Probably not. If you work in California, or are otherwise subject to California law, I recently saw this article which again highlighted the oft-repeated warnings of many in the legal profession not to use your company’s e-mail to send out information that you deem to be confidential or, as in this case, even privileged. It can have consequences.

A California appeals court held that an e-mail an employee had sent from her employer’s work computer was not a confidential communication subject to the attorney-client privilege. Thus, the privilege which would have normally attached to the e-mail had she sent it from her own computer was deemed to be waived. A key factor in the case was that the employer had warned employees that e-mails sent from work were not confidential and could be monitored.

As noted in the article, not all courts have held this—and not all employers have such broad e-mail policies (although most do)—but it nevertheless again highlights the danger of using a computer at work when sending out confidential or sensitive information. Chances are that your employer has a fairly broad e-mail policy in place (and you might have even signed something which acknowledged it), but when in doubt … just don’t do it.

It probably goes without saying that if you’re planning to sue your employer, you shouldn’t use your work email address to contact your lawyer. However, if you did do that, according to a California court, that email is not protected by attorney-client privilege. I don’t find this to be all that surprising (or really, problematic). It’s quite common that employers control the rights to your work emails, so it’s hard to see why that wouldn’t extend to emails you send your lawyer. All it really makes me wonder is why someone would use their work email for sending those types of emails.

Permalink | Comments | Email This Story





&partnerID=167&key=segment”/> .8626,cat.TechBiz
.rss”/>

Techdirt Mike Masnick

There was a time about 15 years ago or so that requesting an opposing party’s e-mail in litigation was considered to be unusual and out-of-the-ordinary.  Not anymore.  As e-mail use grew—if not exploded in the 1990s—discovery rules have evolved as well and now most courts require e-mail and other e-discovery to be produced just like any other paper document.  (In fact, there is a whole comprehensive area of technology and internet law that has developed just around e-discovery.)  And just as parties can be sanctioned for not turning over relevant hard copy documents, failing to produce e-mails can have serious consequences for both lawyers and litigants.

According to a recent article and study by King & Spaulding, which examined numerous 2009 federal decisions addressing e-discovery violations and sanctions, the study’s authors found that “sanction awards for e-discovery violations have been trending ever-upward for the last 10 years and have now reached historic highs.”  Sanctions included susbstantial monetary awards (bad enough), adverse jury instructions (very bad), and case dismissals (the worst).  The monetary sanctions were as high as $5 million in some instances.  That’s serious pocket change no matter who you are and indicates how seriously courts view a party’s compliance obligations.

According to the study, defendants were sanctioned almost 3 times as often as plaintiffs were.  That’s not really a shocker.  Defendants don’t enjoy being sued (not surprisingly) and will put up all sorts of obstacles during the discovery process.  Smart and ethical defense counsel will try not to let that happen, but I’ve seen instances where defendants aren’t even honest with their own attorneys when it comes to giving them the information they need to comply with their clients’ own discovery obligations.

The most common misconduct identified in the study was failing to preserve electronic evidence, failing to produce the records altogether, or delaying the production.  Lawyers were typically sanctioned along with their clients, and the sanction included payment of the opposing party’s attorneys’ fees and costs (which ranged from $500 to $500,000). 

By sanctioning attorneys as well, courts are sending a very clear message that the lawyers must be actively involved in the discovery process and must, of course, act properly throughout.  And the discovery process can at times be daunting given the huge number of e-mails, instant messages, and other e-documents—which could easily be in the millions in some large cases—that may have to be produced.  Nevertheless, counsel must be engaged in the process throughout.  It’s easy to see how litigation can get so costly, isn’t it (even without the sanctions)?

The article also mentions another study by Gibson Dunn which looked at these issues in 2010 and found that the imposition of e-discovery sanctions have declined somewhat from 2009, e.g., courts (both state and federal) granted sanctions 55% of the time in 2010, as opposed to 70% in 2009.  Increased calls for discovery reform could be part of the reason.

In reality, however, I don’t find such a decline to be all that comforting (assuming it’s tangible at all).  A 55% chance of being sanctioned isn’t exactly something that you can “brag” about to a non-complying client, and lawyers are well-advised to discuss the serious consequences of non-compliance with recalcitrant clients.  And of course, clients are particularly well-advised to let lawyers do their job.  Or everyone ends up paying the price.

Ask and ye shall receive.  My January 21st post discussed some of the potential legal issues that could arise by using Twitter.  Lo and behold, one just did.  And from a Congressman no less.  And not just any Congressman, but House Minority Leader John Boehner, who also happens to be the Ranking Member of the House Intelligence Committee.

It seems that Boehner could have used some of that intelligence before he twittered his network about his secret trip to Baghdad.  As he arrived in Iraq, he sent the following “tweet” from his BlackBerry:  “Just landed in Baghdad. I believe it may be first time I’ve had bb service in Iraq.  11th trip here.”  Nothing like letting people know the time and place of where you happen to be.  It’s not like terrorists would be interes—whoops.  Nevermind.

If the Ranking Member of the House Intelligence Committee can so easily and nonchalantly disclose secret information, you can only imagine what else will be coming down the pike in the near future.  While it’s unclear if any laws were broken in this instance, it nevertheless highlights the dangers of the informal nature of Twitter that I discussed in my earlier post.  Security lapses like this are just the beginning.

It will only be a matter of time (if it hasn’t happened already), until someone gets his/her employer in trouble for using Twitter, the latest social networking and “microblogging” craze.  (Does it ever end?)  As if the well-known dangers of e-mailing haven’t been documented enough over the years—and have been a boon to litigators—Twitter may soon up the ante.

The issues are really no different than those that have already surfaced with e-mails.  Issues involving privacy, confidentiality, defamation, sexual harassment, discrimination, and copyright infringement (to name a few potential problem areas) have been well-litigated over the years.  By now, most employers hopefully have a formal e-mailing and internet usage policy in place for their employees to follow.  Instilling a healthy sense of fear never hurts.  

So how much harm can someone do with 140 characters or less on Twitter?   As a lawyer, I’ve learned never to underestimate the ability of clients to get themselves in all sorts of trouble.  As with texting, it’s only a matter of time before we all read about some clueless employee who gets him/herself fired and puts the employer in legal hot water.  And of course, it’s only a matter of time before lawyers start subpoening these types of electronic communications also.  Just because a message is only a few characters long doesn’t mean that it won’t be stored and saved—possibly forever.

But as noted by one commentator in the article linked-to above, Twitter messages are “quick sound bites and instantaneous” and “aren’t the most well-thought out.”  Someone who is upset, angry, or frustrated could easily use poor judgment and—in a few characters or less—wreak all sorts of havoc on his/her employer.  And once it ends up in the Twitter universe, it’s there for all to see . . . again and again and again.

Needless to say, an employer’s e-mail and internet usage policy should be specifically updated to account for services such as Twitter.  Employees must understand that even very short messages (designed for the inner ADD child who seems to live in all of us these days) can create liability.  Not that it will stop everyone, but it will stop some people.  And the ones it doesn’t stop?  Well, I’m just a “tweet” away!   

Just a quick follow-up to a post I wrote a few weeks ago about “Spam King” Sanford Wallace.  Wallace had been defaulted by a federal district court in California in a suit brought by MySpace for running a spamming and phishing scam on the site.

The court recently awarded MySpace $230 million against Wallace in what is apparently the largest spam award yet.  Of course, chances are that MySpace will never see a penny of that money—or if they do, it will be a miniscule fraction of the award.  Of course, no one will shed a tear if MySpace drives Wallace into bankruptcy.  It won’t stop him anyway.

And MySpace doesn’t need the money.  But it’s a symbolic victory and a great public relations plug for the company.  It gives MySpace bragging rights to its users, attorneys general of all 50 states, and the federal government that it takes these issues seriously and doesn’t waver—even though getting a default judgment is not all that difficult to do.  Hopefully, MySpace will pursue it further and try to actually collect on the award.

According to a new survey by Forrester Research, 41% of large companies (those having at least 20,000 employees) either read or analyze the contents of outbound e-mail.  They’re either paying other employees to read them or presumably using any number of commercially available software programs to analyze them. 

44% of the companies surveyed investigated a confidential data breach involving e-mail in the past year, while 26% said they fired an employee for violating the company’s e-mail policy.  Companies also expressed concern over employees leaking information on message boards, blogs, and other electronic media.

Quite frankly, I’m surprised only 41% of large companies are doing this (although it depends on the industry).  I would have expected it to have been much higher given the daily parade of data and privacy breaches in the news.  After all, it’s large companies that have the financial and human resources to implement widescale e-mail monitoring systems.  Smaller companies may be in a much different situation.

Of course, many employers find it distasteful to engage in this type of monitoring.  It can, if not handled properly, be destructive to employee morale and have lasting effects.  Nevertheless—for better or worse—many employees are slowly coming to grips with their employers’ monitoring efforts.  It’s just becoming a fact of life. 

But the truth is, I’ve had clients whose employees have e-mailed confidential and sensitive company data.  Some workers do it without thinking about it, while others are far more malevolent in their intentions.  This is especially the case when employees leave their companies on bad or poor terms.  So it’s a very real problem for employers that has very real consequences.  Thus, like it or not, monitoring will only continue to increase. 

Bottom Line:  Be careful.  You don’t have any right to privacy when you’re at work.  So don’t think that anything you send—whether to a spouse, boyfriend, girlfriend, doctor, stockbroker, or anyone else—is private.  Even if you have to send it and it can’t wait until you get home, an employer is within its rights to read your e-mail, no matter how private the subject matter.  Of course, what it does with that information is another matter.

The short answer:  No.  Spam will continue to be one of the internet’s most enduring problems.  But it’s always nice to see a few small victories here and there.  Sanford Wallace, who earned the ignominious title of “Spam King,” is in the news once again. 

It seems that Mr. Wallace, in his infinite wisdom, decided to ignore a California federal district court’s order that he turn over requested documents to MySpace, one of the many plaintiffs who have sued him over the years (including AOL, Concentric Network Corp.,  Compuserve, Bigfoot, and the Federal Trade Commission), and provide a deposition to MySpace’s counsel.  According to the complaint, Mr. Wallace ran a phishing scam on MySpace and spammed thousands of its users.  Some people will just never learn.

The Spam King claimed that he was unable to comply because he was unaware of the requests and court orders, as he doesn’t accept mail (why might that be?) and also stated that he had a difficult time finding counsel (yes, we lawyers are always reluctant to take on new clients during a recession). 

The court didn’t buy it—no surprise there—and entered a default judgment against him.  Mr. Wallace is no stranger to default judgments:  He had previously been defaulted in May of 2006 in an action brought by the FTC and ordered to pay a fine of $4,089,500.  Moral of the story for Mr. Wallace:  Don’t break the law.  Moral of the story for everyone else:  Don’t ignore court orders.

In a separate recent spam case, Edward Davidson, who sent hundreds of thousands of e-mails with false headers, was sentenced to 21 months in prison and ordered to pay $715,000 to the IRS.  I suspect, however, that the bulk of the prison sentence was for the tax evasion charges, as it’s only a misdemeanor under the CAN-SPAM act to falsify header information.  Yet Mr. Davidson reportedly made at least $3.5 million sending out these e-mails.  And who says crime doesn’t pay?

While these cases are always satisfying to read, they are few and far between.  Spam is here to stay, regardless of the number of criminal prosecutions brought or default judgments entered.  First, the CAN-SPAM act only applies to spammers in the U.S.  A growing amount of spam is coming from overseas.  Most—if not all—of these foreign spammers are beyond the reach of U.S. law.  

Furthermore, many American spammers are reportedly using foreign servers to send their spam into this country.  Of course, if they could be identified, then the CAN-SPAM Act could be used against them (but it probably wouldn’t stop them anyway—just ask Sanford Wallace).  But you have to identify them first, which is exceedingly difficult when the servers are located outside of the U.S. 

So until the stakes for spammers increase substantially and other countries jump on the enforcement bandwagon, sending spam is still quite profitable—fines, penalties, and imprisonment notwithstanding.  Death penalty for spam, anyone?

Talk about a slow news day.  A recent article in USA Today discusses the so-called “fine print” in ISP contracts and then concludes that it doesn’t really matter anyway.  This non-story highlights the fact that ISP contracts, which their company lawyers draft, give ISPs rights to read their subscribers’ e-mail, block their subscribers from accessing certain websites, and can terminate their subscribers for overusage of their networks.  The horror.  Imagine that?  A business that protects itself.  The shareholders will be outraged.

As an attorney who drafts these contracts, this article is much ado about nothing.  Yes, ISPs put all sorts of language into these agreements to make sure that their services are not abused by users.  But simply because an ISP has the right to read a user’s e-mail or block a user from accessing certain sites doesn’t mean that it will actually do so.  The article makes it sound inevitable.

An ISP, like every other business in America, is keenly aware of the public relations disaster that would result if it was disclosed that they routinely read their users’ e-mails, blocked access to websites, or simply terminated their users accounts due to overusage, without good cause.  They would quickly and perhaps permanently lose users as the media and blogosphere savaged them.  And as they know all too well, everything in cyberspace lives on indefinitely. 

But think of the public relations disaster that would result if it was disclosed that an ISP was aware or suspected that a user was engaging in wide scale spamming, copyright infringement, or the downloading of child pornography.  Or that certain users were hogging bandwidth to the point that other subscribers’ service was affected, while the ISP took a laissez-faire attitude?  It’s not exactly a model of corporate responsibility in these post-Sarbanes Oxley times.  The blogosphere would again be buzzing, albeit for different reasons.  You’re damned if you do, and damned if you don’t.

Furthermore, some of these clauses are economic necessities.  The RIAA has begun targeting ISPs whose users engage in massive and sustained downloading of copyrighted music through their networks.  If an ISP suspects that a user is downloading copyrighted material and does nothing, it can be held liable for contributory copyright infringement in certain instances.  But by terminating the offending user’s account, it may insulate itself from liability.  The “fine print” of the contract allows an ISP to do so.

Is an ISP contract really that different from signing a lease with a landlord?  A landlord has the right to access your apartment with or without notice and can potentially invade your privacy.  A landlord puts certain restrictions as to how its property can be used and how many people can live in it.  And a landlord can evict you under the right circumstances.  While internet access is certainly important nowadays, so is having a place to live.  Yet many tenants have rules not unlike what their ISPs impose, but don’t assume that their landlords will exercise them indiscriminately.

So the contractual provisions such as those described in the article are not necessarily a bad thing.  It all depends upon the circumstances.  If an ISP does include a provision that a court finds to be unfair or onerous, it can be struck from the contract (to say nothing of the scrutiny the ISP would get from that state’s attorney general).  So it’s not as if an ISP can do anything it wants.  While it may sound like this is a case of “ISPs gone wild,” the simple fact is that—for the moment at least—this was an article in search of a story.  But when an ISP does overreach or overreact, I’m sure we’ll hear about it somehow.

     Although it should hardly be considered to be news anymore, an appellate court in New York has ruled that a series of e-mails constituted “signed writings” within the meaning on New York’s Statute of Frauds.  Consequently, they could be used to modify an employment agreement which provided that all modifications had to be signed by the parties.

     The court found that when each party typed his name at the end of his respective e-mail prior to sending it, this signified each party’s “intent to authenticate” the e-mail’s contents.  Thus, the e-mails fell within the scope of the modification provision of the employment agreement, and the contract was deemed to have been modified in accordance with the e-mail’s contents.

      There’s nothing remarkable about this ruling.  It relates back to the standard caveat nowadays that parties need to be careful about what they put in their e-mails, as they can obviously impact legal rights.  In this instance, if the parties didn’t want the e-mails to be considered writings, they should have had an express provision in the employment agreement which excluded e-mails from modifying the contract.  

     In fact, provisions such as these are becoming increasingly common as more and more people communicate via e-mail.  It depends, however, upon the client.  I have several technology clients who prefer e-mails and pdfs to actual paper when communicating with just about everyone, including their customers, prospects, employees, contractors, and attorneys.  While this may be easier and more efficient, it’s also easy—given the daily deluge of e-mails—to delete or overlook them (especially if they get caught in spam filters).  Thus, for those of you who prefer to communciate this way, just be aware of the potential ramifications.