Practical Aspects of Internet Law—the U.S. Perspective
by Ernest Sasso, Esquire
The explosion of technology within the last two decades has spawned the evolution of a new area of law. With the daily expansion of the Internet and the availability of inexpensive computers, many difficult and new questions of the law are emerging. Two particularly troubling areas for U.S. attorneys constitute the very essence of the Internet: the widespread use of electronic mail (“e-mail”), and the dissemination of information through the establishment of sites on the Internet’s World Wide Web.
E-mail and Client Confidentiality
As e-mail becomes the medium of choice for business communications, the legal community has become increasingly concerned with protecting confidentiality through the attorney-client privilege. This concern will only grow: it is conservatively estimated that almost 2 billion people worldwide will have access to the Internet and e-mail by the year 2010, with over 1 billion Internet users worldwide, including 200 million in the United States alone (out of a total population of 300 million) as of September 2006. Already, clients are demanding that their lawyers be able to communicate electronically, and even among lawyers, e-mail correspondence is becoming the norm. Indeed, an e-mail address on an attorney’s business card is now as common as a fax number.
E-mail is extremely easy to use, exceptionally fast and easily accessible to almost all individuals throughout the world. With these characteristics, along with an attractive price—e-mail is virtually free and unlimited, given the untimed local access rates prevalent in most of the United States—it appears that this would be the perfect medium for attorneys and others to use to communicate to each other. However, the e-mail messages that are sent on the Internet have the ability to be intercepted with more ease then a wiretap on a conventional telephone line. If vital information is communicated between an attorney and client, which is then intercepted, can this be used against that party in court? Will using a medium that is interceptable automatically waive privilege between an attorney and a client? Can the attorney be disciplined for sending the material over a “unsafe” medium? These are very real and problematical concerns for the U.S. attorney.
There are two different bodies of law that are implicated when discussing privilege and confidentiality through e-mail. The first body of law concerns discovery and evidence procedure. Does privilege apply to an e-mail message in discovery or an e-mail message that is sought to be admitted as evidence in court? The second body of law deals with ethical considerations and the rules of professional responsibility. Although an attorney may win in court and keep the privileged information out of the proceeding, that attorney may still be able to be disciplined by the bar. Can an attorney be disciplined for sending e-mail messages because it may violate the confidential relationship between the attorney and the client? Both of these issues need to be considered in order to have an accurate perspective on e-mail and the attorney’s privilege.
The attorney-client privilege protects communications that are intended to remain confidential and which are made under such circumstances where a reasonable expectation exists that the communication is confidential. To this end, the privilege applies to all imaginable means of communication, from telephone conversations to written correspondence, or postal mail from the U.S. Postal Service (“snail mail”) to e-mail. The privilege, after all, is intended to promote the free flow of information between an attorney and client; restricting its application to particular types of communication would certainly hinder this goal.
The popularity of e-mail is tied to its convenience. Computer-generated documents can be sent to several parties simultaneously in a matter of seconds, and files and messages can be forwarded. This includes client memoranda, drafts of written discovery and legal briefs, and scanned executed agreements. As noted, the price is also right: for businesses and law firms that already have computer networks and Internet access, e-mail is either free or close to it. E-mail systems are particularly useful to the legal community, as they allow firms to communicate directly with clients and corporate in-house counsel.
But as messages travel along the Internet in small, multiple data packets, third parties can intercept them. E-mail can also be stored on a system’s backup files indefinitely and misdirected with the push of a single button. Such security risks have prevented federal and state courts from universally applying the attorney-client privilege to e-mail.
Concern over possible unavailability or waiver of the attorney-client privilege by sending unencrypted e-mail containing confidential information has been heightened by such cases as Castano v. American Tobacco Co., 896 F.Supp. 590, (E.D. La. 1995), where documents that a company claimed were privileged but that were available on the Internet through a state library were held to be in the public domain. To be privileged, information conveyed to a lawyer must be communicated in confidence, and not in the presence of third parties. While no court has directly addressed whether unencrypted e-mail meets this requirement, a military court in 1995 recognized a reasonable expectation of privacy in e-mail messages for Fourth Amendment search and seizure purposes. U.S. v. Maxwell, 42 M.J. 568 (US Air Force Ct.Crim.App 1995). The court applied a two-prong test in making this determination. First, the person must exhibit an actual expectation of privacy. Second, the person must show that the expectation of privacy is one that society is prepared to consider reasonable. The court found that both of these prongs were met when e-mail was sent to a particular individual.
Some courts have refused to recognize a reasonable expectation of privacy in electronic communications that can be intercepted with more ease than regular landline telephone calls. Tyler v. Berodt, 877 F.2d 705 (8th Cir. 1989) (cordless telephone). It is unclear whether such holdings could support an argument that unencrypted e-mail is not sufficiently private to be within the scope of the attorney-client privilege. The precedential value of these cases may be questioned to some extent depending on when they were decided, since federal law did not make it a crime to eavesdrop on cellular calls until 1986, and did not make cordless phone eavesdropping a crime until 1994. Askin v. U.S., 47 F.3d 100 (4th Cir. 1995) (holding that a warrantless interception of cordless phone conversation did not violate the federal wiretap statute or the Fourth Amendment, but noting that the wiretap statute had been amended subsequently to safeguard privacy of such conversations). However, in Philadelphia, the federal court ruled that an employee did not have a reasonable expectation of privacy in using the company e-mail system, upholding the tenet that an employer may legally monitor its employees’ e-mail. Smyth v. Pillsbury Co., 914 F. Supp. 97 (E.D. Pa. 1996). Ruling that the employer was free to read the employee’s e-mail, even though it had fostered an atmosphere that led the employee to believe his messages would be private, the Smyth court sustained the discharge of an employee for making threatening comments about his supervisor in an e-mail transmission to a fellow employee. This follows the prevailing authority that ownership of its computers is vested with the employer, with no rights inuring to the employees’ use of company property.
Encryption (encoding of e-mail messages) would solve many of these security issues. If an encrypted e-mail is intercepted, or accessed while on the server, the message appears to be gobbledygook, with “garbage” text undecipherable to the receiver.
The most popular encryption program now in use, PGP, or Pretty Good Privacy, can be freely downloaded from the Internet at http://www.pgp.com/. However, PGP requires the creation of two sets of “keys”, a public key, and a private key. The keys, which are actually arcane mathematical formulas, serve to identify the signer and to signify that the message has not been altered since it was sent.
Even if encryption is handled by support staff, key creation still requires extensive time and training. While there are instructions on the PGP Web site, the technology can be extremely intimidating to all but the most tech savvy users. Not surprisingly, the use of encryption is rare in the legal community.
If otherwise privileged information is communicated via unencrypted e-mail and is missent or intercepted, will the privilege be deemed waived? The answer may depend, at least in part, on whether the disclosure is viewed as “intentional”' or “inadvertent”. In a different context, the federal appeals court in Philadelphia held that transmission of communications over cellular telephones was not an intentional divulgence of the communications' content, and thus the privilege was not waived, although the transmission could be readily intercepted. Shubert v. Metrophone Inc., 898 F.2d 401 (3rd Cir. 1990).
Although analogies can be drawn between e-mail and other methods of communication, those analogies are at best imperfect and provide clues of uncertain value for lawyers using e-mail.
In connection with ethics, Model Rule of Professional Conduct 1.6 precludes a lawyer from disclosing “information relating to representation of a client unless the client consents after consultation”. D.R. 4-101 of the Model Code of Professional Responsibility prohibits the lawyer from “knowingly” revealing information protected by the attorney-client privilege and other information gained in the professional relationship that might embarrass or be detrimental to the client or that the client wants to remain secret.
There are clear factual distinctions exist between cellular telephones and e-mail that favor the free exchange of unencrypted e-mail. For example, an Internet communication is not broadcast in all directions as is a cellular telephone conversation, and the “sniffer” software required to intercept e-mail is not a common consumer product like a scanning receiver.
Question No. 1: Is it necessary—for either ethics, privilege, or liability purposes—to encrypt communications on the Internet, except for matters so important that any threat of interception must be avoided? Question No. 2: Must lawyers communicate with or about clients on the Internet using only encryption software? The answer to both questions is a resounding NO! An Internet transmission may pass through as many as a dozen computers operated by different entities, each of which may handle thousands or even millions of messages per day among thousands of persons and entities. To identify one of the relevant computers and then locate, isolate, and capture a particular message requires an enormous investment in time and money, as well as personnel who are both technically proficient and willing to violate the law.
One approach in evaluating the reasonableness of sending an unencrypted message is to apply the “Hand Formula,”' a balancing test attributed to Judge Learned Hand that weighs the likelihood and gravity of the harm against the burden of taking steps to prevent it. In the case of confidential e-mail, the harm to be guarded against depends largely on the subject matter of the message, while the burden of guarding against interception “seems to be very light,”' given the low cost in time and money of using encryption software and the availability of more secure means of communication. The formula is difficult to apply, however, because the likelihood that any particular e-mail will be intercepted, while miniscule, is difficult to predict.
Practically speaking, attorneys should employ the “sniffer” (pun intended) test in determining whether or not encryption is advisable. Some matters—such as negotiations for a multi–million dollar transaction—are so important that any threat of interception must be avoided. Similarly, attorneys defending individuals accused of white-collar crimes should generally encode communications to and from their clients. In a similar vein, individuals contemplating the transmission of messages whose content may be violative of one or more civil statutes, such as Title VII, or the federal securities and antitrust laws, should definitely use encryption.
Given the low risk of interception for any particular message among the millions that are exchanged over the Internet every day, a common-sense weighing and sniffer test is clearly appropriate in determining whether to encrypt e-mail communications.
The general goal of the attorney-client privilege is to encourage candor and full disclosure by the client. The United States Supreme Court addressed the importance of this evidentiary rule in UpJohn v. United States, 449 U.S. 387, 388 (1981):
[The privilege’s] purpose is to encourage full and frank communication between attorneys and their clients and thereby promote broader public interests in the observance of the law and [the] administration of justice. The privilege recognizes that sound legal advice or advocacy serves public ends, and that such advice or advocacy depends upon the lawyer’s being fully informed by the client.
In order to benefit from the absolute protection provided to privileged communications, four elements are required: (i) the client is seeking legal advice; (ii) from a professional in his capacity as an attorney; (iii) the communication relates to the legal advice; and (iv) the confidential communication is between the client and the attorney.
If the communication meets these requirements, it is instantly and permanently protected from disclosure—unless there is a waiver by the action or inaction of the attorney or the client. The attorney-client privilege is an extremely powerful shield, as once the privilege has been held applicable, protected information may not be the subject of compelled disclosure regardless of the need or good cause shown for such disclosure. A lawyer who fails to safeguard the confidentiality of the communication after it is made will face an uncertain professional future: waiver of the privilege, by the failure to take reasonable precautions to preserve confidentiality, could result in the lawyer being sued for malpractice.
Given the above recitation of privilege, must an attorney encrypt his or her e-mail to clients in order to maintain the privileged status of the documents conveyed? In a word, NO! Legal authorities in most of the United States have concluded that communications otherwise privileged do not lose their privileged character because they were communicated via e-mail.
Representative of this general consensus is Pennsylvania’s position. The Pennsylvania Bar Association’s Committee on Legal Ethics and Professional Responsibility issued Informal Opinion Number 97-130 on September 26, 1997. Opinion Number 97-130 addresses a lawyer’s ethical obligations concerning the use of e-mail, and holds that interception of e-mail is not a significant danger. In summary form, the Opinion sets forth the following rules:
- A lawyer may use e-mail to communicate with or about a client without encryption.
- A lawyer should advise a client concerning the risks associated with the use of e-mail and obtain the client's consent either orally or in writing.
- A lawyer should not use unencrypted e-mail to communicate information concerning the representation, the interception of which would be damaging to the client, absent the client’s consent after consultation.
- A lawyer may, but is not required to, place a notice on client e-mail warning that it is a privileged and confidential communication.
- If the e-mail is about the lawyer or lawyer’s services and is intended to solicit new clients, it is lawyer advertising similar to targeted, direct mail and is subject to the same restrictions under the Pennsylvania Rules of Professional Conduct.
Just as the Federal Rules of Evidence do not modify the existing law with regard to privileges, the Pennsylvania Rules of Evidence, effective October 1, 1998, take a similar approach. Specifically, Rule 501 holds that “[p]rivileges as they now exist or may be modified by law shall be unaffected by the adoption of these rules.” This follows the much wordier New York provision, in effect since July 7, 1998, which provides that:
Privileged communications; electronic communication thereof. No communication privileged under this article shall lose its privileged character for the sole reason that it is communicated by electronic means or because persons necessary for the delivery or facilitation of such electronic communication may have access to the content of the communication. [New York Civil Practice Law and Rules § 4547].
While the Opinion of the Pennsylvania Bar Association, and Pennsylvania’s evidentiary rule maintain the privileged status of electronic communications, attorneys must still keep in mind their ethical obligations. When communicating with a client via e-mail, he or she must ensure that confidences are safeguarded. The lawyer’s duty is clear—no matter what the mode of communication. Attorneys who regularly use e-mail for client communications may want to include the following confidentiality notice, akin to that used with fax transmissions:
This Internet e-mail contains confidential, privileged information intended only for the addressee. Do not read, copy, or disseminate it unless you are the addressee. If you have received this e-mail in error, please call us immediately at (610) 941-2155, and ask to speak to the message sender. Also, please e-mail the message back to the sender at email@example.com by replying to it and then deleting it. We appreciate your assistance in correcting this error.
For non-client communications, the following e-mail disclaimer should be used in order to avoid the appearance and construction of an attorney-client relationship:
This e-mail communication is offered for discussion purposes only and is not intended as and should not be interpreted as legal advice or a legal opinion. The transmission of this e-mail communication does not create an attorney-client relationship between the sender and you. Do not act or rely upon the information in this communication without seeking the advice of an attorney.
Finally, if the communication is extremely sensitive, encrypt it. Once an e-mail transmission has been compromised, the courts will go back and look at the steps that were taken to preserve its confidentiality. If those steps were “reasonable”, the privilege will be maintained. If the privilege is not maintained, it will assuredly be because of the attorney’s negligence—something that the attorney should expect the client to highlight in an adversarial proceeding.
Long-Arm Jurisdiction and The Internet
The increasing use of the World Wide Web as a medium for the dissemination of information and marketing of products and services has exposed the owners of “home pages” or sites on the Web to the risk of being sued anywhere an Internet user can gain access to the Web site—practically speaking, anywhere in the world. While the remainder of this article will focus on legal activity in the United States—the world’s uncontraverted leader in litigation—judicial tribunals anywhere can assert the exercise of personal “cyber” jurisdiction based on perceived cyber activity.
Cyber jurisdictional issues have been dealt with primarily in the federal courts of the United States as civil proceedings. While cyberjurisidiction matters have been reviewed by the state courts, as well as in criminal proceedings before the federal courts, the bulk of the reported decisions have been before the federal courts in civil matters. In order to determine whether jurisdiction can be interposed over a defendant, the U.S. federal courts apply the law of the forum state, subject to the limits of the Due Process Clause of the Fourteenth Amendment of the U.S. Constitution. Under Due Process, in order for the court to exercise personal jurisdiction, it must be shown that the defendant had purposefully established minimum contact with the forum state such that the maintenance of the suit did not offend the traditional notions of fair play and substantial justice. Darby v. Compagnie Nationale Air France, 769 F.Supp. 1255, 1262 (S.D.N.Y. 1991) (quoting the U.S. Supreme Court’s holding in International Shoe Co. v. Washington, 326 U.S. 310, 316 (1945)).
Under the “long-arm” statute, prevalent in most states, jurisdiction can be obtained over nonresidents for claims arising from the nonresidents’ transaction of business in the forum state. The U.S. Constitution permits such assertions of jurisdiction where the nonresident has minimum contacts with the forum state such that the district court’s exercise of jurisdiction comports with the afore-mandated Due Process requirement. A number of federal courts have examined whether personal jurisdiction can be asserted over a non-domiciliary defendant whose primary connection with the forum state was Internet communication. Courts in the federal circuit, as well as federal courts in Arizona, Virginia, California and Connecticut have used computer contacts as a basis for the assertion of jurisdiction.
In 3D Systems, Inc. v. Aarotech Lab., Inc., No. 97-1514 (Fed. Cir. November 12, 1998), a patent infringement suit, jurisdiction in the central district of California was deemed proper for a co-defendant who, in addition to responding to e-mail requests from California, also sent promotional letters, solicited orders for models, sent videos and sample parts, issued price quotations, and purchased parts in California. However, jurisdiction was held to be improper over a second co-defendant, who only maintained a Web site viewable in California, with any e-mail from California forwarded to first co-defendant.
The court, in Park Inns Int’l., Inc. v. Pacific Plaza Hotels, Inc., et al., 1998 U.S. Dist. LEXIS 7545 (D. Ariz. March 25, 1998), citing Cybersell, Inc. v. Cybersell, Inc., infra., found purposeful “availment,” and therefore jurisdiction over the defendants, where defendants’ Internet advertisements were accessible to Arizona residents, and there was evidence that several Arizona residents had made reservations using the Web site(s).
In Playboy Enterprises, Inc. v. Asiafocus International Inc., 1998 U.S. Dist. LEXIS 10459 (E.D.Va. April 10, 1998), the United States District Court in Virginia asserted personal jurisdiction over Hong Kong defendants in an action by a New York based publisher for trademark and copyright infringement on defendants’ Web sites. While the court doubted whether the fact that defendants registered their domain name with a domain name registrar located in Virginia was sufficient to support personal jurisdiction, it found jurisdiction based on the Virginia long-arm statute’s provision establishing personal jurisdiction over a nonresident “causing tortious injury in this Commonwealth by an act or omission outside this Commonwealth if he regularly does or solicits business, or engages in any other persistent course of conduct ... in this Commonwealth.”
In Panavision Int’l, L.P. v. Toeppen, 1996 WL 534083 (C.D. Cal. Sept. 19, 1996), a trademark infringement case, a federal district court in California found that it had jurisdiction to hear tort claims against a nonresident defendant based on Internet-related acts occurring outside the state. Specifically, the plaintiff alleged that the defendant operated a scheme that consisted of registering exclusive Internet domain names for his own use that contained registered trademarks. The defendant then allegedly demanded fees from the plaintiff and other businesses that asked him to discontinue his unauthorized use of their trademarks.
The Panavision court did not rule that the defendant was doing business in the forum state. Rather, jurisdiction over the defendant was held proper because the defendant was alleged to have committed a tort “expressly aimed” at California. The fact that the defendant could foresee that his actions could cause harm in California satisfied the minimum contacts test.
In Inset Systems, Inc. v. Instruction Set, Inc., 937 F.Supp. 161 (D.Conn. 1996), a Connecticut corporation, Inset Systems, Inc. (“Inset”), discovered that Instruction Set, Inc. (“ISI”), a Massachusetts corporation, had infringed on its trademark by using the domain address INSET.COM and the telephone number 1-800-US-INSET. ISI moved to dismiss for lack of personal jurisdiction and improper venue. In order to determine jurisdiction the Court had to satisfy the solicitation of business provision of Connecticut’s long-arm statute and determine whether ISI had sufficient minimum contacts with the forum state to support the exercise of personal jurisdiction.
Inset contended that Connecticut’s long-arm statute conferred jurisdiction over ISI because of its Internet advertisement and the availability of its 800 number. The court agreed, and relied upon McFaddin v. National Executive Search, Inc., 354 F.Supp. 1166, 1169 (D.Conn. 1973), and Whelen Eng’g Co. v. Tomar Elecs., 672 F.Supp. 659 (D.Conn. 1987), to establish that ISI’s advertising over the Internet was solicitation of a sufficient repetitive nature to satisfy Connecticut’s long-arm statute.
The Inset court ruled that ISI had been advertising continuously over the Internet to the over 10,000 access sites located in Connecticut. The court also ruled that Internet advertising was not like hard-copy advertisements that had a limited reach and which were normally thrown away after use. Internet advertisements were persistent in nature allowing them to be accessed repeatedly by a large number of potential readers. The court held that because of the continuous availability of the advertisement on the Internet, which could be freely accessed in Connecticut, the defendant was subject to Connecticut’s long-arm jurisdiction. The Inset court substantiated its position by finding that the defendant had purposefully availed itself of the privilege of doing business in Connecticut by directing its advertising and phone number into the state. Moreover, the federal court concluded, jurisdiction was reasonable because Connecticut had an interest in deciding state-law issues raised in the case and because the defendant, located in the neighbouring state of Massachusetts, faced only a minimal travel burden.
The limits of Internet-based jurisdiction were addressed by the New York federal court in Bensusan Restaurant Corporation v. Richard B. King, 126 F.3d 25 (2d Cir., 1997) [affirming Bensusan Restaurant Corp. v. Richard B. King, 937 F. Supp. 295 (S.D.N.Y., 1996)], wherein the owner of New York City’s popular Blue Note club filed a trademark infringement action against the owner of a Missouri club with an identical name. Both jurisdiction and allegation of injury were predicated on the Missouri defendant’s operation of a web site promoting his club. The Court of Appeals for the Second Circuit upheld the New York District court’s dismissal, finding that New York’s long-arm statute could not support the exercise of personal jurisdiction where the nonresident defendant (1) was never physically present in the state (and hence could not have committed a tortious act within the state), and (2) did not derive substantial revenue from interstate commerce (and hence could not trigger jurisdiction under the statute for a tortious act committed out of the state). The court concluded that defendant’s “‘Blue Note’ cafe was unquestionably a local operation.”
Specifically, the Bensusan plaintiff complained that the defendant had infringed on its rights by using its trademark. Defendant, owner and operator of a small club called The Blue Note, in Columbia, Missouri—about 1100 miles from New York City—had created a Web page which allowed users to order tickets to attend the club’s shows. The court had to decide whether the creation of a Web site in Missouri containing a telephone number was an offer to sell to citizens in New York.
The defendant argued the court lacked personal jurisdiction under New York’s long-arm statute. He defended that all he had done was set up a Web site in Missouri aimed at Missouri residents. Furthermore, any tickets sold over the Internet to users had to be picked up either at ticket outlets in Columbia, Missouri, or at the club on the night of the show.
The district court agreed, finding that it took several affirmative steps to obtain access to the Web site and use the information there. The court also ruled that there was no proof that the defendant had directed any infringing activity at New York. The court held that merely because someone can access information on the Internet about an allegedly infringing product, it is not equivalent to a person selling, advertising, promoting or otherwise attempting to target that product in New York: the non-domiciliary must also “derive” substantial revenue from interstate or international commerce. In Bensusan, the defendant’s business was almost entirely Missouri-based.
Similarly, in Cybersell, Inc. v. Cybersell, Inc., 130 F.3d 414 (9th Cir. 1997), Cybersell, Inc., an Arizona Internet advertising company, sought to sue Cybersell, Inc., a Florida Web page design service, in Arizona for trademark infringement. The Ninth Circuit affirmed the District Court’s rejection of the suit, holding that “it would not comport with ‘traditional notions of fair play and substantial justice’ . . . for Arizona to exercise personal jurisdiction over [a nonresident company] that has no contacts with Arizona other than a home page accessible to Arizonans, and everyone else, over the Internet.” One key factual finding was that the Arizona plaintiff appeared to be the only Arizonan entity to have accessed the Florida company’s Web site.
In Santana Products, Inc. v. Bobrick Washroom Equipment, 1998 U.S. Dist. LEXIS 11298 (M.D.Pa. July 24, 1998), Defendant’s motion to dismiss for lack of personal jurisdiction was granted in an antitrust action. Defendant’s passive Web page, which merely provided information but through which no business was transacted, was deemed to be an insufficient basis upon which to base general jurisdiction.
A state court in Clayton v. Farb, 1998 Del. Super. LEXIS 175 (Del. April 23, 1998), found that Delaware’s long arm statute did not reach the defendant, who posted allegedly libelous and slanderous false statements about the plaintiff on his Internet site. The statute provided for jurisdiction over tortious activity outside of Delaware only if defendant regularly conducted business in the state. The court found that access in Delaware to defendant’s Internet posting did not constitute sufficient contact to support the exercise of personal jurisdiction.
Finally, in Transcraft Corp. v. Doonan Trailer Corp., 45 U.S.P.Q.2d (BNA) 1097 (N.D. Ill. November 12, 1997), the federal court ruled that the state of Illinois had no jurisdiction in an action against a nonresident trucking company that advertised products via the World Wide Web under an allegedly infringing trademark. The court held that causing injury within the forum state by means of trademark infringement was insufficient to support jurisdiction absent a showing that the defendant had “entered” the forum state by means of electronic communications expressly “directed to” residents of Illinois.
As the law of the Internet continues to evolve, computer contacts may bring businesses—and law firms—unexpectedly and undesirably, to distant courts. Internet activities should be structured with a thorough understanding of the nature of long-arm jurisdiction, and a focus on the question of foreseeability: Was the party able to foresee an effect on the forum state when it acted on the Internet? In Bensusan, the defendant’s clientele was almost exclusively from Missouri, so the defendant could not reasonably anticipate that the creation of an Internet site would have any effect in New York. On the other hand, the defendant in Panavision allegedly targeted the California plaintiff as a victim of his trademark-appropriation scheme. In both cases, the court focused on a defendant’s ability to foresee the potential harm that its actions could cause in other states.
In sum, the risk of suit in a remote jurisdiction can be reduced by limiting the purpose of the Web site to a passive posting of information. The more interactive the site is, in other words, the more it permits two-way communication with the remote user, the greater the likelihood the site will be perceived as a purposeful entry into the remote jurisdiction.
Unauthorized Practice of Law
Use of the Internet by attorneys and law firms to market their legal services raises questions of professional ethics in addition to the professional ethics issues raised by the use of e-mail in client communications discussed above. Several state bar associations have directly addressed the use of web pages; for example, see these Interpretive Comments by the Texas State Bar and the underlying Texas Disciplinary Rules of Professional Conduct 7.04, 7.05 and 7.07, found at the website for the Advertising Review Committee of the State Bar of Texas (Texas requires pre filing and review of materials placed on the Internet to solicit clients—but note that the Advertising Review Committee has also proposed some revisions of these rules), and these Filing Requirements by the Florida Bar’s Standing Committee on Advertising (which also require pre-filing and review of Internet home pages for attorneys). Many other states are still considering the issue, and have not yet issued rules or interpretations specifically addressing the use of the Internet—although the general expectation is that existing rules will apply to this new medium with appropriate modifications.
In addition to the attorney advertising issues, however, attorneys who frequent the Internet need to be concerned about the possibility that their actions will result in them being deemed to practice law in states (and countries) where they are not licensed to do so. One topical California Supreme Court case, Birbrower, Montalbano, Condon & Frank, P.C. v. Superior Court of Santa Clara County (ESQ Business Services, Inc., Real Party in Interest), 17 Cal. 4th 119 (1998) indicates that contact with clients “by telephone, fax, computer, or other modern technological means” may, but does not automatically, constitute practicing law within California such as to subject an out-of-state attorney to a charge of unauthorized practice of law.
Employer Liability For Internet Use
To protect themselves from liability and to ensure that their computer resources are used only for authorized purposes, employers must have the right to monitor employee files and e-mail. In response to such monitoring, employees have asserted claims for invasion of their common law right of privacy, violation of state privacy laws, violation of the protections against unreasonable searches and seizures afforded by the Fourth Amendment of the United States Constitution, and violation of the Electronic Communications Privacy Act of 1986.
Almost every state recognizes a common-law right of privacy. Violations of the right of privacy are punishable by a tort action for damages. As defined by the Restatement of Torts, “One who intentionally intrudes, physically or otherwise, upon the solicitude or seclusion of another, or his personal affairs or concerns, is subject to liability to the other for invasion of privacy, if the intrusion would be highly offensive to a reasonable person.” Restatement (Second) of Torts § 652B (1977).
For an employee to successfully maintain a claim for invasion of privacy against an employer, the employee must prove that he/she had an expectation of privacy, and that the employer engaged in highly offensive monitoring. Employees bringing lawsuits against their employers for invasion of privacy for monitoring e-mail have been generally unsuccessful, Smyth v. Pillsbury Co., supra. Federal, state, and local government employees, have the protection of the Fourth Amendment to the United States Constitution, which bars unreasonable searches and seizures. In addition, several states specifically recognize the right of privacy for public employees in their constitutions [Alaska, Arizona, California, Florida, Hawaii, Illinois, Louisiana, Montana, South Carolina, and Washington], with California extending constitutional privacy rights to both public and private employees (though not to a private employee’s e-mail communications at work).
These additional privacy rights generally turn on the same considerations as those of the common law right of privacy. In both, the central question is whether the employee had a reasonable expectation of privacy. As noted, the prevailing trend in the United States is that employees do not have a reasonable expectation of privacy in the e-mail they create and receive in the workplace—whether the workstation is in a traditional office setting, factory floor, or mobile setting—on the theory that the employer owns the equipment used for the transmission of e-mails (i.e., computer, modem, and Internet access), and that the employer can be held liable for illegal or merely offensive non-work related transmissions to third parties as well as to its own workforce. Employers are nonetheless well advised to promulgate and actively disseminate a written e-mail policy which puts employees on notice that the company e-mail system is to be used only for business purposes, that the messages are subject to monitoring, and that the policy will be rigorously enforced with disciplinary measures up to and including discharge for breach of the policy.