28 wins, and counting
Secretary of
State Websites
First, a quick discussion of spammers, agents, and principals. There are two types of spammers.
- In some cases, unethical merchants do their own spamming. Most of the drug and porn spam fall into this category.
- In other cases, the actual spammer is an “agent” doing the spamming on behalf of a “principal.” There are two subtypes, but either way, the principal is responsible for the actions of the agent. "Agent-Principal Liability" is a very useful legal doctrine that has allowed me to sue California principals in Small Claims Court, even if the actual sender of the spam is outside the state or country.
- Sometimes the principal actively hires the spammer. Stamps.com, for example, by its own admission has hired third parties to send email advertising its products. Bad!
- And sometimes, the spammer signs up as an affiliate for the principal and does the spamming unbeknownst to the (sometimes legitimate) principal. For example, ValueValet of Florida spammed me advertising products from ExpertCity Inc., a California software company. Of course, when this happens, the spammer is almost always violating the terms & conditions of the affiliate agreement. Nevertheless, the principal is still responsible for the actions of the agent. In another instance, which I can't describe in detail, I filed a lawsuit against the principal, who turned around and filed a lawsuit against the agent for breach of contract. Stirring up this sort of dissension between agents and principals gives me a warm fuzzy feeling inside.
|
CAN-SPAM ACT OF 2003 (PUBLIC LAW 108-187, 15 U.S.C. §§ 7701 et seq) |
On December 16, 2003, Bush signed into law the CAN-SPAM Act of 2003, codified (mostly) at 15 U.S.C. § 7701 et seq., which, congressional blather notwithstanding, has only made the spam problem WORSE. I've highlighted some key sections of CAN-SPAM. The worst part of the federal law is that it attempts to pre-empt the state laws, some of which – like California, Virginia, Washington, and others – have actually made an impact. But, there are loopholes, discussed below. Anyway, here are the top ten reasons why the “I CAN SPAM” law is pretty bad, from a consumer perspective. (Hint: The Direct Marketing Association supports this law… there’s a dead giveaway that it’s bad for consumers.)
- It largely pre-empts State laws, some of which – like California, Virginia, and Washington – actually had some teeth... But, CAN-SPAM does not pre-empt state law to the extent that state law prohibits falsity or deception in the spam.
- It removes the right of the individual and businesses slammed by spam attacks to sue. The way to really fight the spam problem is to empower individuals, like me, to bring legal action, and thereby make the spammers spend all their time in Court. The new California does just that. But under CAN-SPAM, only the Federal Trade Commission, attorneys general or other “officials or agencies of a State” or ISPs can bring action. And let’s be honest, AG’s have other more important things to do. Federal law allows the recipient of a junk fax to sue, so how is this any different? Faxes and spam both shift costs to the recipient.
- Although the definitions in § 7702 make it clear that, in general, the advertiser who hires a third party to send spam is liable (and the FTC agrees with this interpretation), if a business knows that it's being promoted with false or misleading headers, then only the FTC can prosecute... not even State Attorneys General.
- The law is opt-out, not opt-in. Opt-in means no one can send you spam unless you say “yes.” But now, the burden is on the recipient to have to opt-out. It will take HOURS every day to opt out of every individual piece of spam. Particularly since the opt-out process could involve going to a website and clicking through several pages of (pornographic?) ads just to get to the opt-out link.
- Anyone can send any commercial email as long as it’s labeled as an advertisement or solicitation, gives an opt-out option, and includes a postal address. Does the spammer have to honor the opt-out? Not really, since most AG’s aren’t going to prosecute. (There have been a few exceptions, like Massachusetts and Texas.) Does it have to have a postal address? Doesn’t have to be in the U.S. And labeling? Labeling a spam “Viagra!” or “See Hot Farm Sluts!” doesn’t change the fact that it’s still spam and it’s still going to clutter consumers’ inboxes with crap they never asked to receive in the first place.
- It treats each line of business/division as a separate sender. That means that the recipient has to opt out of every single division separately. And it means a spammer could just take out a new domain name, call it a separate “division,” and keep on spamming a consumer even after he/she has opted out. (However, Senator Murray's letter addresses this point; see below.)
- Statutory damages were set too low, at only $250 per violation. The new California law said $1,000 per spam.
- Venue/service of process is where the defendant lives or maintains a physical place of business. This undermined California Code of Civil Procedure §395.5, which says that a corporation may be sued in the county where the obligation or liability arises. That means the county where the effects of the spam were felt, not the county from which the spam was sent. In other words, under California law, I get to sue where I live, where my privacy was invaded, where the spammers trespassed onto my computer.
- Action must be brought in a district court of the United States. That’s something that only the biggest companies who can afford expensive lawyers can do. This is blatant discrimination – this Act basically denies legal rights to individuals.
- It even tries to regulate spam sent within a state… and it’s highly questionable whether that’s even constitutional.
"SEXUALLY-EXPLICIT:" Labeling
On April 19, 2004,
the Federal Trade Commission issued a final rule (16 CFR Part 316)
to modify the CAN-SPAM Act. Effective May 19, 2004, “… the
transmission of a commercial email that includes sexually oriented
material must: (1) Exclude sexually oriented materials from the
subject heading and include in the subject heading of that email the
mark ‘SEXUALLY-EXPLICIT:’; and (2) provide that the matter in the
email message that is initially viewable when the message is opened
include only certain specified information, not including any
sexually oriented materials.”
The letter from California Senator Kevin Murray, described below,
states that failure to include required labeling constitutes
falsified headers. So in other words, if I receive a porno
spam from a California spammer and the subject line does not include
the "SEXUALLY-EXPLICIT:" label, then I can sue under California law.
Other Effects of
CAN-SPAM
Most of the CAN-SPAM Act is found in 15 U.S.C., but there are a few
changes to 18 U.S.C. too. These changes make unlawful many
typical spammer tricks, like registering multiple domain names,
hiding WhoIs registration information, sending from multiple IP
addresses, and other deceptive actions to make it harder for a
consumer to identify the spammer, and harder for ISPs and
individuals to block the spam. (Note that California law also
considers using an excessive number of domain names to constitute
false headers, see below.)
18 U.S.C. § 1037, Fraud and related activity in connection with electronic mail
(a) In General.— Whoever, in or affecting interstate or foreign commerce, knowingly—
(1) accesses a protected computer without authorization, and intentionally initiates the transmission of multiple commercial electronic mail messages from or through such computer,
(2) uses a protected computer to relay or retransmit multiple commercial electronic mail messages, with the intent to deceive or mislead recipients, or any Internet access service, as to the origin of such messages,
(3) materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages,
(4) registers, using information that materially falsifies the identity of the actual registrant, for five or more electronic mail accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names, or
(5) falsely represents oneself to be the registrant or the legitimate successor in interest to the registrant of 5 or more Internet Protocol addresses, and intentionally initiates the transmission of multiple commercial electronic mail messages from such addresses,
...(d) Definitions...
(2) Materially.— For purposes of paragraphs (3) and (4) of subsection (a), header information or registration information is materially falsified if it is altered or concealed in a manner that would impair the ability of a recipient of the message, an Internet access service processing the message on behalf of a recipient, a person alleging a violation of this section, or a law enforcement agency to identify, locate, or respond to a person who initiated the electronic mail message or to investigate the alleged violation.
|
CAN-SPAM DOES NOT PRE-EMPT STATE LAW IF STATE LAW PROHIBITS FALSE HEADERS |
Tucked down towards the bottom of the CAN-SPAM Act is the exception to the pre-emption, that still enables me to sue spammers who use false headers under California law.
15 U.S.C. § 7707 - Effect on Other Laws
(b) STATE LAW
(1) In general -- This chapter supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto.
(2) State law not specific to electronic mail -- This chapter shall not be construed to preempt the applicability of--
(A) State laws that are not specific to electronic mail, including State trespass, contract, or tort law; or
(B) other State laws to the extent that those laws relate to acts of fraud or computer crime.
Note the
language “except to the extent…” Well,
California Business & Professions Code § 17529.5, discussed below,
does prohibit false information in email headers. Since
false headers are illegal under California law, then the Can-Spam Act does
not pre-empt California law, and California law specifically
authorizes a private right of action and sets statutory damages at
$1,000 per violation. I have litigated this matter successfully on
multiple occasions.
In addition to my own work, the
U.S. District Court for the Eastern District of Washington has also
ruled on this topic. In Gordon
v. Impulse Marketing Group,
Defendant made a motion to dismiss, claiming that Federal law
pre-empted State law. The Court confirmed the language of
CAN-SPAM - that the pre-emption does NOT apply to the extent that
state law prohibits falsity or deception in any part of the email.
Click
here to read the Court's order denying Defendant's motion.
The California State Courts have made the same determination, in
Infinite Monkeys v. Global Resource
Systems Corp. See page 2, lines 7-11:
California law's private right of action in the case of false
headers is expressly recognized by the falsity/deception exception
in the federal CAN-SPAM Act. Click
here to read the Court's order.
So, what constitutes falsity or deception?
Some things may be pretty obvious, e.g., an email that appears to
come from "Humberto Dunlap" if no such person exists at the
spammer's organization, or subject lines that do not clearly
identify the product/service/website being advertised, or IP
addresses that make it appear as though the Department of Defense is
interested in promoting women's fitness franchises. (Yes,
really.) But there are many more possibilities.
This letter from Senator Murray, dated October 5, 2004, provides examples of
other types of false headers and misleading subject lines, which are
illegal under California law, and therefore CAN-SPAM does not
pre-empt California law, and an individual
recipient can therefore sue under § 17529.5 and collect statutory
damages of $1,000 per spam.
One particular spammer tactic that seems to be ever more common is
sending spams from multiple IP addresses and/or multiple domain
names.
Why? Because “An ISP may block a message
because… an IP address or domain name is associated with the sending
of high volumes of spam.”
Federal Trade Commission, Effectiveness and Enforcement of the
CAN-SPAM Act: A Report to Congress 12 (December 2005).
In other words, one reason for a spammer to creates
different online "identities" and send spam under multiple domain
names is to reduce the volume of spam sent under each domain
name, thus making it harder for ISPs and consumers to identify and
block the spam. This is deceptive!
|
CALIFORNIA BUSINESS & PROFESSIONS CODE § 17529.5 (JANUARY 1, 2004)) |
Here is the current California law prohibiting spam,
B&P Code §17529.5 (HTML or PDF). But a little background is necessary...On September 23, 2003, Gov. Davis signed a stronger anti-spam law, B&P Code § 17529, which went into effect on January 1, 2004. Of course, the terrible federal law went into effect on the same date, pre-empting all of 17529 except 17529.5. Articles about the new law appeared in the LA Times, SF Gate, and SiliconValley. Click here to read the new law in HTML or PDF, as originally enrolled.
The new law still has some problems, which I’m not going to go into here because I don’t want to tip off any spammers that may be reading this, but it does address a number of problems with the current law. Most importantly, the new law:
- Clearly states that individual recipients of spam can bring lawsuits as well as ISPs and DA's,
- Defines statutory damages at $1,000 per spam, whereas the previous law (§ 17538.4) did not clearly define the damages for individual plaintiffs (although I believe that violations of the entire 17500 chapter are misdemeanors punishable with fines up to $2,500, if a DA were to bring charges),
- Holds the companies that market through third-party spammers equally liable as the spammers themselves,
- Allows for recovery of attorney's fees, and
- Makes sending email with false headers illegal (§17529.5), and therefore part of the California law is not pre-empted by the federal CAN-SPAM act. And in my experience, an awful lot of spam does have false headers.
I'm proud to say that I contributed a bit to the new law; I spoke to a staffer for State Senator Kevin Murray (the bill's sponsor) over the summer of 2003 and most of my comments and "view from the trenches" were incorporated, including:
- Equal legal protection for "free" email addresses like Yahoo! or Hotmail, which were not protected in an earlier draft of the new bill,
- A spammer can’t just claim they have an opt-out system; it must actually be an effective opt-out system,
- The addition of “assist in the transmission” to the original language “transmit or cause to be transmitted [spam]”… this should cover the person/company who doesn’t actually hit the “Send” button, but provides email addresses to someone else to send, and
- Specific mention that out-of-state spammers are subject to California law if they spam California residents (this was previously opined by the Superior Court in the Ferguson v. FriendFinders case but not incorporated into earlier drafts of the new law).
So, here's what happened in California in 2004.
1. Senator Murray
realized that since § 17529.5 prohibited false
headers, that particular subsection was not pre-empted by the CAN-SPAM
Act.
2. Deputy Legislative Counsel Lisa Goldkuhl prepared
this Opinion dated May 10,
2004, confirming that § 17529.5 survives pre-emption.
3. Since some people
still didn’t understand that §17529.5 survives CAN-SPAM, Senator Murray went back and pushed through SB 1457, which
clarified the language of § 17529.5. The
Analysis/Commentary makes it clear that this
is not a change to the law going forward, but rather a clarification to language that was in effect ever since
January 1, 2004. Click here to read the new & improved
§ 17529.5, with Legislative Counsel's Digest.
4. So, finally, here is the "clean" version of § 17529.5 (HTML
or PDF) as
it stands today, stating liquidated damages and attorney fees.
California Business
and Professions Code §17538.4
The old California law,
§ 17538.4 was pretty good -- it said
that subject lines must start with “ADV:” or
“ADV:ADLT”, and unsubscribe instructions must be the first text in the body and
in the same font size as the majority of the body text. In my experience, almost all
spam failed these two counts. Spam must also include a valid
telephone number or email to unsubscribe, and spammers must stop spamming
after receiving a request from a consumer. The law applies when unsolicited
e-mailed documents are delivered to a California resident via an electronic
mail service provider's service or equipment located in California, and when the documents are addressed to a recipient with whom the initiator
does not have an existing business or personal relationship, and the
documents are not sent at the request of, or with the express consent of, the
recipient. The most serious problem with the old law is that it did not
set statutory damages... but § 17529 took care of that, setting damages at
$1,000 per email.
|
PRINCIPAL’S LIABILITY FOR THE ACTIONS OF THE AGENT |
Earlier, I
discussed my interpretation of agent-principal liability in regard
to spamming. Federal and California statutes and court rulings
demonstrate that
the common-law doctrine of agency applies to the world of
spamming... principals are responsible for the actions of their
affiliates. I've successfully litigated this matter on numerous occasions.
Statute
California Business and Professions Code
§ 17529
clearly states that advertisers are responsible for the actions of
their spammer/agents:
§ 17529(k): The true beneficiaries of spam are the advertisers who benefit from the marketing derived from the advertisements.
§ 17529(j): There is a need to regulate the advertisers who use spam, as well as the actual spammers, because the actual spammers can be difficult to track down due to some return addresses that show up on the display as "unknown" and many others being obvious fakes and they are often located offshore.
Even the CAN-SPAM Act, which I'm not particularly fond of, says that if a businesses pays a spammer to send a spam, the business is liable. Multiple parties can be considered senders, so "my affiliate's affiliate's affiliate" did it is no defense.
15 U.S.C. § 7702(16) Sender
(A) In general – Except as provided in subparagraph (B), the term "sender", when used with respect to a commercial electronic mail message, means a person who initiates such a message and whose product, service, or Internet web site is advertised or promoted by the message.
(B) Separate lines of business or divisions – If an entity operates through separate lines of business or divisions and holds itself out to the recipient throughout the message as that particular line of business or division rather than as the entity of which such line of business or division is a part, then the line of business or the division shall be treated as the sender of such message for purposes of this chapter.15 U.S.C. § 7702(9) Initiate – The term "initiate", when used with respect to a commercial electronic mail message, means to originate or transmit such message or to procure the origination or transmission of such message, but shall not include actions that constitute routine conveyance of such message. For purposes of this paragraph, more than one person may be considered to have initiated a message.
15 U.S.C. § 7702 (12) Procure – The term "procure", when used with respect to the initiation of a commercial electronic mail message, means intentionally to pay or provide other consideration to, or induce, another person to initiate such a message on one's behalf.
As far as unlawful spam goes, CAN-SPAM Act also makes it quite clear that it is unlawful to advertise via unlawful spam, even if the advertiser doesn't hit the send button itself and uses third party spammers/agents:
15 U.S.C. § 7705 - Businesses knowingly promoted by electronic mail with false or misleading transmission information
(a) In General
It is unlawful for a person to promote, or allow the promotion of, that person’s trade or business, or goods, products, property, or services sold, offered for sale, leased or offered for lease, or otherwise made available through that trade or business, in a commercial electronic mail message the transmission of which is in violation of section 7704(a)(1) of this title if that person —
(1) knows, or should have known in the ordinary course of that person’s trade or business, that the goods, products, property, or services sold, offered for sale, leased or offered for lease, or otherwise made available through that trade or business were being promoted in such a message;
(2) received or expected to receive an economic benefit from such promotion; and
(3) took no reasonable action —
(A) to prevent the transmission; or
(B) to detect the transmission and report it to the [Federal Trade] Commission.
The FTC also considers a marketer responsible for its spamming affiliates. "... through the use of affiliate marketing programs. In such programs, a marketer contracts with affiliates who send spam advertising the marketer's product or service... Marketers attempt to use affiliate programs to insulate themselves from liability under CAN-SPAM... Decentralizing spam operations does not effectively insulate those who, under the Act's relatively broad definition, "initiate" the sending of a commercial email message, or those "senders" "whose products, service, or Internet website is advertised or promoted by the message." Federal Trade Commission, Effectiveness and Enforcement of the CAN-SPAM Act: A Report to Congress 16 (December 2005).
Case Law
In America Online, Inc. v. National Health Care Discount, Inc., 174 F. Supp. 2d 890 (N.D. Iowa, 2001), AOL sued NHCD for unsolicited email promoting NHCD products sent by NHCD’s agents over AOL’s computer systems to AOL members. NHCD argued the spam was sent by independent contractors and that NHCD could not be held responsible for their actions. The Court found that the senders were acting as NHCD’s agents and that NHCD was responsible for their actions. The Court issued a permanent injunction against NHCD and awarded AOL over $400,000 in actual and punitive damages. Click here to read the Opinion.
In Infinite Monkeys & Co., LLC v. Global Resource Systems Corp. et al, No. 1-05-CV039918 (Cal. Super. Ct., County of Santa Clara, Sep. 14, 2005), the Court denied various defendants' motions, and held that the language of B&P § 17529.5 (a) – "advertise in a commercial e-mail advertisement" – should be interpreted broadly, so that the sponsor (principal), and any other parties that prepared and sent the email (agents) are all proper defendants. Click here to read the Opinion; see page 1/line 26 - page 2/line 7.
|
VENUE – CALIFORNIA CODE OF CIVIL PROCEDURE §395.5 |
I’ve had several spammers in California (but not in LA County) challenge venue because I’ve sued them in LA. They've claimed that a defendant must be sued where the defendant lives. That's not always true. Even if the spam were sent from some other county, the effects of the spam were felt when I opened the spam in LA County, and so the obligation arises in LA County.
Cal. Code of Civil Procedure 395.5 – A corporation or association may be sued in the county where the contract is made or is to be performed, or where the obligation or liability arises, or the breach occurs; or in the county where the principal place of business of such corporation is situated, subject to the power of the court to change the place of trial as in other cases.
In United Pac. Ins. Co. v. Superior Court of Sutter County, 254
Cal. App. 2d 897 (1st Dist. 1967), the court denied the corporate
defendant’s motion to change venue from Sutter County (where the wrongful
attachment arising out of a levy on a bank account took place) to San
Francisco (defendant’s principal place of business). In Shores v. Chip
Steak Co., 130 Cal. App. 2d 627 (2d Dist. 1955), venue was proper in Los
Angeles County for a suit over trade libel and misleading labeling. The
newspaper circulated and the effects of the libel were felt in Los Angeles,
even though the corporate defendant’s principal place of business was in
Alameda County. Here, even if the unlawful UCEs originated outside of San
Francisco County, the effects of the UCE were felt and BALSAM was
injured when BALSAM received the UCE in San Francisco County. Venue is
therefore proper in San Francisco County.
The Court
has ruled in my favor on this particular issue
every single time it’s arisen. Here are two examples of Defendants unsuccessfully challenging venue:
- Unitek Information Systems, in Alameda County, wrote this letter to the Court. Here is my response. The Court denied Defendant’s motion.
- Dean Strickler of Referralware International (dba Imarketing International), in Orange County, wrote this letter to the Court. Here is my response. The Court denied Defendant’s motion.
|
CALIFORNIA CONSUMER LEGAL REMEDIES ACT, CIVIL CODE §§ 1770-1784 |
Spam advertising is deceptive.
Spammers forge message headers, falsely claim you opted in when you never
did, etc. Our strategy is to send a letter asking the spammers to
“cure” their false advertising by sending a message to all California
residents admitting the deceptive nature of their advertising.
Naturally, they won’t do this. And then they may be liable for my
attorneys’ fees.
Click here and then check the
box for Civil Code and search for keywords “1770” and “1780” to learn about
the CLRA.
|
HALL v. LaRONDE (1997) |
This case is about
jurisdiction. The California Appellate Court determined that where a
nonresident’s contacts with the forum state are substantial… continuous and
systematic, the use of electronic mail and the telephone by a party in
another state may establish sufficient minimum contacts with California to
support personal jurisdiction. In other words, if an out-of-state
spammer keeps spamming you, you can sue them in California because this is
where the “injury” takes place… normally you would have to sue in the
Defendant’s locale. Click
here to read the Opinion.
|
FERGUSON v. FRIENDFINDERS (2002) |
A very nice Opinion from the California Appellate Court: Ferguson v. Friendfinders, Inc.,
94 Cal. App. 4th 1255 (Cal. App. 1st Dist. Jan. 2, 2002), review denied (Apr. 10, 2002). The Opinion’s primary objective was to reaffirm that 17538.4 does not violate the dormant commerce clause of the US Constitution. But, in the course of writing the Opinion, the Court also delivered a very strong and clear anti-spam message and reinforces the importance of 17538.4 for protecting the citizens of California from the annoyance, costs, and dangers associated with spam. The Court confirmed that 17538.4 applies to spammers located inside or outside of California, if they spam California residents using equipment and services of California email and Internet service providers. Furthermore, the Court rejected the spammer’s argument that spam is sent in bulk and so it is impractical for spammers to determine which recipients are California residents and send different emails accordingly.|
ROWAN v. UNITED STATES POSTAL SERVICE (1970) |
An older case, but very relevant. I'm surprised no one has used it yet
to challenge the constitutionality of the CAN-SPAM Act.
Essentially, the Supreme Court said that a mailer has no right to send
unwanted material into a person’s home. The spammer battle cry of "free
speech" should not hold up... just replace “mailbox” with
“e-mailbox” and the principles in this ruling are as valid today as they were
over 30 years ago.
Rowan
v. USPS (highlighted)
Check out these great quotes:
- “In today’s complex society we are inescapably captive audiences for many purposes, but a sufficient measure of individual autonomy must survive to permit every householder to exercise control over unwanted mail… Everyman’s mail today is made up overwhelmingly of material he did not seek from persons he does not know. And all too often it is matter he finds offensive” [emphasis added].
- Weighing the highly important right to communicate, but without trying to determine where it fits into constitutional imperatives, against the very basic right to be free from sights, sounds, and tangible matter we do not want, it seems to us that a mailer’s… right to communicate must stop at the mailbox of an unreceptive addressee” [emphasis added].
- “Nothing in the Constitution compels us to listen to or view any unwanted communication, whatever its merit; we see no basis for according the printed word or pictures a different or more preferred status because they are sent by mail” [emphasis added].
- We therefore
categorically reject the argument that a vendor has a right under the
Constitution or otherwise to send unwanted material into the home of
another. If this prohibition operates to impede the flow of
even valid ideas, the answer is that no one has a right to press even
‘good’ ideas on an unwilling recipient. That we are often
‘captives’ outside the sanctuary of the home and subject to
objectionable speech and other sound does not mean we must be captives
everywhere… The asserted right of a mailer, we repeat, stops at the
outer boundary of every person's domain” [emphasis added].
