An Overview of the Law on Spam

Anti-Spam Research GroupSan Francisco, CA

March 20, 2003

Jon Praed Internet Law Group

JonPraed@aol.com

Spam is Unsolicited Bulk Commercial Electronic Messages

• Electronic messages – anticipate convergence

• Commercial – not inherently illegal

• Bulk – substantially similar messages

• Unsolicited – intent of recipient is key

Spam Fighting Tools

• Shield -- Internet Architecture & Filters

• Sword -- Legal Enforcement

To Evade Filters, Spam = Fraud

• Source and hypertext links are anonymous, transient or falsified– Free email accounts; anonymous credit cards; mail relays;

obfuscated URLs; encrypted source code; DNS servers turned on/off; false domain name registrations (ICANN 9/02 action Verisign)

• Third Party Conspirators Provide Cover– Spam Houses make $10,000/month to host webpages and hide

identities of spammers (“I terminated him and deleted his info”)

– Affiliate Program Operators – in search of plausible deniability

Law’s Purposes

• General & Specific Deterrence

• Compensation of Victims

• Retribution

• Education

Legal Weapons

• Injunctions

• Money Judgments– non-dischargeable in bankruptcy– disgorge profits from spammers– fund anti-spam fight

• Imprisonment

A Hierarchy of Anti-Spam Rules• AUPs – setting expectations to protect private property• Common Law – trespass to chattels recognized in all 50 states• State Statutes – 26 states and counting (www.spamlaws.com)

– codifying trespass with statutory damages– labeling requirements– outlawing fraudulent spam or requiring respect for do not email lists

• Federal Statutes – – Computer Fraud & Abuse Act, 18 USC 1030– Analogs: 47 USC 227 (unsolicited fax law); 18 USC 2257 (Adult Model Statute)– Pending Legislation (www.thomas.loc.gov)

• Burns-Wyden CAN SPAM Act, SB 630 & others

• International Law – none? – How will this affect the impact of anticipated Federal fixes?

Goals of Federal Proposals

• Discourage use of fraud

• Encourage transparency in identity

• Ban spam, regardless of fraud

• Regulate spam through labeling

• Minimize impact on solicited marketers

A “Sunshine” Proposal for Federal Legislation

• Modeled after Custodian of Records Law requiring Proof of Age of Adult-Movie Performers (18 USC 2257)

• All commercial email (including solicited) must disclose a “custodian of records” (US resident, address, phone, email)

• Failure to disclose = presumption of spam and high civil penalties (dollars per email)

• False disclosures = criminal penalties• Disclosures subject to reasonable due diligence• Truthful disclosures, but inadequate records = reduced

statutory damages (fraction of penny per email)

What the Law Needs From Internet Architecture

• IDENTITY– accurate records reflecting status of Internet structure

(domain names, IP addresses)

– details of email transaction

– intelligent record preservation

• GEOGRAPHY– provides notice to spammers of applicable laws

– empowers Netizens to avoid lawless-parts of the Internet

Limits of the Law

• Dependence on technical information for identification

• Slow and Costly

• Legal Jurisdictions are Geographic-Based

Why We Will Defeat Spam

• Victory Doesn’t Require 100% Spam-Free– Banks survive bank robberies

• Spammers Struggle on Small Margins• Email is Incredibly Resilient

– Email thrives despite 40% spam rate

• Spam is the Parasite, Email is the Host– If spam kills email, spam dies too

• Filters + Lawsuits Work, and Spammers Know It

Questions?

An Overview of the Law on Spam

Anti-Spam Research GroupSan Francisco, CA March 20, 2003

Jon Praed Internet Law Group

JonPraed@aol.com