The assertion that CA has "banned all unsolicited email with no loop
holes" is clearly incorrect. This new statute contains at least two
substantial loopholes that are sure to be exploited, plus some real
technical problems.
Here is the key statutory text:
"Unsolicited commercial e-mail advertisement means a commercial e-mail
advertisement sent to a recipient who meets both of the following criteria:
(1) The recipient has not provided direct consent to receive
advertisements from the advertiser.
(2) The recipient does not have a preexisting or current business
relationship with the advertiser"
Here are the loopholes:
1) The definition of direct consent is weak and will be difficult to
audit/verify, so many questionable list building techniques will
conceivably qualify:
"Direct consent means that the recipient has expressly consented to
receive e-mail advertisements from the advertiser, either in response to
a clear and conspicuous request for the consent or at the recipient's
own initiative."
This does not require double opt-in, nor does it even require "positive
action" by the consent giver. If I provide my email to participate in a
transaction, or to obtain a service, and text indicating I will also be
added to an email list is displayed in the vicinity, this tacit form of
opt-in can easily be construed to constitute "direct consent."
2) The preexisting business relationship exemption presents a much
bigger threat to the effectiveness of the CA statute.
"Preexisting or current business relationship...means that the recipient
has made an inquiry and has provided his or her e-mail address, or has
made an application, purchase, or transaction, with or without
consideration, regarding products or services offered by the advertiser."
As written, any purchase from or inquiry to any provider that I have
ever made authorizes them to email me - even if the marketer obtained my
email address via e-pending or other methods and not by my own provision
- as long as their message contains a functioning opt-out method.
3) There are also additional problems posed by keying the statute's
restrictions to messaging to "California email addresses." The types of
information required to ascertain whether an email address qualifies as
a CA address are generally unavailable to most email list managers:
"California e-mail address means any of the following:
(1) An e-mail address furnished by an electronic mail service
provider that sends bills for furnishing and maintaining that e-mail
address to a mailing address in this state.
(2) An e-mail address ordinarily accessed from a computer
located in this state.
(3) An e-mail address furnished to a resident of this state."
Date: Tue, 23 Sep 2003 18:50:42 -0400
From: Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com>
To: ASRG list <asrg(_at_)ietf(_dot_)org>
Organization: SolidMatrix Technologies, Inc.
Subject: [Asrg] 6. Proposals - Legal - News Article "California Bans Spam"
This just popped up on SlashDot and other places. The State of
California has banned all unsolicited email with no loop holes and
allows providers, the state and receivers to sue for $1,000 / email
message. Law becomes effective on January 1st, 2004 and may be an
important testing group for a federal law. For more information see:
http://yro.slashdot.org/yro/03/09/23/2035204.shtml
http://www.internetnews.com/IAR/article.php/3079701
http://nytimes.com/2003/09/23/business/23CND-SPAM.html
The text of the law is available at:
http://info.sen.ca.gov/pub/bill/sen/sb_0151-0200/sb_186_bill_20030911_enrolled.html
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg