An Overview of the Law on Spam Anti-Spam Research Group San Francisco, CA March 20, 2003 Jon Praed Internet Law Group JonPraed@aol.com Spam is Unsolicited Bulk Commercial Electronic Messages • • • • Electronic messages – anticipate convergence Commercial – not inherently illegal Bulk – substantially similar messages Unsolicited – intent of recipient is key Spam Fighting Tools • Shield -- Internet Architecture & Filters • Sword -- Legal Enforcement To Evade Filters, Spam = Fraud • Source and hypertext links are anonymous, transient or falsified – Free email accounts; anonymous credit cards; mail relays; obfuscated URLs; encrypted source code; DNS servers turned on/off; false domain name registrations (ICANN 9/02 action Verisign) • Third Party Conspirators Provide Cover – Spam Houses make $10,000/month to host webpages and hide identities of spammers (“I terminated him and deleted his info”) – Affiliate Program Operators – in search of plausible deniability Law’s Purposes • • • • General & Specific Deterrence Compensation of Victims Retribution Education Legal Weapons • Injunctions • Money Judgments – non-dischargeable in bankruptcy – disgorge profits from spammers – fund anti-spam fight • Imprisonment A Hierarchy of Anti-Spam Rules • AUPs – setting expectations to protect private property • Common Law – trespass to chattels recognized in all 50 states • State Statutes – 26 states and counting (www.spamlaws.com) – codifying trespass with statutory damages – labeling requirements – outlawing fraudulent spam or requiring respect for do not email lists • Federal Statutes – – Computer Fraud & Abuse Act, 18 USC 1030 – Analogs: 47 USC 227 (unsolicited fax law); 18 USC 2257 (Adult Model Statute) – Pending Legislation (www.thomas.loc.gov) • Burns-Wyden CAN SPAM Act, SB 630 & others • International Law – none? – How will this affect the impact of anticipated Federal fixes? Goals of Federal Proposals • • • • • Discourage use of fraud Encourage transparency in identity Ban spam, regardless of fraud Regulate spam through labeling Minimize impact on solicited marketers A “Sunshine” Proposal for Federal Legislation • Modeled after Custodian of Records Law requiring Proof of Age of Adult-Movie Performers (18 USC 2257) • All commercial email (including solicited) must disclose a “custodian of records” (US resident, address, phone, email) • Failure to disclose = presumption of spam and high civil penalties (dollars per email) • False disclosures = criminal penalties • Disclosures subject to reasonable due diligence • Truthful disclosures, but inadequate records = reduced statutory damages (fraction of penny per email) What the Law Needs From Internet Architecture • IDENTITY – accurate records reflecting status of Internet structure (domain names, IP addresses) – details of email transaction – intelligent record preservation • GEOGRAPHY – provides notice to spammers of applicable laws – empowers Netizens to avoid lawless-parts of the Internet Limits of the Law • Dependence on technical information for identification • Slow and Costly • Legal Jurisdictions are Geographic-Based Why We Will Defeat Spam • Victory Doesn’t Require 100% Spam-Free – Banks survive bank robberies • Spammers Struggle on Small Margins • Email is Incredibly Resilient – Email thrives despite 40% spam rate • Spam is the Parasite, Email is the Host – If spam kills email, spam dies too • Filters + Lawsuits Work, and Spammers Know It Questions? An Overview of the Law on Spam Anti-Spam Research Group San Francisco, CA March 20, 2003 Jon Praed Internet Law Group JonPraed@aol.com