Archive for Social Media

[Post by Venkat Balasubramani]

SB 5211 (passed by Senate April 27, 2013)

Both chambers of the Washington legislature passed Substitute Senate Bill 5211, and it now awaits the Governor’s signature. No Washington legislators voted against it.

Here are the key provisions:

- the bill restricts employers from (1) asking for passwords; (2) engaging in shoulder-surfing; (3) asking employees to change settings; or (4) asking employees to add them as friends;

- the statute does not define it, but uses the phrase “personal social networking account” to describe what is off limits; 

- the statute contains a carve-out for employer investigations, but limits this to scenarios where employers merely request information (and not passwords) in order to investigate (1) legal violations or (2) suspicion of misappropriation by employees;

- the statute excludes employer-supplied devices, as well as intranets and other platforms “that [are] intended primarily to facilitate work-related information exchange, collaboration, or communication by employees or other workers” [Twitter!];

- finally, the statute provides for a private right of action and authorizes a court to award $500 in statutory damages and attorney’s fees.

The statute tackles the social media ownership question by excluding accounts that are “provided by virtue of the employee’s employment relationship with the employer .. [or] online account[s] paid for or supplied by the employer.” Earlier versions of the statute had more specific definitions for what constitutes a social network. One iteration also limited the private right of action.

Although I acknowledge that employee social networking activity that is private should be off-limits for employers, I still think this was a solution in search of a problem. With states’ well established failings in the era of regulating the internet, I predict this will create more problems than it will solve. Among other things, it’s unclear what is covered by “social media” and equally unclear when an account is “personal” or “business”-related. (In practice they often seem mixed.) Eric Goldman delves into some of these issues in taking a look at California’s social media legislation in this post: “Big Problems in California’s New Law Restricting Employers’ Access to Employees’ Online Accounts.”

Two approaches legislatures should consider taking when enacting these statutes is (1) making them only apply to prospective employees; and (2) getting rid of a private right of action or, at least, including an administrative exhaustion component. The Littler law firm has a great roundup of legislation from various states as well as some of the pitfalls these statutes may present: “Social Media Password Protection and Privacy — The Patchwork of State Laws and How it Affects Employers” [pdf].

Other coverage on employer social media bills generally:

Littler: “Social Media Password Protection and Privacy — The Patchwork of State Laws and How it Affects Employers” [pdf]
WIlliam Carleton: “Checking in on sate social media password laws”
Eric Meyer: “Wooooo pig sooie! Arkansas gets a workplace social media privacy law”
Lexology “Three more states hop on the social media legislation bandwagon”

[image credit: shutterstock/Andre Blais "high-tech background with targeted eye-scan"]

[Post by Venkat Balasubramani]

Eagle v. Morgan, 11-4303 (E.D. Pa. Mar. 12, 2013)

I have previously covered this dispute over a LinkedIn account. (See Another Set of Parties Duel Over Social Media Contacts; Battle Over LinkedIn Account Between Employer and Employee Largely Gutted.) Surprisingly, the case went to trial! Although the court finds that plaintiff adequately proved several of her claims (an impressive feat, given that she proceeded pro se), she ultimately loses the case. The court declines to award damages, finding that she did not prove any with reasonable certainty.

Background: Eagle founded Edcomm with Clifford Brody. In 2010, a company bought Edcomm. Although the purchaser retained the three founders of Edcomm, they were ultimately terminated. The present dispute focuses on Edcomm’s use of Eagle’s LinkedIn account following her termination.

The court discusses, in some detail, Edcomm’s approaches to LinkedIn accounts. During Eagle’s tenure, the company encouraged the creation and use of LinkedIn accounts. Interestingly, although the executives were aware of and discussed the ownership issues surrounding use of these accounts, Edcomm did not adopt any policy that would advise employees that LinkedIn accounts were the property of Edcomm. [The court cites to a fascinating email exchange where the principals debate the merits of the ownership arguments, and whether the company policy that it would own all data on company hardware would adequately resolve the issue of account ownership (answer: no).]

Interestingly, Eagle provided her LinkedIn password to other Edcomm employees who assisted with responding to invitation requests and maintaining the account. This came back to haunt her, as the employees who remained with the company following Eagle’s termination continued to use the account and locked her out of it. Edcomm (sans Eagle) had control of the account between June 20, 2011 (the date of Eagle’s termination) and July 6, 2011. LinkedIn then took control of the account, presumably at Eagle’s request, and she regained control of the account by July 14, 2011.

During the time period when Edcomm used the account following Eagle’s termination, it did not overtly state via the LinkedIn account that Eagle was no longer with the company. However, Edcomm swapped out the bulk of Eagle’s information for the details of Sandi Morgan, the interim CEO of Edcomm. Eagle’s custom URL remained, and the profile was accessible “via linkedin.com/in/lindaeagle.” Therefore, people who were looking for “Linda Eagle” via LinkedIn (or perhaps even a search engine) would be directed to Eagle’s account which now contained largely Morgan’s information.

Unauthorized use of name under 42 Pa. C.S. 8316: The court says that Eagle adequately states a claim under the Pennsylvania statute that protects a person’s commercial interest in their name or likeness. The court says that Eagle’s name clearly has commercial value, given that she has wide acclaim and appears to be a thought leader in the space. The court also says that Edcomm “used” her name:

[a]n individual conducting a search . . . for Dr. Eagle . . . by typing in “Linda Eagle,” would be directed to a URL for a web page showing Sandi Morgans name, profile and affiliation with Edcomm Group Banker’s Academy. In other words, by looking for Dr. Eagle, an individual would unwaringlybe put in contact with Edcomm despite the fact that Dr. Eagle was no longer affiliated with Edcomm and did not consent to Edcomm’s use of her name.

[emphasis added]

Invasion of privacy/misappropriation of identity and misappropriation of publicity: The court largely relies on similar reasoning to find that Eagle adequately states a claim for invasion of privacy by “misappropriation of identity” and for misappropriation of publicity:

[the search results] clearly provided promotional benefit for Edcomm and constitutes misappropriation of [Eagle's] name for commercial use.

Identity theft: Identify theft under the Pennsylvania statute requires “possession or use [of] identifying information or another person . . . to further any unlawful purpose.” The court says that Edcomm only used information that was publicly available. Interestingly, the court does not discuss whether use of the password constitutes identity theft. Also, the court points out that the “honors and awards” portion of Eagle’s LinkedIn page could not be identifying information. In the process, the court states:

in all logic, a person directed to [Dr. Eagle’s page] could not reasonably believe that the page was intended to identify Dr. Eagle. Rather, a reasonable individual, while perhaps confused as to how he or she arrived at this page, would have no doubt that the page belonged to Ms. Morgan and was describing Ms. Morgan’s resume.

[Every now and then I come across language that seems like it’s judicially trolling Professor Goldman. This is a prime example of this.]

Conversion: The court says that the tort of conversion is somewhat limited under Pennsylvania law when it comes to intangible property. While other courts have held that things like domain names (and even Twitter accounts) can be converted, the court says that under Pennsylvania law conversion is only available where the intangible rights are “customarily merged in, or identified with, a particular document (for example, a deed or a stock certificate).” This is not the case here. (Again, the court does not discuss the possibility of the password being converted.)

Interference with contract: The court says that Eagle has established the elements of interference with contract (the contract between her and LinkedIn). The only problem is that she fails to satisfy the element of damages. In discussing this cause of action, the court also notes that the agreement was between her in her individual capacity and LinkedIn, and not between Edcomm and LinkedIn.

Damages: After finding that Eagle adequately proved the bulk of her existing causes of action, the court concludes that she has not proven her entitlement to compensatory damages. First, the court says that she has not established damages with reasonable certainty. She relied on an interesting formula that apportioned the total (historical) revenue she generated across her LinkedIn accounts, and like the parties in the Twitter account case, came up with a per month per “connection” damage figure. However, the court says that she falls short in failing to show that she actually generated the revenues through her contacts:

Aside from her own self-serving testimony that she regularly maintained business through LinkedIn, Plaintiff failed to point to one contract, one client, one prospect, or one deal that could have been, but was not obtained during the period she did not have full access to her LinkedIn account. Indeed, the very real possibility exists that even with full access to her LinkedIn account, she would have not made any deals with any of her contacts during the time period in question.

The court says that she fails to show a reasonably fair basis for calculating her damages. She did not retain an expert, and only presented the testimony of her co-founder Clifford Brody. He admitted to “guestimating” on the damages, and more importantly “failed to connect Dr. Eagle’s successful sales with any use of LinkedIn . . . “

The court also declines to award punitive damages, saying that it was just as reasonable to conclude that Edcomm was acting to protect its property (or what it perceived as its property) rather than acting to harm plaintiff. On this basis, the court says Eagle fails to satisfy her burden on entitlement to punitives.

Edcomm’s counterclaims: The court also rejects Edcomm’s counterclaims.

First, it argued that Eagle committed misappropriation when she continued to use her account. The court says no:

Edcomm never had a policy of requiring that its employees use LinkedIn, did not dictate the precise contents of an employee’s LinkedIn account, and did not pay for its employees’ LinkedIn accounts. Indeed, as noted above, the LinkedIn User Agreement expressly states that Plaintiff’s account is between LinkedIn and the individual user. Edcomm did not itself maintain any separate account. Moreover, Edcomm failed to put forth any evidence that Eagle’s contacts list was developed and built through the investment of Edcomm time and money as opposed to Eagle’s own time, money, and extensive past experience . . . .

The court also rejects its unfair competition claim, saying that apart from misappropriation (that the court rejects) Edcomm does not identify any other basis for how she unlawfully or improperly competed by using the LinkedIn account.

__

This is a pretty interesting end to a wide-ranging dispute that spanned several lawsuits and jurisdictions.

There is so much to take away from this dispute:

- it’s a demonstration again of the difficulty of slotting things like LinkedIn accounts into existing regimes of intellectual property.

- It’s also a good illustration of how helpful an employer’s social media policy can be, although policies may not always resolve the issues.

- Personality rights and trademarks are a good hook for plaintiffs, and continuing to use the name of an ex-employee (if you are a company) or mark of a company (if you are a contractor) in an account can be risky, absent contractual authorization.

- Possession of the password is important, and password-sharing is risky activity, no matter what the context.

- Would social media password legislation have resulted in a different resolution? Tough to say, although Edcomm would likely have been reluctant to ask for and use the password post-termination.

- As Eric mentions below, identify theft statutes can be broadly worded. The court correctly rejects plaintiff’s argument in this case that Edcomm violated the statute, but I expect plaintiffs will continue to rely on this argument.

I’m curious about two things factually that the court does not delve into. First, how easy would it have been for Edcomm to have changed the vanity URL? Second, I’m curious about the process through which Eagle regained control of her account.

The court’s finding that Eagle adequately asserted a publicity rights claim is interesting in that it relies on the fact that end users would be routed to her account while searching for her. On the one hand, the court says that users will be “unwaringly” directed to her profile, but on the other hand, the court says that there’s no way users will be confused, since Edcomm replaced the bulk of Eagle’s account details. The court does not cite to the recent Wisconsin decision involving keyword ads and personal names (nor does it discuss the Stayart case). The Wisconsin case is slightly distinguishable since there the name was an invisible trigger (and deals with Wisconsin’s statute, which probably differs from Pennsylvania’s), but still somewhat analogous I thought. The court could have just found that she did not state a claim to begin with, but perhaps took the “no damages” route as this rationale would better insulate the court’s decision against appellate review. Either way, the court’s ruling shows the broad reach of personality and publicity type statutes and claims and their possible applicability to these types of disputes. (See also Maremont v. Fredman Design Group.)

Above all, perhaps it’s a good illustration of the fact that these lawsuits may not be worth it from an economic standpoint. The extent to which Eagle overstated the economic importance of her LinkedIn account was also interesting, almost bizarre. There is some value in being able to get in touch with someone and for a person to advise their network on what is going on with them professionally, but the likelihood of actually depending on LinkedIn and using it to generate revenue seems like a stretch to me. In any event, the court was not sold, based on the available evidence, that this was the case for Eagle’s account. It’s worth mentioning again that the account was under Edcomm’s control for a relatively short period of time, and this could have driven the ruling on damages. It’s possible the outcome may have been different if it took over and continued to use the account.

A final follow-up thought. In the old days, non-competes were a classic term that should be addressed by the parties in the context of any acquisition. I would probably add treatment of social media assets and accounts to this. I wonder if the acquisition agreement contained a non-compete agreement. I’m guessing the answer is no, given that the court did not mention it.

[Post by Venkat Balasubramani]

In the Matter of the Tenure Hearing of Jennifer O’Brien, State Operated School District of the City of Patterson, Passaic County, 2013 WL 132508 (Jan. 11, 2013) [pdf]

O’Brien taught in New Jersey since 1998. She was initially assigned to teach fifth grade at School No. 29, but was ultimately assigned to teach the first grade. School 29 has a student body that was “almost entirely composed” of minorities. The 23 students in her class were either Latino or African American. She previously taught at a different school and apparently had a tough time adjusting to School No. 29.

O’Brien posted two statements to Facebook:

I’m not a teacher – I’m a warden for future criminals!

They had a scared straight program in school – why couldn’t [I] bring [first] graders.

The principal of O’Brien’s former school apparently forwarded a copy of the message to the principal of School 29, asking if “there is anything we can do about this.” O’Brien’s current principal confronted her about the posts and she was suspended without pay, pending a full investigation. Meanwhile, news of the posts “spread quickly . . . .” The media got wind of the posts. Parents also complained about the posts. O’Brien was charged with “conduct unbecoming a teacher.”

An ALJ heard the matter, rejected her First Amendment arguments, and ordered O’Brien removed from her tenured position:

An internet-social networking site such as Facebook is a questionable place to begin an earnest conversation about an important school issue such as classroom discipline. More to the point, a description of first-grade children as criminals with their teacher as their warden is intemperate and vituperative. It becomes impossible for parents to cooperate with or have faith in a teacher who insults their children and trivializes legitimate educational concerns on the internet.

Interestingly, the ALJ was on the fence about whether removal was the appropriate sanction, but was ultimately swayed by O’Brien’s apparent lack of contrition. The Commissioner adopted the ALJ’s decision in its entirety.

The court affirms the Commissioner’s decision. Applying the Pickering test for when public employees can be terminated for speech, the court says that O’Brien’s statements were not a matter of public concern. Even assuming the speech was on a matter of “public concern,” the court says that the district’s interest in the efficient operation of its schools outweighed O’Brien’s right to express those comments. The court also agrees that the posts evince a “disturbing lack of self-restraint [and were] inimical to her role as a professional educator.”

__

Oof. This is a rough result for O’Brien, who at best experienced a momentary lapse of reason in choosing her particular mode of expression. Ten or fifteen years ago, O’Brien’s statement would have taken place in the context of a conversation among peers in a coffee shop or over a beer and would have been instantly forgotten. Today, of course, things are different. Because the comments were posted on Facebook, her former boss was aware of them and was able to forward them to her current boss. News media picked up on them. Parents became agitated. None of this would have happened 15 years ago.

The legal rules are not terribly favorable to public employees, and it’s tough to fault the ALJ and the court for their application of the doctrinal rules. My own view is that it’s an overreaction to fire someone over something like this, especially someone who had a clean track record. You have to wonder whether generational divides and/or attitudes about internet use influence the outcome in these types of cases. The ALJ’s comments and her views about O’Brien’s lack of contrition make me think they do. [As a side note, you also have to wonder how O'Brien would have fared against a private employer, given the absurdly expansive aggressive stance taken by the NLRB against employers who take action based on social media posts.] Also, I can see O’Brien appealing this one. She would face better than usual chances on an appeal.

I hate to end this post with a cautionary note to employees who also happened to be users of social media (which seems like a big chunk of the world’s population), but careful about what you post! As we’ve detailed in innumerable posts here, it can and will come back to haunt you. And when it does, the legal rules are not particularly favorable and unlikely to be of much help.

[Post by Venkat Balasubramani]

Eagle v. Morgan, 2012 WL 4739436 (E.D. Pa.; Oct. 4, 2012)

We’ve repeatedly posted about employer-employee (or ex-employee) disputes involving social media accounts (PhoneDog; Maremont; Kremer; Insynq). Eagle v. Morgan is in the same line, this time involving a LinkedIn account. Here’s our prior post on this case, where the court dismissed some claims but allowed others to proceed: Another Set of Parties Duel Over Social Media Contacts — Eagle v. Sawabeh.

As relevant to the resolution of the latest round of motions, here’s the court’s description of the LinkedIn account at issue:

Eagle used her account to promote Edcomm’s banking education services; foster her reputation as a businesswoman; reconnect with family, friends, and colleagues; and build social and professional relationships. [Another employee] assisted Eagle in maintaining her LinkedIn account and had access to Dr. Eagle’s password.

After Edcomm got acquired, the new owner eventually terminated Dr. Eagle. The company immediately took over her LinkedIn account, changing the account’s login credentials and substituting in the name and photo of Dr. Eagle’s replacement. Unfortunately for Dr. Eagle, the court grants defendants’ motion to dismiss her federal claims based on the Computer Fraud and Abuse Act and the Lanham Act.

CFAA: On the CFAA claims Eagle alleged damages due to opportunities she missed out on because she did not have access to her LinkedIn account. The court says this type of loss isn’t sufficient to satisfy the jurisdictional threshold under the CFAA. I sympathize with Morgan and her pro se status, but her evidence that she missed out contacts with people who in the past had offered “$100,000+ business opportunit[ies]” seemed flimsy at best. (Who among us hasn’t received messages–on social media–that promise a $100,000+ opportunity!)

Lanham Act: Eagle’s Lanham Act claim failed because the court found that, when Edcomm terminated Eagle, it switched out Eagle’s name and photograph (which was “completely deleted” from the account).

State law claims: Defendants also asked the court to decline jurisdiction over the state law claims and dismiss those, but the court declines (and declines defendants’ summary arguments to have them dismissed on the merits). Eagle’s glimmer of hope is that she still has a conversion claim which the court says will proceed to trial.

__

Yikes. I’m not sure where to start with this one. As with all social media disputes, I really wonder how much is at stake in terms of real dollars and cents. Interestingly, Eagle was represented by multiple lawyers, but they both exited the picture, so she’s now proceeding pro se.

So, on to the million dollar question: is the LinkedIn account a corporate asset or a personal asset? My understanding from the record was that this was a personal LinkedIn account and not a “company account”. So I’m struggling to see how it should get treated as a company account. For Dr. Eagle, it’s more like a resume. Sure, the company included declarations that said it switched out the picture and name from the account after terminating Eagle, but does this really make any sense? People are going to try to connect with a particular person, and instead they will be directed to the LinkedIn profile of someone else? (I’m surprised the court did not delve into the details of what type of account is at issue, but courts seem to have this habit.)

As with all of these disputes, control over the account itself should be separated from access to contact information or ongoing ability to contact customers, which is what the employer really cares about. I’m not suggesting she should win based on a Lanham Act claim, and don’t mean to set off Eric’s “initial interest confusion” radar, but it doesn’t make sense from the standpoint of expectations to have the company take over someone’s personal account.

There were two unusual facts in this case. First, the company said that as a matter of practice, the LinkedIn account was maintained for the company’s benefit, and after employees left, the company took control over the accounts of ex-employees. Second, the employer had access to the account and the password. (In this case, it was under the auspices of helping Dr. Eagle “maintain” the account, but still.)

This leads to the second million dollar question: how would this case have fared under California’s new social media privacy law? It depends on whether this account is a “personal” account or a “business-related” account? Like most other social media accounts, this one is a mix of the two. I’m also not sure whether that law—which was intended to provide for employee privacy—could inadvertently affect ownership disputes such as this one.

Although the court correctly resolves the CFAA and Lanham Act claims, I lean away from letting an employer take control over Eagle’s LinkedIn account if it was just her personal account. To the extent there were trade secrets at play or other legitimate competitive restrictions, it makes sense for the court to impose to restrictions and include social media contacts in any such restrictions, but it’s a bizarre result that would allow the company/employer to control her personal LinkedIn account.

Employers and employees: we appreciate the blog fodder, but for your sakes, please spell out in writing in advance who owns what accounts. It will save you a lot of hassle and lawyers’ fees.

[Post by Venkat Balasubramani]

Lloyd v. Shartle, 11-1419 (JBS) (D.N.J.; Sept. 21, 2012)

We’ve posted a ton about people imprudently posting stuff to their Facebook account that comes back to haunt them in litigation. This case falls into this category.

Lloyd was serving a 168 month term for drug charges. He was charged with using a contraband cell phone to create an “unauthorized” email account “and to circumvent the prison telephone system.” He denied the charges saying they weren’t true.

Unfortunately for him, he had a Facebook account. Presumably he would need a phone or computer to set up this Facebook account but he said that his sister set up the account, and get this .. he claimed:

[h]e would call her from the institution phone, and tell her what to write [on his Facebook account].

Unfortunately for him, not only did he use the phone to post to the Facebook account (contradicting his incredible version of events that his sister would update his account after he phoned in his status messages), he actually posted about his phone on his Facebook account:

(1) I GOT A NEW PHONE AND IM HAVING PROBLEMS GETTING IT TURNED ON. LONG STORY! I SHOULD BE BACK ON TOMORROW SO IF U DIDN’T HEAR FROM TODAY THAT’S THE REASON.; (2) This is my new number XXX-XXX-XXXX.; (3) I just burned my phone out so I got a major headache, right now. Literally!; (4) I called u twice from the prison phone but u didn’t answer ur phone. I’ll try to hit u tomorrow, ok? Do not say anything about a cell phone.

Ouch. That’s pretty much all the court needs to conclude that the prison’s disciplinary charges were valid.

There’s no moral to the story other than the moral to every Facebook-post-that-is-contrary-to-a-litigant’s-interest story.