Using the internet, companies can reach prospective customers and investors around the world, vastly expanding the market for their goods and services. Just as easily, disgruntled employees, unhappy investors, dissatisfied customers and underhanded competitors can post damaging, defamatory remarks. What’s the best tactic for responding to online critics?

When criticisms made online (or in any other media) are false and injurious to a company’s reputation, the target may be entitled to sue the critic for defamation. In order to maintain a suit for defamation, a plaintiff must prove that the defendant "published" (i.e., communicated to a third party) a false statement of "fact" (as opposed to one of mere "opinion") that damaged the plaintiff’s reputation. When an online critic posts a statement that satisfies all of those criteria, he/she may be liable for resulting damage to the company’s profitability and goodwill.

In situations where an online critic turns out to be a plaintiff’s current or former employee, the plaintiff’s defamation claim may be complimented by claims for tortious interference with business relations, misappropriation of trade secrets (if confidential business secrets are divulged), misappropriation of identity (if the defendant purports to be an executive or senior official of the plaintiff), and/or breach of fiduciary duty.

The trick is identifying the wrongdoer. A web-based attack on any given company’s reputation —what has come to be known as a "cybersmear"— can be made with relative or total anonymity, making responsive legal action difficult. To complicate matters even further, web sites that allow employees, investors and others to purchase online aliases or post anonymous comments about companies are steadily gaining popularity.

Victims of cybersmear attacks need not despair, however, as a number of companies like Raytheon Co., Stone & Webster, ITEX Corp., Callaway Golf Co. and Flooring America, Inc. have succeeded in identifying anonymous or "John Doe" defendants in cybersmear suits. Most recently, Flooring America, Inc. brought a John Doe suit in Delaware federal court solely for the purpose of compelling various internet service providers ("ISPs") to identify anonymous posters who allegedly hurt the company’s stock price by posting inside information and defamatory comments on internet message boards. Thanks largely to the cooperation of the ISPs in responding to subpoenas, Flooring America learned the Does were two of the company’s competitors and subsequently dropped the John Doe suit. The company was then able to bring suit on its substantive claims against the named defendants in Georgia federal court.

The Flooring America case exemplifies the hurdles to be overcome in a typical suit against an anonymous online poster. In the definitive cybersmear action, the plaintiff-company first names the unknown wrongdoer as a John Doe defendant in its complaint. The plaintiff then serves a subpoena demanding the Doe’s identification on ISPs suspected of hosting the Doe’s postings. In some cases, John Doe subpoenas yield immediately responsive information from ISPs. In others, however, the unmasking is not so easy. Plaintiff-friendly Yahoo!, for example, which has garnered a reputation as being almost effortlessly compliant with subpoenas, recently diverged from its open-book policy when it refused to divulge the identities of all but 20 of 300 subpoenaed Does who allegedly posted defamatory statements about the CEO of a major health care provider. In the Flooring America case, identification of the two defendants was possible only after one of the defendants unsuccessfully challenged Flooring America’s ISP-directed subpoena.

John Does such as the Flooring America defendant often defend smoke-out efforts by asserting a right of privacy in their online anonymity. Moreover, as the number of online encryption-for-hire services like Zero-Knowledge Systems (Montreal, Can.) and Anonymizer (La Mesa, Ca.) continues to grow, Does are finding the technical support needed for identity protection readily available.

Flooring America and others have had success in subpoenaing subscriber identities from ISPs, but that does not mean that ISPs can be counted on all of the time. Although some ISPs and bulletin board operators periodically review their boards for obscene or profane material, in most circumstances, federal law protects operators from liability based on the content of postings on their boards. As a result, the vast majority of providers do not police their boards for defamatory remarks and are sometimes reluctant to play the "middle man" in John Doe suits. Moreover, the sheer volume of postings on many boards and lack of knowledge about the truth or falsity of comments makes self-regulation a practical impossibility.

The law in this area is still developing, and the question of whether courts will establish new rules to aid in the John Doe identification process remains to be answered.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.