Corporate Strategies for Combating Cybersmear

The Internet quickly distributes information to a wide audience, facilitating a virtually instantaneous interaction and exchange of ideas between far-flung people. As the United States Supreme Court has observed, with the Internet ". . . any person with a phone line can become a town crier with a voice that resonates farther than it could from any soapbox."

The Internet quickly distributes information to a wide audience, facilitating a virtually instantaneous interaction and exchange of ideas between far-flung people. As the United States Supreme Court has observed, with the Internet “. . . any person with a phone line can become a town crier with a voice that resonates farther than it could from any soapbox.”1

The Internet, which touches every aspect of our personal and business lives, is having a profound effect on the American securities markets. It creates a cheap, convenient and effective means of communication with investors and promotes the sale of securities with little human interaction. Corporate Web sites are used by investors as a primary source of information about companies. Investors also use Internet message boards and chat rooms focused on investment-related topics to research stocks and companies. The information learned is often used to facilitate faceless Internet transactions in the securities researched.

The very attributes that make the Internet a valuable commercial medium — the ability to spread information to the masses quickly and cheaply — also make it a menace to corporations. Because there is a loose and free exchange of information on the Internet, often in real time, there frequently is little regard for the accuracy of the information or the credibility of the people providing it. Thus, the Internet can be a forum for defamation and other malfeasance, with the ability to ruin corporate reputations at the speed of cyberspace.


“Cybersmear” is the practice of anonymously posting messages on the Internet through the use of message boards and chat rooms, which assert disparaging, or even defamatory, rumors or statements about a company, its executives or its stock. Internet participants often conceal their identities using a pseudonym, which encourages the posting of messages that are derogatory in content and tone. Financial message boards and chat rooms, especially, serve as a breeding ground for malicious rumors and speculation about companies. Protected by a cloak of anonymity and empowered by a worldwide audience, the Internet has become the weapon of choice for rumormongers. These Web-whiners anonymously bash companies from the comfort of their armchairs with little fear of accountability for their actions.

Cybersmear is often posted by persons to manipulate a company’s stock price or to hurt a company against which they have a grievance. Disgruntled employees, ex-employees and short sellers attempting to influence stock prices are frequently the culprits. One common scheme is the “pump and dump,” where a person buys blocks of stock of a company, “pumps” it by enthusiastic and anonymous postings on the Internet, and then “dumps” it at a profit after the price has soared. Similarly, a person can dump a block of stock in a short sale, spread rumors to drive the price of the stock down and settle the short sale after the price drops.


In the world of corporate information, bad news always has traveled fast. Unchecked scuttlebutt has damaged the reputation and stock price of many companies throughout the years. The Internet exacerbates the problem by spreading the news instantly and providing an opportunity for immediate dialogue on an anonymous basis. Corporations are finding that they must take aggressive stands immediately or risk their reputations and possibly their financial health.
The number of corporations resigned to sue to defend their reputation and squelch cybersmear has increased in the past few years. Indeed, in growing numbers, companies have responded to anonymous cybersmear by filing lawsuits against “John Doe” defendants and then serving subpoenas on Internet Service Providers (ISPs) in order to identify the perpetrators of the cybersmear and hold them accountable. Likewise, the number of companies prepared to involve the Securities and Exchange Commission (SEC) also has increased.

This article provides guidance to corporate executives seeking practical strategies for dealing with cybersmear. It evaluates corporate response tactics and counter offensives for combating false rumors, which range from doing nothing, responding with press releases, responding via the Internet, involving the SEC, and issuing cease-and-desist letters, to filing “John Doe” lawsuits.


Corporate cybersmear is increasing in frequency, and corporations should be prepared. Rather than react to an immediate problem, corporations should carefully analyze their situations and develop corporate policies to minimize the chances of cybersmear and to respond to cybersmear.
Company employees are often the source of corporate cybersmear. As the persons directly affected by and familiar with key decisions in a company, employees are keenly interested in sharing company information. Depending on whether the employee is disgruntled, the intent may or may not be malicious. However, the results may be the same.

Accordingly, a company should take actions to minimize the chance that its employees will be involved in Internet rumors, whether purposefully or inadvertently. Employee disclosures are particularly risky because anything said on the Internet by someone identified as being from the company could be viewed as a disclosure of information by the company. For example, anyone sending a message from the company’s e-mail address could appear to be speaking for the company, regardless of whether they are authorized or not. Thus, any inaccurate or misleading statements by company employees or imposters holding themselves out as employees could possibly form the basis for corporate liability under the anti-fraud provisions of the federal securities laws.2

A company should establish and implement a clear corporate policy that prohibits employees from discussing the company’s business, its internal corporate matters, its clients or customers or its confidential business data generally, and specifically on Internet message boards, chat rooms and e-mails. The company should also establish and implement an employee policy concerning the use of its telecommunications equipment on and off premises, as well as a policy concerning nondisclosure of the company’s confidential business information. Experienced employment counsel should be included in the drafting of such policies.

A company should also implement employee training sessions that stress the importance of the company’s Internet policies, the basics of the federal securities laws, and the damage that can result from a failure to follow the corporate policies. For example, company employees should be taught that they may have personal liability if they discuss corporate matters on the Internet. Employee postings hyping the company’s stock, containing material misrepresentations, or omitting material information may violate the anti-fraud provisions of the federal securities laws and expose the employee and the company to civil and criminal liability. Finally, employees should be reminded periodically that the misuse or disclosure of confidential company information and the use of the company’s telecommunications equipment to post company information on the Internet can result in termination of employment.

A company should be Internet-informed regarding cybersmear. Many companies arrange for employees to patrol the Internet and monitor pertinent chat rooms and message boards where the company is likely to be mentioned. However, with thousands of messages posted daily to thousands of Internet message boards, it is virtually impossible for employees to patrol even a fraction of cyberspace. Accordingly, many larger corporations hire an Internet monitoring company to provide this service.3

Corporations typically have utilized clipping services to monitor traditional print publications for information about the company. Internet monitoring companies take clipping services a step further to scour the Internet on behalf of corporations that want to know what the rest of the world is saying about them. These monitoring companies troll for rumor and innuendo on the Internet in thousands of chat rooms and message boards.

All is not lost for a smaller company that cannot afford a monitoring company. Smaller companies can empower their employees with less expensive software that searches the Internet. Robotic agent software (a “bot”) that automatically searches the Internet can be purchased through Web sites like

A company should create and implement a corporate policy for dealing with rumors of any sort — Internet in origin or otherwise. Experienced securities counsel should be included in the drafting of such a policy so as not to run afoul of the federal securities laws.

Traditionally, many companies have adopted a “no comment” policy that prohibits the company from responding to inquiries or commenting upon rumors concerning the company, its prospects or transactions. Regardless of origin, a company adopting this policy releases a statement to the effect that it is the company’s policy not to comment upon or respond to unofficial inquiries, rumors or information. A “no comment” policy minimizes the awkwardness of a refusal to respond, avoids selective disclosure issues raised when a company responds to some information and ignores others, and avoids any appearance of panic or siege associated with no-win exchanges between the people spreading the rumors and company management.

While often the safest form of response, a “no comment” policy frequently leaves management feeling helpless and unsatisfied if rumors and disinformation in a particular situation are actually causing the company damage. In such a situation, even a conservative company may not be able to remain faithful to its general “no comment” policy. If silence does not work, what should the executive do?


When a company learns of defamatory statements about its business, its management or its stock, a variety of response options are available. Of course, there is not one “right” course of conduct for all instances of cybersmear. Rather, a company must engage in a fact-specific analysis to decide the optimal strategy for each cybersmear situation.

As previously discussed, a company can remain silent and do nothing. A company does not have a duty under the federal securities laws to correct rumors unless they can be attributed to the company.4 A company may choose this option because responding may exacerbate the problem by calling additional attention to the injurious rumor. This response may be particularly effective with messages posted on a message board or in a chat room that is not very active. Moreover, you may get lucky if the anonymous poster becomes bored with his cybersmear campaign and stops.

Silence may not always be golden, and “no comment” may not be appropriate. The rules of the New York Stock Exchange, AMEX and Nasdaq may impose an independent duty on listed companies to respond to Internet rumors. For example, section 202.03 of the New York Stock Exchange Listed Company Manual requires companies to “promptly deny or clarify” rumors, regardless of the source, if they are false or inaccurate and causing unusual market activity.5

Assuming a company is not subject to the rules of a specific exchange, the company could look to the comprehensive guidelines proposed by the Toronto Stock Exchange (TSE) for the use of electronic communications, which address the problem of dealing with Internet rumors.6 Essentially, the TSE proposes that the company use the same response tactics it would use for any other rumors, relying on press releases to ensure widespread dissemination, rather than by direct counter offenses mounted in the Internet media that published the rumors originally. More specifically, the TSE guidelines provide that although a company is not expected to monitor chat rooms for rumors, if a company learns of an Internet rumor, the company should consider the market impact of the rumor and the degree of significance to the company before responding to the rumor. Further, if the company is aware of an Internet rumor that may have a material impact on its stock price, the guidelines provide that the company immediately contact the TSE Market Surveillance Division. The TSE guidelines offer a good starting point for companies in the United States when no other rules are specifically applicable.

A company can rebut the rumors as it would otherwise, without regard to the fact that they are Internet rumors, such as by press releases and news conferences. However, once a company chooses to respond to a rumor, including cybersmear, whatever it says constitutes a disclosure by the company for which it may be held liable if the response is inaccurate or incomplete. Additionally, by responding to a rumor, a company may create a duty to update or correct the information contained in its response.

Once a company voluntarily responds to one Internet rumor, problems arise as to whether the company has a duty to respond to other rumors. If a company responds selectively, a failure to respond to other defamatory postings may be considered an implied affirmation that the information contained within the message is accurate.

A company is often tempted to reply to cybersmear via the Internet with a specific rebuttal of the defamatory posting. However, corporate “cheerleading” via the Internet must be tempered with federal securities law implications in mind. All communications by a company regarding its stock are subject to the strictures of the anti-fraud provisions of the federal securities laws.
Some experts have suggested the use of “exchange links,” which allow the site where the rumor appeared to publish both sides of the story. Others have recommended a response via the company’s own Web site, which expresses the corporation’s point of view. Some have even proposed that a company representative participate in the chat room or message board where the rumor surfaced and post a corrective message. Notwithstanding the many varied options, securities lawyers typically advise against using the Internet to respond to cybersmear. The SEC’s position7 that the anti-fraud provisions of the federal securities laws are as fully applicable to electronic communications as to paper-based communications makes an Internet response very risky.

Also, there may be unique liability issues relating to selective disclosure when a company responds to unfavorable rumors but not beneficial rumors. Further, a company’s disclosure obligations also include dissemination. Responding only via the Internet ironically may not qualify as “widespread dissemination” under the federal securities laws. Since not every investor is plugged into the Internet, a disclosure made exclusively on the Internet could constitute “selective disclosure” to only the wired elite. Therefore, if you respond to cybersmear, use press releases and other traditional forums, just as you would for any other type of rumor.


Regardless and independent of whether a company must publicly respond to rumors and disinformation, it can take other actions to counter the cybersmear, some of which are more effective than others.

If a company determines that the Internet rumor will have a significant impact on its stock price, it can consult with experienced securities counsel and determine whether to contact the appropriate regulatory authorities, such as the Internet Enforcement Office of the SEC or the exchange on which the company’s stock is listed, and inform them of the rumor. It should be noted, however, that these authorities have been slow to act in cybersmear cases, offering little assistance to a corporation that is being victimized at cyber speed on the Internet.

The company can contact the ISP or other message board host to report defamatory postings and demand removal of the cybersmears as a violation of the ISP’s terms of service or message board rules. A company can also request that the ISP identify the anonymous poster and retain all evidence that it has concerning the posting’s origin. However, these actions rarely lead to the removal of offensive postings or to the identity of the anonymous poster. ISPs are immune from liability for the defamatory statements of third-party users under the Communications Decency Act of 1996 and thus have no incentive to cooperate with cybersmear victims.8

A company can also try private means to discover the identity of an anonymous poster. For example, if the offending postings are coming through the company’s computer network, the company’s Information Technology department should be able to identify the poster. Alternatively, private investigation firms that specialize in the discovery of the identities of Internet posters may be able to track the identity of an anonymous poster using procedures such as “data mining,” “tracing software,” “web stings” and “e-mail stings.”

Once identified, the company can issue cease-and-desist letters demanding a retraction and that the offending postings stop.9 Such letters can also be sent to Web site owners or operators of message boards or chat rooms on the ground that the postings violate user policies and should be removed. While cease-and-desist letters are a less expensive alternative to litigation, they are not necessarily effective. In addition, they can lead to a public relations debacle. Threats of lawsuits contained in formal demand letters to rogue Web posters can quickly become “David and Goliath” affairs in the court of public opinion.


If private attempts to discover the identity of the offending poster fail, a company can seek formal discovery by suing the poster for cyberlibel.

File A “John Doe” Lawsuit To Reveal The Perpetrator’s Identity

Generally, a cause of action for defamation consists of proof of a published statement that libels the plaintiff and causes damage. If the plaintiff is a public figure, there is an additional requirement of actual malice in the publication of the statement.10 The truth of the statement, of course, is an affirmative defense in a defamation action. Such suits may also be defended on the ground that the statement was merely hyperbole or opinion.11

A company typically sues unnamed “John Does” for defamation, breach of employment contract, misappropriation of trade secrets, violation of nondisclosure agreements, and/or unfair business practices, and then uses the court’s subpoena power to unmask the anonymous online critics so claims can be prosecuted against them in their real names. For example, if the defamatory postings were made on a Yahoo! Finance message board, the company can file suit against John Doe and serve a subpoena on Yahoo! requiring it to disclose who uttered the defamatory speech. These John Doe actions must be commenced quickly so that account documentation and other identifying information is obtained before the ISP destroys the information in the normal course of business.
After an anonymous poster is unmasked, different steps may be taken by a company to bring the dispute to conclusion, depending on the nature of the posting. A company can send the poster a demand to cease all defamatory postings, including a demand for an admission of guilt and apology to the company to be posted on the bulletin board where the original message was posted, and, if accepted, the company can then dismiss the lawsuit. However, to avoid any issue that the lawsuit was frivolous or brought for an improper purpose, the company should seek a consent judgment prior to actually dismissing the lawsuit. Alternatively, a company can amend the litigation to name the poster as a defendant and seek damages and injunctive relief. If the poster is an employee of the company, he should be terminated.

But Beware — John Does Are Fighting Back, Too

John Does are beginning to fight back, and the result has been a cyberwar over free speech and privacy rights.12 In the past, ISPs have often simply turned over identifying information when they received a subpoena. Now, however, most ISPs give their account holders two weeks’ notice of a subpoena before divulging any information, so that the cyber-chatters can fight back. This gives John Doe defendants an opportunity to apply to have the subpoena quashed.

Constitutional Challenges

Cybersmear lawsuits highlight a conflict between the rights of individuals to speak anonymously on the Internet and a corporation’s need to protect its reputation. John Does claim a First Amendment right to post messages on the Internet using pseudonyms.13 But, as corporations point out, the First Amendment does not protect libelous speech.14 John Does also claim a right of privacy under the Constitution and under ISP privacy policies, which typically assure users that their personal information will not be divulged. However, while all major ISPs state that their subscribers’ personal information is kept in some degree of confidence, such assurances must fail in the face of a subpoena. Indeed, nearly all ISPs reserve the right to disclose personal information pursuant to legal process. Moreover, it has been held that subscriber information that is knowingly revealed to an ISP is not protected because there is no reasonable expectation of privacy.15

In an effort to balance free speech rights with the rights of companies to be free from harmful defamation, courts are establishing standards that require corporations to make an initial showing that the online activity is unlawful before they allow the companies to determine the identity of the anonymous cybersmearer.16 Courts are increasingly reluctant to allow companies to use the judicial process to unmask anonymous posters. A noticeable trend has emerged making it more difficult for corporate plaintiffs to unmask these posters without showing that their case has merit and that procedural safeguards have been followed so that John Does have an opportunity to fight back.17

Anti-SLAPP Challenges

The primary purpose of most cybersmear cases is to reveal the identity of the poster and to silence the criticism. In most cases, corporate plaintiffs dismiss their lawsuits without any judicial findings after the John Does are “outed.” John Does who turn out to be current employees are typically fired. Thus, John Doe lawsuits are similar to Strategic Lawsuits Against Public Participation (SLAPP), which are suits designed to chill free speech. Because SLAPP suits are viewed as an abuse of the judicial system, several states, including Georgia, have enacted statutes prohibiting suits that infringe upon a citizen’s First Amendment right to exercise free speech.18 The purpose of anti-SLAPP laws is to encourage participation in matters of public significance and to thwart efforts to chill free speech through the use of intimidating lawsuits.

John Does increasingly argue that anti-SLAPP laws should be applied to cybersmear cases in order to ensure that anonymous free speech is not compromised by retaliatory litigation. John Does assert that cybersmear plaintiffs, like other SLAPP plaintiffs, should have the threshold burden of showing that they have a probability of prevailing on their claim so that frivolous suits are not allowed to go forward. Indeed, courts have recently ruled that the California anti-SLAPP statute applies in certain cybersmear cases.19 Further, the court can award costs and reasonable attorney’s fees for a frivolous SLAPP suit.20

These emerging standards make the commencement of John Doe litigation more of a calculated decision than ever before. When filing a John Doe suit for cyberlibel, a corporation would be wise to provide enough specificity to convince the court that measurable economic harm has been done by the defamatory postings, that it has a viable claim that will likely prevail if provided with the identity of the John Doe, that it has already taken all other steps in its power to obtain the name but has not succeeded, that it has tried to put the John Doe on notice of the claim, and that its claim is not asserted for the improper purpose of intimidating the John Doe or chilling free speech.


As the Internet continues to expand as a vehicle for both information and commerce, businesses have increasingly confronted the problem of cybersmear. Companies cannot stop Internet rumors, which are instantaneously published to a multitude of people. Companies should therefore prepare for the inevitable by putting damage control mechanisms into place. Prevention and preparation are, without a doubt, the key to combating cybersmear.

If cybersmear strikes, the best strategy for dealing with it is to do nothing. However, if the company strongly believes that the market impact of the cyber rumor is or will be significant, and if a stock exchange rule requires a response, then the company should respond by issuing a “properly disseminated” press release to defray the damage, using all the usual distribution means. The company should not respond to cybersmear via the Internet arena.

In the most egregious situation, the company might consider a John Doe suit. Any such litigation should be commenced quickly because ISPs do not retain the data needed to identify posters for very long. However, there are several obstacles to a successful suit. For example, litigation is expensive and most posters have little money and cannot pay a large judgment. Additionally, courts are increasingly balancing a corporate plaintiff’s right to proceed with its lawsuit against the poster’s First Amendment right to communicate freely on the Internet in an anonymous manner. As a result, corporate plaintiffs must prove actual financial damage as a result of the alleged defamatory postings before the poster’s right to anonymity is infringed. Further, courts have begun dismissing cybersmear cases under anti-SLAPP statutes and awarding attorneys’ fees for frivolous cases. Thus, a calculated decision must be made before filing a John Doe lawsuit.


  1. Reno v. A.C.L.U., 521 U.S. 844, 870 (1997). 
  2. 15 U.S.C. 78j(b) (1994); 17 C.F.R. 240.10b-5 (1997). 
  3. For example, a company may retain eWatch (, Cyveillance (, or CyberAlert ( 
  4. State Teachers Retirement Bd. v. Fluor Corp., 654 F.2d 843, 850 (2d Cir. 1981). 
  5. NYSE Listed Company Manual § 202.03. See also AMEX Company Guide §§ 401-405; NASD Manual (CCH) Rule 4310(a)(15)-(16). 
  6. Toronto Stock Exchange, Proposed Electronic Communications Disclosure Guidelines, August 13, 1998, (last visited March 28, 2003). 
  7. Use of Electronic Media for Delivery Purposes, Release No. 33-7233, 34-36345, 1995 SEC LEXIS 2662, 60 Fed Reg. 53,458, 53,459 n.11 (Oct. 6, 1995). 
  8. 47 U.S.C. § 230(c); Zenran v. America On Line, Inc., 129 F.3d 327 (4th Cir. 1997); Blumenthal v. Drudge, 992 F. Supp. 44 (D. D.C. 1998). 
  9. Mathis v. Cannon, 573 S.E.2d 376 (Ga. 2002). 
  10. New York Times Co. v. Sullivan, 376 U.S. 254 (1964). 
  11. Milkovich v. Lorain Journal Co., 497 U.S. 1, 20 (1990). 
  12. John Does even have their own Web site at where they swap stories and strategies. 
  13. Watchtower Bible and Tract Soc. Of New York, Inc. v. Village of Stratton, 536 U.S. 150 (2002); Buckley v. American Constitutional Law Found., 525 U.S. 182 (1999); McIntyre v. Ohio Elections Comm’n, 514 U.S. 334 (1995); ACLU of Georgia v. Miller, 977 F. Supp. 1228 (N.D. Ga. 1997). 
  14. Beauharnais v. Illinois, 343 U.S. 250, 266 (1952). 
  15. United States v. Kennedy, 81 F. Supp. 2d 1103, 1110 (D. Kan. 2000); Smith v. Maryland, 442 U.S. 735, 743-44 (1979). 
  16. Columbia Ins. Co. v., 185 F.R.D. 573 (N.D. Cal. 1999) (limiting discovery of a John Doe’s identity); Dendrite Int’l, Inc. v. John Doe No. 3, 775 A.2d 756, 342 N.J. Super. 134 (2001) (quashing a subpoena because the company failed to demonstrate economic harm from the postings). But see, Hvide v. John Does 1-8, 770 So.2d 1237 (Fla. App. 2000) (denying a motion to quash subpoenas requiring ISPs to divulge the identities of John Does). 
  17. Dendrite, 775 A.2d at 756, 342 N.J. Super. at 134 (2001) (requiring a company to notify anonymous posters via an Internet bulletin board that they are the subject of a subpoena). 
  18. O.C.G.A. § 9-11-11.1 (applicable only when the statements relate to an issue undergoing governmental review). 
  19. Global Telemedia Int’l, Inc. v. Doe 1, 132 F. Supp. 2d 1261, 1266 (C.D. Cal. 2001); ComputerXpress, Inc. v. Jackson, 93 Cal. App. 4th 993, 113 Cal. Rptr. 2d 625 (2001). 
  20. Cal. Civ. Proc. § 425.16(c); ComputerXpress, Inc., supra
Share via
Copy link
Powered by Social Snap