E.   Congress Continues Anti-Spam Push; State Action Shifts to Courts

Legislative Efforts

     Five bills to limit or eliminate spam are pending in the 107th Congress.  On Feb. 14, 2001, Rep. Heather Wilson (R-N.M.) introduced the Unsolicited Electronic Mail Act of 2001 (H.R. 718).  This bill was identical in substance to a bill she originally introduced in October 1999 (H.R. 3113).  That measure had passed the House of Representatives on July 18, 2000, and was subsequently re-introduced in January 2001 as H.R. 95 by Rep. Gene Green (D-Tex.).  As reported by the House Judiciary Committee on June 5, 2001, the amended bill reduces permissible statutory damages and limits protection for Internet service providers (ISPs) against liability for innocent retransmission of unsolicited commercial e-mail.

     In its original incarnation, H.R. 718 would have required unsolicited commercial e-mail to be clearly and conspicuously identified as such and to include notice of a provision to allow recipients to opt-out of receiving further e-mail from that sender.  As amended, the bill prohibits a sender from using false e-mail addresses or routing information.  It requires that labels be included on sexually oriented e-mail messages but no longer requires opt-out notices.

     In addition, the bill would have prohibited a sender from using an ISP’s services to send unsolicited commercial e-mail in violation of the ISP’s policy if such policy were clearly posted or otherwise made available in accordance with statutory conditions.  This would protect ISPs from liability for any act taken in good faith to prevent the transmission or receipt of unsolicited commercial e-mail.  As amended, H.R. 718 does not allow ISPs that define their own anti-spamming policies to benefit from any such safe harbor, but does create a private right of action for ISPs to recover the greater of actual monetary damages or $5 for each violation, not to exceed $1 million, unless a sender transmits over 20 million unsolicited commercial e-mail messages in one year, in which case no limit on liability shall exist.

     On March 14, 2001, Rep. Bob Goodlatte (R-Va.) introduced the Anti-Spamming Act of 2001 (H.R. 1017).  This bill prohibits both the sending of unsolicited bulk commercial e-mail with false e-mail addresses or routing information, and the sale or distribution of computer programs and software designed primarily to falsify such routing information.  H.R. 1017 also creates a private right of action for e-mail recipients to recover the greater of actual monetary damages and statutory damages of $15,000 per violation or an amount of up to $10 per message per violation.

     On Oct. 16, 2001, Rep. Christopher Smith (R-N.J.) introduced the Netizens Protection Act of 2001 (H.R. 3146), which is identical in substance to a bill he introduced in the 106th Congress.  This bill requires all unsolicited bulk commercial e-mail messages to contain the sender’s name, physical address, and e-mail address, as well as opt-out instructions.  Unlike the current version of Rep. Wilson’s H.R. 718, this bill would create a safe harbor for ISPs that notify their customers of their policies on unsolicited e-mail.  It would allow those ISPs to sue customers for violations of their policies.  Rep. Smith’s measure would not pre-empt state laws governing unsolicited commercial e-mail.

     Also pending in the House of Representatives is the Wireless Telephone Spam Protection Act (H.R. 113), introduced by Rep. Rush Holt (D-N.J.) on Jan. 3, 2001.  This bill would prohibit the use of wireless text, graphic, or imaging messaging systems (including cellular phones) to send unsolicited commercial advertisements.

     With respect to legislation before the Senate, Sen. Conrad Burns (R-Mont.) introduced the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2001 (S. 630) in March 2001, which would prohibit the sending of e-mails with falsified routing information.  It would also require the inclusion of an e-mail address, physical address, and opt-out instructions in any unsolicited commercial message.  S. 630 would also give the Federal Trade Commission and state attorneys general a right of enforcement.

     At the state level in 2001, Nevada amended a spam statute enacted in 1999, making it illegal to send unsolicited commercial e-mail unless it is identifiable as an advertisement and includes the sender’s name, physical address, e-mail address, and opt-out notice and instructions.  The law also provides for ISP immunity from civil damages under the statute for the innocent retransmission of spam.  

     Perhaps the two most significant state cases to date have involved the constitutionality of the state anti-spam laws themselves.  On June 7, 2001, the Supreme Court of Washington upheld the state’s anti-spam law, overturning a superior court ruling that the act was “restrictive and burdensome” and unconstitutionally violated the Interstate Commerce Clause.  State v. Heckel, 24 P.3d 404 (Wash.), cert. denied, 122 S. Ct. 467 (2001).

     The Washington law, enacted in June 1998, prohibits sending unsolicited bulk commercial e-mail to Washington residents or from a Washington-based computer that uses a third party’s domain name without its consent, misrepresents or falsifies routing information, or uses a false or misleading e-mail subject line.

     The Washington Supreme Court held that the only burden the law places on senders of unsolicited bulk commercial e-mail is the “requirement of truthfulness, a requirement that does not burden commerce at all but actually facilitates it by eliminating fraud and deception.”  On Oct. 29, 2001, the U.S. Supreme Court declined to hear a constitutional challenge to the Washington anti-spam law, effectively clearing the way for states to regulate unsolicited commercial e-mail in the absence of any federal anti-spam legislation.

     In March 2001, the San Diego County district attorney’s office filed criminal felony charges against two individuals for disrupting computer services, unauthorized use of computer services, and using false domain names to disguise their identities in sending unsolicited commercial e-mail and causing excessive monetary damages, in violation of California Penal Code Section 502.  A hearing is pending.

     At least one company has filed suit against a spammer that falsely used its name to send unsolicited e-mails.  In May 2001, Motorola filed a lawsuit in a federal district court in Illinois against Digital Wireless Technologies, a California paging company, for sending false and unsolicited commercial e-mail offering a free Motorola pager, when in fact the pager was not a Motorola product.  The lawsuit claims that Digital Wireless Technologies violated deceptive trade practice laws and unsolicited e-mail statutes.  The suit is pending.

     On Aug. 20, 2001, a federal magistrate judge in Iowa applied Virginia law in a case involving alleged violations of the federal computer fraud statute and the Virginia Computer Crimes Act.  America Online, Inc. v. National Health Care Discount, Inc., No. C98-4111-PAZ, 2001 WL 1525824 (N.D. Iowa 2001).  AOL alleged that the defendant hired people to illegally send unsolicited bulk e-mail advertisements to AOL’s subscribers.  The court held that the defendant both caused the requisite damage for purposes of the federal statute and could be held liable under the Virginia statute for the actions of the individual e-mail senders themselves. 

     AOL also filed suit against Cyber Entertainment Network in December 2000 in a federal district court in Virginia, alleging the defendant illegally used AOL’s system to send unsolicited sexually oriented bulk e-mail to AOL members.  The suit is pending.  AOL is seeking an injunction against any further spamming, as well as damages in the amount of either $10 for each e-mail sent or $25,000 for each day during which such e-mails were sent over AOL’s system.

     In June 2001, a New York State lower court granted MonsterHut, Inc., an Internet marketing company, a preliminary injunction barring an ISP from removing the company from its network.  MonsterHut, Inc. v. Paetec Communications, Inc., Case No. 107189 (Sup. Ct. N.Y. 2001).  The ISP attempted to terminate its contract with MonsterHut upon receipt of complaints from Internet users claiming to have received unsolicited e-mail from MonsterHut.  The court held that the contract between the ISP and MonsterHut prohibits MonsterHut from sending spam, but that the prohibition is triggered only if more than 2 percent of the recipients of such unsolicited e-mail complain to the ISP.  That threshold had not been met.

     A few cases also have been brought by firms claiming to have been falsely “black-listed” as spammers by anti-spam organizations.  In August 2001, Media3 Technologies LLC, a Web hosting company, settled a lawsuit against Mail Abuse Prevention System (MAPS), a California-based anti-spam organization that publishes a list of IP addresses that allegedly host spammers.  ISPs routinely use the MAPS lists to identify potential spammers, and many ISPs subsequently stop conducting business with listed firms to limit the amount of spam transmitted on their systems. 

     The settlement requires MAPS to remove Media3’s IP addresses from its list.  This decision overturned a ruling by a federal district court in Boston in January 2001, which denied Media3’s request for a temporary restraining order.  The order would have required MAPS to remove certain of Media3’s IP addresses from its list pending trial.  However, the district court found that Media3 had failed to prove it would suffer irreparable injury if MAPS continued to list Media3’s addresses on its blacklist.

     In October 2001, MAPS reached a settlement with Experian (formerly known as Exactis), a firm that transmits approximately 500 million e-mails every month on behalf of various publishing houses and online information companies.  The settlement agreement prohibits MAPS from listing Experian on its blacklist without first obtaining a court order.  In addition, Experian must require its clients to maintain and provide Experian with a list of e-mail addresses of only those recipients who voluntarily consent to receive its commercial e-mails.  In December 2000, a federal district court in Denver had granted Experian’s request for a restraining order, thereby preventing MAPS from adding Experian to its published list of spammers, pending a trial. 

     At least one wireless phone provider has also initiated a lawsuit against an alleged spammer.  In October 2001, Verizon Wireless settled a lawsuit with Acacia National Mortgage Co. that prohibits the institution from sending unsolicited commercial text messages to Verizon Wireless customers.  Verizon had filed the suit against Acacia in a federal district court in Denver, alleging that Acacia violated the Colorado Junk Email Law.  That statute prohibits the sending of unsolicited commercial e-mail that contains false or missing routing information, and requires senders to label such e-mail as advertising and to include opt-out instructions.

International Efforts To Limit Spam

     It is interesting to note that efforts to limit spam are not, by any means, limited to the United States.  In July 2000, the European Commission unveiled eight proposals outlining a regulatory telecommunications framework for the European Union (E.U.), including common rules for interconnection, licensing, data privacy, and unsolicited communications.  The framework would create an opt-in approach, prohibiting unsolicited commercial e-mail unless a subscriber had specifically indicated a desire to receive such e-mail.  In November 2001, the European Parliament approved an amended version of a European Commission proposal that effectively leaves the decision of whether to ban unsolicited commercial e-mail to member states.

     On July 11, 2001, the Committee on Citizens’ Freedoms and Rights, Justice, and Home Affairs of the European Parliament rejected the opt-in approach, instead requiring that senders of unsolicited e-mail messages include opt-out instructions.  The amendments supplement this “opt-out” approach with a prohibition on disguising or concealing the identity of the sender.  The amendments leave it to the discretion of member states to enact stricter measures with respect to unsolicited commercial e-mail.

     This measure was adopted by the European Parliament on December 10, 2001, and now awaits ratification by the 15 member states of the European Union.  It will then need to be implemented in each member state, with the aim of going into effect in late 2002 or early 2003.

     Meanwhile, a bill was introduced in the Japanese Diet in November 2001 attempting to ban unsolicited commercial e-mail in Japan.  The bill requires senders to include the sender’s name, physical address, e-mail address, and notice of opt-out provisions.  In addition, any such e-mail must be readily identifiable and labeled as an advertisement.