An Overview of the Law on Spam

1
An Overview of the Law on Spam Anti-Spam
Research Group San Francisco, CA March 20,
2003 Jon Praed Internet Law Group JonPraed_at_aol.
com
2
Spam is Unsolicited Bulk Commercial Electronic
Messages

• Electronic messages anticipate convergence
• Commercial not inherently illegal
• Bulk substantially similar messages
• Unsolicited intent of recipient is key

3
Spam Fighting Tools

• Shield -- Internet Architecture Filters
• Sword -- Legal Enforcement

4
To Evade Filters, Spam Fraud

• Source and hypertext links are anonymous,
  transient or falsified
• Free email accounts anonymous credit cards mail
  relays obfuscated URLs encrypted source code
  DNS servers turned on/off false domain name
  registrations (ICANN 9/02 action Verisign)
• Third Party Conspirators Provide Cover
• Spam Houses make 10,000/month to host webpages
  and hide identities of spammers (I terminated
  him and deleted his info)
• Affiliate Program Operators in search of
  plausible deniability

5
Laws Purposes

• General Specific Deterrence
• Compensation of Victims
• Retribution
• Education

6
Legal Weapons

• Injunctions
• Money Judgments
• non-dischargeable in bankruptcy
• disgorge profits from spammers
• fund anti-spam fight
• Imprisonment

7
A Hierarchy of Anti-Spam Rules

• AUPs setting expectations to protect private
  property
• Common Law trespass to chattels recognized in
  all 50 states
• State Statutes 26 states and counting
  (www.spamlaws.com)
• codifying trespass with statutory damages
• labeling requirements
• outlawing fraudulent spam or requiring respect
  for do not email lists
• Federal Statutes
• Computer Fraud Abuse Act, 18 USC 1030
• Analogs 47 USC 227 (unsolicited fax law) 18
  USC 2257 (Adult Model Statute)
• Pending Legislation (www.thomas.loc.gov)
• Burns-Wyden CAN SPAM Act, SB 630 others
• International Law none?
• How will this affect the impact of anticipated
  Federal fixes?

8
Goals of Federal Proposals

• Discourage use of fraud
• Encourage transparency in identity
• Ban spam, regardless of fraud
• Regulate spam through labeling
• Minimize impact on solicited marketers

9
A Sunshine Proposal for Federal Legislation

• Modeled after Custodian of Records Law requiring
  Proof of Age of Adult-Movie Performers (18 USC
  2257)
• All commercial email (including solicited) must
  disclose a custodian of records (US resident,
  address, phone, email)
• Failure to disclose presumption of spam and
  high civil penalties (dollars per email)
• False disclosures criminal penalties
• Disclosures subject to reasonable due diligence
• Truthful disclosures, but inadequate records
  reduced statutory damages (fraction of penny per
  email)

10
What the Law Needs From Internet Architecture

• IDENTITY
• accurate records reflecting status of Internet
  structure (domain names, IP addresses)
• details of email transaction
• intelligent record preservation
• GEOGRAPHY
• provides notice to spammers of applicable laws
• empowers Netizens to avoid lawless-parts of the
  Internet

11
Limits of the Law

• Dependence on technical information for
  identification
• Slow and Costly
• Legal Jurisdictions are Geographic-Based

12
Why We Will Defeat Spam

• Victory Doesnt Require 100 Spam-Free
• Banks survive bank robberies
• Spammers Struggle on Small Margins
• Email is Incredibly Resilient
• Email thrives despite 40 spam rate
• Spam is the Parasite, Email is the Host
• If spam kills email, spam dies too
• Filters Lawsuits Work, and Spammers Know It

13
Questions? An Overview of the Law on
Spam Anti-Spam Research Group San Francisco, CA
March 20, 2003 Jon Praed Internet Law
Group JonPraed_at_aol.com