IT Legal FAQs

Scott J. Ward 

Over the last ten years, Internet technologies have literally blown our communication capacity into another dimension. Though these technologies offer powerful tools and communication platforms, they also bring with them a host of legal and ethical confusions. The following FAQ deals with four major legal questions that have arisen out of our electronic age.

Is it okay to post songs, pictures, videos, sermons, poems or articles on our website, on a protected area of our website, or on a big screen in our sanctuary?

The answer to this question is actually not a one-size-fits-all answer. It requires asking several different questions:

First, you must ask: What rights do we have in this content? The legal guidelines toward an answer are as follows:

• If the material is created by you or your employee, working within the scope of their employment, in general, you the employer own the material. So, if you have an employee who works in graphic design and they create an image and you use that image, you should own the image as the employer, assuming they created it from scratch. You can use it however you would like, though it is important that you protect your rights in the material (see next question).
  
  
• If the material is created by outside contractors, ownership depends upon the contractual agreement. If you have a contract with a vendor that clearly identifies what they are creating (as what copyright law calls "work for hire"), or if the contract says they assign the work to you, then you own the created material. HOWEVER, many contractors will not hand over full ownership rights. Many contracts offer license agreements that essentially state, "Look, we own this, but we'll give you a license. You can use it for all the purposes you paid us for." If the contract is neither ownership nor a license agreement, then you can only use the material at your own risk under copyright laws.
  
  
• If the material is created by a third party (not connected or contracted to your organization), you have no direct rights over the material. There are only three legal ways you can use the material. The first is by getting the permission from the owner. You can then freely use the material under the guidelines of the permission. The second way you can use material is under what is called "fair use." Fair use has to be use for a fair purpose, such as criticism, comment, news reporting, teaching, scholarship and research. Any for-profit use of copyrighted material is considered unfair and is, therefore, illegal. In any case, it is ALWAYS wise to secure permission from the owner. Finally, if the material is in the public domain (i.e., its copyright term has expired), then you can use it.

Second, you must consider: How do I practically protect the material I own?

By law, any material that is tangibly created or recorded automatically belongs to the one who created the material. But this legal arrangement gives you very little practical protection. It is wise to consider the following:

• A first step toward practical protection is to clearly post a © symbol on your material or to include the words, "Copyright [year], all rights reserved" followed by the name of your organization. When you put this kind of notice on the material, you indicate to the world that you claim copyright on it. By putting your name with the copyright, you are saying that if anyone wants to copy the material, they will have to secure permission from you.
  
  
• A second step is to register the material with the U.S. Copyright Office. This step will strengthen your notice point by giving you a presumption of validity that can help you in litigation.
  
  
• A copyright secures to you the right to use the material, to copy it, to publish it, to distribute it, and (this is very important) to create derivative works based on that work.

To summarize, if you do not own the material you wish to use, then you should always secure permission from the owner before using it. If you own materials that you plan to post on the Internet or use in another public setting, it is very important that you establish your copyright as fully as possible. Finally, it is generally safe to link to other sites without permission, though you may find some hostility to this practice (in which case, it is wise to remove the link from your page).

How do I protect or rescue my domain name from a kidnapper?

One ounce of prevention is worth a pound of cure. So start out by registering all of your domain names with a reputable registrar.

Don't just register something like yourName.com. Think broadly about your names and the variations on them. Think of initials, think of shortening your names. This may seem like a hefty investment, but this money may be well spent. You will burn up much more money than this if you have to take legal action when you haven't protected yourself. Bear in mind that there are hundreds of examples of "typo squatters" and hate sites that feed off navigational errors for their web traffic.

When you do have a cyber squatter—if someone hijacks your domain name or registers it before you do, or you let it lapse and they swoop in and register it—then you have four options:

• Start by sending a "cease and desist letter," a standard lawyer's letter that basically says, "You're doing something wrong. Stop it."
  
  
• You can then follow up by trying to negotiate a settlement. Here, you contact the other party and say, "We can fight each other out. We will both spend a lot of money in legal fees and we will both get bloodied. Can we work something out?"
  
  
• You can file suit under the federal Anti-Cyber Squatting Consumer Protection Act (ACPA). You will have to demonstrate that you have special rights in the domain name. Usually this means showing you have a trademark (which hopefully you have registered with the U.S. Trademark Office). This will show you have presumption of validity. Even if you have not registered, you may have what are called common law trademark rights. In other cases, you will have to jump through a lot more hoops. Here, you will have to demonstrate bad faith or intent to profit.
  
  
• You can arbitrate under the ICANN UDRP (Internet Convention on Assigned Names and Numbers, Uniform Dispute Resolution Policy). This is usually a better and more efficient process. You still have to demonstrate that you have special rights in your domain name, trademark rights, or that it is your name. But you do not have to show bad faith or intent to profit. You just have to show that you have superior rights to use the name (though showing bad faith, for example, will strengthen your case).

Can and should we monitor employee email?

It is wise to monitor employee email and web use. In one study, 70% of employees admitted to receiving or sending adult-oriented, personal emails at work. 60% admitted that emails they sent and received from work could be considered racist, sexist or otherwise politically incorrect. Though one would hope that these figures are lower in Christian organizations, it is probably unwise to presume this.

If you do begin monitoring email, you must give sufficient notice to your employees. The best place for this is in the employee handbook and/or policy manual. Here are a number of recommended items to include in your policy:

• State that the equipment and the systems belong to you as the employer, and are furnished for your purposes, not the employee's purposes. That may seem self-evident, but you would be amazed how many employees don't see it that way.
  
  
• Expressly state that employees have no expectation of privacy in your information systems, your equipment, in email, in files, and give clear prior notice of monitoring. You may want to buttress this policy with a pop-up notice whenever they are logging in; this would be especially called for if you were dealing with sensitive information.
  
  
• The most feasible kind of monitoring is periodic, and with a random sampling. You can communicate this in your policy by saying, "We have the right to monitor at any time. We do not monitor all the time, we monitor when we have a reason." Also, clearly indicate that you reserve the right to determine the reasons for monitoring.

However, once you state that you monitor emails, you must consistently monitor the emails and respond to any activity that goes against your policies (especially to those activities which are illegal). You are held legally responsible to respond to all illegal activity on your email system once you state that you monitor it—regardless of whether you actually monitor it or not.

Finally, let only authorized and respected persons monitor the emails. It is a good idea to use the two-key lock approach: don't give one person the unilateral authority to monitor everyone's email. For example, you might have the IT director and the president be given the co-authority (and only the co-authority) to check in on an email problem.

Can and should we monitor employee web use?

As with email, there are many rampant problems with employee web use in our culture. Here are the main problems:

• File sharing and file downloading. More and more these days, employees are illegally downloading copyrighted material from the net. If your employees or constituents use your ministry resources to download or copy files without proper authorization, even though you don't know about it per se, you may face liability for contributory infringement.
  
  
• Accessing pornographic sites.
  
  
• Recreational surfing. 80% of employees admit to recreational web-surfing during company time. They might be checking out the latest sports scores, reading the latest news, and/or checking in on web logs or MySpace accounts. In every case, they are squandering the time you pay them for.

There are several ways you can protect your employees and your company from this sort of behavior:

• Install Internet blocking software and block problematic sites. This would include peer-to-peer sharing sites, pornographic and adult sites, shopping sites like eBay and Amazon.com, networking sites like MySpace, and web-log sites like Blogger.com. During March Madness (for example), it is wise to prohibit streaming video.
  
  
• Install Internet monitoring software. Periodically check it to see how much access each employee is using. You can also set alarms to notify when there is access to problematic sites, when there are very large downloads, etc.
  
  
• Keep logs of Internet access for a reasonable time for possible future use. Imagine that, three months from now, you find out that John Smith has been sexually harassing Suzy Jones and sending her some explicit emails. Here, you might go back and find out from the logs that John Smith had been visiting adult sites fairly regularly. Thus, you can expose deeper problems underneath abusive situations.
  
  
• Adopt clearly worded Internet usage policies. Prohibit use of ministry resources for downloading, sharing, or copying music or other copyright protected items. Prohibit access to problematic sites, using the "including, but not limited to … " formula.

Adapted from a presentation at a Christian Management Association conference by Scott J. Ward. Attorney Ward is owner and director of Gammon and Grange, P.C., a law firm in McLean, Virginia with a national practice.