SPAM AND THE LAW
|
Note: I am not a lawyer and I am
not qualified to give legal advice. I can only share my personal
interpretations of the law and report on what I’ve done.
Start your research with www.spamlaws.com
– a great resource that includes federal and state laws. I’m going to
focus the rest of this page on California law because I live here and these
are the laws I’m most familiar with. You can also check out the SpamCon
Foundation at www.spamcon.org and www.suespammers.org (sign up for email lists on legal,
technical, marketing aspects of the spam issue), and the Coalition Against
Unsolicited Commercial Email: www.cauce.org
. |
|
|
|
|
|
|
|
|
|
|
CAN-SPAM Act of 2003 (S.877
and Public Law 108-187)
|
|
|
|
|
|
Well,
it’s done. On Dec. 16, Bush signed
into law the CAN-SPAM Act of 2003 (HTML, pdf), which is only going to make the spam
problem WORSE. The worst part of the
federal law is that it attempts to pre-empt the state laws, some of which –
like California, Virginia, Washington, and others – have actually made an
impact. But, there are loopholes, and
it’s possible the entire thing could be declared unconstitutional. |
|
|
|
|
|
Anyway,
here are the top ten reasons why the “I CAN SPAM” law is a disaster, from a
consumer perspective. (Hint: The
Direct Marketing Association supports this law… there’s a dead giveaway that
it’s bad for consumers.) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
If you want to complain to your
Congressperson, click here if you
don’t know your ZIP+4, and then go to http://www.house.gov
and enter your ZIP+4 at the top of the webpage. If you want to complain to your Senator,
click here and then select your state
from the drop-down box in the middle of the page. And if you want to complain to a
bunch of Congresspersons and Senators en masse, or if you’re feeling spiteful
and want to forward every spam you get to members of the House & Senate,
plus Bush (president@whitehouse.gov),
click here for a list of email addresses. |
|
|
|
|
|
|
|
|
|
|
|
But all is not lost! Tucked down in Section 8 is the following text: |
|
|
|
|
|
Sec.
8. EFFECT ON OTHER LAWS |
|
|
(b) STATE LAW |
|
|
(1) In general -- This Act supersedes any statute,
regulation, or rule of a State or political subdivision of a State that
expressly regulates the use of electronic mail to send commercial messages,
except to the extent that any such statute, regulation, or rule prohibits
falsity or deception in any portion of a commercial electronic mail message
or information attached thereto. |
|
|
(2) State law not specific to electronic mail --
This Act shall not be construed to preempt the applicability of-- |
|
|
(A) State laws that are not specific to electronic
mail, including State trespass, contract, or tort law; or |
|
|
(B) other State laws to the extent that those laws
relate to acts of fraud or computer crime. |
|
|
|
|
|
Note the
language “except to the extent…” Well,
California law B&P 17529, discussed below, does prohibit false information in email headers. The way I interpret the federal law, since
false headers are illegal under
California law, then the Can-Spam Act does not pre-empt California law, and California law specifically
authorizes a private right of action and sets statutory damages at $1,000 per
violation. I have litigated this
matter successfully. |
|
|
|
|
|
|
|
|
|
|
California Anti-Spam Laws,
Business and Professions Code Section 17529 (effective January 1, 2004)
|
|
|
Woohoo! On September 23, 2003, Gov. Davis signed a
stronger anti-spam law, B&P Code Section 17529, which went into effect on
January 1, 2004. Of course, the
terrible federal law went into effect on the same date, pre-empting all of
17529 except 17529.5. Articles about
the new law appeared in the LA Times, SF Gate, and SiliconValley. Click here to read the new law in HTML or PDF, as originally enrolled. |
|
|
|
|
|
The new
law still has some problems, which I’m not going to go into here because I
don’t want to tip off any spammers that may be reading this, but it does address a number of problems with
the current law. Most importantly, the new law: |
|
|
|
|
|
|
|
|
|
|
|
|
|
I
actually contributed a bit to the new law; I spoke to a staffer
for Senator Murray (the bill's sponsor) over the summer and most of my
comments and "view from the trenches" were incorporated, including: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Click here to read an Opinion by Deputy
Legislative Counsel Lisa Goldkuhl to Senator Kevin Murray, dated May 10,
2004, confirming that 17529.5 is not
pre-empted by CAN-SPAM. |
|
|
|
|
|
However, recognizing
that some people still didn’t
understand that 17529.5 survived CAN-SPAM with damages of $1,000 per
violation, Senator Kevin Murray went back and pushed through SB 1457, which
clarified the language of 17529. The Analysis/Commentary makes it clear that this
is not a change to the law going
forward, but rather a clarification to language that was in effect ever since
January 1, 2004. Click here to read the new & improved
17529.5. |
|
|
|
|
|
And
finally, yours truly got this letter
from Senator Murray dated October 5, 2004 that not only reaffirms that
17529.5 is still in effect, with damages, but also specifies examples of
exactly what can constitute false headers and misleading subject lines, which
would allow an individual to sue under 17529.5. |
|
|
|
|
|
|
|
|
|
|
California Anti-Spam Laws, Business
and Professions Code Section 17538.4 (replaced by 17529)
|
|
|
Click to read the law in HTML or PDF. In brief, CA law says that subject lines must start with “ADV:” or “ADV:ADLT”, unsubscribe instructions must be the first text in the body and in the same font size as the majority of the body, spam must include a valid telephone number or email to unsubscribe, and spammers must stop spamming after receiving a request from a consumer. In my experience, almost all spam fails the first two counts. The law applies when unsolicited e-mailed documents are delivered to a California resident via an electronic mail service provider's service or equipment located in California. And, when the documents are addressed to a recipient with whom the initiator does not have an existing business or personal relationship, and the documents are not sent at the request of, or with the express consent of, the recipient. |
|
|
|
|
|
There are two types of spammers. |
|
|
1) In some cases, unethical merchants do their own spamming. |
|
|
2) In other cases, the actual spammer is an “agent” doing the spamming on behalf of a “principal.” Two subtypes: |
|
|
a. Sometimes the principal actively hires the spammer. For example, I believe that Mindshare Design of California was hired by WorldWinner.com of Massachusetts and California to spam – err, “send email to consumers who opted-in” (right) – on its behalf. |
|
|
b. And sometimes, the spammer signs up as an affiliate for the principal and does the spamming unbeknownst to the (sometimes legitimate) principal. For example, ValueValet of Florida (see?) spammed me advertising products from ExpertCity Inc., a California software company. Of course, when this happens, the spammer is almost always violating the terms & conditions of the affiliate agreement. Nevertheless, I believe that the common-law doctrine of agent-principal says that the principal is still responsible for the actions of the agent. I haven’t tested this yet, but I expect that if I win a suit against the principal, then the principal would probably turn around and sue (or at least withhold affiliate commissions from) the actual spammer. |
|
|
|
|
|
Note that the law says “email or cause to be emailed,” which may also offer some ammunition against a typical defense that “My affiliates did it, not me.” Anyway, my strategy is to name everyone involved in the lawsuit. Higher probability of getting some money back, and you can stir up a little dissension between a principal and the spammers, which is always fun. At a minimum, you can make the principal strengthen and enforce the terms of its affiliate program. |
|
|
|
|
|
Unfortunately,
17538.4 does not – yet! – specify civil damages that a consumer can claim
himself… which gives the Court some leeway to determine damages. (A
D.A. can claim $2,500 per violation.) So, I argue that trying to
unsubscribe from a spam list is analogous behavior to trying to tell a
telemarketer to stop calling you… and B&P Code Section 17593 does specify
$1,000 damages per instance against telemarketers who won’t stop
calling. |
|
|
|
|
|
|
|
|
|
|
|
Junk-Fax
Law (Telephone Consumer Protection Act, or TCPA), Title 47 of U.S. Code, Sec.
227 |
|
|
Whether or not your state has an anti-spam law, and whether or not it’s pre-empted by the Federal law, there is an argument that spamming violates the federal junk-fax law – the Telephone Consumer Protection Act (TCPA), 47 U.S.C. 227. |
|
|
|
|
|
Huh? How could spamming be junk-faxing? Well, if you read the definition of a fax machine carefully and take a somewhat liberal interpretation, it could qualify. |
|
|
|
|
|
(a)
Definitions |
|
|
(2) The term “telephone facsimile machine” means equipment
which has the capacity |
|
|
(A) to transcribe text or images, or both, from paper into an
electronic signal and to transmit that signal over a regular telephone line,
or |
|
|
(B) to transcribe text or images (or both) from an electronic
signal received over a regular telephone line onto paper. |
|
|
|
|
|
The way I interpret this text, my computer system is a telephone facsimile machine because it can receive an electronic signal over a regular telephone line and output text/images onto paper. |
|
|
|
|
|
Here’s where it says junk-faxing is illegal: |
|
|
|
|
|
(b) Restrictions on
use of automated telephone equipment |
|
|
(1) Prohibitions. It shall be unlawful for
any person within the United States - |
|
|
(C) to use any telephone
facsimile machine, computer, or other device to send an unsolicited
advertisement to a telephone facsimile machine |
|
|
|
|
|
The TCPA is specifically written to enable the individual recipient to bring a lawsuit in Small Claims Court, a right denied us by the federal CAN-SPAM Act. Fortunately, the CAN-SPAM doesn’t pre-empt the TCPA; it only pre-empts state laws specific to spam. |
|
|
|
|
|
The TCPA specifies minimum statutory damages of $500 per instance, which the Court can increase up to 3x if the court finds that the defendant willfully or knowingly violated this subsection or the regulations prescribed under this subsection. |
|
|
|
|
|
I have not sued for spam using the junk-fax law myself, but there’s at least one person who did so successfully. In February 2003, Mark Reinertson of Michigan sued Sears for spamming, and served papers at his local store. He filed the suit for $1,500, asking for 3x the statutory $500. The Court did not award 3x, but it did award $500 (plus costs). Click here for an article about Reinertson, and click here to see copies of the filing and the judgment. |
|
|
|
|
|
|
|
|
|
|
California False Advertising
Law, Business and Professions Code Section 17500
|
|
|
A couple of my spammers – most notably Maryland Internet Marketing and Stram Corporation – blatantly violate this section. When you click the link in the spam and then go through the destination website to the order page, the spammers claim you can place an order “on their secure server”… but the web address is http not https… it is not secure. Maryland also claims that the Financial Institution (that issues your credit card) will send a receipt; that’s not true either. Misleading subject lines are also arguably false advertising. The civil code here does specify damages – $2,500 per offense – if charges are brought by a D.A. |
|
|
|
|
|
Click here and then check the box for Business & Professions Code and search for keywords “17500” to learn about the false advertising law. |
|
|
|
|
|
|
|
|
|
|
|
America
Online v. National Health Care Discount (2001) |
|
|
|
|
|
I’ve
relied on this Opinion several times, when spammers try to claim that they’re
not responsible since the spam was actually sent by “an affiliate” and that they
– the principal – can’t control and aren’t responsible for what their
“independent contractor” affiliates do.
|
|
|
|
|
|
In this
case, AOL sued NHCD for unsolicited email promoting NHCD products sent by NHCD’s
agents over AOL’s computer systems to AOL members. NHCD argued the spam was sent by
independent contractors and that NHCD could not be held responsible for their
actions. The Court found that the
senders were acting as NHCD’s agents and that NHCD was responsible for their
actions. The Court issued a permanent
injunction against NHCD and awarded AOL over $400,000 in actual and punitive
damages. |
|
|
|
|
|
|
|
|
|
|
|
|
|
California Code of Civil
Procedure, §395.5
|
|
|
After I
sued them, I’ve had several spammers in California (but not in LA County)
challenge venue because I’ve sued them in LA.
Their legal basis – if they admit to sending UCE at all – is that a
defendant must be sued where the defendant lives. Typically, that’s true. But not in this case. Even if the spam were sent from some other
county, the effects of the spam were felt when I opened the spam here in LA
County, and so the obligation arises here.
|
|
|
|
|
|
395.5. A
corporation or association may be sued in the county where the contract is
made or is to be performed, or where the obligation or liability arises, or
the breach occurs; or in the county where the principal place of business of
such corporation is situated, subject to the power of the court to change the
place of trial as in other cases. |
|
|
|
|
|
The Court
has ruled in my favor on this particular issue every single time it’s arisen.
Here are two examples of Defendants unsuccessfully challenging venue: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
California Consumer Legal
Remedies Act, Civil Code Sections 1770-1784
|
|
|
Spam advertising is deceptive. Spammers forge message headers, falsely claim you opted in when you never did, etc. Our strategy is to send a letter asking the spammers to “cure” their false advertising by sending a message to all California residents admitting the deceptive nature of their advertising. Naturally, they won’t do this. And then they may be liable for my attorneys’ fees. |
|
|
|
|
|
Click here and then check the box for Civil Code and search for keywords “1770” and “1780” to learn about the CLRA. |
|
|
|
|
|
|
|
|
|
|
|
Hall v.
LaRonde (1997) |
|
|
The California Appellate Court determined that where a nonresident’s contacts with the forum state are substantial… continuous and systematic, the use of electronic mail and the telephone by a party in another state may establish sufficient minimum contacts with California to support personal jurisdiction. In other words, if an out-of-state spammer keeps spamming you, you can sue them in California because this is where the “injury” takes place… normally you would have to sue in the Defendant’s locale. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Ferguson
v. Friendfinders Opinion (2002) |
|
|
The California Appellate Court’s primary objective was to reaffirm that 17538.4 does not violate the dormant commerce clause of the US Constitution. But, in the course of writing the Opinion, the Court also delivered a very strong and clear anti-spam message and reinforces the importance of 17538.4 for protecting the citizens of California from the annoyance, costs, and dangers associated with spam. The Court confirmed that 17538.4 applies to spammers located inside or outside of California, if they spam California residents using equipment and services of California email and Internet service providers. Furthermore, the Court rejected the spammer’s argument that spam is sent in bulk and so it is impractical for spammers to determine which recipients are California residents and send different emails accordingly. |
|
|
|
|
|
|
|
|
|
|
|
|
|
California Penal Code Section
502
|
|
|
An individual can’t claim damages under the Penal Code. A D.A. could, of course. I ask for punitive and exemplary damages in my Complaints, due to Defendant’s willfully and maliciously violating California law and harassing me. (I unsubscribed, their systems confirmed the unsubscribe, and yet they keep spamming me.) Note that the penal code also prohibits a spammer from sending out a spam under your name – a practice known as “joe-jobbing.” |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Rowan v.
U.S.P.S. (1970) |
|
|
Some spammers try to justify their actions with a “free speech” defense, but I don’t buy it. The Rowan v. USPS case dates back to 1970, but I believe it’s still very relevant to the spam issue. Essentially, the Supreme Court said that a mailer has no right to send unwanted material into a person’s home. Simply replace “mailbox” with “e-mailbox” and the principles in this ruling are as valid today as they were over 30 years ago. Check out these great quotes: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
My Attorneys |
|
|
I’m now
working with two California attorneys with experience in the spam and
technology areas. It’s nice to have
professional help. I’m good, but I’m
not a lawyer. |
|
|
|
|
|
Timothy
Walton of Palo Alto, CA |
Mark
Woodsmall of Los Angeles, CA |
|
|
|