Congress Passes Anti-Spam Legislation
On Nov. 25, 2003, the Senate approved the House of Representatives’ version of the bill known as “Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003” (the “CAN-SPAM Act”). Due to some technical differences between the two versions, final approval by the House is required. The House will likely vote on the measure in early December and then forward it to the President for his signature. Once signed, the law would become effective on Jan. 1, 2004.
The CAN-SPAM Act, once enacted, would be the first federal law designed to combat spam. The Act would also pre-empt state anti-spam statutes passed in 36 states. Spam emails currently account for over 50 percent of all emails sent. It is predicted that by 2007, each individual’s email inbox will receive close to 3,900 spam messages annually. The CAN-SPAM Act attempts to ensure that email remains a viable form of communication through the implementation of national standards with which senders must comply, and also through criminal and civil enforcement mechanisms, including a private right of action for Internet Service Providers (“ISPs”).
The CAN-SPAM Act is an “opt-out” measure which would allow e-mailers to send unsolicited commercial emails unless the recipient opts out from receiving future messages. Under the federal legislation, as long as the sender meets the requirements of the Act, and the recipient has not opted out, the sending of commercial electronic mail is legal.
This approach differs from the more stringent “opt-in” laws adopted by California and Delaware. The California law, which critics of the CAN-SPAM Act consider to be tougher against spammers, is scheduled to go into effect on Jan. 1, 2004, the same day the federal legislation would go into effect. Under the California anti-spam statute, senders are prohibited
from sending unsolicited commercial emails to recipients unless they specifically request to receive such messages.
The California law starts with the premise that spam is illegal and makes exceptions for its use. The federal legislation, on the other hand, legitimizes spam and seeks to restrain its use through various restrictions. Critics of the CAN-SPAM Act do not foresee the legislation reducing the amount of spam. The main concern of the opt-out approach is that only legitimate marketers would likely honor the opt-out requests of recipients. The more egregious spammers are initially likely to ignore such requests and spam the account more regularly or sell the address since it has been identified as an active email address.
Key Components of the Bill
A. Applies to commercial electronic mail
The CAN-SPAM Act would apply to “commercial electronic mail,” defined as having as its primary purpose “the commercial advertisement or promotion of a commercial product or service.” Excluded from this definition are “transactional or relationship messages” which provide warranty information, account balance, or other transactional information to the recipient. The definition of commercial electronic mail also does not include charitable or political messages. It is important to note that these restrictions apply not only to senders of the latest weight loss or get-rich-quick schemes, but to all individuals or businesses who send commercial emails.
B. Email content requirements
The CAN-SPAM Act would require that senders provide a valid physical postal address and an email address allowing recipients to opt-out of future emails. Senders could also provide other opt-out mechanisms such as an Internet list allowing recipients to choose not to receive certain types of messages. The emails must not include false or misleading transmission information, defined to include the failure to accurately identify the email address, domain name or Internet protocol address from which the email originated. Subject headings also shall not reasonably mislead the recipient regarding the contents or subject matter of the message. In addition, the messages must clearly and conspicuously indicate that they are either advertisements or solicitations. Although Congress or the FTC will likely issue specific requirements at some future date on how this must be done, this could be accomplished by the use of "ADV:" in the subject heading. Messages that contain sexually oriented material must also include specific identifiers in the subject heading to be prescribed by the FTC (within 120 days of enactment).
C. Opt-out procedure
Once a recipient objects to receiving future emails, the sender must comply within 10 business days after receiving such a request. However, there is a potential loophole which protects the senders of spam when the return email address is temporarily unable to receive requests. This will likely apply to spammers who send millions of spam messages since the optout replies will quickly fill the spammers’ inboxes thus making them unable to receive all of the opt-out requests. Therefore, a recipient wants to opt-out may have to submit a request several times in order for it to get through to the spammer.
A positive provision, from a recipient’s point of view, applies the opt-out request not only to the sender of the email but to all of the sender’s separate lines of business or divisions. This provision is important since in certain industries, such as financial services, corporations have multiple lines of business and divisions. Without such a provision, recipients would be required to physically opt-out from receiving messages from each individual entity. In addition, once the recipient requests to be removed from future mailings, the sender cannot sell or lease that address to other persons.
D. Procurement of email addresses
The Act would prohibit persons from obtaining email addresses from an Internet site which provides a notice that the site does not give, sell, or transfer Internet addresses, known as harvesting, or through dictionary attacks where the email messages are sent to addresses obtained through automatic means that generate possible email addresses.
The criminal provisions of the Act will be enforced by the Federal Trade Commission, Department of Justice and other federal agencies where applicable. If convicted under the Act, violators could face up to five years in prison and fines up to $2 million with treble damages up to $6 million for the most egregious violations.
States, through their attorneys general, and Internet Service Providers (“ISPs”) are the only entities authorized to bring civil suits against spammers. The Act allows them to enjoin further violations by the sender or to recover damages of up to $3 million for willful violations. In addition, the Act would not affect the ability of ISPs to decline to transmit, route, relay,
handle, or store certain types of email messages. Therefore, ISPs may continue to implement procedures designed to protect their networks and users from being inundated with spam.
Unlike the anti-spam statutes of 23 states, there is no private right of action for individuals to sue spammers for violations of the Act. For example, Illinois’ anti-spam statute allows recipients to recover the lesser of $10 per email or $25,000 per day and attorney’s fees. While individuals or entities other than ISPs may not sue under the Act, they are not precluded
from bringing state law tort, trespass, or contract claims. However, the plaintiff will not be entitled to the statutory damages provided under the Act. Instead, the plaintiff must prove actual damages which may be difficult. In a recent trespass case, Intel Corp v. Hamidi, 71 P.3d 296 (Cal. 2003), the California Supreme Court refused to grant Intel damages when a former employee sent unsolicited emails to Intel employees criticizing the company. The court held that California’s law on trespass to chattel did not encompass unsolicited emails where the computer system receiving such messages is neither harmed nor impaired.
While the penalties under the Act are stiff, enforcement of both criminal and civil violations will be difficult. Spammers must first be identified and then jurisdiction must be secured. Spammers’ attempts to conceal their identities, by sending messages through multiple servers and by switching accounts on a regular basis, make it difficult to track down them down. The Act is likely to encourage even more intricate attempts at concealment. In addition, it is estimated that over 50 percent of spammers are located outside the U.S., which will frustrate enforcement of judgments.
The Act does not provide the enforcing entities with any supplementary powers to procure jurisdiction over foreign spammers. Therefore, without an international treaty regarding the treatment of spammers, it is difficult to predict the success rate of the CAN-SPAM Act against spammers who reside offshore.
F. Do-Not-Email Registry
The Act also requires the Federal Trade Commission to investigate the feasibility of a “Do-Not-Email” registry similar to the “Do-Not-Call” registry designed to prevent unwanted telemarketing phone calls, and to report on its findings within six months of enactment. However, the FTC does not support such a registry claiming that illegitimate spammers are unlikely to comply. In addition, the registry would be a valuable list of active email addresses, which, in the wrong hands, would likely subject registrants to an increased amount of spam.
G. Promulgation of rules against wireless phone spam
Also included in the bill is a provision that could eventually prevent wireless phone/PDA spam. The Federal Communications Commission is charged with promulgating rules to protect consumers from unwanted mobile commercial messages. Although mobile device spam is not yet a huge problem in the United States, individuals in Europe and Asia have been inundated by it.
While the CAN-SPAM Act is not a panacea, it does eliminate the patchwork of legislation enacted by the States and provides a uniform way to deal with all senders of unsolicited commercial email. Combined with technological measures taken by ISPs and recipients, a multi-prong approach will make it more difficult for spammers to inundate inboxes on a regular basis.
Please contact us if you have any questions regarding or would like a copy of the CAN-SPAM Act.