G.  Congress, State Legislatures Restrict Unsolicited Commercial E-Mail

    The issue of unsolicited electronic mail, or “spam,” is a volatile one.  On one hand, Internet users -- and the Internet service providers (ISPs) that deliver e-mail to them -- despise spam.  From the users’ perspective, it clogs in-mail boxes and brings content that they find inappropriate -- particularly advertisements for adult Web sites -- into their homes. 

    From the ISPs’ perspective, spam represents a drain on the Internet system.  Bulk, unsolicited e-mail messages routinely overload ISPs’ servers.  Unlike telemarketers or junk mailers who pay phone and mail costs, spammers can send millions of e-mail messages for virtually no cost.  But the cost of delivering millions of bulk e-mail messages to the system and to users can be great.

    On the other hand, of course, unsolicited e-mail messages constitute speech.  Some bills recently passed by state legislatures attempt broadly to ban spam without recognizing the potential First Amendment values implicated by flat bans on speech.  Others attempt to limit their constitutional liability by requiring labeling or penalizing only false and deceptive commercial e-mail.  One state law has fallen to a constitutional challenge based on an Interstate Commerce Clause argument as well.  Bills to regulate unsolicited commercial e-mail are pending before Congress, which has yet to pass legislation on this topic.

Federal Legislative Efforts

    Although a number of bills have been introduced in Congress to attempt to limit or eliminate spam, there has not yet been specific federal legislation passed to deal with unsolicited commercial e-mail.  Currently two such bills are pending in the 107th Congress.

    On Jan. 3, 2001, Rep. Gene Green (D-Texas) introduced the Unsolicited Electronic Mail Act of 2001 (H.R. 95).  This bill is identical in substance to a bill originally introduced by Rep. Heather Wilson (R-N.M.) in October 1999 (H.R. 3113), which had passed the House of Representatives on July 18, 2000.  The bill would require unsolicited commercial e-mail to be clearly and conspicuously identified as such and to include notice of a provision to allow recipients to opt-out of receiving further e-mail from that sender.  H.R. 95 would also prohibit a sender from using false e-mail addresses or routing information. 

    Moreover, the bill would prohibit a sender from using an ISP’s services to send unsolicited commercial e-mail in violation of the ISP’s policy if such policy is clearly posted or otherwise made available in accordance with statutory conditions.  The bill would protect ISPs from liability for innocent retransmission of unsolicited commercial e-mail and for any act taken in good faith to prevent the transmission of receipt of unsolicited commercial e-mail.  Finally, the bill would create a private right of action for recipients and ISPs to recover the greater of actual monetary damages or $500 for each violation, not to exceed $50,000 or $150,000 for willful or repeated violations.

    The second piece of pending legislation is the Wireless Telephone Spam Protection Act (H.R. 113), introduced by Rep. Rush Holt (D-N.J.) on Jan. 3, 2001.  This act would prohibit the use of wireless text, graphic, or imaging messaging systems (including cellular phones) to send unsolicited commercial advertisements.

    A bill introduced in May 2000 by Sen. Conrad Burns (R-Mont.), the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2000, did not pass in the last Congress.  That bill would have prohibited both the sending of e-mails with falsified or misleading routing information, and the sale or possession of software primarily designed to falsify such information. 

    The bill also would have outlined Federal Trade Commission procedures for notifying alleged violators.  These included directing the person in question to discontinue further transmission; requiring the person to immediately delete e-mail addresses of recipients who opted out; and prohibiting the person from transferring a mailing list that contained such opted-out addresses.  A number of other proposed federal bills introduced in 1999, and described in the last edition of this book, were not enacted.   

State Legislation

    Most of the specific legislation enacted against unsolicited e-mail has been on the state front.  Virginia, Illinois, and Delaware adopted laws regulating unsolicited commercial e-mail in 2000.  In addition, Idaho in April 2000 approved a law prohibiting the sender of unsolicited bulk commercial e-mail from using fictitious third-party domain names for return addresses, misrepresenting routing information, or failing to identify the point of origin of the message.  Furthermore, the sender must include a “readily identifiable” e-mail address for opt-out requests. 

    In June 2000, three states approved similar laws restricting spam.  The Colorado Junk E-Mail Law, which applies to e-mail sent to Colorado residents using a provider or equipment located in Colorado, mandates that unsolicited commercial e-mail must identify itself with an “advertising” label (“ADV”) at the beginning of the subject line.  It must also include the sender’s valid e-mail address and opt-out provisions. 

    A Pennsylvania measure requires a subject-line label of “ADV-ADULT” if the unsolicited e-mail contains “explicit sexual materials.”  Finally, a Missouri law requires e-mail to contain both valid contact information and opt-out instructions.  The law provides for the greater of $500 or actual damages caused by a violation to recipients and the greater of $1,000 or actual damages caused by a violation to ISPs.

Federal and State Court Litigation

    Perhaps the two most significant state cases to date have involved the constitutionality of the state anti-spam laws themselves.  On March 10, 2000, a Washington State superior court judge dismissed a case brought against an alleged spammer, ruling that Washington’s anti-spam law was “restrictive and burdensome” and unconstitutionally violated the Interstate Commerce Clause.  State v. Heckel, Case No. 98-2-25480-7 SEA, 2000 WL 979720 (Wash. Super. Ct. Mar. 10, 2000). 

    The Washington law, which was enacted in June 1998, had prohibited sending unsolicited bulk commercial e-mail that used a third party’s domain name without its consent, misrepresented or falsified routing information, or used a false or misleading e-mail subject line.  The state attorney general’s office has appealed the decision to the state supreme court.

    In June 2000, one of California’s anti-spam laws was similarly held unconstitutional by a San Francisco county superior court because it placed “inconsistent restrictions” on interstate use of the Internet.  Ferguson v. Friendfinder, Case No. 307309 (Cal. Super. Ct. 2000).  The California law, which went into effect Jan. 1, 1999, had required unsolicited commercial e-mail to identify itself using “ADV” in the subject header (or “ADV:ADLT” for sexually explicit content) and to include a valid sender e-mail address and opt-out provisions.  A second anti-spam provision, which makes it a crime to use a California computer network to send advertisements by e-mail that violate the policies of an ISP, remains in effect.

    Most other spam-related litigation has been brought by ISPs against alleged spammers.  For example, on Dec. 14, 1999 a magistrate judge of the U.S. District Court for the Southern District of New York ruled in favor of America Online, Inc. in its claim that the defendant’s unauthorized sending of unsolicited commercial e-mail to AOL subscribers violated the federal computer fraud statute, 18 U.S.C. Sec. 1030.  America Online, Inc. v. Christian Brothers, No. 98 Civ. 8959 (S.D.N.Y. 1999).  The court reasoned that the defendant’s actions constituted the misappropriation of services that could have been sold to a paying advertiser.  The court refused to apply the law of any state except Virginia, where AOL resides, and found that Virginia’s Computer Crimes Act could not be applied retroactively. 

    On Sept. 29, 2000, a federal magistrate judge in Iowa also applied Virginia law to deny AOL’s motion for summary judgment in a similar case involving alleged violations of the federal computer fraud statute and the Virginia Computer Crimes Act.  America Online, Inc. v. National Health Care Discount, Inc., 121 F. Supp. 2d 1255 (N.D. Iowa 2000).  AOL alleged that the defendant hired people to illegally send unsolicited bulk e-mail advertisements to AOL’s subscribers.  The court held that disputed issues of material fact remained as to whether the defendant caused the requisite damage for purposes of the federal statute and whether the defendant could be held liable under the Virginia statute for the actions of the individual e-mail senders themselves. 

    More recently, AOL filed suit against Cyber Entertainment Network in December 2000 in a federal district court in Virginia, alleging the defendant illegally used AOL’s system to send unsolicited sexually oriented bulk e-mail to AOL members.  The suit is currently pending.  AOL is seeking an injunction against any further spamming, as well as damages in the amount of either $10 for each e-mail sent or $25,000 for each day during which such e-mails were sent over AOL’s system.

    A few cases also have been brought by firms that allegedly have been falsely “black-listed” as spammers by anti-spam organizations.  In December 2000 a firm called Exactis, which transmits approximately 500 million e-mails every month on behalf of various publishing houses and online information companies, filed a request for a restraining order against Mail Abuse Prevention System (MAPS), a California-based anti-spam organization.  A federal district court in Denver granted the order, thereby preventing MAPS from adding Exactis to its published list of spammers, pending a trial in May 2001. ISPs routinely use the MAPS lists to identify potential spammers, and many ISPs subsequently stop conducting business with listed firms to limit the amount of spam transmitted on their systems.

    In January 2001, Media3 Technologies LLC similarly filed a request in a federal district court in Boston for a temporary restraining order that would have required MAPS to remove several of Media3’s IP addresses from its blacklist pending trial.  The court denied this request, however, finding that Media3 had not demonstrated a sufficient likelihood of succeeding on the merits and had failed to prove it would suffer irreparable injury if MAPS continued to list its addresses on its blacklist.

International Efforts To Limit Spam

    It is interesting to note that efforts to limit spam are not, by any means, limited to the United States.  In August 1999, the European Union (E.U.) issued a call for proposals to assess data privacy issues raised by unsolicited e-mail advertising.  In July 2000, the European Commission unveiled eight proposals outlining a regulatory telecommunications framework for the E.U., including common rules for interconnection, licensing, data privacy, and unsolicited communications.  The framework would create an opt-in approach, prohibiting unsolicited commercial e-mail unless a subscriber had specifically indicated a desire to receive such e-mail.  In January 2001, the E.U. held its first public hearings on the proposals.

The author wishes to thank Marianna Horton, an associate at Covington & Burling, for her assistance in the preparation of this chapter.