New Laws, Bounties & International Cooperation: the Fight against Spam Continues

By Javad Heydary
E-Commerce Times - 2004/09/23

On September 17, 2004, California Governor, Arnold Schwarzenegger, signed a Bill that strengthens California's anti-spam laws. Before this law was signed, state anti-spam laws allowed the recipient of spam, an e-mail service provider or the State Attorney General to recover actual damages for the receipt spam transmitted in contravention of the rules in addition to permitting a court to award reasonable attorney fees and costs to prevailing plaintiffs.

New Changes

Senate Bill 1457 amends the current laws by making it an offence to advertise in a spam e-mail sent either from California or to a California e-mail address in the following circumstances: where the advertisement contains or is accompanied by a third-party's domain name without that party's permission; where the e-mail contains or is accompanied by falsified, misrepresented or forged header information; where the sender enters a subject line they know would likely mislead a recipient acting reasonably as to a material fact regarding the contents or subject-matter of the message.

Penalties

As far as penalties are concerned, the Bill authorizes the State Attorney General, an e-mail service provider or the recipient of a spam e-mail to bring an action for liquidated damages of $1,000 per e-mail, up to $1,000,000 per incident but subject to a reduction by the courts.The Bill also prohibits bringing multiple actions under other e-mail advertisement damages provisions for the same violation.

Exceptions & Limitations

There are two exceptions: firstly, where truthful header information is used by a third party lawfully authorized by the advertiser to use that information. Secondly, there are no consequences for an e-mail service provider that is only involved in the routine transmission of the e-mail advertisement across its computer network.

Also, if the court finds that the defendant established and implemented practices and procedures reasonably designed to effectively prevent spam with due care, then the court must reduce the liquidated damages it can award to a maximum of $100 for each unsolicited commercial e-mail advertisement or must reduce them to a maximum of $100,000 per incident.

CAN-SPAM

On a related note, there has been a number of comlaints against the U.S. federal anti-spam legislation, Can-Spam Act (the Act), since its coming into force on January 1, 2004. For example, in May 2004, the U.S. Senate Commerce Committee met to review the effects of the Act. It heard from a handful of witnesses, including a bulk e-mailer, who claimed that compliance with the Act has been disadvantageous for his business because Internet providers block his e-mails by focusing on his "From:" addresses, "Subject:" lines, company information, IP address and the disclaimer on the bottom of his e-mail. He testified that he may resort to illegal tactics, such as generating fake numerical addresses and grammatically correct text that look like personal written mail, if his legal e-mails continue to be blocked by major Internet service providers such as America Online and Microsoft Hotmail.

Another complaint has come from the Direct Marketing Association which has urged the Federal Trade Commission ("FTC") to clarify the Act by recognizing the difference between purely sales-oriented e-mails (spam) and billing, transaction confirmation or other so-called relationship messages.

First Can-Spam Act Cases

As far as the enforcement of the Act is concerned, the FTC recently took action against a number of parties with the first two being against companies that were engaged in sending both spam and spoofing. The first action was against Detroit-based Phoenix Avatar and the second action was against Global Web Promotions, a spam enterprise that operated out of Australia and New Zealand. Both operations had been identified by the anti-spam organization Spamhaus, as among the largest spammers in the world. These cases marked the first criminal prosecutions under the Act.

Offering Bounties

In addition to its legal proceedings against spammers, on September 16, 2004, the FTC issued a report assessing whether and how a system that rewards members of the public for tracking down spammers would or could help improve enforcement of the Act. Specifically, the Act itself required the FTC to conduct a study and provide a report to the U.S. Congress on a "bounty system" for the Act. According to the report released by the FTC, there are three hurdles for the FTC and other law enforcers in anti-spam investigations: identifying and locating the spammer, developing sufficient evidence to prove the spammer is legally responsible for sending the spam, and obtaining a monetary award. Most notably, the report states that persons most likely to identify a spammer and provide evidence would be "whistleblowers" or "insiders" and not so-called "cybersleuths" (persons with above-average IT skills). The report goes on to conclude that it is unclear as to whether a bounty system would be effective but the report does state that any reward would need to be substantial (in the $100,000 to $250,000.00 range).

This report comes on the heels of another recent announcement that trade agencies in the United States, United Kingdom and Australia have entered into a memorandum of understanding to provide for mutual enforcement assistance in fighting spam. Agencies will share evidence and coordinate investigations in order to work together to prosecute spammers.

Whether through new laws, offering substantial rewards, or through cross-jurisdictional cooperation, we might be finally getting somewhere in the fight against spam - or are we?