Printer Friendly

Anti-spam legislation setbacks.

I n the fall, I gave a report on email at a University of Pittsburgh faculty meeting. Among the statistics I reported was that in March 2008, the University of Pittsburgh email servers received 505 million email messages. Of that number, more than 410 million messages were spam. That's for just one modest email domain for 1 month.

Actually, that number is not too surprising. Current estimates are that 90% of all email traffic is unsolicited bulk email, or spam. Another report suggests that spam costs U.S. businesses up to $17 billion in lost productivity and anti-spam efforts, notwithstanding the widespread use of spam filters.

The law's response to the proliferation of spam has been checkered. As the problems of spam shifted from its origins in the USENET environment in the 1980s and early 1990s to the email environment by the late 1990s, courts and legislatures struggled to craft a response. Unfortunately, that struggle continues today.

Not All Spam Is Illegal

One threshold challenge is that not all unsolicited email is illegal. Courts have recognized that the First Amendment protects the right to advertise goods and services. While the protections on this form of "commercial free speech" are not as expansive as noncommercial speech, absolute bans on commercial email may not be legal.

This was recently demonstrated when the Virginia Supreme Court struck down that state's anti-spam statute because it was found to violate the First Amendment. Virginia made it a criminal offense to transmit unsolicited bulk electronic mail with intentionally false or forged transmission or routing information.

Protecting Anonymous Speech

The court noted that the First Amendment protects the right to anonymous speech. The court then observed that the only way to remain anonymous in an email transmission would be to enter a false IP address or domain name in the email. Although the intent of Virginia's statute may have been to prevent commercial emailers from using false information to mislead, it was not limited to commercial email. In the language of constitutional law, it was not "narrowly tailored" enough to meet Virginia's interest in controlling spam without having the potential to violate the constitutional rights of people wishing to send anonymous email. By making the use of false email information a crime in all circumstances, the statute was unconstitutional.

As noted, Virginia's statute covered commercial and noncommercial spam. The court noted that most of the statutes existing today, including the federal CANSPAM Act passed in 2004, are targeted toward commercial spam only. Those various acts allow bulk email to be used for commercial purposes, but they still impose restrictions. For example, the CANSPAM Act requires accurate subject lines, headers, and sender addresses, plus contact information for the sender and a means to be removed. However, they can't target noncommercial spam.

California recently attempted to tighten its restrictions on fraudulent commercial email through new legislation. This has been one of the more aggressive states in enacting anti-spam legislation, although its most aggressive action (a complete ban of email spam in California) was overturned by the federal CAN-SPAM Act. The state proposed to control deceptive email by expanding the categories of "header information" required to be accurate. The legislation also made it easier to pursue violations of California anti-spam laws by allowing not only the state attorney general but also district attorneys and city attorneys to pursue spammers.

Schwarzenegger Veto

However, in late September, California governor Arnold Schwarzenegger vetoed the proposal. The governor argued that the existing anti-spam legislation at the federal and state level was adequate protection for consumers. He also expressed concern that making it easier to pursue violations will "possibly invite excessive litigation for a nuisance that does not result in any damages or losses."

Other states are also attempting to refine and strengthen their anti-spam laws with similar mixed results. Colorado, the District of Columbia, South Dakota, and Washington state all enacted anti-spam enhancement measures. Colorado's law makes CAN-SPAM violations a deceptive trade practice subject to civil and criminal penalties. Washington's law prohibits unauthorized transmission of spyware via commercial spam. South Dakota and the District of Columbia established first-time anti-spam laws in 2007 and 2008, respectively.

Several other states have anti-spam proposals pending. Many of these proposals target spyware transmission, cellular spam, collection of email addresses without authorization, and unauthorized access to protected computers to transmit spam. New York has a proposal similar to the one vetoed in California to tighten header information restrictions.

Some Success

Given the statistics (90% of all email is spam, and the like), it is fair to ask whether any of these laws are helping to reduce the amount of spam traffic. The answer is somewhat yes, but mostly no. A number of successful lawsuits and prosecutions appeared under the CAN-SPAM Act and state anti-spam laws. In most cases, these have been criminal or civil suits against individual spammers. The courts have made it clear, however, that the First Amendment does not protect against violations of CAN-SPAM and other laws. It also prevents exploiting ISPs for spam delivery in violation of their terms of use policies.

But the laws can only go so far. They can't require a complete ban of U.S.-based spam because of constitutional limitations. They also only address commercial email that is sent from U.S.-based spammers. However, more than 70% of the spam received by U.S. email recipients originates overseas. U.S. laws have limited ability to attack overseas spammers, and foreign laws vary considerably in their scope and effectiveness.

Most spam that I receive indicates that the sender is not terribly concerned about being caught and punished for sending spam. Very little actually seems to comply with CAN-SPAM and other laws. And much of it deals with goods and services so legally suspect that violations of anti-spam laws are probably not the spammer's biggest legal risk.

1,300,925,111,156,286,160,896

Spam filters and other technologies remain the best solution to combat spam. But they can only go so far. According to the calculations at the website cockeyed.com, there are 1,300,925,111,156,286,160,896 possible ways to spell Viagra. That's going to make it tough for the spam filter to keep up.

George H. Pike is director of the Barco Law Library and assistant professor of law at the University of Pittsburgh School of Law. His email address is gpike@pitt.edu. Send your comments about this column to itletters@infotoday.com.
COPYRIGHT 2008 Information Today, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2008 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Legal Issues
Author:Pike, George H.
Publication:Information Today
Article Type:Viewpoint essay
Geographic Code:1USA
Date:Dec 1, 2008
Words:1079
Previous Article:Sunlight disinfects.
Next Article:37signals rolls out simple collaboration solutions.
Topics:

Terms of use | Privacy policy | Copyright © 2020 Farlex, Inc. | Feedback | For webmasters