FeatureUSENIX

 

spam and the law

mueller.scott

by Scott Hazen Mueller
<scott@zorch.sf-bay.org>

Scott is vice president of engineering for Whole Earth Networks and chairman of the Coalition Against Unsolicited Commerical Email. Away from the Net, he likes to go see large machines and small animals.

Practically everyone has run across spam, especially anyone who runs a network, posts to USENET, lists an address on a Web page, or just plain has been around and active long enough to have a well-known address. There are almost as many misconceptions, mistakes, and just plain lies running around the scene as there are actual pieces of spam. Herewith, a brief tour of the lies, the legalities, and the pending legislation.

The Top Five Big Lies About Spam

1. It's protected by the First Amendment.

In Cyber Promotions Inc. v. America Online Inc., 948 F. Supp. 436 (E.D. Pa. 1996), the court ruled "Cyber has no right under the First Amendment to the United States Constitution to send unsolicited e-mail." This is the only case to make a serious First Amendment argument in favor of spamming, and it was struck down unequivocally by the court.

2. It's perfectly legal.

The junk fax law, 47 USC 227, most likely does not apply to spam. However, whenever spammers have been sued by ISPs (such as AOL, Compuserve, Concentric, and so on), the spammers have either settled or been enjoined to stop. The problem today is not that it's legal ­ every court it's been brought before has said it isn't ­ it's that it takes a civil suit to stop it.

3. It doesn't cost you anything.

ISPs report that from 5% to 30% of all email they receive is spam. The extra capacity to handle that unwanted traffic is paid for out of ISP subscriber fees. When a mail server is crashed because of the spam load, everybody pays.

Further, ISPs are having to dedicate technicians to answering spam complaints. Those technicians are busy handling spam instead of maintaining and improving services, and they are paid for out of subscriber fees as well.

4. It's illegal for your ISP to block it for you.

Mail servers are usually private property. Their owners, be they ISPs, other companies, or government institutions, can do whatever they want with them. The limit is in their contract with their customers, not in what the spammers want. If an ISP blocks spam and customers object, those customers can take their business elsewhere. In most cases, the customers object only if the ISP blocks spam without telling them.

5. Small businesses can't compete on the Internet without it.

First, the Internet does not exist to provide a subsidy to nonviable businesses. If your company can't cut the mustard without stealing other people's resources, it should be shut down.

Second, there are some ten million small businesses in the US today and millions more worldwide. If those businesses all started using email to advertise, everyone's email box would look like your favorite big city classified ads section, with hundreds if not thousands of ads. Spamming simply does not scale up well.

Legal Tactics Against Spam

Criminal Law

No criminal laws are applicable to spamming. Even though spam sometimes creates a "denial of service"condition ­ wherein servers are rendered totally unusable for extended periods ­ none of the incidents to date has crossed the threshold that would make them interesting to law enforcement officials. This is a shame because I firmly believe that making spamming a capital crime would cut the problem drastically.

Lawsuits

Several lawsuits have been settled or won in the spam arena. They've used a number of grounds.

Conversion. "Conversion" is the civil law equivalent of plain theft. The defendant "converts" some of the plaintiff's property for his or her own use. Compuserve's case based its arguments upon conversion. Cyberpromo settled, so the theory has not been fully tested in court, but there is good reason to believe it would hold up.

Defamation/Forgery. Spam usually comes from a forged origin address. If the origin address is real, the owner's reputation may be adversely affected by the spam. In Parker v. C.N. Enterprises (Tex. Travis County Dist. Ct. Sept. 17, 1997), the court recognized the damage to the Parkers when their domain flowers.com was used in a spam, and awarded damages to the plaintiff.

Actual Damages. In some cases, a computer system may be crashed or valuable, legitimate email may be lost due to spam. In those cases, the plaintiff may be awarded compensatory damages for the loss, as well as court costs. This has happened in a number of cases, including Compuserve v. Cyber Promotions and Parker v. C.N Enterprises.

New Law

Because existing law does not adequately cover spam, a few bills have been proposed in Congress. All address commercial email. Nearly everyone involved in the campaign against spam believes that the First Amendment protects noncommercial spam in the US.

The Murkowski Bill. The Unsolicited Commercial Electronic Mail Choice Act of 1997 (S. 771) would require tags on any commercial email, with ISPs required to offer their users filtering on those tags.

The Torricelli Bill. The Electronic Mailbox Protection Act of 1997 (S. 875) is fairly vague. It would require advertisers to follow some (unspecific) Internet standard, honor opt out ("don't mail me") requests, and use valid reply addresses. There's some fear that it would give IETF decisions in this area the force of law.

The Smith (CAUCE) Bill. The Netizens Protection Act of 1997 (H.R. 1748) simply amends the junk fax law to include email. The protections would include a requirement for valid address information in ads, a private right to collect $500 from an email advertiser, and treble damages for trying to evade the law.

Why Make a Law?

The key technical means of blocking spam is filtering ­ by sender address, IP address range, message headers, or body. Spammers fake addresses regularly, use different providers, and change their messages around precisely to evade filters. Broader filters can catch more spam, but they begin to catch nonspam as well.

Social Methods Require Creation of a Backbone "Cartel"

If all the backbone providers got together and enforced strong antispam Acceptable Use Policies, they could put a huge dent in the amount of spam because they would shut down the remaining spam houses. There are two problems with this concept:

  • The backbones would all have to agree on something, which is unlikely.
  • This might give people the idea that there are places from which the content of the Internet can be controlled.

The Whole World Looks to the US for Guidance

Spam started out as an American problem. The big spam houses are all US-based. Our neighbors on the Internet want us to stop dumping our trash all over them, and the US needs to set an example for the rest of the world on how to deal with Internet governance.

A Good Law Will Redress the Cost Imbalance

The fundamental problem with spam is that it imposes on recipients costs that they cannot recover. A good law, like the Smith bill, will allow recipients to offset their costs of receiving spam with cash awards. A law that simply requires tagging of spam or opt out lists will create an explosion of advertising email with no way for recipients to recover their costs.

The Netizens Protection Act of 1997 is supported by CAUCE, the Coalition Against Unsolicited Commercial Email. I am the chairman of CAUCE, so I have a small axe to grind. Here are some reasons to support it:

  • It is based on the TCPA (junk fax law). 47 USC 227 (the Telephone Consumer Protection Act) regulates telemarketing and advertising via fax. Faxed advertisements are prohibited outright unless the sender and the recipient have a preexisting business relationship. The TCPA has been upheld in federal court.
  • It does not mandate an enforcement agency. No government agency will monitor email looking for violations. Action occurs only when recipients decide they have received unsolicited email advertisements.
  • There is private right of action ($500 per occurrence). The TCPA may be enforced by the states or through a private right of action. An individual may bring action in court for $500 or actual damages, whichever is greater and/or to get an injunction against continuation of the faxing. The Smith bill would bring the same protection to email.
  • It goes after the advertiser, not the agency, and US companies can't use offshore agencies to evade this law. The law targets the sender of the ad. Although some agent may distribute the ad, the advertiser will have to have its contact information in the ad in order to get any business. If advertisers are in the US, the law applies to them.

The Current Situation

The spam war is at somewhat of a stalemate in the legislative arena. The Smith bill is stuck in committee. Meanwhile, at least three states ­ California, Kentucky, and Washington ­ have introduced state-level bills to outlaw spam. The major providers and backbones are slowly becoming more aggressive about stopping spam from their networks, but there are thousands of ISPs for spammers to take advantage of and tens or hundreds of thousands of open mail relays for them to abuse.

 
?Need help? Use our Contacts page.
First posted: 13th April 1998 efc
Last changed: 13th April 1998 efc
Issue index
;login: index
USENIX home