From: John Glube
Sent: Saturday, August 07, 2004 7:48 PM
Seth Goodman wrote on August 7, 2004 at 1:24 AM:
Sorry to spoil the jovial mood here, but our Federal
CAN-SPAM Act rescinded any right that an individual U.S.
citizen had to sue for damages as a result of spamming.
The provision which overrides State laws reads in part:
This Act supersedes any statute, regulation, or rule of a
State or political subdivision of a State that expressly
regulates the use of electronic mail to send commercial
messages, except to the extent that any such statute,
regulation, or rule prohibits falsity or deception in any
portion of a commercial electronic mail message or
information attached thereto.
See sub-paragraph 8 (2) (b) (1) of the Act
http://www.learnsteps4profit.com/antispamus.html
Please note the exception:
except to the extent that any such statute, regulation, or
rule prohibits falsity or deception in any portion of a
commercial electronic mail message or information attached
thereto.
This allows a State to pass a law giving individuals the
right to bring civil suit for damages suffered from
receiving a commercial email message with false or
misleading headers.
There is presently a bill before the California State
Assembly to do this and specifies the damage claim at up to
$1,000 per message or a total amount of $1 million dollars
US per incident.
http://info.sen.ca.gov/pub/bill/sen/sb_1451-1500/sb_1457_bill_200
40805_amended_asm.html
This law has yet to be passed, it appears to directly contravene the
intent of the Federal Legislation, and even if it didn't, it will have
to withstand lengthy and aggressive court challenges by the DMA, the
author of the original legislation. You are also well aware that the
rush to get CAN-SPAM passed was due to the California law that was
extremely similar to the one that you refer to. Congress fully intended
to prevent States from enacting this type of law. Whether California
will win on some technicality is yet to be seen.
Also, the Federal Act states:
This Act shall not be construed to preempt the
applicability of--
(A) State laws that are not specific to electronic mail,
including State trespass, contract, or tort law; or
(B) other State laws to the extent that those laws relate
to acts of fraud or computer crime."
See sub-paragraph 8 (2) (b) (2) of the CAN SPAM Act of 2003
http://www.learnsteps4profit.com/antispamus.html
If someone wants to bring a civil action against a spammer
for damages under State trespass, contract, or tort law
they are free to do so.
For which there is no precedent, and the resulting legal challenges
would require deeper pockets than any individual has. The DMA did it's
homework when they authored the present law.
Similarly, if a State has a fraud or computer crime statute
and this statute were:
* to define spoofing or phishing as fraudulent activities;
* make these activities a crime and also create a civil
right of action, the Federal law would not pre-empt this
statute.
If there really are all the legal options that you imply, then why have
all legal actions against spammers virtually stopped since the passage
of the new law? I think the economics are quite simple. Any such
action by a State would be immediately challenged by the DMA. The
States are broke and are under assault from dozens of constituencies
while the DMA has plenty of resources and only one issue. There is a
very good reason why the DMA was jubilant after the passage of this law.
They won. Properly formatted spam is now legal in the U.S. Even though
virtually none of the spam hitting people's inboxes meet the
requirements of the law, it doesn't seem to matter to the government.
They passed a law and now they are done.
Seth writes:
Only ISP's, State Attorneys General and the Federal
Government can bring civil action against spammers.
Under the Act, the parties who can bring civil actions are:
* Internet access services - a term defined in the
Communications Act. This includes ISPs, business networks,
ESPs, mail box providers and others who provide information
and email access;
* State Attorney's General;
* the Federal Trade Commission and other specifically
designated agencies of the Federal Government;
(The FCC is responsible for wireless spam.)
See generally section 7 of the Act
http://www.learnsteps4profit.com/antispamus.html
The above agrees with my statement. We could quibble about the
definition of an ISP, but it generally supports what I stated.
Seth goes on to write:
As for criminal prosecution, the DNSBL's collectively have
sufficient evidence to prove violations of the law in
thousands of cases, but how many injunctions have been
handed down by the Federal Government since the law took
effect in January? Exactly two. If I were a spammer, I
don't think I would worry about legal action.
Actually, there have been 3 civil actions taken and 1
related criminal prosecution commenced since the passage of
the Act.
I'll take your word for it. That is one less Federal injunction than I
said and three more civil actions. With thousands of spammers out
there, four cases in seven months is about as little as one could do
without being accused of doing absolutely nothing. Judging by the lack
of effect on the volume of spam during that period, we really _can_ say
that the legal system has done nothing to curb spamming.
http://www.ftc.gov/opa/2004/04/040429canspam.htm
- and -
http://www.ftc.gov/opa/2004/07/creaghan.htm
In the 2 actions brought in April, it seemed the Feds were
willing to work with the folks at Spamhaus.
However, in Muris's testimony before the US Senate in May,
the FTC rejected the "evidence" of Spamhaus and others
as spam lore.
The relevant portion of the testimony starts with this
comment:
Reliable information about spam is extremely limited,
although there is much “spam lore” that has little if any
basis in fact.
Anyone who has used the Spamhaus DNSBL knows that their lists are
extremely accurate. I say this base on the large amount of spam it
allows you to reject along with the extremely small rate of false
positives. Any Federal rejection of DNSBL information as "spam lore" is
indicative of their unwillingness to confront the problem. DNSBL's do
work and their information is of extremely high quality. If they were
not highly accurate, people would not use them. Customers of ISP's are
generally not technically sophisticated, but they do demand results.
They don't really care what methods the ISP uses to keep spam out of
their inboxes. The systems administrators of those ISP's keep their
jobs by delivering results, and DNSBL's have been a great aid in
whatever success they've had.
The Federal government's distrust of the DNSBL's just doesn't hold water
from a factual standpoint. I suggest their objection to them is
probably political. People who run DNSBL's tend not to be laissez-faire
free-market Republicans. The people running the Federal government are.
Given this reality, it is not surprising that the Fed's are somewhat
reluctant to trust the DNSBL's. However, the DNSBL's have evidence that
the Fed's are either unwilling or unable to collect, so their position
is both irresponsible and not in the public interest.
For example, some sources in Europe claim that the vast
majority of spam originates in the United States.
Similarly, some sources in the U.S. opine that most spam in
Americans’ inboxes arrives from Asia, South America, or
Eastern Europe.
In fact, nearly all spam is virtually untraceable, either
because it contains falsified routing information or
because it comes through open proxies or open relays."
To read the full comment, see pages 6 - 8 of the prepared
testimony of Chairman Muris found at:
http://www.ftc.gov/speeches/muris/040520spamemailtest.pdf
Overall, including actions taken before the passage of the
CAN SPAM Act of 2003, there have been 62 spam related
actions brought by the FTC.
In other words, they took far more action before the passage of the law
than since. It is clear that despite public statements to the contrary,
the Federal government has no real interest in curbing spam. The
evidence is available, and even the current weak law is violated on an
immense scale every day, yet there are virtually no actions.
For more on this and the overall perspective of the FTC
concerning international prosecutions, read:
http://www.itu.int/osg/spu/spam/presentations/STEVENSON_Session%2
06.pdf
Seth goes on to write:
Exactly who is going to bring all these lawsuits once we
"identify" the spammers? The largest ISP's have gone after
a few dozen spammers in high-profile cases. While it is
certainly the right thing to do, these few companies cannot
by themselves win this fight. SPF will make it easier for
us to blacklist spamming domains and do so more quickly,
but let's not kid ourselves about there being legal
consequences for most spammers - at least in the U.S.
On this point the jury is still out, but given what has
transpired to date, especially since the passage of the CAN
SPAM Act of 2003 there is cause for scepticism.
I'm glad that you are least skeptical. There are seven months of
history since the new law was passed. How long should we wait before
saying, "nothing is happening"? Does this have to be like the tobacco
situation or global warming where some people maintained, "there is
still no absolute proof of a link between ... ". I guess that's what
you say when all the evidence points against you. You claim all the
evidence is not yet in.
John
P.S. The fundamental flaw with the US position is that the
law cannot be used to enforce volume control.
The early results since the passage of Australia's Spam Act
of 2003 clearly suggest this view is not correct:
Spam Act closes down major spammers
http://www.aca.gov.au/aca_home/media_releases/media_enquiries/200
4/04-55.htm
- and -
Follow Australia!
http://www.spamhaus.org/news.lasso?article=154
Since this is an opt-in law with penalties that can be over $1M/day, I'm
not surprised it is effective. Our opt-out law with weak penalties,
severe restrictions on who can bring civil action coupled with lack of
criminal prosecution has yielded a predictable result. Do you hear of
U.S. spammers getting out of the business or leaving the country? Why
should they, times are better than ever. I'm sure if we passed a law
like Australia's and enforced it like they do, we would enjoy similar
results.
--
Seth Goodman