California Supreme Court Sets New Standard for Protecting Corporate e-Mail Systems from Unauthorized Communications

Kourosh Hamidi was not a happy man. He had been on worker’s compensation leave from his job at Intel. Intel disputed the basis for his leave. Intel was successful in that challenge, then terminated Hamidi’s employment.

Hamidi became upset and, at times, suicidal. To work through his anger, Hamidi used his own website to lambast the company for its treatment of him. Hamidi also warned current employees that they could face his fate. More importantly, Hamidi obtained a disk from an anonymous Intel employee containing Intel’s e-mail directory. With this information, Hamidi sent as many as 200,000 e-mails in six mailings over 21 months to as many as 35,000 Intel employees. In these messages, Hamidi complained about Intel’s treatment of him, warned the recipients that they might be treated similarly and invited them to contact him. Hamidi included in each e-mailing an option for the recipient to “opt out” from receiving further e-mails. Only 450 employees opted out. Hamidi honored these requests.

Intel did not take Hamidi’s assault on its computer system lying down. In an exercise of electronic self-help, Intel attempted to block e-mails originating from Hamidi. Intel also demanded that Hamidi stop using the work e-mail addresses of Intel employees, and Intel’s hardware and software, to promulgate his communications. In response, Hamidi insisted he had a right to contact current employees on this subject, and he sent additional mass e-mailings. In doing so, Hamidi circumvented Intel’s attempts to block his e-mails.

THE LEGAL PROCEEDINGS

Abandoning self-help in favor of legal relief from Hamidi’s continuing e-mail assault, Intel sought an injunction, relying exclusively on a tort theory known as “trespass to chattels.” First developed in the Middle Ages, the tort is intended to protect the owner of personal property from interference with her interest in possession which do not rise to the level of a conversion (a taking of the property) – for example, borrowing someone else’s car without permission for a drive, but returning the car when the drive is completed.

Hamidi resisted the injunction, claiming that his interference with Intel’s personal property (the computer system) was privileged under the First Amendment. According to Hamidi, Intel’s intranet was akin to a public forum and his e-mailings did not constitute a substantial burden on the company, especially when weighed against Hamidi’s right to free speech. The trial court rejected Hamidi’s argument and issued an injunction. Hamidi appealed.

The First Amendment was not the issue upon which the case turned in the California appellate courts. Rather, both the Court of Appeal and Supreme Court focused principally on whether Intel had to prove actual damage to obtain an injunction on a trespass to chattels theory and, if so, whether Intel had met that burden.

The Court of Appeal approved the injunction, holding that, to obtain an injunction, Intel was not required to prove damage, but only unauthorized access. The court found, in the alternative, that there was sufficient evidence of damage because Intel’s employees suffered loss of productivity.

Hamidi, however, had better luck before the California Supreme Court. In a four-to-three vote, the California Supreme Court held in Intel Corp. v. Hamidi that the tort of trespass to chattels requires proof of actual damages and that Intel’s claimed loss of productivity is not the type of damage for which the tort provides a remedy. Instead, to prevail on a claim of trespass to chattels, a plaintiff must prove that the offending conduct (a) damaged the property itself – in this case, Intel’s computer software and hardware; or (b) impaired the functioning of the property – as applied to e-mail, for example, used material amounts of computer storage or drained away processing power. The California Supreme Court distinguished Hamidi’s conduct from unsolicited commercial e-mail (“spam”). The Court acknowledged that trespass to chattels remains an appropriate remedy when an e-mailer floods a computer system with e-mail to the point where the incoming e-mails have a quantifiable negative impact on the system itself. The Supreme Court ruled that because Intel presented insufficient evidence to show that Hamidi’s e-mail barrage had damaged Intel’s computer system or impaired the system’s functioning, Intel failed to demonstrate a form of damages cognizable under a theory of trespass to chattels. The Supreme Court therefore struck down the injunction.

The dissenters argued that Intel had, in fact, shown sufficient harm to its computer system and employee productivity to be entitled to the injunction. One dissent analogized Hamidi’s action to “intruding into a private office mailroom, commandeering the mail cart, and dropping off unwanted broadsides on 30,000 desks.”

WHAT ARE THE PRACTICAL IMPLICATIONS OF THIS RULING FOR EMPLOYERS?

One effect of the opinion may be to embolden employees, such as Hamidi, to ramp up e-mail assaults on employers. However, the impact of this decision may not be as significant as some accounts suggest.

The decision carefully skirted the First Amendment issues raised by Hamidi. The decision, therefore, does not create a broad First Amendment right for employees or former employees to use the company e-mail system as a platform for expression. The decision only makes less useful for California employers one possible legal theory (trespass to chattels) for stopping such attacks when they do occur.

Importantly, even though trespass to chattels is no longer available as a source of legal relief for California employers, other statutory protections and legal theories remain available to try to stop a Hamidi-like e-mail barrage. For example, two federal statutes – the Stored Communications Act and the Computer Fraud and Abuse Act – provide criminal penalties and civil remedies for certain types of unauthorized access to computers. Many states, including California, have similar statutes.

Nor does this decision affect an employer’s right to bring a defamation action against a former (or current) employee who uses the company’s e-mail system to defame, lie or spread untruths about a company or its employees. The California Supreme Court went out of its way to state that an employee or former employee who engages in tortious speech can be sued under a variety of theories (besides trespass to chattels), such as defamation, unreasonable disclosure of private facts, intentional interference with business relationships, and intentional infliction of emotional distress.

Finally, this decision represents the interpretation of only one state’s court on one legal theory. Courts in other states have followed an approach to the tort of trespass to chattels similar to that applied by the California Court of Appeal. In these jurisdictions, trespass to chattels continues to be a viable theory for combating Hamidi-like abuse of corporate computer resources.

WHAT PROACTIVE STEPS CAN EMPLOYERS TAKE TO CONTROL INCOMING E-MAILS?

If a company is confronted by a disgruntled employee who is sending mass e-mailings to current company employees, the business has several options.

  • Notice: A company should notify the former employee in writing in a manner for which receipt can be confirmed that the e-mails constitute an unauthorized use of the company’s system, that the transmissions are negatively affecting corporate resources and productivity, and warning that legal action will be taken if further e-mails are received.
  • Self-help: The company should work with its IT consultants to determine whether filtering methods are available and feasible to block the receipt of e-mails, by source and content, from the former employee. The company should also take precautions to safeguard and prevent the unauthorized disclosure of any collections of company employee address lists.
  • Document Damages: The company should create a careful and detailed record of the cost imposed by these unwanted e-mails, itemizing: the number and the recipients of incoming messages (including any attachments), time used by employees deleting or responding to the messages, time spent by IT personnel trying to stop or remove the messages, and the negative effects on the operation of the company’s electronic resources, such as processing and storage capabilities.
  • Consult Counsel:If legal action is contemplated, obtain the counsel of attorneys experienced in this area of law who are familiar with potentially applicable statutes and case law in this rapidly evolving field. For example, the Computer Fraud and Abuse Act (18 U.S.C. §1030), and California Penal Code section 502 (c)(5) and (e) provide both criminal and civil remedies to owners of computer systems who suffer damage or loss because of the actions of persons who knowingly disrupt computer services or cause the denial of computer services to authorized users. California Business & Professions Code sections 17538.4 and 17538.45 restrict the e-mailing of unsolicited advertising materials.
  • Review and Revise Policies: As necessary and appropriate, update the company’s employee handbook to remind employees that the company, as part of its complete control over the company’s intranet and Internet connections, reserves the right to review and block incoming e-mails.

Christopher E. Cobey is a senior counsel in Littler Mendelson’s San Jose office and Philip L. Gordon is a shareholder in Littler Mendelson’s Denver office. If you would like further information, please contact your Littler attorney at 1.888.Littler, info@littler.com, Mr. Cobey at CCobey@littler.com, or Mr. Gordon at PGordon@Littler.com.

Information contained in this publication is intended for informational purposes only and does not constitute legal advice or opinion, nor is it a substitute for the professional judgment of an attorney.