E-Commerce Law Week, Issue 386

You Could Be Liable For Your Employee's Porn Addiction
Employers' monitoring of their employees' online activity is nothing new.  And neither is reprimanding an employee for visiting pornography websites at the office.  But thanks to a recent court decision, employers may now have a legal obligation to halt such activity by employees, or they could be liable if that activity "result[s] in harm to innocent third parties."  On December 27, in Doe v. XYC Corp., the Superior Court of New Jersey, Appellate Division, ruled that "an employer who is on notice that one of its employees is using a workplace computer to access pornography, possibly child pornography, has a duty to investigate the employee's activities and to take prompt and effective action to stop the unauthorized activity."  The court held that no privacy interest of the employee stood in the way of this duty.  Although the ruling has serious implications for any company that offers Internet service in the workplace, it may be of special interest to Internet service providers -- who already have their own child pornography notification obligations under 42 U.S.C. § 13032, and who may come across illegal activity not only on the part of their employees but also on the part of their subscribers.  And the court's reasoning could extend beyond pornography to any illegal or harmful conduct engaged in by employees from their work computers. 

What Damages Are "Just" Under the DMCA?  "Ask the Copyright Act," Court Says
Most of the legal action surrounding the Digital Millennium Copyright Act (DMCA) these days concerns the statute’s "anti-circumvention provision" (section 1201). The main question has been:  What constitutes a "technological measure" the "circumvention" of which violates the Act?  But assuming section 1201 is violated, the issue of how to assess statutory damages could be equally uncertain.  The DMCA provides that a plaintiff may recover between $200 and $2,500 per act of circumvention, "as the court considers just."  But until recently, no court had interpreted the meaning of “just."  On December 27, in Sony Computer Entertainment America, Inc., v. Steven Filipiak, the U.S. District Court for the Northern District of California ruled that a court determining statutory damages for violations of the DMCA should weigh the same factors that guide statutory damage awards for violations of the Copyright Act, 17 U.S.C § 504(c), which also contains an “as the court considers just” clause.

NIST Proposes Biometric Standards for Federal Worker and Contractor ID Cards
On December 15, the National Institute of Standards and Technology (NIST) published draft standards for the use of biometric data in federal worker and contractor identification cards used for access to federal government facilities and systems.  The document, Special Publication 800-76 (SP 800-76), is a companion document to Federal Information Processing Standard (FIPS) Publication 201 -- "Personal Identity Verification for Federal Employees and Contractors."  Whereas FIPS 201 sought to "establish standards for [biometric] identity credentials," SP 800-76 contains technical specifications for such biometric data.  In particular, it lays out the technical acquisition and formatting requirements for biometric credentials and "enumerates required procedures and formats" for fingerprints and facial images.  Additionally, it outlines strategies for testing conformance to the new standards.  NIST will accept comments on SP 800-76 through January 13. 

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.