Legal Bytes: New Spam Litigation and Congress Finally Acts
by John Brewer January 2004
There are few recipients of unsolicited commercial e-mail (spam) who are receptive to the message. The volume of UCE has increased dramatically in recent Internet history. There are a number of developments in late 2003 that are of interest and that may be beneficial in stemming the flood.
There are a number of proactive tools that can be utilized against UCE. Civil and criminal litigation are possibilities as is regulation through legislative enactment. Howard Carmack is a Buffalo, New York, spammer who is being prosecuted under forgery and identity theft laws. Carmack is reported to be responsible for spam in excess of 825 million. Examples of Carmack spam include herbal remedies and get-rich-quick schemes. The Web site for the IEEE reports that "Carmack allegedly used other people's identities and credit card accounts to distribute the spam through numerous Earthlink accounts. In May, Earthlink won a suit in US District Court in Atlanta against Carmack, including a permanent injunction barring him from spam activities and $16 million in damages."
More than thirty States have passed spam laws, including Oklahoma, and there is a new federal law that will be examined later in this article. Another tool is filtering technology but filtering can also reject valid e-mail. The IEEE article reported further, "US consumers feel ISPs have not done enough to combat spam. A Bigfoot Interactive survey completed in late April of 2003 showed that consumers particularly want more action from their ISPs to stop adult-oriented spam. Seventy-nine percent of e-mail users in the Bigfoot survey said ISPs should treat spam containing pornography differently than other spam. At the same time, consumers are also increasingly struggling with what Bigfoot calls false positives. False positives are legitimate e-mails that get deleted or sent to the junk folder by filter technology. About 38.2 percent of respondents reported recently missing an e-mail from a trusted sender."
However, what if spammers move offshore? One of the blessings and negative aspects of the Internet is its international character. International cooperation would be necessary to apprehend these characters.
Microsoft sued a number of spammers on December 17, 2003, in New York, Texas, Washington, and Colorado. A summary of one of the Microsoft cases follows: "The defendants are allegedly responsible for seven illegal spam campaigns, each in violation of New York and Washington state law. The campaigns, which offered ‘free’ items in exchange for personal information and consent to receive future marketing offers, used false sender names, false subject lines, fake server names, inaccurate and misrepresented sender e-mail addresses, or obscured transmission paths. The messages were routed through at least 514 Internet addresses throughout the world, in 35 countries on six continents, including addresses belonging to the Kuwait Ministries of Communication and Finance, several schools in Korea, the Seoul Municipal Boramae Hospital, and the Virginia Community College System. The allegedly falsified sender e-mail addresses used 105 different domains, including hotmail.com, aol.com, earthlink.net and yahoo.com." These spammers are incredibly sophisticated in the art of manipulating the Internet.
Congress recently passed a spam law that is quite a mouthful. It can be cited as the “Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003,” or the “CAN-SPAM Act of 2003.” President Bush signed the Act into law on December 16. It will be effective as of January 1, 2004.
Doug Isenberg reported in his CNet news column that the Can-Spam Act preempts state law. “Critics point out that the new federal law is less restrictive than some of the state laws and does not ban outright the sending of unsolicited commercial e-mail (an approach many people favor but that certainly would lead to First Amendment challenges). Instead, the law mandates the use of accurate headers in e-mail messages that require procedures for recipients to opt out of future e-mails and forbids the practice of e-mail address harvesting.
In addition, the law creates a process to study the feasibility of a "do not e-mail" registry, which would be similar to the immensely popular Do Not Call Registry the Federal Trade Commission manages. However, many people, including FTC chairman Timothy J. Muris, have said the e-mail registry would be ineffective and potentially counterproductive.”
Anita Ramasastry, in an article for Find Law, summarizes the Can-Spam Act as follows:
“To begin, the new law will not prohibit all spam. Instead, it will require that spam be truthful, and it will provide the government with enforcement mechanisms to go after fraudulent or deceptive spammers. They would face fines of $250 for each e-mail pitch -- fines that could total up to $6 million for the most serious offenders.
It would also forbid senders of commercial e-mail from disguising themselves by using incorrect return e-mail addresses or misleading subject lines, and sets criminal penalties for those who do. (E-mail containing pornography would also have to be specially labeled in the subject line.)
In addition, it would prohibit "harvesting" e-mail addresses. ("Harvesting" is the practice whereby spammers grab e-mail addresses from Internet chat rooms, blogs and other sources without the permission of the Website or its members/users.)
Who would enforce these provisions? The federal law does not allow individual e-mail users to sue spammers. Instead, the Federal Trade Commission (FTC), other federal agencies, Internet Service Providers, and state attorneys general can sue on behalf of Internet users.
In theory, these provisions should have a big impact. An FTC study conducted earlier this year found that two-thirds of spam contains a false claim. At most, according to the FTC, only 16.5 percent of spam is from legitimate advertisers peddling legal products.
What about that final 16.5 percent, though? Under the new law, consumers can choose to "opt out" of receiving it. Spammers will be required to provide an "opt out" mechanism within the e-mail itself.
And ultimately, the FTC may be asked to establish a "Do Not Spam Registry" similar to the recently created federal "Do Not Call Registry." (If passed, the current bill would require the FTC to come back to Congress within six months with recommendations on how to set up such a registry.)”
The full text of Ms. Ramasastry’s article is available at the following link: http://writ.news.findlaw.com/ramasastry/20031203.html .
However, most observers are skeptical about the new federal law and opine that the law does not go far enough and the spammers will find ways to work around the law.
John Brewer practices law in Oklahoma City, is a member of the Governor’s and Legislative Task Force for E-Commerce, and enjoys issues relating to eBusiness and cyberspace. Comments and questions are welcome and can be emailed to johnb@jnbrewer.com.