Computer Crimes and the Respondeat
Superior Doctrine: Employers Beware
Mark Ishman†
I.
Introduction
II.
Background
A. Technology
in the Workplace
B. Employer
Liability
III.
Analysis
A. Computer
Crimes
1. Stock
Manipulation – and Its Secondary Effect, Cybersmearing
a. Employer
Liability Based on Securities Law
b. Examples
of Stock Manipulation Conduct by Employees
c. The
Secondary Effect of Stock Manipulation, Cybersmearing
2. Copyright
Infringement
a. Employer
Liability Based on Copyright Law
b. Examples
of Copyright Infringement Conduct by Employees
c. Employer
Liability Based on Trademark and Trade Secret Laws
3. Computer
Viruses and Worms
a. Employer
Liability Based on the Computer Fraud and Abuse Act
b. Examples
of Virus and the Potential Liability to Employers
c. Examples
of Worms and the Potential Liability to Employers
4. Internet
Gambling
a. Employer
Liability Based on Federal Law
b. Employer
Liability Based on State Law
c. Examples
of Online Gambling Conduct by Employees
B. Employer
Policy: Defense and Prevention
IV.
Conclusion
I. INTRODUCTION
Imagine
that it is Friday afternoon and Mr. White, the manager of office services at
ANGELIC Company, asks Bob, an employee whom he supervises, which National
Football League (“NFL”) stars he plans to select to start this week in his
“fantasy football league.”[1] Bob replies, “Brett Favre, Emmitt Smith,
Jerry Rice, Shannon Sharpe and Morten Anderson.”[2] Mr. White responds with encouragement,
“Sounds like a winner to me.” Shortly
thereafter, Bob uses the company’s computer to log[3]
onto the “Internet”[4] to perform
company business. During this Internet
session, Bob verifies that the mail that ANGELIC sent arrived at its
destination by accessing the Federal Express Website. While at the Federal Express Website, Bob remembers that he must
change his starting line-up for this weekend’s games. Bob quickly interrupts his daily work, accesses his fantasy
football Website and enters this week’s starting line-up for his fantasy
football team. After finalizing his
starting line-up, Bob returns to the Federal Express Website and completes his
daily work.
If
Internet gambling is illegal in Bob’s state, can ANGELIC Company be held liable
for Bob’s fantasy football league?
ANGELIC Company had knowledge of Bob’s activities, and Bob used the
company’s computer while engaged in the scope of his employment. Moreover, what if ANGELIC Company had a
policy prohibiting all non-business and illegal Internet activity and had
monitored Bob’s activity on the Internet but failed to discipline him? Moreover, what types of sanctions could
state and federal governments impose on ANGELIC Company for the illegal
activity of Bob, its employee?
The
purpose of this Comment is to explain an employer’s potential liability
exposure when an employee at its workplace conducts illegal online
activity. Part II begins with a general
discussion of technology in the workplace.
Next, it focuses on traditional and modern theories of respondeat
superior[5]
and explains when an employer may be held liable for an employee’s illegal
activity. Part III follows with
analysis regarding when an employer may be held liable when it allows its
employees the right to use its equipment and they thereby conduct illegal
online activity. Lastly, this Comment
proposes several necessary precautions that all employers that utilize modern
technology in the workplace must take to avoid liability.
Both
technology in the workplace and computer crime laws have expanded enormously
over the last ten years.[6] However, modern law has failed to keep up
with technology in regulating illegal online activity.[7] Presently, both state and federal laws are
being enacted to help halt this expansion by holding employers liable for the
illegal online activity of its employees.[8] Thus, employers may be liable for their
employees’ illegal online activity.[9]
“The
Internet is a giant network [that allows global communication between] people,
institutions, corporations and governments.”[10] Between 1983 and 1994, the Internet
“underwent an explosive growth period with the number of host computers and
users doubling every year. . . .”[11] Moreover, as of January 2000, there were
approximately 248 million Internet users worldwide[12]
and more than 70 million top-level domain names.[13] One of several reasons for the Internet’s
phenomenal growth is that the Internet is accessible from anywhere (e.g., at the office, home and while
traveling).[14] In addition, electronic mail (“e-mail”)[15]
and Internet use in the workplace have experienced tremendous growth in the
last five years.[16] Consequently, the workplace has become
increasingly dependent on the Internet, and this dependence will continue
through the new Millennium.[17]
The benefits
produced by using the Internet and e-mail in the workplace are impressive. First, the Internet is a “revolutionary tool
that dramatically affects the way we communicate, conduct business and access
information.”[18] The Internet provides access to a seemingly
endless amount of information from various institutions, corporations,
governments and individuals worldwide.[19] Furthermore, e-mail provides instant written
communication between individuals, while eliminating the typical problems
associated with mail, hand deliveries and the telephone.[20] In the workplace, “[e]-mail encourages intra
company communication,” while increasing employee productivity and reducing the
need for inefficient forms of communication, e.g., “telephone calls, paper memos and face-to-face meetings.”[21] Indeed, “[w]orkers use e-mail for more than
just messages: E-mail can be used to send inventory lists, minutes of meetings,
drafts of documents, business strategies, or records of important business
decisions.”[22] Thus, the employee can use the time saved to
conduct other work-related tasks.[23]
Although the
benefits of using technology in the workplace are experienced every day,[24]
these benefits come with a price.[25] As employees increasingly gain access to the
Internet and e-mail, the possibility for non-business and even illegal use
increases as well.[26] For example, employees often send e-mail
“messages that may be too candid to put in writing or” are merely inappropriate
for the workplace.[27] E-mail systems are now capable of creating a
complete and exact record of the communication,[28]
and consequently, the employer’s risk of liability has increased substantially
from e-mail statements, such as an e-mail statement where a male employee makes
“frequent lewd remarks to a female employee via company e-mail.”[29] Consequently, this technology has created
expanding areas of potential liability for employers.[30]
B. Employer Liability
While the government does not want to restrict the
advancement of technology in the workplace,[31]
there is a strong public policy that imposes liability on employers for an
employee’s wrongful and illegal actions.[32] This policy stems from two deeply rooted
concepts in the history of American corporations.[33] First, there is a general mistrust of
corporate power.[34] Secondly, self-regulation is more efficient
than government regulation.[35] Moreover, holding employers liable for their
employees’ wrongful and illegal actions provides another liable source, e.g., a
deep pocket, from which a damaged party may recover damages; consequently,
plaintiffs’ attorneys are adding these potential claims against liable
employers as defendants.[36]
Under the common law, an employer could be held
liable for an employee’s wrongful acts if the wrongful acts occurred “within
the scope of the employee’s employment.”[37] The burden was placed on the employer to
show that the employee’s actions were not within the scope of his employment.[38] If the evidence presented left any questions
of doubt, then it became an issue for determination by the fact finder.[39]
The Restatement of Agency reflects the court’s
traditional exposition of the scope of employment and provides that:
(1) [the c]onduct of [an employee] is within the
scope of employment if, but only if: (a) it is of the kind he is employed to
perform; (b) it occurs substantially within the authorized time and space
limits; (c) it is actuated, at least in part, by a purpose to serve the
[employer], and (d) if force is intentionally used by the [employee] against
another, the use of force is not [unforeseeable to the employer].[40]
Conversely, “[c]onduct of [an employee] is not within
the scope of employment if it is different in kind from that authorized, far
beyond the authorized time or space limits, or too little actuated by a purpose
to serve [the employer].”[41]
However, the current trend of the courts expands the
situations when an employer may be liable for the wrongful and illegal acts of
its employees.[42] Two
examples of cases demonstrating the modern trend of expanding the scope of
employment, and specifically, the requirement that the employee be motivated,
at least in part, by a purpose to serve the employer are McNair v. Lend
Lease Trucks, Inc.,[43]
and Doe
v. United States.[44]
In McNair, the Fourth Circuit held that Lend Lease
Trucks, Inc., could be held liable for a wrongful death caused by its employee.[45] The employee was a truck driver who, during
working hours, went to a tavern and consumed enough drinks that his blood
alcohol level was later found to be three times the legal limit.[46] A few hours later, the truck driver left the
tavern, walked (or staggered) towards his truck, and stepped in front of the
plaintiff’s decedent who was driving a motorcycle.[47] Consequently, both the plaintiff and the
truck driver died.[48] Land Lease stipulated that the truck
driver’s three to four hour break could have been reasonable, and therefore,
the truck driver was possibly acting within the scope of his employment.[49] However, whether the truck driver’s break
was reasonable, and if not, at what point he returned to the scope of his
employment, were factual questions not appropriate for a motion to dismiss.[50]
Similarly, in Doe, the Eastern District of Virginia held
an employer criminally liable for its employee’s acts of sexual assault.[51] The court reasoned that because the criminal
act was committed during office hours and at the workplace, a jury could find
that the act was within the scope of the employment.[52] Another court noted that a sexual assault by
a manager was foreseeable because the employer’s policy prohibited such
behavior.[53]
On this point, courts have expanded employer
liability for foreseeable acts of its employees, even if the acts only
benefited the employee.[54] One
rationalization for this view is that since “the employee’s job created the
opportunity for the employee to commit [the wrongful or illegal act],”[55]
and gave the employee apparent authority,[56]
the employer therefore possessed the requisite element of control.[57] In other words, the employer has “more or
less fictitious ‘control’” over the employee,[58]
and therefore, any act of the employee is an act of the employer.[59]
In Lyon v. Carey, the Court of Appeals for the District
of Columbia held Pep Line Trucking Company vicariously liable when its employee
raped a customer of a furniture store for which Pep Line made deliveries.[60] Although the court reasoned that the
evidence would not support a finding that Pep Line knew or should have known
that its employee had any inclination to commit sexual assaults, the court held
Pep Line vicariously liable because its employee’s credentials as a deliveryman
enabled him to enter the victim’s residence.[61] The court reasoned that deliverymen “are
likely to be in situations of friction with customers,” and “these foreseeable
altercations may precipitate violence” within the scope of employment with Pep
Line Trucking.[62]
Recently, courts have affirmed the expanded employer
liability for foreseeable acts of its employees, even if the acts only
benefited the employee. For example, in
Davis
v. Liberty Mutual Insurance Co., a Vermont federal district court held
that the “injury arises in the course of employment when it occurs within a
period of time when the employee is on duty and in a place where the employee
may reasonably be expected to be while fulfilling the duties of his or her
employment contract.”[63] Similarly, in Goff v. Teachers’ Retirement System of
State of Illinois, an Illinois federal district court held
that the injury can be said to “arise out of one’s employment if its origin is
in some
way connected with the employment so that there is a causal
connection between the employment and the . . . injury.”[64]
Therefore, under the modern trend of respondeat
superior, an employer may be held liable for an employee’s wrongful act
if: (1) the act occurred within the
employee’s scope of employment; and (2) the wrongful act was known or should
have been known by the employer.[65]
III. ANALYSIS
The analysis portion of this Comment discusses the
instances in which an employer may be liable for an employee’s illegal online
activity at the workplace. Second, this
portion analyzes illegal employee computer activity and employer liability
under a modern theory of respondeat superior.
Finally, this Comment proposes several steps that all employers must
take to avoid liability for its employee’s illegal online activity.
Over the last five years, the security market has
seen tremendous growth due largely in part to the Internet. Recent reports estimate that over nine
million people now have online investing accounts and by 2003, there will be
$3.3 trillion in online brokerage assets.[66] This tremendous growth of online investors
can be attributed to the ease of obtaining information available through the
Internet. This information can now
provide individuals with virtually complete on-demand knowledge concerning all
aspects of investing that was previously only available to professional
investors.
Unfortunately, many of the characteristics that make
the Internet an excellent means of obtaining information also provide new
opportunities to manipulate the stock market.
Creating “hype” and manipulating a certain security has become easier by
posting false information on various Bulletin Board Systems (“BBS”) (e.g.,
an Internet message board), newsgroups or through e-mail. Posting fraudulent information by using any
of these tools is relatively inexpensive, capable of reaching millions of
people and fairly easy to accomplish by a single person. Moreover, using the Internet for a market
manipulation scheme is much more effective than traditional stock frauds
because “the Internet’s speed, low cost and relative anonymity give con artists
access to an unprecedented number of innocent investors.”[67] Consequently, stock manipulation via the
Internet is increasing at a rapid rate.
In defining when the employer may be held liable for
the employee’s use of its technology to commit securities fraud, it is first
necessary to examine the behavior that constitutes illegal manipulation of the
securities market.
a. Employer Liability Based On Securities Law
If an employee of a company whose stock is publicly
traded uses a BBS, an Internet chat room or e-mail to commit a stock
manipulation scheme, there is at least a risk in some jurisdictions that the
company could be sued under the theory of respondeat superior to answer for the
employee’s misconduct.[68] Under Rule 10b-5, promulgated under Section
10(b) of the Securities Act of 1934, to establish a primary claim of liablity
for aiding and abetting, a plaintiff must prove:
(1) that the defendant made an untrue statement of
material fact, or failed to state a material fact; (2) that the conduct
occurred in connection with a purchase or sale of security; (3) that the
defendant made the statement or omission with scienter; and (4) that the
plaintiff relied on the misrepresentation and sustained damages as a proximate
result of the misrepresentation.[69]
Since
corporations and other entities can only act through their agents, courts must
recognize liability under the respondeat superior doctrine and other principles
of agency law as a source of primary liability.[70]
Applying the theory of respondeat superior, an
employer may be liable for its employee’s stock manipulation if: (1) the act occurred within the employee’s
scope of employment; and (2) the wrongful act was known or should have been
known by the employer.[71]
However, there is a debate concerning whether
employer liability is applicable in securities fraud cases. In Central Bank of Denver v. First Interstate Bank of Denver,
the Supreme Court rejected aiding and abetting liability under the securities
laws.[72] However, the Central Bank of Denver
decision left open the possibility that a corporation could be held liable if
any manipulation of the corporation’s stock occurred as a primary violation of
Rule 10b-5.[73] Legislation subsequently overruled the
result in Central Bank of Denver and provided for aiding and abetting
liability.[74] In Seolas v. Bilzerian, a Utah federal district court held that
respondeat superior is a legitimate basis for liability under Section 10(b)
because the employer’s status merits responsibility for the tortious actions of
its employees.[75] The court reasoned that respondeat superior
in such a case was consistent with the intent and purpose of the securities
laws, “to promote full disclosure and discourage fraud in the securities
markets.”[76] In Pollack v. Laidlaw Holdings, Inc.,
a New York federal district court denied the employer’s motion to dismiss a
Section 10(b) claim based on agency liability because such a theory was still
available after Central Bank.[77] Thus, the legislative history of the
Securities Exchange Act of 1934 and case law supports the theory of respondeat
superior as a legitimate basis for liability arising from fraudulent stock
manipulation.[78] Moreover, by explicitly including
corporations in its definition of “person,”[79] Congress foresaw that corporations would be
held liable under agency principles.[80] Therefore, as explained by the Third Circuit
in AT&T
v. Winback & Conserve Program, Inc.,:
[C]ourts imposing liability on agency theories are
not expanding the category of affirmative conduct proscribed by the relevant
statute; rather, they are deciding on whose shoulders to place responsibility
for conduct indisputably proscribed by the relevant statute. The principal is held liable not because it
committed some wrongdoing outside the purview of the statute which assisted the
wrongdoing prohibited by the statute, but because its status
merits responsibility for the tortious actions of its agent.[81]
Therefore,
respondeat superior liability is still applicable in securities fraud cases.[82] Moreover, the Supreme Court has acknowledged
that the employer owns the communication equipment used at work and it is the
employer’s business that is being conducted on this equipment.[83] Because this equipment may also allow the
employee the opportunity to manipulate the corporate employer’s stock value,
the majority of the courts will hold the employer liable for its employee’s act
of stock manipulation because the act occurred within the scope of the
employee’s employment.[84]
Additionally, under the Racketeer
Influenced and Corrupt Organizations Act (“RICO”),[85]
an employer may also be penalized for its employee’s manipulation of its stock
value. Under RICO, racketeering
activity includes activities by an enterprise that represents a pattern of
racketeering activity or manipulation of a security, and that are indictable
under other statutes such as those prohibiting securities fraud, wire fraud and
fraud involving the use of mail.[86] RICO defines an “enterprise” as “any individual,
partnership, corporation, association, or other legal entity, and any union or
group of individuals associated in fact although not a legal entity . . . .”[87] A “pattern of racketeering activity” is
defined as “at least two acts of racketeering activity, one of which occurred
after the effective date of this chapter and the last of which occurred within
ten years . . . after the commission of a prior act of racketeering activity,”
and an “unlawful debt” is defined as “debt . . . incurred or contracted in
gambling activity which was in violation of the law of the United States, a
State or political subdivision thereof . . . and . . . which was incurred in
connection with the business of gambling in violation of the law of the United
States, a State or political subdivision thereof . . . .”[88] Thus, if an employee manipulates the
company’s stock value or gambles using the employer’s technology while at the
workplace, the employer may also be penalized under RICO.
b. Examples of Stock Manipulation Conduct By
Employees
One possible stock manipulation scenario in the
workplace can occur when employees, by using aliases or intermediaries, post
rumors on the Internet to hype their company in connection with their personal
purchase or sale of their company’s stock.[89] In fact, “[r]umors posted on the Internet
are especially damaging because they are so easily spread.”[90] Moreover, “[o]nce the rumor is posted in
cyberspace, it takes on a life of its own.”[91] For example, a “person who reads the rumor
can forward it . . . [easily] to hundreds of friends [or] can post it on an
Internet [BBS] where it will [be very likely to] be read by thousands of other
people, each of whom can forward the rumor to all of his or her friends.”[92] Furthermore, “[t]hese Internet rumors are
impossible to control and can circulate on the Internet for years-long after
the anger of the disgruntled employee who posted the rumor has subsided.”[93]
For example, in April of 1999, Gary D. Hoke, a
25-year old PairGrain Technologies employee, posted a false message on a Yahoo!
Finance message board that said “‘BUYOUT NEWS!!! ECILF is buying [PAIRGAIN
TECHNOLOGIES] . . . . Just found it on
Bloomberg.’”[94] The posting also included a “hyperlink to a
Web page that appeared to be part of Bloomberg L.P.’s news site.”[95] The linked-to page contained “an
‘announcement’ that PairGain was being acquired by ECI Telecom Ltd., an Israeli
company, in a transaction with ‘an implied value of $1.35 billion,’ including
the ‘equity purchase price as well as a technology development incentive
plan.’”[96] As a result, PairGain’s stock price quickly
rose from $8 1/2 to $11 1/8, an approximate thirty-one percent increase, before
the markets returned to normal and the price of PairGain’s shares dropped back.[97] After the public realized that Hoke’s
message was false, Bloomberg L.P., the Los Angeles U.S. Attorney’s Office, and
the Securities and Exchange Commission (“SEC”) each filed separate lawsuits
against Hoke.[98] As a result of his stock manipulation
scheme, Hoke faced claims of securities fraud for manipulating the price of
PairGain’s publicly traded securities in violation of the Securities Exchange
Act of 1934 and Rule 10b-5.[99] Hoke pleaded guilty to posting the fake
corporate takeover story on the Internet and as a result was initially required
to pay more than $93,000 to his victims, and placed on probation for five
years.[100]
Through all of this, PairGain cooperated in the
investigation, during which there were no allegations that anyone other than
Hoke was involved in the scheme.[101] Nonetheless, “there can be little doubt that
the company suffered through anxious moments, worried about liabilities that it
might face as a result of the misguided scheme implemented by a 25-year old
‘mid-level’ engineer employed in its North Carolina development facility.”[102]
Another likely scenario can occur when employees of
e-brokerage firms actively participate in investor chat rooms. For example, “[I]f an employee of an
e-broker actually uses a chat room to commit securities fraud, through a stock
manipulation scheme or otherwise, there is at least a risk . . . that the
e-broker could be sued, under a theory of respondeat superior” due to its
employees’ misconduct.[103]
Yet another likely
scenario occurs when employees register their viewpoints about their corporate
employer on a chatroom that intentionally or unintentionally manipulates
investors to buy or sell their shares in the corporation’s stock.[104] The power of a false rumor to manipulate
images was demonstrated in Zeran v.
America Online, Inc.[105]
Although this case did not involve a
disgruntled employee, a situation like the one described in this case could
easily occur between an employee and employer.[106] An anonymous individual posted a false
advertisement on an American Online bulletin board, listing Mr. Zeran’s name
and phone number.[107] The ad was offensive, caused angry phone
calls and death threats, and attracted the attention of a local radio station.[108] America Online would not remove the ad, and
Zeran subsequently sued.[109] However, Zeran lost his case because
the theory for his recovery, the Communications Decency Act,[110]
barred his cause of action.[111] It is obvious that posting false statements
on the Internet can not only manipulate a corporate employer’s stock value, but
also “cybersmear” the employer.[112]
c. The Secondary Effect of Stock
Manipulation, Cybersmearing
“Cybersmearing” is
the posting of a false and damaging statement over the Internet.[113] Employers need to be aware of the risk of
this kind of cybersabotage because they need to react quickly in order to
minimize the damage if it should happen to them.[114]
Although the
stories spread through cybersmearing are false, they cause real damage to the
targeted employers.[115] Several Websites list and disprove false
Internet rumors.[116] “However, by the time such rumors are
dispelled, irreparable damage to a company’s reputation often has already been
done.”[117] One commentator has described examples of
such harm:
Blue
Mountain Arts, a small, family-owned business that offers free electronic
greetings cards was recently devastated by a false Internet rumor. Someone posted a rumor on the Internet that
Blue Mountain greeting cards contained a virus that would destroy the
recipient’s computer system when the card was opened. Tommy Hilfiger, a clothing designer, was also the victim of a
false Internet rumor. The rumor stated
that the designer said on the Oprah Winfrey Show that he wished minorities
would not buy his clothing. The
Internet message asked everyone who read it to boycott Tommy Hilfiger clothing. False Internet rumors about Taco Bell being
infested with roaches and about Kentucky Fried Chicken deep-frying rodents have
been circulating on the Internet for years.
While it is not known if disgruntled employees were behind any of these
rumors, they likely could have been.
The Internet is a powerful tool and when used by an angry employee, it
can destroy a company’s reputation.[118]
2.
Copyright Infringement
Enormous amounts of
the material that can be found on the Internet are subject matter protected by
the copyright laws of the United States.[119] Moreover, today’s technology allows Internet
users not only the opportunity to access, upload and download simple text, “but
also allows [these] users [the opportunity] to do the same with pictures,
movies, software, musical works, multimedia works and audiovisual works.”[120] However, any copying of these works in
violation of the exclusive rights provided by copyright law would clearly
constitute copyright infringement under federal law.[121] Yet, copyright infringement activity on the
Internet is also increasing at a rapid rate.[122]
In defining when the employer may be
held liable for the employee’s use of its technology to infringe the rights of
a copyright owner, it is necessary to first examine the behavior that
constitutes copyright infringement.
a. Employer Liability Based On Copyright Law
Under copyright
law, an employer may be held liable for copyright infringement committed by one
of its employees, even when an employer did not actually perform the copying or
distributing.[123] First, under the theory of respondeat
superior, an employer may be liable for its employee’s infringement if: (1) the act occurred within the employee’s
scope of employment; and (2) the wrongful act was known or should have been
known by the employer.[124] Second, under the theory of vicarious
liability, an employer may be liable for infringement committed by its employee
if the employer: (1) had the right to
supervise the employee’s infringing activities; and (2) had a direct financial
interest in such infringing activities, even when the employer had no knowledge
of the infringement nor intent to infringe.[125] Third, under the theory of contributory
infringement, an employer may be liable for infringement committed by its
employee if: (1) the employer had
knowledge of the infringing activity; and (2) the employer induced or
materially contributed to the infringing conduct.[126]
For example, in Playboy Enterprises, Inc. v. Webbworld, Inc., a Texas federal
district court held Webbworld, an Internet service provider which sold adult
images that were obtained from various newsgroups, vicariously liable for its
employees’ infringements of Playboy’s copyrights.[127] The court reasoned that Webbworld: (1) had full control of day-to-day
operations of its Website; (2) created and controlled the operation software
that was the heart of the enterprise; and (3) selected the newsgroups it would
use as sources of material, in return for which one of the principal defendants
collected fifty percent of the net profits.[128]
In Religious
Technology Center v. Netcom On-Line Communication Services, Inc., a
California federal district court held that sufficient evidence existed such
that a jury could reasonably find Netcom contributorily liable for a third
party’s infringing posting that passed through Netcom’s network.[129] In this case, Netcom, an Internet service
provider, was initially unaware of the infringing activity, but later received
notice of the infringing activity from Religious Technology.[130] The court reasoned that this notice was
sufficient to raise the issue of Netcom’s responsibility to verify Religious
Technology’s allegation of infringing activity occurring on its system.[131]
Therefore, if an employer is in possession of
improperly obtained software or other copyrighted material, it may be accused
of copyright infringement under theories including the respondeat superior
doctrine, vicarious liability or contributory liability.
b.
Examples
of Copyright Infringement Conduct By Employees
If an employer has “[a] copy of a
software program that cannot be validated by purchasing records[,] . . . an
allegation of copyright infringement” may be brought against it.[132] “This can be caused by software that was
brought in from an employee’s home, or was created by conscientious employees
trying to get a job done more efficiently [via the Internet]. Or, perhaps the software was an unauthorized
copy created by a well-meaning but misguided cost-conscious manager.”[133]
For example, in Marobie-FL, Inc. v. National Association of Fire Equipment Distributors,
an Illinois federal district court held a trade organization liable for
copyright infringement after one of its employees who was responsible for its
Website adorned the site with copyrighted clip art.[134] The court reasoned that the trade
organization could not rely on an “innocent infringer” defense, because such a
defense may only be raised “when the infringer relied on an authorized copy
that omitted the copyright notice,” and “[i]n this case [the defendant’s
employee] relied on unauthorized copies of plaintiff’s clip art files.”[135] Thus, “the risks of online copyright claims
as a result of employee misconduct [are] very real.”[136] “The nature of the Internet makes it easy to
copy and to forward or publish copyrighted images or content.” [137] Further, “as the National Association of
Fire Equipment Distributors discovered, liability can result from what may
otherwise seem to be the most innocent of activities.”[138]
Another issue that
employers must be concerned about is the fact that:
[c]opyright
infringement settlements can be expensive.
For example, suppose there is an average of two illegal programs per
computer, with an average cost of one hundred dollars, and assume that there
are five hundred machines within an organization’s headquarters and branch
offices. The cost of purchasing
legitimate copies of the illegal software might be one hundred thousand
dollars. [Moreover, p]enalties are usually one to two times the retail
value of the illegal software.[139]
c.
Employer
Liability Based On Trademark and Trade Secret Laws
These rationales
for holding an employer liable for its employee’s copyright infringement, e.g., respondeat superior doctrine,
vicarious liability and contributory liability, can also be applied to both
trademark[140] and trade
secret[141] laws. For example, if employees post a third
party’s trademark on their employer’s web site, and the employer failed to take
remedial action once it received notification of the trademark violation, the
employer may be held liable for its employee’s trademark infringement either
under the respondeat superior doctrine, vicarious liability or contributory
liability.[142] Likewise, if employees use their employer’s
technology, e.g., a computer,
computer disk, Internet access, telephone or e-mail, to obtain proprietary
information from a third party, e.g.,
a customer list, software program or secret formula, the employer may be held
liable for its employee’s misappropriation of a third party’s trade secrets
either under trademark or trade secret law.[143] The contributory liability doctrine will
apply if the employer had notice of the trade secret violation “and induced or
materially contributed to the infringing conduct.”[144] The vicarious liability theory will apply
“if the employer had the right and the ability to supervise the employee’s
activity, and had a financial interest in exploitation of the [trademarked or
trade secret] materials.”[145]
3. Computer
Viruses and Worms
When computer viruses and worms are
executed, they destroy data found in their hosting computer system.[146] Moreover, after infecting a computer system,
both computer viruses and worms may then use the Internet to find additional
hosts to spread their infection.[147] If employees, while at their workplace,
introduce computer viruses and worms into electronic commerce, their employers
may be held liable for the damage caused by this introduction.[148] However,
a fundamental understanding of computer viruses and worms is required in order
to understand this type of potential employer liability.
First, a computer virus is a portion of a computer code that affixes itself to other computer codes located in a computer system, e.g, software application codes that are used to boot a computer or macro instructions embedded in documents.[149] The computer virus is thereby activated by any action that causes the infected computer code to run, e.g., “turning on a computer, starting an application, or opening an e-mail attachment . . . .”[150] This activation occurs because the computer virus is affixed in such a manner to its hosting computer code that it causes the virus to be activated first “when the host is loaded . . . for executi