Disclosure in Cyberspace: Taking Advantage of Technology Without Tripping Over the Federal Securities Laws

Disclosure in Cyberspace: Taking Advantage of Technology Without Tripping Over the Federal Securities Laws

Publications

I. IMPACT OF THE INTERNET

As with much of the rest of our world, the Internet is having a profound effect on the United States' securities markets. Investors, including institutional investors, are using corporate web sites as a primary source for information about companies. Retail investors, empowered by on-line brokerage services, are becoming a more significant stockholder base. As this trend continues, companies are increasingly courting these investors by using Internet-based communication. Institutional investors have also joined retail investors in participating in Internet-based message boards and chat rooms.

As corporations worldwide have sought to use the Internet for the dissemination of information to shareholders and potential investors, the law has had to respond. The primary federal securities laws were enacted in 1933 and 1934. The general underlying philosophy is that full and accurate disclosure of all material information will protect investors.1 The laws further define the scope and timing of required disclosures.

However, it was assumed when the major securities acts were enacted that disclosures would be made on paper or orally, and the dominant model of public securities trading assumed that transactions would be brokered by an intermediary. With the Internet now offering alternative models for corporate disclosure and securities trading, both regulators and public companies have had to confront the question of how existing laws apply.

The Securities and Exchange Commission recognizes the need to modify existing laws to deal with evolving technology and has promulgated rules and issued several interpretive releases to address some of the issues raised by the growing impact of electronic media on the United States securities markets.2

For example, on October 20, 1999, in the first case of its kind, the SEC brought and settled charges against three individuals for attempting to sell stock on the popular auction site eBay. The SEC found that in auctions on eBay: (1) Richard Davis (Texas) illegally misrepresented the prospects that a company he founded would go public and offered to sell unregistered securities; (2) J.R. Hoff (Wisconsin) illegally offered to sell unregistered stock in an unincorporated company he owns; and (3) Louis Sitaras (Florida) illegally offered to sell restricted securities (i.e., securities that could not be sold publicly). These three cases were settled with cease-and-desist orders. EBay was not accused of any wrongdoing.3

Likewise, on January 5, 2000, the SEC filed civil charges against Yun Soo Oh Park, popularly known as "Tokyo Joe," for allegedly running a web-based "pump and dump" scam on his Internet site.4 In a typical "pump and dump" scam, an investor talks up a stock that he owns, then unloads the stock at a profit amid the enthusiastic buying created by his tout. "Tokyo Joe" allegedly charged investors up to $200 a month for a daily diet of stock touts and trading advice, and took in $1.1 million in the twelve-month period ending June, 1999.

Over the past several years, the SEC has also issued several important no-action letters addressing Internet disclosures and offerings.5 The range of potential issues of concern to public companies is broad. Examples of common questions raised by use of the Internet include:

  • Does the company expose itself to liability or regulatory enforcement action if it creates a Web page that contains information about the company's past performance or projections about future performance?
  • If the company creates a Web page, can it safely include hyperlinks to favorable reports by stock analysts? Can it include links to favorable articles by newspapers or magazines?
  • Should the company respond to false and inflammatory messages posted in an Internet chat room?
  • How can the company combat the unauthorized dissemination of proprietary company information on Internet message boards?

Despite the complexities of modern technology, our advice is generally simple: The federal securities laws apply to electronic communications in essentially the same manner in which they apply to more traditional (paper-based and oral) communications. The potential pitfalls that clients face when creating a Web site offer a compelling example.

II. WEB SITE DISCLOSURE

In 1997, when the SEC issued its report to Congress regarding the impact of recent technological advances on the securities markets, it reported that over 95% of companies with a market capitalization over $1.5 billion maintain Web sites or plan to in the near future, and that 75% of smaller companies do.6 Of those sites, over 75% post financial information about the corporation.7 The practical benefit to the corporation is substantial -- Web sites provide a convenient, inexpensive means of promoting the corporation's business and providing information to shareholders and potential investors. Some companies have offered securities or even set up "off the grid" trading sites on the Internet, to permit their shareholders to buy and sell the company's stock directly from and to other investors.8 The potential regulatory hazards, however, are substantial. A corporate Web site must be carefully monitored for compliance.

The SEC monitors the Internet for regulatory compliance and for securities fraud. The SEC's Office of Internet Enforcement, formed in 1998 specifically to fight Internet securities fraud, is staffed by ten lawyers, 850 enforcement personnel nationwide, and a 125 person "cyberforce" that scans the Web looking for fraudulent sites.9 The SEC also receives many complaints from the public regarding Internet fraud. In 1998, the SEC was receiving over 120 complaints per day about potential securities violations on the Internet.10 This number has increased to between 200 and 300 complaints per day in 1999.11 As a result of these efforts, the SEC has filed numerous enforcement actions alleging securities fraud on the Internet.12

Because of the sheer scope of the Internet, however, the SEC is less likely to detect a problem on a corporate Web site than a company's own shareholders are. Indeed, the more likely way for a company to run into trouble is in the form of a suit brought by disgruntled shareholders if the company fails to perform as expected. As a result, companies must keep one fundamental rule in mind at all times: any communication with potential investors by electronic means poses the same risk of shareholder suit as a paper communication.13

We, therefore, advise companies to treat anything they put onto the Internet (whether e-mail, Web page, or communication in an on-line forum) in the same way they would treat the analogous "paper" communication. A Web page demands the same caution that would accompany the issuance of a press release or report to shareholders.

A. Preparing a Web Site that Complies with Securities Laws

By adhering to the following general principles, a company can lessen the likelihood that it will violate applicable regulations or subject itself to liability based on the contents of the company's Web site. The practical issues raised by these principles are illustrated in our mock-up of a company home page for the imaginary company: "Generic, Inc." (seen below).

1. Centralize Review of the Web Site

The company should give one person responsibility for reviewing and approving all material prior to its inclusion in the company's Web site. This person should be familiar with the risks and legal rules applicable to public disclosures by the company generally and Web site postings in particular, and should be knowledgeable about the company, its business, and significant recent or pending developments affecting the company. The reviewer should determine whether material is proper for inclusion on the Web site and also review the material for factual accuracy. Any factual error on a Web page could be characterized as a misrepresentation of the company's circumstances in a future suit by shareholders.

The reviewer should also ensure that no material information is put on the company's Web site until after it has been publicly disseminated through a press release or public filing, and that the version posted on the Web site is the final version and not a superceded draft. Since disclosure of information only on the Web may constitute "selective disclosure," a press release (for example) probably should not be posted on the Web site prior to its release through normal dissemination channels.14

Review by the legal department or outside counsel is also advisable, as they have the experience to know what language is potentially troublesome.

2. Avoid Hyperbolic or Excessively Optimistic Statements

While from a PR standpoint the company wants to make itself seem as interesting and exciting as possible, too much hype can lead to problems. The law does recognize that some language is "mere puffing," that is, the company is just exaggerating a bit and is not trying to mislead. This is a hard line to draw, however, and when possible, it is better to avoid the problem entirely. (Example in sample home page: "unique line" of products designed to serve "virtually every computer peripheral need")

The company should avoid statements of this type on its Web site, just as it does in press releases, unless there is independent factual support for such a statement.

3. Scrutinize Forward-Looking Statements

Predictions of future performance or other forward-looking statements (e.g., statements regarding the plans and objectives of management for future operations) are always risky. (Example: "In the second half of this year the Company expects to introduce several new computer peripheral products")

Plaintiff's lawyers may latch onto forward-looking statements to bring a suit (meritorious or not) when hindsight supports the argument that the realization of the company's predictions was fraught with obstacles. In general, it is the better practice not to put any projections on the company's Web site, including both projections of financial results (whether prepared by the Company or by third parties) and other types of predictive statements (such as dates of future product releases, expectations of market share, or similar information).

There is limited protection for forward looking statements under the "safe harbor" provisions of the Private Securities Litigation Reform Act of 1995. Under the PSLRA, forward-looking statements should not be not actionable as long as they are identified as forward-looking and, in the case of written statements, are accompanied by meaningful cautionary statements or, in the case of oral statements, refer to readily available written materials (such as SEC filings) which include meaningful cautionary statements. To be meaningful, a cautionary statement must identify important factors which could cause actual results to differ materially from those included in the projections.15 At least one commentator suggests linking forward-looking statements directly to a statement of risk factors in an SEC filed report.16

The sample Web page features a glowing forecast of the performance of a new product for the coming quarter:

In July, Generic will be shipping the WIDGET 2000 with its innovative new kniffle switch. Sales are projected to be over 300,000 units per week.

Clicking on any of the underlined terms leads to another page on which Generic identifies these projections as forward-looking statements, cautions that these projections may not be achieved, and lists a number of factors which may cause actual results to differ from these projections, including the fact that the product has not been fully tested, that testing which has been done has revealed some performance problems with the kniffle switch, and that the main supplier of one of the raw materials used in making the kniffle switch has announced that it will be closing one of its factories. Is this sufficient to protect the company?

One unanswered question here is whether a hyperlink to a disclaimer page alone means that the original statement was sufficiently "identified" as a forward-looking statement and "accompanied by" meaningful cautionary statements so as to be within the protection of the "safe harbor" provisions of the PSLRA. Until this type of question is actually litigated, it is difficult to predict whether a company could be subject to liability for making this type of statement. The better practice is to put the disclaimer on the main page of the company's Web site as well as on any sections of the Web site that are intended primarily for investors.

4. Avoid "Entanglement" with Analyst Reports

Generally, a company is not responsible for statements made by others about the company, but a court may hold that the company has adopted an analyst's statements as its own under certain situations. This can happen when the company is involved extensively in the preparation of the report or in reviewing the report for accuracy. It can also happen when the company makes an implied representation that the analyst's report is accurate or in accordance with the company's views. (Example: hyperlink to the Pang Netter report.) Putting a link to a favorable analyst's report may qualify as such a representation. No cases have been decided on this issue. However, case law is clear that distributing an analyst's report to potential investors may (depending on the circumstances) amount to an implied representation that the report is accurate. Providing a hyperlink to the analyst's report could be construed as analogous to mailing the report to the investors.

If, for investor relations reason, the company has a strong desire to include analyst's reports in its Web site, there are two steps which the company should take to reduce the risk that the company will be held responsible for the statements made in these reports:

First, the company should include (or provide hyperlinks to) all analysts that publish reports on the company, and not just the reports of favored analysts or analysts which have positive coverage of the company.17 The reports should be listed in alphabetical or chronological order in order to avoid the appearance that the company favors any of the analysts over the others.

Second, the company should include a disclaimer similar to the following on the company's Web site, in a place where it must be seen before the analysts' reports are viewed:

The Company provides [or links to] the analysts' reports listed below as a service to those interested in obtaining information about the Company. The statements made and the views expressed in these reports (including any financial projections) should not be regarded as having been made or endorsed by the Company.

It is certain, however, that if the company pays for an analyst's report, the report must disclose the amount of compensation. Therefore, if a company pays John Doe to write a report about the company and Doe then puts it on his firm's Web page, or posts it on a bulletin board on the Internet, the report must state that it was paid for by the company and disclose how much the company paid for the report. This is required whether the report is electronic or a normal paper report.18

5. Consider Carefully any Links to Newspaper or Magazine Articles

Links to a newspaper or magazine articles pose a similar risk of being deemed to be "adopted" by the company. (Example: hyperlink to the Wall Street Journal article.) In addition, there is risk in providing links only to articles which comment favorably on the company and leaving out links to those which don't.

In any event, the company should make every effort to differentiate the company's Web site from any company-related Internet site created by a third party. This can be done by maintaining a common appearance for all the company's Web pages and by provide a notice similar to the following which will advise users when they are accessing information (via hyperlink) outside of the company's Web site:

You are now leaving the Company's Web site. The Company assumes no responsibility for information or statements you may encounter in the Internet outside of the Company's Web site. Thank you for visiting www.[company].com.

6 . Remember the Company's Duty to Update.

On the Internet, the duty to update disclosures is a constant issue. While press releases are generally considered to be "live" for only a short time, a Web page with the same information will stay on the Web until it is edited or updated. Someone who surfs to the page for the first time on January 1, 2000 may view this as "the latest information" on the company, even if the page was last updated on September 1, 1999. To the person accessing the page on January 1, this is "new" information. (Example: "The Company has been profitable since the first quarter of 1991.")

If the circumstances change, the Web page should be updated to remove the outdated information and correct it. In the example above, the statement may be true as of September 1, 1999, but what if the company lost money in the fourth quarter of 1999? If that reference is not changed, someone accessing the page in the first quarter of 2000 will see inaccurate information. This could be considered a misrepresentation of information about the company, and someone buying stock in reliance on that statement may try to sue.

Links to analyst reports may also implicate the duty to update. Research reports done by analysts can quickly become outdated by the information provided on a more timely basis by services such as First Call or Multex. Therefore, even if the information contained in the report may have been accurate at the time the report was issued, it may become inaccurate a week or a month later, and a link to the report on the company's Web page could likewise become an actionable misrepresentation.

The most prudent course is a periodic review of the contents of Web pages to avoid these problems, ideally by the same person who reviews the site for accuracy. Certainly if there are major changes (sudden losses, the loss of a big contract, a major change in the company's operations), a company should remember to look at its Web page to eliminate erroneous information. If the company wishes to leave older information (such as press releases or SEC filings) on the Web site for informational purposes, it is a good idea to place such information into a section clearly identified as an "Archive" along with an appropriate disclaimer.

Moreover, Web sites typically contain an indication of when they were last updated. It is important that the company only update the date of those sections in which the content has actually been updated, in order to avoid any implication that sections which have not been updated are more current than they actually are.

7. Pay Special Attention During Offerings and Proxy Solicitations.

If a corporation plans to commence an offering, then federal law requires that certain disclosures be made to potential investors in a certain order, dividing the process into three time periods: pre-filing, waiting and post-effective.19 Information on the corporation's Web site could lead to allegations of "gun-jumping" or promoting an offering prior to presenting the legally required disclosures. Other disclosure and timing issues arise when the corporation commences soliciting proxies for an annual meeting. Corporations must be particularly sensitive to the contents of their Web sites whenever they are involved in an offering or proxy solicitation.20

On October 18, 1999, in a speech before the Economic Club in New York, Chairman Levitt said the SEC planned to crack down on the practice of publicly traded companies - and those planning IPOs - leaking information to Wall Street analysts before making it public.21 The plan came on the heels of the delayed public offering of Internet grocer Webvan. The SEC forced Webvan to postpone its IPO after it released significant information during a conference call as part of its "roadshow."22 The information apparently was not contained in the company's prospectus.

B. Analysts' Conference Calls

1. Participation Via Internet

Virtually all public companies have a conference call with securities analysts shortly following the public disclosure of the company's quarterly financial results and any other public announcement of a significant corporate transaction (such as a major acquisition). In the past, participation in these calls has been limited, a practice which has been criticized by the SEC. The Internet has provided a convenient way to open up these calls by permitting anyone who want to listen to an analyst call to do so through a live Internet simulcast of the conference call. In his October 18, 1999 address to the Economic Club in New York, Chairman Levitt appealed to corporate America, "in the spirit of fair play," to use the Internet to make conference calls open and available to everyone.23

Such an arrangement gives all participants simultaneous access to the information provided in the call, while permitting the company to structure the call so that only securities analysts can ask questions. Internet broadcasting of a conference call can also be significantly cheaper than a more traditional "open" conference call in which participants dial into a central number.

2. Subsequent Reproductions of Conference Calls

The Internet has also made it easier for a company to replay analyst conference calls at a later date. A recorded conference call can be put into an appropriate digital format and then linked to the company's Web page. Clicking on the link will replay the call and allow any visitor to the Web page to hear the full content of the call. While this is generally a good idea, permitting the rebroadcast of conference calls raises duty to update issues. In a rapidly changing business environment, statements made by the company concerning its business, plans and outlook that were true on the day of the conference call may not be true several weeks later. Accordingly, a company should limit the time period during which the audio portion of the conference call is made available on its Web page to a period of not more than a week.

As for written transcripts of conference calls, it is not advisable for the company to make such transcripts available. One of the primary reasons is that the Private Securities Litigation Reform Act "safe harbor" warning that is typically made at the beginning of an analyst call usually cites cautionary language (by referring to risk factor disclosures in an SEC filing) rather than stating such cautionary language. Such a disclaimer, while valid to protect oral forward-looking statements, may not be sufficient to protect written forward-looking statements such as those that are created by the reproduction of the transcript of the call.

C. Jurisdictional Issues.

Companies that maintain Web pages should also be aware that the use of a Web page could make the company subject to the jurisdiction of courts of states in which it does not regularly conduct business. Early cases held that the mere operation of a Web site to promote its business, which could be accessed by residents of the forum state, was sufficient to confer specific jurisdiction in a dispute arising out of the site's domain name. In Inset Systems, Inc. v. Instruction Set, Inc., 937 F. Supp. 161 (D. Conn. 1996), the defendant moved unsuccessfully to dismiss the Complaint based upon the lack of personal jurisdiction. The Court noted that while the defendant (a Massachusetts corporation) had no offices or employees in Connecticut, and did not conduct business in Connecticut on a regular basis, it had been continuously advertising on the Internet for over a year. (This "advertising" apparently consisted of setting up a World Wide Web page with the address of " www.inset.com " containing information about the company.) The court also noted that there were as many as 10,000 "Internet users" within Connecticut and that advertisements on the Internet can be accessed many times by potential customers. The court concluded that the defendant's advertising on the Internet was a "solicitation of a sufficient repetitive nature" to satisfy the Connecticut Long Arm Statute as well as constitutional due process concerns.

Recent cases reflect a view more favorable to corporations establishing Web sites, and appear to require something more than mere advertising on the Web in order to establish personal jurisdiction.24 Nevertheless, the potential for being subjected to personal jurisdiction on the basis of a Web site remains. A company that maintains a Web page, especially one that is highly interactive, should therefore recognize that it might have to defend itself against claims in unanticipated jurisdictions as a result of its Web "presence."

II. ACCOUNTING ISSUES

With the birth of the Internet-based "new economy," it was inevitable that established accounting rules would not always be equipped to deal with the sometimes novel issues that face Internet companies today.

In October, 1999, the staff of the SEC proposed to the Financial Accounting Standards Board ("FASB") that it address no less than twenty identified accounting issues that have arisen from the use of the Internet. Near the top of the list, and assigned "priority level one" by the SEC staff, is accounting for the practice of advertising barter transactions.

In these transactions, Internet companies trade rights to advertise on each other's Web sites. Reported revenue from these transactions has risen in the past few years, leading to varying accounting practices. SEC Chief Accountant Lynn Turner recently underscored the SEC's commitment that accounting records for such transactions must be based on "reliably measurable" information, and that companies engaging in these transactions "should be making transparent disclosures that will clearly convey to investors the accounting being used."25

In an October 18, 1999 letter to the FASB released on December 23, 1999, Mr. Turner also called on the board's Emerging Issues Task Force to address accounting for the cost for developing a web site, which he identified as a "key issue."26

III. MESSAGE BOARDS / CHAT ROOMS

A. What Are They?

Broadly defined, "message boards" (also known as "bulletin boards"), are information centers accessible via the Internet. Users of the boards can post messages, which can then be read by others (not just a specific recipient). Message boards include USENET newsgroups -- discussion groups that are accessible to almost anyone who has access to the Internet. A number of message boards are focused on investment-related topics, including Yahoo! Finance, Silicon Investor, and The Motley Fool. Some of these boards are open to the general public, while others are only available to subscribers.

"Chat rooms" are real-time versions of message boards. In chat rooms, such as those sponsored by America Online, investors can communicate with others who are logged onto the service at the same time. As with message boards, there is no geographical limitation to those who can access or participate.

Participants in message boards and chat rooms frequently conceal their true identities. As will be discussed below, however, the true identities of Internet users can almost always be discovered with some effort.

B. Issues Raised by Message Boards and Chat Rooms

1. Disclosure Issues

(a) MisrepresentationAnything said in these forums by someone from the company could be viewed as a disclosure of information by the company. Therefore, any inaccurate or misleading statements could form a basis for liability under the general anti-fraud provisions of the federal securities laws.

(b) Selective DisclosureSince not every investor has access to these forums, a disclosure made by a company exclusively in one of these forums could constitute "selective disclosure," which has implications for insider trading/tipper liability. The NASD has reportedly found instances in which information about a company was discussed on a message board or in a user group before the company released the information to the public.27 Both the SEC and the NASD are treating these incidents seriously and are studying ways to respond.

2. Security

Someone sending a message from a company's e-mail address would appear to be speaking for the company, which obviously could lead to problems. Therefore, access to these forums from within the company should be restricted. Precautions should also be taken to make sure that someone from outside the company cannot improperly access the company's computers and send unauthorized messages.

3. Rumors and Market Manipulation

Another common scenario is that someone, from either inside or outside the company, posts inaccurate messages in an attempt to manipulate the stock price (either up or, in the case of short sellers, down). John Reed Stark, head of the SEC's newly-created Internet Enforcement Office, calls the act of posting false Internet rumors a "corporate cybersmear." Mr. Stark has stated that the SEC is prepared to take action in appropriate circumstances.

In recent years, there have been a number of prominent cases in which a company's stock has been hyped or trashed over the Internet, leading to massive trading of the stock and a corresponding run-up or sell-off in the stock price.

(a) NEI Webworld

According to the SEC, on Friday, November 12, 1999, three California residents sat down at public computers in the biomedical library at UCLA and, over the course of a weekend, posted over 500 messages to three popular Internet stock message boards touting NEI Webworld's stock. Using 50 different web aliases, the three individuals falsely stated that NEI Webworld, a bankrupt commercial printing company based in Dallas, was the target of an imminent takeover. The three men, who had purchased 97% of NEI Webworld's stock for $0.13 per share a few days earlier, drove the company's stock price up to $15.50 before it crashed. The three individuals were arrested and charged with civil and criminal fraud on December 15, 1999.28 Two of the men were indicted on January 5, 2000.29

(b) PairGain

Last year, PairGain, Inc., a California company, was the target of such an Internet hoax. On April 7, 1999, someone posted a forged Web site that looked like part of the Bloomberg News site. The forged site purported to announce that PairGain would be acquired by ECI Telecom Ltd., a competitor. Within minutes, PairGain's Yahoo! message board referred to the bogus announcement and provided a link to the forged Web site. This triggered a flurry of trading activity, causing PairGain's stock to rise 30 percent in the first few hours of trading. By the time the announcement was debunked several hours later, trading moderated, but the stock still closed up 10 per cent for the day.30

Nine days later, the FBI arrested and charged Gary Hoke, a 25-year-old computer engineer employed by PairGain, with securities fraud for creating the forged Bloomberg News Web site. On August 30, 1999, a federal judge in Los Angeles sentenced Mr. Hoke to five months of home detention, five years probation, and $93,087 in restitution to investors who lost money when they purchased at the inflated price. Mr. Hoke reportedly planned to sell his shares when PairGain's stock went up, but got "cold feet" and did not sell.

(c) Comparator SystemsAnother notable instance of Internet hype occurred in May 1996, when the stock price of Comparator Systems Corporation went from 6 cents a share to $1.88 a share in three days. During that time, more than 449 million shares of this tiny company changed hands before trading was halted. In the days proceeding this flurry of trading activity, Internet chat rooms and user forums were filled with rumors about the stock. (One report from the NASD stated that brokers and corporate insiders may have been the source of some of these rumors, presumably in an attempt to drive up the share price while the insiders sold their stock.)

C. Should the Company Respond to False Rumors?

Generally, it is not advisable to respond to rumors about the company, whether these rumors appear on television, in the newspapers or on the Internet. While a company's instinct may be to respond, especially when the rumor is patently offensive in nature (as many message board posts are), turning the other cheek is usually the best course of action.

1. There is No General Duty to Respond to Rumors

There is no general legal duty to respond to rumors in the marketplace unless those rumors can be attributed to the company. Similarly, a company is not required to police statements by third parties for accuracy. However, if a company chooses to respond (for public relations or other reasons), whatever it says will constitute a disclosure by the company for which it may be held liable if the response is inaccurate or incomplete. As a practical matter, the obligation to speak accurately and completely may make it very difficult for a company to frame a response even if it wishes to do so, since many false rumors contain at least a sliver of truth.

2. There May be a Duty to Update or Correct

By responding to a rumor, a company may assume a "duty to update" or a "duty to correct" the information contained in its response that it would not otherwise have. These duties flow from statements that are "alive" (still capable of influencing the investing public) and on which a reasonable investor might rely.31 A "duty to update" may exist when a statement that was true when made is later overtaken by events and is no longer true. In contrast, a "duty to correct" may exist when a statement believed to be true when made is later discovered to have been untrue when made. In either situation, a company might be under a duty to take affirmative steps (such as disclosing new information) so that the past statements do not leave any misleading impressions.

3. Use the Company's "No Comment" Policy

Most public companies have a "no comment" policy that prohibits the company from responding to inquiries or commenting upon rumors concerning prospective developments or transactions involving the company (such as rumors relating to an acquisition of or by the company).32 A "no comment" policy enables the company to "respond" to rumors in a manner that minimizes the awkwardness of a refusal to respond, and avoids premature disclosure of a potential development or transaction. Without such a policy, the company spokesperson would not be able to respond truthfully if a potential development or transaction that was not yet ripe for public disclosure was pending. Such a policy also helps the company avoid an obligation to update prior public statements (such as a statement refuting a rumor that the company is for sale) when, as a result of intervening events, the prior response is no longer accurate.

Unfortunately, many companies seem to overlook the obvious - "no comment" policies apply to all public communications by the company, including electronic communications over the Internet.

4. Stock Exchange Rules May Require the Company to Speak

Despite the dangers of commenting on rumors, in certain circumstance the company may be required to address the rumors publicly if they result in heavy market activity. Self regulatory organizations, including the New York Stock Exchange, the American Stock Exchange, and the Nasdaq Stock Market, impose an independent duty on listed companies to respond to rumors in certain circumstances. The New York Stock Exchange Company Manual § 202.03, for example, requires that a company should be prepared to make an announcement of important corporate activity if unusual market activity occurs prior to its announcement. If the rumors are correct, the company will be required to make "an immediate, candid statement to the public as to the state of negotiations or the state of development of corporate plans." If the rumors are false, "they should be promptly denied or clarified."

In practice, the operation of the self regulatory organizations' rules is less than certain. In many cases, no disclosure will be required if the company has a valid business reason for not making the disclosure. A company should, therefore, seek the assistance of qualified legal counsel before making any statements commenting on rumors in the marketplace.

5. How Does the Company Stop Responding?

One somewhat unique risk of voluntarily responding to Internet rumors results from the volume of messages (and therefore potential false rumors) that exist. Very few companies have the resources to review all posted messages. But once a company starts responding to rumors, how does it select which ones are worthy of response and which ones are so ridiculous that no response is warranted? Does the failure to respond to a message (whether it is favorable or unfavorable) become an implied affirmation that the message is accurate?

D. Should the Company Monitor What is Posted About It?

Assuming a company plans to adhere to its "no comment" policy and, therefore, not to respond to Internet rumors, should the company nevertheless monitor the message boards and chat rooms?

1. Benefits of Monitoring

There may be good business reasons to monitor popular sites that discuss the company.33 By monitoring such sites, the company may become aware of general issues that are important to investors or areas where the company has failed to tell its story adequately. With this knowledge, the company can prospectively adjust its investor relations program. For example, if investors are erroneously questioning the company's procedures for recognizing revenues, additional information about the company's policy could be added to future SEC filings. This kind of indirect response can be helpful in reducing future rumors and result in improved investor relations.

If a company chooses to monitor, the extent of any monitoring will be largely a function of the company's resources. Internal personnel may be assigned to monitor pertinent Internet chat rooms, message boards, USENET newsgroups, Web pages, and other Internet sites where the company is likely to be mentioned. For larger companies, public relations firms and other outside businesses will perform such monitoring for a fee.

2. Pitfalls of Monitoring

There are, however, several factors that argue against monitoring. Perhaps chief among them is the cost of monitoring all the major message boards that might discuss the company. It may be simply too burdensome to monitor the boards and chat rooms and the amount of useful information generated by such monitoring may not justify the cost of gathering it.

Also, monitoring the boards will undoubtedly uncover comments by irate and misinformed investors. Such persons have been known to severely criticize, or "flame," executives and officers of companies with heated, yet unjustified, attacks. It may be simply too hard for persons within the company to resist the temptation to respond to these unwarranted attacks.34 In addition, companies that spend too much time focused on the message boards may begin to suffer from a distorted view of the significance (or, more likely, insignificance) of particular messages.

Finally, if a company is monitoring, it may need to acknowledge that fact if asked, for example, by the SEC. This could lead to requests for information about what rumors the company is aware of and questions about whether additional disclosure is required in response to such rumors.

The decision of whether or not to monitor should probably be made as part of the company's overall assessment of how it wishes to conduct and fund its Investor Relations function. However, if any monitoring is to be done, the company should first adopt a clear policy regarding the applicability of its general no-comment policy to any false rumors the company may encounter.

E. Should the Company Completely Prohibit Employees from Posting to Message Boards About the Company?

As a matter of policy, a company could probably prohibit its employees from posting any information to a message board or chat room dedicated to discussing the company.35 Consistent enforcement of such a prohibition, however, may be impossible to accomplish. Such a ban might also be unacceptable from a corporate culture perspective.

Every company should, regardless of its stand on prohibiting posting, provide employees with clear guidelines that proscribe discussions of internal corporate matters, company business, client information, or other confidential business information on the Internet. Additionally, the company should train it employees about the importance of following those guidelines and the damage that can result to themselves and the company from their failure to abide by those policies. For example, employees should be taught that they may have personal liability if they discuss rumors or other corporate matters on the Internet -- even if their intent is to defend the company. To the extent that such postings hype the company's stock, contain material misrepresentations, or omit material information, the posting employee may be violating the antifraud provisions of the federal securities laws -- exposing himself and the company to civil or criminal liability. Employees should also be periodically reminded that misuse of confidential company information can result in termination of employment.

Given the risk that any messages sent from a company computer may be attributed to the company, employees also should be clearly reminded about the company's general policies regarding the personal use of company equipment, that such policies apply to Internet postings, and the consequences of violating those policies.

F. Using Legal Proceedings to Identify People Who Post False or Confidential Information

Although the Internet appears to be an anonymous medium, in reality, every Internet user leaves behind a trail of identifying information. This information can be discovered and, upon learning the identity of an individual who is improperly posting information about the company, the company might be able to stop the individual from posting in the future.

Generally, formal legal proceedings should be the last resort. Lawsuits are very public matters and, lately, the news media has taken special interest in Internet-related litigation. Fortunately, there are several effective private means by which a company can discover the identity of an offending poster. For example, if the posting is being done through the company's computer network, the company's IT department may be able to review its logs and piece together enough information to identify the poster.

1. Private Investigators

Alternatively, several private investigation firms specialize in discovering the identities of people who post information on the Internet. These private investigators use procedures such as "data mining" to survey the Internet for older postings on other sites by the individual in question. Remember -- no one starts on the Internet as an expert. At one time, even the most sophisticated poster was a novice who left all sorts of identifying information about himself on Web sites or USENET newsgroups. By mining this information, the private investigator may be able to identify the offending poster.

In situations involving extremely egregious conduct, such as the posting of a company's trade secrets, some private investigators also use "Web stings" and "E-mail stings" to lure the offending poster to a site that is actually maintained by the private investigators. Once the poster arrives at the private investigator's site, the site automatically records a variety of identifying information, such as the poster's IP Address, Internet gateway, and date and time of the visit.36

One of these private investigation firms is the Princeton, New Jersey firm International Business Research ("IBR"). Michael D. Allison, IBR's chief executive officer, and Jeffrey Bedser, head of IBR's Internet Crimes Group have met and worked with several Hale and Dorr attorneys. IBR has a growing business helping companies smoke out angry ex-employees or stock-fraud suspects.37

About one-third of IBR's business involves tracking down anonymous online detractors. They once tracked down an anonymous poster after the person revealed being a Guinness beer drinker. IBR identified another target by playing chess. An Irvine, California software-leasing company hired IBR to unmask someone calling himself "ZeroBid" who had posted Message Board accusations that the company could be fraudulently promoting its stock through a pump and dump scheme. IBR staffers notices that ZeroBid left a message on the Raging Bull stock discussion Web site saying "This board is dead. I'm going over to play chess on Yahoo." They tracked ZeroBid down at the chess site and, using assumed names, challenged him to matches for several weeks. IBR matched the nickname to a list of the firm's employees. The company passed on ZeroBid's posting to securities regulators. The matter is pending.

Another investigation firm, Arlington, Virginia based Cyveillance, scours the Net for its clients to discover sites that are: (1) stealing "eyeballs" (Web site visitors) from the client's Web site; (2) distributing the client's products and services without authorization; (3) undercutting industry pricing; (4) selling counterfeit or gray market goods; (5) redistributing the client's proprietary content; and (6) otherwise skimming profit and e-Business opportunities. For example, Cyveillance claims that:

    • For a major music licensing organization, it identifies licensable music sites on the Internet, so they can collect revenue and provide royalties to the copyright owners. In a six month period, Cyveillance identified nearly a quarter of a million Internet sites streaming music owned by their members. This amounted to more than $6 million dollars in music licensing opportunities for the client.
    • For a major publishing company, Cyveillance identified sites using their proprietary content to draw traffic to other sites (and the valuable advertising dollars that went with it). Cyveillance says it reclaims more than $30,000 per month in "eyeballs" or ad revenue.

Cyveillance's Web site says that the Internet "is the black market, grapevine and red light district of the millennium."

2. "John Doe" Litigation

If attempts at private discovery fail, a company will probably have to obtain formal discovery through the judicial process. Typically, this is accomplished by filing a "John Doe" action against the offending poster. Such lawsuits are being brought with increasing frequency. Hale and Dorr recently represented several publicly held companies in such suits.

The procedure for obtaining formal discovery in a "John Doe" action is easy to understand but sometimes difficult to accomplish. Usually, a lawsuit is brought against the individual poster stating the harm caused by the poster (typically, breach of contract, misappropriation of trade secrets, or defamation). Because the company does not know the identity of the poster, it will have to subpoena the poster's ISP or the Web site through which the user posted the offending material (such as Yahoo!) for identifying information. Depending on the court, such a subpoena might only issue subject to a court order. Courts readily grant such discovery requests, however, because, without it, the suit cannot go forward (e.g., the lawsuit cannot be served on the defendant because the company is unaware of the defendant's identity).

An exception to the general rule of granting liberal discovery may be found in the United States District Court for the Northern District of California. In Columbia Ins. Co. v. Seescandy. com, 185 F.R.D. 573 (N.D. Cal. Mar. 8, 1999), the court raised the issue regarding discovery of the true identities of unknown "John Doe" defendants. Citing what it perceived to be the "legitimate and valuable right to participate in online forums anonymously," the court imposed a drastic (and largely unworkable) four part test that must be met before a plaintiff can attempt to obtain a subpoena for discovering the identities of anonymous parties. The plaintiff must: (1) specify the unknown party with enough accuracy to show that the court has jurisdiction over the defendant; (2) describe all prior steps taken to identify the "John Doe"; (3) show that a suit against the defendant will likely survive a motion to dismiss; and (4) file a request for discovery identifying the persons with information regarding the identity of the defendant. As a practical matter, a plaintiff may not be able to obtain all this information before seeking discovery. Indeed, this Catch-22 situation may serve to make providing this information to the court impossible. Therefore, at least in the Northern District of California, discovering the identities of wrongdoers through John Doe litigation may become extremely difficult, if not impossible.ISPs and Web sites typically comply with subpoenas for discovery in a timely manner.38 Upon learning the identity of the offending poster, the company may either amend its complaint and serve the party, or, if the poster is a current employee, may use the information to enforce its company policies.

3. Total Digital Privacy on the Horizon?

The days of leaving traceable Internet tracks may be numbered, however. Several companies, including Montreal-based start-up Zero Knowledge Systems, are releasing or have released products that offer multiple online pseudonyms and Byzantine encrypted re-routing that even Zero Knowledge itself can't crack. The products are available online for approximately $50, and work this way: First, users set up separate pseudonyms for different aspects of their lives (e.g., an identity for an online chat about health care, another for interactions with friends and family, others for Internet browsing, and finally a "true" identity for e-commerce transactions). Then, Zero Knowledge scrambles data coming from a user's PC and hides the source and destination of Internet traffic routed through its servers (the messages are first sent through Zero Knowledge's servers where it is wrapped in a layer of encryption). Then the data gets routed through the Internet, bouncing from one independently owned server to the next, and can only be opened by one specific server who then forwards it to another specific server. Eventually, the data arrives at its intended site, but supposedly neither snoopers, nor the final recipient, have any way of tracing its origins.

IV. E-MAIL

A. Inquiries from Investors

Inquiries by e-mail from investors or potential investors should be handled the same way as other inquiries by letter or telephone. Every company should have a policy dictating how responses will be made to investors, in compliance with SEC rules on disclosure. In addition, any information given on a selective basis could be the basis for a claim of insider trading. Responding to an e-mail message with more information than given in response to other inquiries could be said to be a material disclosure of non-public information.

B. Internal E-mail

E-mail is becoming a hot issue in all types of litigation. Many people treat e-mail messages as they would telephone conversations. A commonly held belief is that once a message is sent, or received and deleted, it is gone. That is not true. Most systems make copies ("logs") of messages sent or received on the system, and these logs are periodically saved or "backed up." Depending on the document retention policies in effect, these saved files may be retained for years and are therefore subject to being discovered by an opposing party in the course of litigation.

For these reasons, employees must be careful of what they say in e-mail, and treat each e-mail message as if it is a signed letter that will be preserved. There are "computer sleuths" who specialize in recovering "deleted" computer files and finding saved messages in computer systems. Cases have been severely damaged because of an offhand or joking comment in an e-mail message that was used as the "smoking gun" by the other side:

  • In a case alleging redlining by a bank, one such "sleuth" found an e-mail message from a bank official that said: "We're not going to approve of anything in that part of town."
  • In another case, where the issue was whether the seller of a piece of property knew about hazardous waste buried on the property, lawyers for the buyer found a message from the seller that said: "We made it through the whole process without alerting [the buyer] of the waste site on the northeast corner."
  • Prudential Insurance Company faced increased scrutiny in 1996 after an internal e-mail message was discovered. The message, which was apparently sent to managers in 14 states, warned that state regulators in one state were beginning an investigation of certain Prudential practices and ordered the managers to "destroy and discard" documents which related to those practices.
  • The Independent Counsel's Report to Congress in 1998 contained references to "document retrieved from Ms. Lewinsky's home computer," "e-mail retrieved from Catherine Davis's computer" and "deleted file from Ms. Lewinsky's home computer."
  • In the course of discovery in a patent infringement suit, a computer expert recovered the following e-mail between two engineers working for the defendant: "I don't know how much our company stole from [the plaintiff], but it must have been a lot, because our product looks just like theirs."

Needless to say, messages like this, which the defendants thought they had deleted, can sink a case. This highlights the need for every company to review its document retention policy, especially with respect to computer back-ups, to ensure that documents (including e-mail) are not retained for a longer period of time than is absolutely necessary.

Two companies, however, "Disappearing, Inc." (pun apparently intended) (San Francisco) and QVTech (Colorado) have both announced they are releasing new products that will permit e-mail to self-destruct (i.e., becoming unreadable) after a period of time set by the user. The system works like this: e-mail is encrypted and a Web site maintained by Disappearing, Inc. holds the key to unlocking the e-mail and reading it. The sender specifies how long he would like the key to be available. After that time, the recipient of the e-mail cannot unlock the e-mail - at which time it is permanently reduced to gibberish. The e-mail is still there - it just becomes unreadable.39

Obviously, this has implications for companies who want to incorporate this technology into any existing document retention policy. If the products work as touted, old e-mails will automatically be "shredded" electronically - removing the reliance many companies have on employees or other means to discard, erase, or otherwise dispose of e-mail the company no longer needs. Shredded e-mail is also undiscoverable e-mail.

V. CONCLUSION

The Internet has already become a significant forum for the exchange of information about companies and their securities, and for the exchange of the securities themselves. The SEC, the various state securities commissions, and the courts have only begun to sort out the issues raised by this new medium. Although many specific issues remain unsettled, the basic principle -- that securities laws apply to electronic media just as they do to more traditional media -- should permit a cautious corporation to use the Internet and other electronic media to full advantage.

Jeffrey B. Rudman

[email protected]

Andrea J. Robinson

[email protected]

Jonathan Wolfman

[email protected]

Jeffrey C. Morgan

[email protected]

1 See The Impact of Recent Technological Advances on the Securities Markets, SEC Report to Congress (Sept. 1997) [herinafter, Impact], available on-line at: http://www.sec.gov/news/studies/techrp97.htm.

2 See Use of Internet Web Sites to Offer Securities, Solicit Securities Transactions, or Advertise Investment Services Offshore, SEC Release No. 33-7516 (Mar. 23, 1998) (interpretive release); Use of Electronic Media by Broker-Dealers, Transfer Agents, and Investment Advisers for Delivery of Information; Additional Examples Under the Securities Act of 1933, Securities Exchange Act of 1934 and Investment Company Act of 1940, SEC Release No. 33-7288 (May 9, 1996) (interpretive release); Use of Electronic Media for Delivery Purposes, SEC Release No. 33-7289 (May 9, 1996) (final rules); Use of Electronic Media for Delivery Purposes, SEC Release No. 33-7233 (Oct. 6, 1995) (interpretive release). See also Impact, supra note 1.

3 SEC Press Release 99-138.

4 SEC Press Release 2000-2.

5 A no-action letter provides to a company a non-binding opinion by the staff of the SEC regarding its likely regulatory response to the company's planned actions. See, e.g., Internet Capital Corporation (December 24, 1997) (service which would electronically deliver prospectuses and other offering materials for unaffiliated issuers); Net Roadshow, Inc. (July 30, 1997) (service which would transmit roadshows for public offerings over the Internet); Flamemaster Corp. (Oct. 26, 1996) (corporation planned to set up Internet bulletin board to match sellers and buyers of its stock); Angel Capital Electronic Network (Oct. 25, 1996) (service on Internet that provided accredited investors with access to information about small corporate offerings); Perfect Data Corp. (Aug. 5, 1996) (corporation planned to set up Internet bulletin board to match buyers and sellers of its stock); Real Goods Trading Corp. (June 24, 1996) (another bulletin board); Spring Street Brewing (Mar. 22, 1996) (first Internet initial public offering).

6 Impact, supra note 1.

7 Id.

8 See supra note 5.

9 Scott J. Paltrow, Beat Cop: As Huge Changes Foil the Market, Some Ask: "Where is the SEC?" Wall St. J., Oct. 11, 1999 at A1 [hereinafter, Paltrow]; SEC May Need More Funding In Fight Against Internet Fraud, Official Says, 31 Sec. Reg. & L. Rep. (BNA) No. 12, at 394 (March 26, 1999).

10 SEC News Digest, Issue 98-114, July 28, 1998.

11 Securities Regulators Face Tough Hurdles Combatting Internet Fraud, GAO Official Says, 31 Sec. Reg. & L. Rep. (BNA) No. 12, at 396 (March 26, 1999).

12 Some observers are concerned that the SEC is not up to the task of vigorously investigating Internet fraud. As complaints grow, SEC documents show a mounting backlog of pending cases. Yet, the SEC budget has remained roughly unchanged over the past five years. Its staffing has also not kept up with the number of complaints. Andrew Fraser, Who's Watching? Wall St. J, June 14, 1994, at R17. In fact, from Setpember 1996 to September 1998, the SEC's New York office had to replace 54% of its 137 member staff because of departures to the private sector, including 57 of 88 attorneys. Paltrow, at A1. One third or more have left Washington and other regional offices. Id. Indeed Jay H. Perlman, Deputy Chief of the SEC's Office of Internet Enforcement left the SEC in October, 1999 to become Associate General Counsel for The Motley Fool, Inc. SEC News Digest, Issue 99-198, Oct. 14, 1999.

13 The October 6, 1995 SEC interpretive release on electronic delivery, No. 33-7233, states clearly that the liability provisions of the federal securities laws apply equally to electronic and paper-based media and specifically notes that the anti-fraud provisions contained in Section 10(b) and Rule 10b-5 also apply to information delivered electronically in the same way they do to information on paper. Section 10(b) of the Securities Exchange Act of 1934 makes it unlawful for "any person, directly or indirectly, by the use of any means or instrumentality of interstate commerce or of the mails, or of any facility of any national securities exchange . . . [t]o use or employ, in connection with the purchase or sale of any security . . ., any manipulative or deceptive device or contrivance in contravention of such rules and regulations as the Commission may prescribe as necessary or appropriate in the public interest or for the protection of investors." 15 U.S.C. § 78j(b). See also SEC Rule 10b-5, codified at 17 U.S.C. § 240.10b-5 (providing inter alia that it is unlawful in connection with the purchase or sale of a security to "make any untrue statement of a material fact or to omit to state a material fact necessary in order to make the statements made, in the light of the circumstances under which they were made, not misleading").

14 Likewise, companies may run afoul of the securities laws if they disclose inside material information to analysts, institutional investors, etc. but not to the public at large. On December 15, 1999, the SEC proposed a new rule, Regulation FD (Fair Disclosure), which would ban companies from selectively disclosing material information to such groups. The proposed regulations would require "simultaneous" public disclosure for intentioanl disclosures. See Proposed Rule: Selective Disclosure and Insider Trading, SEC Release Nos. 33-7787, 34-42259, IC-24209, File No. S7-31-99, [hereinafter, Proposed Rule] (Dec. 15, 1999), http://www.sec.gov/rules/proposed/34-42259.htm. The comments to the proposed rule are careful to point out that the rule "would not consider a website posting by itself to be a sufficient means of public disclosure."


15 A disclaimer applicable to the entire Web site would be similar to the following:The documents contained in (or directly accessible from) this Web site include forward-looking statements. Any statements that are not statements of historical fact (including without limitation statements to the effect that the Company or its management "believes," "expects," "anticipates," "plans" and other similar expressions) should be considered forward-looking statements. There are a number of important factors that could cause the Company's actual results to differ materially from those indicated by such forward-looking statements, including [insert appropriate risk factor language]. Reference is made to the Company's most recent Annual Report on Form 10-K and Quarterly Report on Form 10-Q (particularly the section thereof entitled "Management's Discussion and Analysis of Financial Condition and Results of Operations" [or other section where risk factor language is contained]) for further information on the Company and its business.

16 Stephen Bochner, A Tangled Web, 1 Wallstreetlawyer.com: Sec. Elec. Age 12 (1997). For a discussion of the "safe harbor" created by the Private Securities Litigation Reform Act of 1995 and the potentially blurry distinction between a forward-looking statement and a representation of present fact, see Shaw v. Digital Equipment Corp., 82 F.3d 1194, 1213-1214 (1st Cir. 1996).

17 If the company is actually posting the contents of the analysts' reports, as opposed to merely linking to the analysts' own Web sites, the company must also get the consent of each of the analysts to post their reports.

18 See Section 17(b) of the 1933 Act.

19 See Impact, supra note 1.20 The SEC has explicitly authorized the use of Web site prospectuses during a securities offering. SEC Release No. 33-7233. To satisfy federal regulations, however, the corporation must be certain that each investor to whom a prospectus is provided electronically: (1) consents to receiving an electronic prospectus rather than a paper one, (2) has access to the prospectus in a manner at least equivalent to that provided by regular mail, and (3) generates some evidence of actual delivery of the prospectus. Id. Of course, the informational content of the electronic version of the prospectus must be substantially equivalent to the paper version. Id. If the electronic version includes graphic, video or audio content, then the paper version must include a fair and accurate description or transcript of that content. SEC Release No. 33-7289.

21 Arthur Levitt, Quality Information: The Lifeblood of Our Markets (Oct. 18, 1999), http://www.sec.gov/news/speech/speecharchive/1999/spch304.htm.

22 SEC to Limit IPO Leaks, San Jose Mercury News, Oct. 19, 1999, http://www.mercurycenter.com/premium/front/docs/sec19.html.

23 Id.

24 See, e.g., Zippo Mfg. Co. v. Zippo Dot Com, Inc., 952 F. Supp. 1119 (W.D. Pa. 1997) (establishing the now prevalent test of "interactivity" distinguishing "passive" sites, which would not be sufficient for personal jurisdiction, with highly "interactive" sites); Cybersell, Inc. v. Cybersell, Inc., 130 F.3d 414, 418 (9th Cir. 1997) ("something more" is required to "indicate that the defendant purposefully (albeit electronically) directed his activity in a substantial way to the forum state"); Shapiro v. Santa Fe Gaming Corp., 1998 WL 102677 (N.D. Ill.) ("a passive, non-advertising Web site, without more, is insufficient to satisfy jurisdiction or venue"); Hearst Corp. v. Goldberger, 1997 WL 97097 (S.D.N.Y.) (no personal jurisdiction based on Web site where defendant had not sold anything in New York); Conseco, Inc. v. Hickerson, 698 N.E.2d 816, 820 (Ind. Ct. App. 1998) ("In order to determine whether there are sufficient contacts to warrant an exercise of personal jurisdiction when dealing with an interactive Web site, courts look at the level of interactivity of the site and commercial nature of the information exchange.").

25 4 Elect. Commerce & L. Rep. (BNA) No. 41 (Oct. 27, 1999).

26 5 Elect. Commerce & L. Rep. (BNA) No. 1 (Jan. 5, 2000).

27 See also Proposed Rule, supra note 14.

28 SEC Press Release 99-172; Gretchen Morgenson, Internet Implicated in Stock-Fraud Arrests, N.Y. Times, Dec. 16, 1999.

29 Two Men Are Indicted in Stock-Fraud Case, Wall St. J., Jan. 5, 2000.

30 The day of the bogus announcement, both PairGain and ECI Telecom issued statements denying any such deal. Bloomberg News also put out a news story late the same morning saying that it had run no such article on its newswire.

31 Forward-looking statements are obvious examples of "alive" statements.

32 Adherence to this policy requires that the company respond to such inquiries or rumors with a statement to the effect that it is the company's policy not to comment upon or respond to such inquiry or rumor. A statement that the company does not know of any basis for such a rumor, or is not aware of any pending transaction, is not consistent with this policy and, if inaccurate, such a false statement could subject the company to liability.

33 One commentator has stated that if a company monitors the Internet for rumors, it might assume a duty to correct false rumors that it learns about if it has no valid corporate purpose for leaving the rumor uncorrected. Such concern appears to be misplaced, however, as merely being aware of a rumor normally does not create a duty for the company to confirm or deny it.

34 For example, posters to the Franklin Resources mutual-fund Yahoo! Message Board were recently surprised to learn that a frequent poster (and ardent defender of the fund) actually turned out to be the son of the fund's CEO. It appears that the son, who posted messages like: "[a]ttacking men like Charlie Johnson [the fund's CEO] just makes you look stupid and uneducated," was motivated by family loyalty and posted in response to recent "flames" against his father. Mitchell Pacelle, Online Franklin Booster Turns Out to Be The Boss's Son, Wall St. J., May 7, 1999, at C1.

35 Whether this policy could be enforced in all circumstances is another matter. Although a company could enforce a prohibition on posting with respect to confidential business or proprietary information, a company probably could not, for example, enforce it against employees who use the board as a means for organizing a labor union.

36 Further, the investigator may also use "tracing" software that will display the electronic path used to access the site. This can usually identify the city in which the poster resids, and perhaps even the company from which he is posting.

37 See Rebecca Buckman, Gumshoe Game on the Internet, Wall St. J., July 27, 1999, at B1.

38 But America Online, as a matter of policy, notifies its users upon receiving a subpoena for identifying information, and will not act on the subpoena for fourteen (14) days. During that time, the user may attempt to quash the subpoena.

39 Hiawatha Bray, May Your E-mail Rest in Peace, Boston Globe, Oct. 14, 1999, at C1.