Internet Use vs. Abuse
Employers who provide Internet access to their employees would be well advised to recognize the potential legal problems involved in this novel medium. Some employers (including the United States Government) have experienced serious Internet abuse, such as employees venturing into the Internet's "red light" district.
Last year, Congress initiated its first foray into regulating the Internet with the passage of the Telecommunications Act of 1996. The Telecommunications Act includes the provisions of the Communications Decency Act (the "CDA"), which criminalizes the knowing transmission of obscene communications over the Internet. (Those portions of the CDA that purported to ban the knowing transmission of indecent communications to minors over the Internet, or Internet transmissions to minors that depict or describe in patently offensive terms -- as measured by contemporary community standards -- sexual or excretory organs or activities, were invalidated by the United States Supreme Court in June in the case of Reno v. American Civil Liberties Union.)
The CDA also places accomplice-type liability on anyone who knowingly permits a "telecommunications facility" under that person's control to be used in connection with activities prohibited by the CDA. This article focusses on an employer's defense against such liability.
The Employer Defense
The CDA specifies certain "safe harbor" statutory defenses to criminal liability, including a defense available to employers. The employer defense may be invoked by employers whose employees or agents make unauthorized use of office communications systems. Under the CDA's employer defense, employers will not be liable, unless:
(1) the prohibited action is "within the scope of [the employee's] employment;" and
(2) the employer has knowledge of the employee's act and affirmatively acts to ratify it, or "recklessly disregards the [employee's] conduct."
Although the CDA's legislative history suggests that Congress may have sought to make the employer defense virtually absolute, the defense is open to interpretation. For instance, a question arises as to what kinds of conduct fall "within the scope of employment." Courts have sometimes interpreted that term broadly to include conduct that is "of the same general nature as that authorized, or incidental to the conduct authorized, by the employer." Thus, if an employer permits employees to use the Internet for non-work purposes, it could be argued that an employee's knowing transmission of obscene messages falls within the scope of that employee's employment.
The CDA and its legislative history also fail to offer guidance as to when an employer "recklessly disregards" an employee's actions relating to Internet abuses. Criminal law generally permits a recklessness finding "when a person disregards a risk of harm of which he is aware." If an employer merely reprimands an employee for an occasional off-color joke sent to the employee's colleagues by electronic mail, but allows him or her to continue accessing the Internet, would the employer be "recklessly disregarding" the employee's actions, if the employee subsequently were to send illegal messages? This is a question whose answer may have to await further clarification by the courts.
To date, there have been no reported cases interpreting the CDA's employer defense. In the meantime, some forward-thinking employers have instituted certain protective measures to guard against liability. Some of them are:
- Create a formal, written policy governing Internet access at work. The policy should expressly prohibit employees from transmitting, accessing, relaying or downloading obscene or sexually-oriented materials. The policy should state that employer-supplied computers belong to the company, and that management reserves the right to examine anything stored on or passing through them. (Recent case law has supported employer access to employee e-mail).
- Expressly prohibit non-business-related Internet use, in order to be consistent with the "outside of the scope of employment" requirement of the CDA's employer defense. Vigorously enforce the policy, and document disciplinary actions against employees who violate the policy.
- Consider blocking employee access (via newly developing software) to clearly inappropriate Internet sites (e.g., sexually oriented chat rooms).
Striking a Balance
The Internet can be a highly useful tool in the workplace. Ultimately, each company that allows employees to have Internet access must decide what level of employer scrutiny will best protect against liability, will fit the company's needs, and will be consistent with its corporate culture.