An Overview of the Law on Spam
Anti-Spam Research Group
San Francisco, CA
March 20, 2003
Jon Praed
Internet Law Group
JonPraed@aol.com
Spam is Unsolicited Bulk
Commercial Electronic Messages
•
•
•
•
Electronic messages – anticipate convergence
Commercial – not inherently illegal
Bulk – substantially similar messages
Unsolicited – intent of recipient is key
Spam Fighting Tools
• Shield -- Internet Architecture & Filters
• Sword -- Legal Enforcement
To Evade Filters, Spam = Fraud
• Source and hypertext links are anonymous,
transient or falsified
– Free email accounts; anonymous credit cards; mail relays;
obfuscated URLs; encrypted source code; DNS servers turned
on/off; false domain name registrations (ICANN 9/02 action
Verisign)
• Third Party Conspirators Provide Cover
– Spam Houses make $10,000/month to host webpages and hide
identities of spammers (“I terminated him and deleted his info”)
– Affiliate Program Operators – in search of plausible deniability
Law’s Purposes
•
•
•
•
General & Specific Deterrence
Compensation of Victims
Retribution
Education
Legal Weapons
• Injunctions
• Money Judgments
– non-dischargeable in bankruptcy
– disgorge profits from spammers
– fund anti-spam fight
• Imprisonment
A Hierarchy of Anti-Spam Rules
• AUPs – setting expectations to protect private property
• Common Law – trespass to chattels recognized in all 50 states
• State Statutes – 26 states and counting (www.spamlaws.com)
– codifying trespass with statutory damages
– labeling requirements
– outlawing fraudulent spam or requiring respect for do not email lists
• Federal Statutes –
– Computer Fraud & Abuse Act, 18 USC 1030
– Analogs: 47 USC 227 (unsolicited fax law); 18 USC 2257 (Adult Model Statute)
– Pending Legislation (www.thomas.loc.gov)
• Burns-Wyden CAN SPAM Act, SB 630 & others
• International Law – none?
– How will this affect the impact of anticipated Federal fixes?
Goals of Federal Proposals
•
•
•
•
•
Discourage use of fraud
Encourage transparency in identity
Ban spam, regardless of fraud
Regulate spam through labeling
Minimize impact on solicited marketers
A “Sunshine” Proposal for
Federal Legislation
• Modeled after Custodian of Records Law requiring Proof
of Age of Adult-Movie Performers (18 USC 2257)
• All commercial email (including solicited) must disclose a
“custodian of records” (US resident, address, phone, email)
• Failure to disclose = presumption of spam and high civil
penalties (dollars per email)
• False disclosures = criminal penalties
• Disclosures subject to reasonable due diligence
• Truthful disclosures, but inadequate records = reduced
statutory damages (fraction of penny per email)
What the Law Needs From
Internet Architecture
• IDENTITY
– accurate records reflecting status of Internet structure
(domain names, IP addresses)
– details of email transaction
– intelligent record preservation
• GEOGRAPHY
– provides notice to spammers of applicable laws
– empowers Netizens to avoid lawless-parts of the
Internet
Limits of the Law
• Dependence on technical information for
identification
• Slow and Costly
• Legal Jurisdictions are Geographic-Based
Why We Will Defeat Spam
• Victory Doesn’t Require 100% Spam-Free
– Banks survive bank robberies
• Spammers Struggle on Small Margins
• Email is Incredibly Resilient
– Email thrives despite 40% spam rate
• Spam is the Parasite, Email is the Host
– If spam kills email, spam dies too
• Filters + Lawsuits Work, and Spammers Know It
Questions?
An Overview of the Law on Spam
Anti-Spam Research Group
San Francisco, CA March 20, 2003
Jon Praed
Internet Law Group
JonPraed@aol.com