice that it “was no longer authorized to access Facebook’s computers.” The letter informed Power that, in Facebook’s view, Power had violated Facebook’s Terms of Use and directed Power to cease using Facebook content or otherwise interacting with Facebook through automated scripts.

Power continued to access Facebook and took steps to evade the IP blocks that Facebook put in place. The court noted discovery from the trial court that appears to reflect a concerted effort by Power to wire around Facebook’s countermeasures and a likely awareness that Power’s conduct implicated the CFAA.

To explain its finding that the Facebook cease and desist letter had revoked Power’s permission to access Facebook, the court analogized the circumstances to a person who wanted to borrow a friend’s jewelry held in a bank safe deposit box. The court said that the borrower would need permission from the bank and the safe deposit box holder to access the box if the bank had determined that it did not want the borrower on its premises (in the court’s example, because the borrower brought a shotgun to the bank when entering to access the safe deposit box).

Although the court’s analogy might have helped it better understand the technology and information flow at issue in Power Ventures, it lacks the nuance that can swirl around alleged “scraping” scenarios where there are sometimes questions concerning whether “access” under the CFAA has occurred and whether there is a protectable or property interest in the data scraped (in the court’s analogy, the jewelry was the safe deposit box holder’s property, but what was the data equivalent in Power Ventures and, under different facts, what might be the bank’s property interest?).

The court then went on to distinguish Power from its Nosal decisions and, in doing so made some interesting observations (arguably in dictum) about the legal effect of Facebook’s Terms of Use. The court observed that “Facebook and Power had no direct relationship, and it does not appear that Power was subject to any contractual terms that it could have breached.” It is unclear whether, by making this statement, the court is saying that, by its conduct, Power and Facebook had not entered into a contract (e.g., the Facebook Terms of Use) or rather there simply were no terms within the Terms of Use that prohibited Power’s conduct.

Notably, Facebook does not appear to have pleaded a breach of contract claim in the trial court.

In any event, whether a website’s terms of use will apply to and bind a party that attempts to “scrape” data from the website is likely to be further litigated as the intersection of traditional contact formation principles meet the evolving standards under “browser-wrap” and “click-wrap” agreements.

This much is clear from Power Ventures: Those who use websites to conduct business would be well-served to (1) carefully consider the drafting and use of website terms of use; (2) diligently monitor their websites and associated computers/servers for any access, and the means of access, by anyone other than authorized users; and (3) where unauthorized access is detected, to act promptly to notify in writing those who have potentially made such access of the conduct alleged to be improper/unlawful and demand that such conduct cease.

Cyberspace and e-commerce law will continue to evolve rapidly, so banks best keep an eye out for those skilled in the programming arts along with shotgun-toting borrowers of jewelry.

shutterstock_142248280The defendants in a case pending in Chicago federal court were accused of contravening Facebook’s terms of use by accessing its computers in order to create a phony page and then using it to ridicule someone. In Bittman v. Fox, Case No. 14 C 8191 (N.D.Ill., June 1, 2015) (Holderman, J.), the court held that those allegations do not state a cause of action under the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, or the Stored Communications Act, 18 U.S.C. § 2707.

Summary of the case. In 2013, several persons began voicing complaints to the staff and board of trustees of a public library which permitted patrons to view pornography on the library’s computers. The objectors’ increasingly strident efforts to persuade library personnel to install filters on the computers were unsuccessful. Moreover, allegedly in response to those efforts, library personnel engaged in what the objectors viewed as violations of the Illinois Open Meetings Act and as harassment. The objectors retaliated by creating a Facebook page on which they mocked the library’s spokesperson. She filed a multi-count complaint alleging, among other causes of action, CFAA and SCA violations. The objectors’ motion to dismiss the CFAA and SCA counts, and a few other claims, was granted. The remaining counts will be heard by a different judge (because Judge Holderman retired the day the opinion was issued).

Actions by and against the objectors. The objectors attempted to make their views heard at board meetings. The board responded by committing what the objectors viewed as Open Meetings Act violations (in at least one instance, the Illinois Attorney General agreed that the Act had been violated) and refusing in other ways to let the objectors speak their minds. On one occasion, library personnel accused the objectors of illegally disrupting board meetings and summoned the police, but no arrests were made. When the objectors began receiving harassing emails and phone calls at home, which they attributed to library personnel (acting directly or indirectly), the objectors created the fake Facebook page and used it to ridicule the library spokesperson and her floral arrangement business. She sued.

Dismissal of the CFAA and SCA claims. The CFAA and SCA counts allege that the plaintiff was injured by the defendants’ violation of Facebook’s terms of use, and that the violation constitutes unauthorized access to Facebook’s computer. Her allegations were imaginative, but there appears to be scant authority supporting the view that she stated justiciable causes of action.

In his ruling on the Rule 12(b)(6) motion, Judge Holderman reasoned that the statutes were enacted to protect against hacking, or tampering with, computerized personal and proprietary information. The defendants here “did not access a computer to damage, steal or tamper with” the plaintiff’s data. Further, noting that the CFAA is a criminal statute, he cited the rule of lenity and the decision in U.S. v. Drew, 259 F.R.D. 449 (C.D. Cal. 2009), a somewhat similar California case. The court there ruled for the defendant, holding that criminalizing “the conscious violation of a website’s terms of service runs afoul of the void-for-vagueness doctrine.” Judge Holderman also cited Matot v. CH, 975 F. Supp. 2d 1191 (D. Ore. 2013), a decision reaching the same result in a civil lawsuit.

Takeaways. According to Matot, the fabrication of fake social media accounts and phony profiles is not uncommon, and sometimes they even have been created by law enforcement personnel. Moreover, users of electronic media have been known to include lies and other fictions in their postings. Judge Holderman cited Drew for the proposition that prosecuting someone for accessing social media computers in violation of the media’s rules, even as part of a vindictive campaign or one intended to embarrass, “affords too much discretion to the police and too little notice to citizens who wish to use the Internet.” Judge Holderman did not mention U.S. v. Morris, 928 F.2d 504 (2d Cir. 1991), where the use of electronic media in a manner unrelated to its intended function contributed to a CFAA criminal conviction for unauthorized access to a public website.

In Bittman v. Fox, in addition to the dismissed CFAA and SCA claims, several common law causes of action were alleged. The defendants still are charged with defamation, intentional infliction of emotional distress, and interference with prospective economic advantage. The defendants in Bittman were not alleged to have achieved a monetary gain by violating an electronic media’s rules. If there were such a claim in a different case, that claim might state a cause of action for fraud.

By Jeffrey A. Berman and Candice T. Zee

The National Labor Relation Board (“Board”) issued its latest decision on social media issues on August 22, 2014.  In Triple Play Sports Bar & Grille, 361 NLRB No. 31 (2014), the Board ruled that a Facebook discussion regarding an employer’s tax withholding calculations and an employee’s “like” of the discussion constituted concerted activities protected by the National Labor Relations Act (“Act”).  The Board also held that the employer’s internet and blogging policy violated the Act.

The employer, Triple Play Sports Bar and Grille, is a bar and restaurant.  In 2011, at least two employees discovered that they owed more in state income taxes than they expected.  Employees discussed the situation at work and complained to Triple Play, which had planned a staff meeting to discuss the employees’ concerns.  Prior to the meeting, a former employee posted the following “status update” to her Facebook page:

Maybe someone should do the owners of Triple Play a favor and buy it from them.  They can’t even do the tax paperwork correctly!!! Now I OWE money…Wtf!!!

Several Facebook friends posted comments in response to the status update, including two of Triple Play’s employees.  One employee commented, “I owe too.  Such an asshole.”  A second employee “Liked” the former employee’s status update, but posted no comment.  When Triple Play discovered that two of its employees had participated in the Facebook discussion, it terminated their employment for disloyalty.

The Board held that Triple Play violated the Act by terminating the employees’ for engaging in activities protected by the NLRA.  In its analysis, the Board first determined that the Facebook discussion at issue should not be analyzed under the Atlantic Steel Co., 245 NLRB 814 (1979) standard.  To determine whether an employee loses the Act’s protection under Atlantic Steel, the Board balances four factors: (1) the place of the discussion; (2) the subject matter of the discussion; (3) the nature of the employee’s outburst; and (4) whether the outburst was provoked by the employer’s unfair labor practices.  The Board noted that the first factor alone supported its conclusion that Atlantic Steel’s framework is tailored for workplace confrontations with the employer, and not for the type of employee activities in this case.

Instead, the Board applied the standards set forth by the US Supreme Court in the Jefferson Standard and Linn cases.  In Jefferson Standard, the Court upheld the discharge of employees who publicly attacked the quality of their employer’s product and business practices without relating their criticisms to a labor controversy.  NLRB v. Electrical Workers Local 1229 (Jefferson Standard), 346 US 464 (1953).  In Linn, the Court limited state-law remedies for defamation in the course of a union-organizing campaign to instances where the complainant could show that “the defamatory statements were circulated with malice” and caused damage.  Linn v. Plant Guards Local 114, 383 US 53, 64-65 (1966).

Applying Jefferson Standard and Linn to the facts of the case, the Board determined that both the employees’ comments and “like” in response to the Facebook post constituted a dialogue among employees about working conditions that was protected by the Act. The Board determined that the evidence did not establish that the discussion was directed to the general public. Although the record did not establish the former employee’s privacy settings on Facebook, the Board noted that the comments were posted on an individual’s personal page rather than a company page providing information on its products or services. The Board concluded that the employees’ comments were not “so disloyal as to lose the Act’s protection” because they did not disparage their employers products or services, or undermine its reputation. The Board also held that the comments were not defamatory, but simply a statement of a negative personal opinion of Respondent’s owner.

The Board also found that the Triple Play’s Internet/Blogging policy in the employee handbook violated Section 8(a)(1) of the Act. The policy warned that “engaging in inappropriate discussions about the company, management, and/or co-workers, the employee may be violating the law and is subject to disciplinary action, up to and including termination of employment.”

The Board held that the policy was overly broad and unlawfully chilled employees in the exercise of their Section 7 rights. It further noted that Triple Play’s subsequent termination of the employees who engaged in the Facebook discussion further demonstrated the employer’s improper prohibition of Section 7 activity. The Board ordered Triple Play to discontinue using the policy.

In his dissent, Member Miscimarra agreed with his colleagues that Triple Play unlawfully discharged the employees and questioned them about their Facebook activity. He disagreed, however with the finding that the Internet/Blogging policy violated the Act. Member Miscrimarra noted that the language of the policy did not expressly or implicitly restrict Section 7 activity, and was not applied to restrict protected activity. Specifically, Triple Play did not apply or refer to the policy when it discharged the employees.

What does this mean for employers? Employers must tread lightly before disciplining employees for social media comments that might appear to be critical of their employer. Employers should also review their social media policies to make sure that they are not in violation of the Act. Remember, the employees in this case were not a part of any union or labor organization.