You probably have heard that, after years of debate, the feds finally have delved into the regulation of spam. Recall that in Dec. 2003, this column reported that California had enacted a remarkably tough anti-spam law, effectively an outright ban on spam. It turned out to be far too tough for W and his cronies, so the Republican-controlled House, Senate, and White House have cooked up the CAN-SPAM Act of 2003 (which actually is one of its two official titles, the other being the "Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003"). The most important component of this new law (at least to them) is the following:
"This Act supersedes any statute, regulation, or rule of a State [read: California] or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto."
This new federal law is effective on the same day as California's much tougher law was to be, so California's law never saw the light of day. Insofar as the spam lobby was concerned, that was the most important component of the new law, which a House-Senate conference committee raced through so that it would be in effect in time to stop California's very enforceable, outright prohibition against spam.
Predictably, the bill starts out with a laundry list of findings about how expensive, offensive, and bothersome spam has become, topped off with Finding Number Eleven:
"Many States have enacted legislation intended to regulate or reduce unsolicited commercial electronic mail, but these statutes impose different standards and requirements. As a result, they do not appear to have been successful in addressing the problems associated with unsolicited commercial electronic mail...."
What nonsense. How can Congress say that California's anti-spam law was unsuccessful when it never became effective? To be sure, taken piecemeal, state regulations of electronic mail make little sense and, like the regulation of copyrights, this should be not just a national, but an international standard. But let's see whether Congress has really regulated spam, or has merely enacted something in the nick of time to thwart California's tough regulation:
The centerpiece of California's anti-spam law, of course, was the threat of private enforcement. California's law not only included a nearly outright prohibition against spam; it also gave any recipient of unwanted spam the right to sue both the spammer and the beneficiary of the spam (i.e., the provider of the advertised product or service) for huge statutory damages and attorneys fees. The federal law comes up short in both respects.
Federal laws are presumed not to be enforceable by private citizens, and no exception to that general rule is found in the CAN-SPAM Act. Put another way, federal criminal and regulatory prohibitions do not by their mere existence create private causes of action. Instead, that is so only where the law itself expressly does so. So, for example, an exception to the general rule is found in RICO, which allows a racketeering victim to sue for treble damages and attorneys fees. Significantly, then, the CAN-SPAM Act strips Californians of their right under California law to themselves sue spammers for statutory damages and attorneys fees, and leaves enforcement for the most part up to the federal agencies to accomplish, with their legendary glacier-like velocity, whatever regulation of spam that they see fit.
The one place where private enforcement is allowed by the Act is that by an ISP for injunctive relief and statutory damages if the ISP is damaged by spamming. However, an interesting provision of the Act allows in such suits that the court can assess against either party the requirement of a cost bond and the recovery of costs and attorneys fees. That means a court could require an ISP to post a bond before being allowed to proceed in court. ISPs are also held to a higher burden of establishing knowledge on the part of those who procure the spam - in other words, those dispensing the advertised product or service.
The Act also deputizes the attorney general of each state, and other agencies that the states may designate, to bring enforcement actions for damages and injunctions. But states cannot "piggy-back" federal actions, so if the feds take action against a particular spammer, the states are blocked. Nonetheless, this may give cash-strapped states an incentive to track down spammers.
In fact, the CAN-SPAM Act does little in comparison to what California had done, which was an outright prohibition of spam, enforceable against the spammers and, more significantly, against the providers of the advertised products and services. Here is what the new federal Act does:
* The Act requires that any commercial e-mail that includes "sexually oriented material" (meaning any significant depiction of "sexually explicit conduct," which can include lewd exhibition of clothed genital areas), include "marks" and/or "notices" that will be required by upcoming regulations from the Federal Trade Commission (FTC). Moreover, that which is viewed initially can include only the required "marks" and/or "notices," "opt out" information and instructions on how to access the sexually-oriented material. Violation is a felony. This is of particular importance to the online industry, and it is more complex than simply what has been said here. Because of the felony punishment and because X-rated e-mails are perhaps the Number One sore spot with the public and, consequently, with the Department of Justice, this is one place where enforcement is a near certainty. Importantly, this is a regulation of unsolicited commercial e-mail. That would be one without "affirmative consent." Let's see what that means:
"(A) [T]he recipient expressly consented to receive the message, either in response to a clear and conspicuous request for such consent or at the recipient's own initiative; and
"(B) if the message is from a party other than the party to which the recipient communicated such consent, the recipient was given clear and conspicuous notice at the time the consent was communicated that the recipient's electronic mail address could be transferred to such other party for the purpose of initiating commercial electronic mail messages."
Conspicuously absent from this law is any definition of "clear and conspicuous." And, from Part (B), if you give "clear and conspicuous consent" to one e-mail broker, you have consented for anywhere it is sent. Given the pervasiveness of claimed "double opt-in e-mail lists," allegedly providing evidence of user consent, this loophole may be large enough to drive a virtual truck through.
* The Act creates a crime of fraud in connection with electronic mail. That includes some behavior that already is illegal: Accessing a computer without authorization (already illegal) to send spam from it; sending spam with the intent to deceive or mislead recipients as to the origin; "materially falsif[ying] header information" in spam; sending spam after falsifying information for multiple e-mail accounts (five or more), multiple domain names (two or more) or multiple IP addresses (five or more) and then sending spam from them. These are serious offenses, providing prison sentences, fines, and forfeitures. However, one wonders how effective this will be in stopping misleading spam from Brazil. The global nature of the Internet ultimately undercuts any attempt to regulate online activity; however, that has never stopped politicians seeking votes by enacting popular, albeit ineffective legislation.
* The Act imposes a laundry list of requirements that are subject to the various civil and regulatory enforcement mechanisms provided. Those include (1) a prohibition against misleading information about the source of the message, (2) a prohibition against a subject heading that "would likely mislead the recipient," (3) a required real return address whereby the recipient can ask not to be sent further emails, (4) a complex prohibition against sending emails to someone who has requested that they not be sent, (5) a required "clear and conspicuous" notices that the email is an advertisement and that the recipient can decline further ones, along with a valid, physical postal address of the sender.
* The Act also regulates the process of collecting e-mail addresses. Spam now is illegal if the e-mail addresses were accumulated by using computer-generated permutations or obtained from a source that claimed that it would not transfer e-mail addresses that it obtains. The FTC will be making regulations about this.
* The extent to which the Act is enforceable against the owner of the advertised product or service is not clear. The language concerning that subject is murky at best, and it may be interpreted to apply only to e-mails with false or misleading header information and then only where the advertiser actually knew or should have known that the advertisement was false. But that limitation may not apply to the dissemination of sexually oriented spam, which is a crime.
The FTC has been given 120 days from enactment of the CAN-SPAM Act to issue regulations about "marks" and "notices" and other things. What ultimately may prove to be the most powerful anti-spam component of the Act is the requirement that the FTC submit to Congress within six months a plan for establishing a "do not e-mail" registry. However, given the speed with which the federal courts enjoined the "do not call" registry, and the potential gold mine of active e-mail addresses such a registry would provide if it ended up in the wrong hands, calls into question the wisdom of creating it in the first place.
All told, however, the most significant component of the Act may be that it trumps California's attempt to outlaw spam altogether, and give every citizen of the state and all 200,000 of its attorneys a bounty on enforcing it. Spam remains legal as a general proposition, and spammers will retain attorneys to figure out loopholes in this very complex, 55-page, 10,000-plus-word law. Questions remain as to whether this will do anything to combat spam originating from outside the United States, and whether spammers and their attorneys will be able to find loopholes in the Act so that they can come into technical compliance with the regulations yet continue to send out the billions of spams about which the recipients can do nothing.
Clyde DeWitt is a partner in the Los Angeles, Calif.-based, national law firm of Weston, Garrou & DeWitt. He can be reached through AVN Online's offices, at his office at 12121 Wilshire Boulevard, Suite 900, Los Angeles, CA 90025, or at [email protected]. This column does not constitute legal advice but, rather, serves to inform readers of legal news, developments in cases, and editorial comment about legal developments and trends. Readers who believe anything reported in this column might impact them should contact their personal attorneys.
