04-27-2005, 09:44 PM
Antispam Law Likely
Congress considers many plans, but will any solve the problem?
Grant Gross, IDG News Service
Tuesday, May 27, 2003
WASHINGTON -- Amid a chorus of voices calling on the U.S. Congress to do something about spam, lawmakers appear to be ready to pass antispam legislation this year, but consumer advocacy groups say current proposals are likely to lead to more spam, not less.
Most witnesses at a Senate Commerce, Science, and Transportation Committee hearing last week said they support federal legislation (http://www.pcworld.com/news/article/0,aid,110837,00.asp) as at least part of the solution for cutting the amount of unsolicited commercial e-mail Internet users receive. With lawmakers noting that some estimates have spam making up 40 percent or more of all e-mail, the hearing had an atmosphere of urgency.
Senator John McCain (R-Arizona), the committee chairman, said he hoped to engineer a vote on an antispam bill on the Senate floor before August. "It's clearly an issue that needs to be addressed one way or another," McCain said.
Proponents of a national antispam law, including the Direct Marketing Association and large e-mail services such as Yahoo, argue that a patchwork of nearly 30 state antispam laws make it difficult for any one state to enforce its antispam law. A national approach, they argue, would create uniform rules for e-mail senders and put more federal resources behind the fight against spam.
"The volume of spam today really has the potential of poisoning the medium, and doing it in a real hurry," said Senator Ron Wyden (D-Oregon), who has cosponsored the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act, introduced in April (http://www.pcworld.com/news/article/0,aid,110235,00.asp). "I'm absolutely convinced that if you bring a modest number of enforcement actions that are tough, that send a real message out there that there are going to be significant consequences, you change the world out there."
Lawmakers Can't Wait
But a group of eight antispam and consumer groups question all legislation currently before Congress. "There certainly does seem to be a lot of interest on Capitol Hill to get some legislation moving," said Ray Everett-Church, counsel for the Coalition Against Unsolicited Commercial E-mail (CAUCE). "The problem is that I have yet to see a piece of legislation that qualifies as antispam."
CAUCE and seven other groups Thursday fired off a letter (http://www.cauce.org/pressreleases/20030522.shtml) to four congressional committees, saying the current crop of congressional proposals doesn't contain any that are tough enough on spam.
"At present, none of the legislative proposals currently being considered in Congress contain the measures we recommend; rather, they repeat many of the legislative mistakes that have exacerbated the unsolicited commercial e-mail problem, permitting it to grow to the epidemic proportions it has reached today," says the letter, signed by leaders of Junkbusters, the Consumer Federation of America, the National Consumers League, and others.
Also last week, the California State Senate decided to not wait for federal legislation, instead passing a bill (http://www.pcworld.com/news/article/0,aid,110878,00.asp) that would turn spam from a misdemeanor to a felony and cost spammers an estimated $500 per unsolicited e-mail sent.
A bill by Representative Richard Burr (R-North Carolina) is the sixth piece of antispam legislation introduced in Congress this year. Cosponsored by the chairs of the House Judiciary and the House Energy and Commerce committees, it provides criminal and civil penalties for fraudulent spam. Marketers would have to provide a way for consumers to opt out on all commercial e-mail, and to provide a valid street address. The Burr bill, similar in some ways to the CAN-SPAM bill, would also make it illegal to falsify header information or harvest e-mail addresses from Web sites for the purposes of sending spam.
Representative James Sensenbrenner (R-Wisconsin), the chairman of the House Judiciary Committee, said in a statement he hopes the House will pass the bill by late June.
"Those who falsify their e-mail identity, send sexually explicit e-mail to unsuspecting individuals, and use e-mail as a weapon will be punished severely with criminal penalties under this legislation," Sensenbrenner said. "No legislation alone can stop the spam scourge. This problem only will be addressed through federal legislation in concert with technical solutions and the efforts of ISPs and legitimate marketers. I urge consumers to take advantage of software that blocks spam."
But that bill and other leading legislation allows unsolicited commercial e-mail until a recipient opts out of getting more, the eight consumer groups counter.
"Any law that defines acceptable criteria for sending unsolicited bulk commercial e-mail will amount to little more than establishing the conditions for a federal license to spam," their letter states. "By establishing an 'opt-out' legal regime, Congress would undercut those businesses who respect consumer preferences and give legal protection to those who do not."
Most of the current bills create a level of legitimacy for senders of unsolicited commercial e-mail, because spamming would be legal until a consumer opts out, CAUCE's Everett-Church said. In most cases, consumers must separately contact each spam operation. "You essentially are sanctioned by law, you get legal protection for sending unwanted e-mail," Everett-Church said. "That will result in more spam, not less."
Others question whether a law forcing consumers to opt out would cripple ISPs' efforts to block unsolicited commercial e-mail. Attorney Pete Wellborn, of Wellborn & Butler, represented Earthlink (http://www.pcworld.com/news/article/0,aid,110627,00.asp) in a recent successful lawsuit, and applauds Congress's recent focus on spam. But he also suggests laws forcing consumers to opt out could require ISPs to let through any spam that consumers haven't protested.
"Such a law would unconstitutionally seize from ISPs the right to say no to unsolicited commercial e-mail," Wellborn said.
Heading to the Courts
Most antispam bills now before Congress also do not let individuals file lawsuits against spammers, and the eight consumer groups urge Congress to allow such "private rights of action." The groups also express concern that federal legislation could preempt stronger state laws, such as a felony spam law passed in Virginia (http://www.pcworld.com/news/article/0,aid,110524,00.asp) in April.
A bill introduced this month by Senator Bill Nelson (D-Florida) could lead to private lawsuits by allowing some spammers to be charged with racketeering (http://www.pcworld.com/news/article/0,aid,110765,00.asp) offenses. Everett-Church praised the bill for opening up the possibility of private lawsuits, but the Nelson bill still requires consumers to opt out of spam.
"It's the first that even hints of giving consumers, those who are victimized by spammers, any right of action," Everett-Church said of the Nelson bill. "The only problem is that it goes off the rails and requires an opportunity to opt out. The opt-out undoes all of the other benefits."
Others, including CAN-SPAM cosponsor Senator Conrad Burns (R-Montana), question whether private lawsuits would help fight spam. Burns doesn't want to create more work for trial lawyers, his spokesperson said.
Private lawsuits won't reach most spammers because they hide behind false identities, says J. Trevor Hughes, executive director of the Network Advertising Initiative, a cooperative of Internet advertisers. "Spammers spend their days looking for ways to technologically obscure their identities," Hughes says. "Pursuing spammers requires enormous technological, financial, and investigative resources. Individuals do not have such resources, but governments and ISPs do."
Hughes also opposes laws requiring Internet advertisers to get opt-in permission from their customers. "Over the past few years, our industry has lost critical time debating this issue, while spam has been allowed to proliferate," said Hughes. His group supports the CAN-SPAM bill, which outlaws deceptive e-mail headers and requires commercial e-mail to include opt-out instructions and a valid postal address.
Requiring opt-in "will not result in a reduction of spam," Hughes says. "A spammer's stock and trade is in deception--they do not care about whether they have permission from the recipient."
Defining the Problem
A major problem with creating federal antispam legislation is that many people can't agree on what spam is, said Eytan Urbas, vice president of Mailshell, which markets an antispam software suite. In a March survey (http://www.mailshell.com/mail/client/oem2.html/step/pr/article/17#2) of more than 1100 Mailshell customers, 97 percent of respondents agreed that spam was random commercial e-mail promoting pornography or unwanted business opportunities.
But 53 percent said any unwanted e-mail from companies the recipient had a prior relationship with is also spam, and 44 percent said a mass distribution of e-mail such as jokes or political views from someone they know personally is also spam.
Urbas also notes that 8 percent of respondents--people who are customers of an antispam suite--admit to purchasing a product promoted to them through spam.
"I support legislation, but I am also concerned that it is not the quick fix that many people believe it is," Urbas said. "There's a lot that has to happen, including people stopping buying from them."
Most people pushing for a federal antispam law agree legislation will not solve the problem on its own, but it could be one part of a multipronged attack that includes antispam technology and a set of standards endorsed by the e-mail marketing industry. But when participants at last week's Senate hearing suggested more time was needed to come up with better legislation or to allow the e-mail marketing industry to endorse standards, CAN-SPAM sponsors Burns and Wyden protested, saying consumers are fed up with spam.
"We know that the industry is going to have to step forward," Burns said. "It is my belief that they will not until there is a national legislation that forces them to consider ... how to deal with this thing. It's time to quit beating around the bush and tell it like it is."
Paul Roberts of the IDG News Service contributed to this report
108th Congress - Currently Pending Legislation
(last updated 5/12/03)
In recent weeks, several pieces of legislation have been proposed in the US Congress. We are currently preparing analyses and will publish them on the website as soon as they are available. However, at present we have seen no legislative proposals that CAUCE is prepared to endorse.
On April 30, 2003, CAUCE joined a number of other consumer groups in expressing opposition to the Burns-Wyden "CAN-SPAM Act":
[This letter was published April 28 for delivery to the FTC April 30.]
We, the undersigned groups, representing consumer interests, urge Congress to pass legislation to empower individuals to act against senders of Unsolicited Commercial Email (UCE). The leading bill currently before Congress, S.877 (CAN-SPAM Act of 2003) does not meet two requirements that we consider essential: an opt-in policy, and a private right of action.
Because spammers impose costs on recipients, the correct policy is to prohibit it, just as Congress prohibited junk faxes in the Telephone Consumer Protection Act of 1991 (TCPA). An acceptable alternative would be to enable network owners such as ISPs to post an electronic "No Spamming" sign, as was done in the 106th Congress's H.R. 3113, which passed the House. An opt-out policy, which is taken in S. 877, will not significantly reduce the widespread damage to consumers' interests and confidence.
The second essential requirement is that recipients of UCE have a private right of action. Liquidated damages of $500, as in the TCPA, are appropriate. ISPs should also have a right of action, but leaving enforcement solely to them, or state or federal regulators would leave far too many spammers breaking the law.
Beyond these fundamental requirements are numerous details, including a narrow exemption for existing business relationships such as the one that Federal Trade Commission (FTC) arrived at in their Telemarketing Sales Rule this year.
The definition of a solicitation should be carefully limited to avoid any impact on non-commercial speech, such as speech about religion or politics. Measures against typical spammer tactics such as the falsification of return addresses and other headers are desirable but not sufficient.
We urge members of Congress to pass anti-spam legislation with an opt-in policy and a private right of action. We also ask the FTC to recommend and support such legislation.
S. 1618 / H.R. 3888 (original draft)
Title III - Spamming
(As originally introduced, S. 1618 sought to amend the Telecommunications Act to prohibit the practice of "slamming" - changing the long distance telephone carrier of a consumer without that consumers permission. In a clever procedural move, Senators Murkowski and Torricelli introduced language which became "Title III" of that bill just moments before the whole bill was passed by the U.S. Senate by unanimous voice vote. The following analysis contains excerpts of CAUCE's comments to the staff of Sen. Murkowski the morning before the bill's introduction and passage.)
The following was CAUCE's position statement on S. 1618 and the original draft of H.R.3888:
Although CAUCE endorses the bill's intended goal of removing the cost and time burden that Unsolicited Commercial Email (UCE) places on Internet users, we believe that this proposed law will, if anything, make that burden greater. Specifically, we have the following issues of concern:
The bill legitimizes UCE, making it possible to legally deliver vast quantities of UCE to all Internet users.
The bill's valid header/address requirements pose little obstacle to delivering larger and ever-increasing quantities of UCE.
The bill's removal requirements are little deterrent to millions of home-based, do-it-yourself junk emailers, and with government agencies like the Federal Trade Commission (FTC) as the sole enforcement body, the likelihood of meaningful enforcement is minimal.
Even if all legal requirements are met, the bill will allow each of thousands of marketing organizations "one free bite" at every email recipient, allowing citizens to legally be inundated with increasing volumes of UCE.
The bill could be seen to preempt private rights of action based on state laws.
First, we are extremely concerned that this amendment goes farther than any existing proposal in establishing UCE as a legitimate method of marketing. This amendment legalizes any UCE that meets minimal standards for truthfulness in delivery, making this bill worse than staying with the status quo. This bill would legitimize an utterly unconscionable practice. It would create a legal framework in which it would be perfectly permissible to harass millions of people on a daily basis with uninvited and unwelcome solicitations; uninvited and unwelcome solicitations that interrupt workers productivity and invade the home at all hours of the day; uninvited and unwelcome messages that advertise explicit pornography, and all varieties of illegitimate business practices; uninvited and unwelcome solicitations that recipients have no choice but to receive, process, and pay for.
No legitimate form of advertising forces the recipient to pay an out of pocket charge to receive advertising messages they did not ask for and invariably do not want. No legitimate form of advertising forces the deliverer to bear enormous out of pocket costs for processing, storing and delivering unsolicited advertising messages. Junk email does both. By contrast, every form of legitimate advertising imposes some marginal cost per message on the advertiser, creating a natural cap on the number and frequency of messages. Every form of advertising supports the media in which it is transmitted, thereby rendering the medium cheaper for all to use. Junk email imposes no marginal cost per message, creating perverse incentives for advertisers to flood the medium with mass solicitations. Further, rather than supporting the Internet infrastructure, junk email burdens it to an incredible degree, forcing ISPs to spend millions of dollars a year, to process unwanted junk email, and forcing increased expenses on end users -- particularly those whose Internet access is already costly and tenuous. The only way to reduce the cost to end users is to create a disincentive to send large quantities of UCE; any legislation that legitimizes the twisted economics of UCE does a disservice to the citizens they would seek to protect.
Second, we appreciate Senators Murkowski's and Torricelli's efforts to address the issue of fraudulent headers and fraudulent or nonexistent contact information. However, while large quantities of UCE today are delivered using fake header information and invalid return addresses, the requirement of a valid return address and valid headers doesn't provide a tremendous obstacle to most junk emailers. For example, one could open an account with a local ISP and send a million messages out, in violation of their policies. The mail would have valid routing and would have a valid return address -- valid, that is, until the ISP terminates the account and renders the address invalid. But that invalidity would be beyond the control of the perpetrator and could provide a defense to charges under that provision of the law. (The question of whether the junk mailer defrauded the ISP is, of course, beyond the scope of this proposal. That issue is, however, addressed by AB 1629 in California, legislation which is rapidly gathering support from ISPs, including AOL.)
Third, the bill would impose removal requirements on established junk email companies who maintain large lists, but would not realistically affect the large numbers of do-it-yourself junk emailers who harvest addresses on their own and may only send UCE a handful of times. Most of the UCE sent at present comes from these small-time, mercurial operators, not from established bulk email companies. These people operate with a large degree of anonymity, using specially designed "spamware" to facilitate defrauding ISPs, hijacking mail servers, harvesting addresses, etc. Tracking these perpetrators requires significant investigation and protracted legal action to determine their identities -- and they know this. These people will not be deterred by the fear that the FTC would devote extensive enforcement resources to launch an action based on a dozen rounds of UCE sent from their basement workstation.
Senators Murkowski and Torricelli claim that they are interested in keeping government out of the business of regulating the Internet, however it bears pointing out that theirs is the only legislation which expands the jurisdiction of any federal agency and requires that agency to investigate email practices. While making explicit the FTC's authority over fraud in email may not be a bad thing, Congressman Smith's legislation places enforcement in the hands of the consumers who are harmed, not into the hands any government agency.
The FTC is excellent at picking out the worst of the bad actors and making a public example of them with high-profile enforcement actions and enormous fines. But private suits by companies like AOL, Earthlink, CompuServe, and other ISPs have already created these spectacles and driven the junk email industry back under the rock from which it emerged. There are few multi-million dollar junk emailers in the business these days and the likelihood of large public enforcement actions with big money fines and penalties is just not an option when the majority of the UCE "industry" consists of people spamming in their spare time from their basement. Thus, there is little incentive for the FTC to pursue these perpetrators at any length, particularly since most are not in the spamming business for the long-term. Indeed most of these people stop sending UCE of their own accord when all of their Internet accounts are eventually terminated and they become "persona non grata" among their local ISPs.
But for each junk emailer who retires, there are constant replacements entering the UCE market everyday. With dozens -- possibly even hundreds -- of home-based junk emailers entering the market every day, the FTC would require funding to rival a branch of the military if there was to be any hope of pursuing the small-time, do-it-yourself junk emailers in a timely or effective manner. Most laws that require centralized enforcement of wide-spread phenomena have a decreased likelihood of swift and thorough enforcement. Thus CAUCE strongly encourage private rights of action in UCE-related legislation, encouraging citizens and ISPs to take on the burden of enforcement. A few hundred million users will be a more effective police force than a handful of government prosecutors.
Fourth, even with effective enforcement of removal restrictions, this would still permit every junk emailer "one free bite" at every recipient. A hundred pieces of UCE from each of 10 junk emailers imposes no less cost on users than one piece of UCE from a thousand individual companies. Moreover, with such a low threshold for making UCE legitimate, more companies will be tempted to try bulk email. Indeed, more legitimate businesses are already entering the bulk email market everyday: In recent weeks we have seen reports of bulk email campaigns from an ISP in New Jersey, several Web Site Hosting firms, a car dealership near Seattle, an online auction house, a major U.S. automobile manufacturer, a North Carolina supreme court candidate, a political consulting firm in California, and a mid-sized multimedia software company. If it is the goal of Senators Murkowski and Torricelli to reduce the costs of Internet service for their constituents (and everyone), this legislation will not do that -- indeed, it would likely do exactly the opposite.
Finally, while this bill clearly gives the FTC jurisdiction over some types of offenses relating to UCE and permits state officials to proceed with their own prosecutions, CAUCE is concerned that, as written, the bill could be construed as preempting individual rights of action either under common law or under state statutes relating to UCE. Unless it is the intention of the Congress to occupy the regulatory field on the issue of UCE and preempt state-based or common law based rights of action (something CAUCE will vigorously oppose), this legislation should -- at a minimum -- guarantee that viability of individual rights of action under state statute and/or common law.
In summary, CAUCE is deeply concerned that this bill would do little to stem the rising flood of unsolicited commercial email, and by setting such a low threshold for legitimacy, would allow for increasing volumes of junk email. As written, the bill sets standards which are easily met -- even by today's crop of disreputable and brazen junk emailers -- and would allow them to continue after only a moment's hesitation. By placing enforcement solely in the hands of government bureaucracies, there is a minimal likelihood of actual enforcement against the most virulent and prolific kinds of fly-by-night, do-it-yourself junk emailers. Finally, any federal legislation on UCE should make explicitly clear that more vigorous state statutes and other remedies under law (particularly individual causes of action) would be unaffected by this legislation.
Powered by vBulletin® Version 4.1.12 Copyright © 2013 vBulletin Solutions, Inc. All rights reserved.