,

PROTECTING THE VALUE OF YOUR GOODWILL FROM ONLINE ASSAULT

A presentation at the March 2000 Fortune Magazine Communications and Marketing Forum.

In today's market of business-to-business e-commerce, protecting a company's brand and its associated reputation from online assault has become a top priority.

UNDERSTANDING THE ANONYMOUS BATTLEGROUND:

As millions of consumers each week open up their horizons and spending through use of the Internet, they are discovering that the Internet serves as the best and most inexpensive vehicle available to damage the reputation of a company and its officers. The assault generally comes from an anonymous person or company that posts messages on an Internet business message board.

The boards are governed by private contractual user agreements between the Internet company and its anonymous users. Sponsors such as Yahoo!, Motley Fool, Raging Bull, Silicon Investor, GO Network, Individual Investor, Free Realtime, Realize, and ClearStation are just a few of the numerous business message board hosts. These providers are immune from liability for defamatory or damaging messages posted on their message boards pursuant to the Communications Decency Act of 1996. As a result, they have no incentive to police their boards or assist businesses that have been assaulted. In fact, the boards, like talk shows on television, draw millions of viewers and serve as a huge source of income for the Internet companies. Assaulted companies are left to fend for themselves and develop defensive strategies and crisis plans.

SHOULD A COMPANY TAKE DAMAGING ANONYMOUS POSTINGS SERIOUSLY?

Yes. The University of Iowa School of Business conducted an experiment to determine the influence of message boards on the investing public. They found that people are greatly influenced by what should be non-credible communications. It affects what people are willing to pay, and there can be unbelievable movement of stock on the vaguest information. People aren't just gullible once. They are repeatedly gullible.

Clearly, postings on the business boards will affect brand and corporate valuation. Companies in today's e-world are spending millions of dollars building recognition of their name and products. This value can be damaged or eliminated as a result of an online assault by an anonymous poster.

CAN IT HAPPEN TO YOU?

Ask HealthSouth Corporation where an anonymous poster referred to as I_AM_DIRK_DIGGLER posted false statements claiming that he was having an affair with the CEO's wife and that the company was involved in questionable billing practices. Once unmasked, the perpetrator, an ex-employee, confessed that all the postings were false, that he had never even met this CEO or his wife, and that he was just posting lies to stimulate discussion on the bulletin board at the expense of HealthSouth and its CEO.

Ask Phycor, Inc. where cyber-jack99 posted false messages that the company was declaring bankruptcy, was unable to make payroll, filed false financials, and was under review for purchase by the Klu Klux Klan. The poster's identity was unmasked by Phycor and he is now being sued in Federal Court.

Ask E*Trade, where a false press release on earnings on the Yahoo! message board appeared so realistic that may investors mistook it for the real thing. Henry Carter, Vice-President of Compliance for E*Trade Group, Inc. stated that "it is not on the radar screen until you get hit right between the eyes. I don't think people fully appreciate the power of the Internet. I don't think people realize that people read these things and believe them."

Ask e-greeting card distributor, Blue Mountain Arts, a company that was assaulted by false postings that its e-greeting cards will infect the computers of purchasers with a virus.

WHAT SHOULD BE DONE TO PLAN FOR AN ATTACK?

Once a company understands and admits that it might easily be the victim of an attack without warning, it is in a position to develop a monitoring and communications response plan to deal with an anonymous cyber-assault. Locate all Internet message boards that provide ongoing discussion about your company. Create a monitoring mechanism to regularly monitor all postings on these boards. This can be done internally or through an outside service or counsel. Create policies and procedures that prohibit employee use of business message boards to post messages about the company both on and off premises.

Create a communications response plan that can be put into effect immediately upon identification of a cyber-attack that may affect the company's brand or reputation. Contact counsel familiar with Internet defamation and securities issues to advise you on all legal remedies that may be available to unmask the anonymous poster, and pursue a suit for injunctive relief and damages.

WHAT SHOULD A BASIC COMMUNICATIONS RESPONSE PLAN LOOK LIKE?

Select an officer in the company who will receive all reports of postings that may affect the company's brand or reputation. That person should have a team available to research the accuracy or lack of accuracy of each posting within a 2 hour window. If the posting is inaccurate and may affect the value of the company's stock or brand, a news release should be prepared immediately setting the record straight, with a copy placed on the company's website. A hyperlink should be posted to the site where the posting occurred referencing only the questioned posting and referring readers to the news release on the company's website. The Internet provider should be contacted and requested to remove the posting. However, most providers will not honor such requests.

Appropriate legal counsel should then be notified to unmask the anonymous poster. Once the poster is identified by name or business, two approaches may be taken depending upon the nature of the poster and the posting: 1) Send the poster a demand to cease and desist all defamatory postings, including a demand for an admission of guilt and apology to the company. Upon receipt, this may then be posted on the bulletin board where the original message was posted to set the record straight; 2) File a legal action against the poster for damages and injunctive relief.

ANONYMOUS CYBER ASSAILANTS ENLIST THE HELP OF THE AMERICAN CIVIL LIBERTIES UNION

The cyber-defamation war has created a dividing line between defamed corporations which file legal actions against anonymous posters in an effort to discover their true identities and the anonymous posters who maneuver to keep their true identities from being discovered. The American Civil Liberties Union has taken the position that the anonymity of posters is entitled to full protection under the First Amendment. The corporate community disagrees and is of the opinion that anonymous posters who use the message boards to defame corporations or attempt to damage their brand, should be exposed and punished through the courts.

This is best exemplified by the pending case of Erik Hvide, the former CEO of the publicly traded company Hvide Marine, Inc. Mr. Hvide was forced out of his corporation by an Internet smear campaign on the Yahoo! message board for Hvide Marine. The anonymous posters were sued as John Does in order to discover their true identities and to allow Mr. Hvide to proceed against them for damages. America Online and Yahoo! were subpoenaed to reveal the information necessary to identify the names of the posters. An attorney for the anonymous posters filed a motion to allow the posters to defend the action anonymously. The ACLU entered an appearance and filed a brief suggesting that anonymous posters are entitled to litigate their cases anonymously until such time as the corporation obtains a ruling that the posting is defamatory, and only then should the poster's identity be revealed. The Court, during a preliminary hearing, expressed the following without ruling: "I think, if you go into court, you are entitled to know who you are suing, who your adversary is, because it goes to your strategy. It goes to your allegations. It goes to whether you think you are going to be able to settle. And there is something about 'know thine enemy'." The issue will be decided by the Court in May 2000 setting the standard for the anonymity issue in cyber-defamation cases.

WHAT CAN A COMPANY DO TO PLACE MORE RESPONSIBILITY ON THE INTERNET MESSAGE BOARDS TO REGULATE THEIR USERS?

An association is being formed, supported by corporate America, to promote changes in the legislation that currently regulates Internet providers. The law currently exempts a provider from liability for the publications of content by third parties. This law basically says that the AOLs and Raging Bulls of the Internet world cannot be sued for postings on their message boards. The purpose of the law is to allow the free flow of Internet information by the providers without the need, and related expense, of monitoring content. It was the intent of the legislation to allow common law defamation rules to regulate the publication of libelous communications. However, providers are now using the legislation as a sword instead of a shield. Providers are intentionally protecting their posters' identities from disclosure. This has served as a great marketing tool for the providers. The association is promoting amendments to the current legislation to require providers to disclose identifying information about their posters, if a corporation reasonably believes that it has been defamed, or assume the risk of liability for the posting if they refuse to turn over the identifying information.

LATE BREAKING LEGISLATIVE NEWS: THE ANTI-CYBERSQUATTING CONSUMER PROTECTION ACT OF 1999

In November, the legislature finally passed a law to provide relief to companies whose trademarks are being used by non-trademark holders. The squatter registers an Internet domain name which is similar to the established name and tries to sell the domain name back to the company. The law, known as the Anti-Cybersquatting Consumer Protection Act of 1999, provides remedies such as money damages, attorney's fees and forfeiture of the cybersquatted name. Clearly, this new tool will assist corporations in their ongoing battle to protect their brand and associated name online.

Copyright © 2000 Fischman, Harvey & Dutton, P.A.
All Rights Reserved

Bruce D. Fischman is the President of the Miami, Florida law firm of Fischman, Harvey & Dutton, P.A., 3050 Biscayne Blvd., Suite 600, Miami, Florida 33137. Phone No. (305) 576-5522, Fax No. (305) 576-7079, e-mail bruce@fhdlaw.com. The firm specializes in cyber-litigation on behalf of many public companies.

Back