can-spam at 4
DESCRIPTION
TRANSCRIPT
From Recent Cases to Mobile Messaging:What to Advise Clients as CAN-SPAM Turns 4
Presented By Bennet Kelley
Spam is . . .
UnsolicitedUnknown
Sender
Fraudulent
Unwanted
Single Opt-in
Bulk
Commercial
In the Beginning . . .
• September 24, 2003 – Gov. Davis signs SB 186 which was the nation’s firm “spam” ban
• 'We are saying that unsolicited e-mail cannot be sent and there are no loopholes . . . We don't differentiate between Disney and Viagra.
If you go out and rent a list of e-mail addresses, by definition you are not a legitimate business. You are the person we are trying to stop.”
Former California State Senator Kevin MurrayAuthor of SB 186
2003 California Spam Law§ 17529.2. [A] person or entity may not [initiate] or advertise in an unsolicited commercial e-mail advertisement from California . . . [or] to a California electronic mail address . . .
§ 17529.1(o) . "Unsolicited commercial e-mail advertisement" means a commercial e-mail advertisement sent to a recipient who meets both of the following criteria:
(1) The recipient has not provided direct consent to receive advertisements from the advertiser.
(2) The recipient does not have a preexisting or current business relationship, as defined in subdivision (l), with the advertiser promoting the lease, sale, rental, gift offer, or other disposition of any property, goods, services, or extension of credit.
§ 17529.8. (a) (1) [A] recipient of an unsolicited commercial e-mail advertisement transmitted in violation of this article, an electronic mail service provider, or the Attorney General may bring an action against an entity that violates any provision of this article to recover either or both of the following:
(A)Actual damages.
(B)Liquidated damages of one thousand dollars ($1,000) for each unsolicited commercial e-mail advertisement transmitted in violation of Section 17529.2, up to one million dollars ($1,000,000) per incident.
84 days later . . .
President George W. Bush pauses before signing the Controlling the Non-Solicited Pornography and Marketing Act of 2003 . . . in the Oval Office Tuesday, Dec. 16, 2003.
CAN-SPAM Act of 2003
CAN-SPAM DOES NOT . . .
• “CAN Spam” – except for wireless spam
• Include a “Do Not Email Registry”
• Impose an “ADV” labeling requirement
• Create a general private right of action
CAN-SPAM IS . . .
• An anti-fraud and disclosure statute
• Applies to an email where the “primary purpose” is commercial advertisement or promotion of a product or service
• No volume requirement– Is sending a resume
subject to CAN-SPAM?
Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003
CAN-SPAMENCLATURE
SENDER means a person who initiates a commercial e-mail and whose product, service, or Internet web site is advertised or promoted by the message.
INITIATE means to originate or transmit, or procure the origination or transmission of, such an e-mail message
PROCURE means intentionally to pay or induce another person to initiate the message on one's behalf, while knowingly or consciously avoiding knowing the extent to which that person intends to comply with this Act.
Thus, if one company hires another to coordinate an e-mail marketing campaign on its behalf, only the first company is the sender, because the second company's product is not advertised by the message. If the second company . . . transmits e-mail on behalf of the first company, then . . . both companies would be considered to have `initiated' the e-mail, even though only the first company is considered to be the `sender'.
The intent is to make a company responsible for e-mail messages that it hires a third party to send, unless that third party engages in renegade behavior that the hiring company did not know about. However, the hiring company cannot avoid responsibility by purposefully remaining ignorant of the third party's practices
(Senate Report 108-102)
Commercial E-mail Message
CAN-SPAM only applies to
• Commercial Email Messages– “primary purpose” is commercial advertisement or promotion of a
product/service• Union solicitation is a “commercial email message” under CAN-SPAM
Aitken v. Communications Workers of America, 496 F. Supp.2d 653 (E.D. Va. July 12, 2007)
– Excludes “transactional messages” (e.g., messages to facilitate, complete or confirm transaction recipient agreed to with sender; or provide warranty, safety, security info).
• Dual Purpose Transactional Messages if:– Subject line test: If a recipient would reasonably interpret the subject line
to conclude that the “message contains the commercial advertisement or promotion of a commercial product or service;” OR
– Text test: The messages transactional or relationship “content does not appear, in whole or in substantial party, at the beginning of the body of the message.”
CAN-SPAMPrincipal Requirements
From line must identify initiator
Subject line must not be deceptive. Adult Messages must provide notice.
Postal Address for Advertiser
Requires Working Opt-OutMechanism for Advertiser
UCE must be identified
as “advertisement”
From Lines• Must not thwart efforts to identify
and locate the originator of the email
• FTC – no deception if it accurately identifies the person who initiated the message. – “does not mean that the ‘from’ line necessarily
must contain the initiator’s formal or full legal name, but it does mean that it must give the recipient enough information to know who is sending the message.
From Lines (con’t)
• Not deceptive to use multiple domains– “The failure to send mail from a single domain name that includes the word
“Vonage” is simply not a misrepresentation”. Kleffman v. Vonage Holding Corp., Case No. CV 07-2406GAFJWJX (C.D. Cal. May 23, 2007).
• Not misleading to use non-corporate address where domain may be checked using “Who Is”– Gordon v. Virtumundo, Inc., Case No. 06-0204-JCC (W.D.
Wash. May 15, 2007)
• Except where domain itself is misleading.– Domain was “technically accurate,” but was “a front, a shill, and Defendants
intentionally designed the header information to impair the ability of recipients and others to identify Defendants.” US v. Kilbride, 507 F. Supp. 2nd 1051 (D. AZ. Aug. 24, 2007) (registered to country in Mauritius).
What about domain privacy services?
Subject Lines
• Senate Report– test is whether the person initiating the message knows
that the subject heading would be likely to mislead a reasonable recipient about a material fact regarding the content or subject matter of the message
• “New MySpace Phone” subject line misleads consumers by creating false sense of sponsorship by MySpace. – MySpace, Inc. v. The Globe.com, Inc. No. CV 06-3391-
RGK (JCx) (C.D. Cal. Feb. 27, 2007)
• “Free Gift” subject lines violate CAN-SPAM– FTC v. Adteractive, Inc., No. Case No. CV-07-5940 SI
(C.D. Cal. 2007)
Opt-Out Mechanism• Opt-out Link
– More Detailed Options Possible (e.g., menu options for unsubscribing)
– Must be functioning for 30 days– Remove within 10 days– Pending Discretionary Rules propose 3 day standard
• May Not Use/Sell After Opt-out
• Suppression List – Must use before each mailing – Seed suppression to ensure not being abused by affiliates– Consider using compliance monitoring services (e.g,
Lashback)
Opt-Out Mechanism (con’t)
• Separate Lines Of Business or Divisions– If (a) email sent by separate line of
business or separate division; and (b) it holds itself out as the separate unit to the consumer – then opt-out only applies to that division and not the entire company.
ExampleConsumer opting out of email from Chevrolet is not opting out of General Motors.
Opt-Out Examples
Acceptable Opt-Out
I no longer wish to receive the following offers: □ Country Music□ Hip-Hop□ Jazz□ Latin□ K-FED□ Remove me from all offers
Non-compliant
□ I no longer wish to receiveCountry Music offers.
□ I no longer wish to receiveupdates on Sanjaya
□ Please send me more stuff!!
Messages with Multiple Advertisers
CURRENT RULE
CAN-SPAM ACT AS DRAFTED: • All must have opt-out
FTC Guidance Letter
• Single opt-out permissible if:
(1) the recipient has opted-in to receive multi-advertiser messages and such consent is documented
(2) one advertiser assumes role as “Designated Sender”
(3) “Designated Sender” provides opt-out link which it honors; and
(4) “Designated Sender” should select the list and its name should be in the from line.
2005 PROPOSED REGULATIONS
• May designate one advertiser as the sender – who must provide address, opt-out link etc.
• Designated Sender must either:
(1) Control the content; OR
(2) Determine list to be used; OR
(3) Be identified in from line; AND
(4) No other advertiser satisfies 1-3
• Not in effect yet
What About Wireless Email?
• CAN-SPAM Directed Federal Communications Commission (“FCC”) to adopt rules to, among other things, “provide subscribers to commercial mobile services the ability to avoid receiving mobile service commercial messages unless the subscriber has provided express prior authorization to the sender”. (Emphasis added)
• FCC Adopted CAN-SPAM Rule in 2004 setting disclosure standards to obtain consumers “express authorization”– In the Matter of Rules and Regulations Implementing the
Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, Order, CG Docket No. 04-53, FCC 04-194 (Aug. 12, 2004), 69 Fed. Reg. 55765 (September 16, 2004), 47 C.F.R. § 64.3100(d) (emphasis added).
FCC Consent Requirements• Requires Express Prior Authorization
– may be obtained by oral or written means, including electronic methods
• Must specify the mobile address authorized
• Must obtain express consent for third-party solicitations – Express Prior Authorization must be obtained by the party initiating the
mobile service commercial message. – In the absence of a specific request by the subscriber to the contrary,
express prior authorization shal apply only to the particular person or entity seeking the authorization and not to any affiliated entities unless the subscriber expressly agrees to their being included in the express prior authorization. . . apply only to the particular person or entity seeking the authorization and not to any affiliated entities unless the subscriber expressly agrees to their being included in the express prior authorization. . . .
FCC Disclosure Requirements
• Three Required Disclosures:– That the subscriber is agreeing to receive mobile service commercial
messages sent to his/her wireless device from a particular sender. The disclosure must state clearly the identity of the business, individual, or other entity that will be sending the messages;
– That the subscriber may be charged by his/her wireless service provider in connection with receipt of such messages; and
– That the subscriber may revoke his/her authorization to receive MSCMs at any time.
• All notices containing the required disclosures must be clearly legible, use sufficiently large type or, if audio, be of sufficiently loud volume, and be placed so as to be readily apparent to a wireless subscriber.
• Any such disclosures must be presented separately from any other authorizations in the document or oral presentation.
Enforcement• Federal Trade Commission
– Under FTC Act
• State AGs– $250 per email– $2 million cap
• Provider of Internet Access Service– $25 – $100 per email– $1 million cap
• Damage Adjustments– Treble damages if willful– Reduction if violation occurred despite
commercially reasonable efforts to maintain compliance”
Pleading
• CAN-SPAM is a penal statute– No duty to mitigate
• Phillips v. NetBlue, No. C05-5501 SC (N.D. Cal. 2006) CAN-SPAM distinct from fraud claims
– No need to plead with particularity• Asis Internet Services v. OptIn Global, Inc., No. C 05-5124
CW (N.D. Cal. 2006) – Motion for more definite statement may be appropriate
• “Even if the Defendants have been provided with the emails through discovery, a more definite statement is necessary to prevent the Plaintiff from presenting a moving target”. Gordon v. Ascentive LCC, No. CV-05-5079-FVS. (E.D. Wash. June 19, 2007)
Internet Access Service Providers
A “service that enables users to accesscontent, information, electronic mail, orother services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers. Such term does not include telecommunications services.”
Who is a Provider of Internet Access Service
• MySpace is an IASP– MySpace, Inc. v. The Globe.com, Inc, No. CV 06-3391-RGK
(JCx).(C.D. Cal. Feb. 27, 2007).
• Small, free service can qualify– Hypertouch v. Kennedy-Western University, 2006 WL 648688
(N.D. Cal. 2006)– Defendant argued Hypertouch was a professional plaintiff and
not a true Internet Access Service Provider
• Does Hypertouch create a loophole for “spamigators”?
Washington Says “No”
• Must prove substantial harm– “permitting private parties with no harm to invoke CAM-SPAM to collect millions of
dollars surely is not what Congress intended when it crafted this “limited” private right of action.”
• Closes loophole– “Plaintiffs' continued use of other people's e-mail addresses to collect spam . . . for
generating lawsuit-fueled revenue directly contradicts any hint of adverse effect that otherwise might exist. Plaintiffs are not the type of entity that Congress intended to possess the limited private right of action it conferred on adversely affected bona fide Internet access service providers.”
• Awards Attorneys Fees to Defendant– The Court finds that Plaintiffs' instant lawsuit is an excellent example of the ill-
motivated, unreasonable, and frivolous type of lawsuit that justifies an award of attorneys' fees to Defendants.”
Gordon v. Virtumundo, Inc., No. 06-0204-JCC (W.D. Wash. May 15, 2007).
Intent• Intent generally not required for injunctive relief, but necessary
for civil penalties.
• US v. Cyberheat, 2007 U.S. Dist. LEXIS 15448 (N.D. Ariz. 2007)– in denying summary judgment for government, court rejects strict liability “for now” in favor of vicarious liability. “Reasonable jurors could differ over whether or not Defendant was knowingly procuring or should have known or was consciously avoiding knowing that affiliates were violating the Statute to promote Defendant's website.”
• Hypertouch v. Kennedy-Western University, 2006 WL 648688 (N.D. Cal. 2006) – court granted summary judgment for defendant finding that strict anti-spam policies and policing of affiliates defeated allegation of intent.
BUT . . .
• Yesmail, Inc., d/b/a @Once Corporation v. FTC, Civil Action No.: 06-6611 (N.D. Cal. 2006) – Yesmail entered consent decree for failing to honor opt-out requests that were never received because of spam filter.
PreemptionSEC. 8. EFFECT ON OTHER LAWS.
(b) STATE LAW-
(1) IN GENERAL- This Act supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto.
(2) STATE LAW NOT SPECIFIC TO ELECTRONIC MAIL- This Act shall not be construed to preempt the applicability of--(A) State laws that are not specific to electronic mail, including State trespass, contract, or tort law; or(B) other State laws to the extent that those laws relate to acts of fraud or computer crime
Scope Of Exception
• Omega World Travel, Inc. v. Mummagraphics, Inc., 469 F.3d 348 (4th Cir. 2006)
– “The CAN-SPAM Act . . . does not make every error or opt-out request into grounds for a lawsuit. The e-mails in this case are not actionable under the Act. Nor can the messages be actionable under Oklahoma’s statutes, because allowing a state to attach liability to bare immaterial error in commercial e-mails would be inconsistent with the federal Act’s preemption text and structure”
• Gordon v. Virtumundo, Inc., Case No. 06-0204-JCC (W.D. Wash. May 15, 2007)– Follows Omega World Travel– Not misleading to use address where domain may be checked using Who
Is– Cites legislative history that “State law requiring some or all commercial
e-mail to . . . follow a certain format or contain specified content, would be preempted.” (Id. at 18.)
Child Registry Laws• Michigan, Utah and others
pending
• What is prohibited: if it is otherwise a crime for the minor to purchase, view, possess, participate in or otherwise receive the product or service.
• No alcohol, tobacco, firearms, adult content (including sex for hire), gambling, illegal or prescription drugs.
• Avoids preemption by labeling violations a “computer crime”.
– Free Speech Coalition, Inc. v. Shurtleff, 2007 WL 922247 (D.Utah 2007) (rejecting preemption argument)
Is Current California Law Preempted?
§ 17529.5. (a) It is unlawful for any person or entity to advertise in a commercial e-mail advertisement either sent from California or sent to a California electronic mail address under any of the following circumstances:
(1) The e-mail advertisement contains or is accompanied by a third-party's domain name without the permission of the third party.
(2) The e-mail advertisement contains or is accompanied by falsified, misrepresented, or forged header information. This paragraph does not apply to truthful information used by a third party who has been lawfully authorized by the advertiser to use that information.
(3) The e-mail advertisement has a subject line that a person knows would be likely to mislead a recipient, acting reasonably under the circumstances, about a material fact regarding the contents or subject matter of the message.
(b)(1) (A) In addition to any other remedies provided by any other provision of law, the following may bring an action against a person or entity that violates any provision of this section:
(i) The Attorney General.
(ii) An electronic mail service provider.
(iii) A recipient of an unsolicited commercial e-mail advertisement, as defined in Section 17529.1.
(B) A person or entity bringing an action pursuant to subparagraph (A) may recover either or both of the following:
(i) Actual damages.
(ii) Liquidated damages of one thousand dollars ($1,000) for each unsolicited commercial e-mail advertisement transmitted in violation of this section, up to one million dollars ($1,000,000) per incident.
Revisiting CAN-SPAMDecember 2005
• FTC Report to Congress on Effectiveness of CAN-SPAM Act. Claims success in “mandat[ing] adoption of a number of commercial email ‘best practices’ that many legitimate online marketers are now following” and giving tool to use against spammers (citing more than 50 cases brought by FTC, AGs and ISPs).
– Expresses concern over increase in “malicious” spam.
January 2007• Postini announces total spam up 144%, accounting for 94% of all email sent
– Not amount received. Postini reports 97% block rate.
• Bi-partisan letter from House Energy & Commerce Consumer Protection Subcommittee to FTC Chairwoman Majoras. “What we have heard recently raises concerns that CAN-SPAM has not really helped to solve the underlying problem. “
April 2007
• FTC Announces Two-Day workshop – “Spam Summit: The Next Generation of Threats and Solutions”. Comments focus on deterring malicious spam and “putting consumers back in control” in fight against spam and malware.
• Report on conference recommends greater cooperation among law enforcement and industry stakeholders and increased education.
The Internet Law Center is a boutique firm with offices in Santa Monica, California and Washington, D.C. offering innovative legal and policy solutions for its clients. While, the Internet Law Center's focus is on helping businesses navigate the challenges of the new economy, it provides comprehensive solutions for entrepreneurial businesses both online and offline.
Bennet Kelley is a one of the nation’s leading Internet attorneys, having counseled clients, litigated, testified, lobbied, offered seminars and written commentaries on many of the hottest Internet issues over the past decade. Prior to founding the Internet Law Center, Bennet was Assistant General Counsel, Director of Governmental Affairs & Privacy for ValueClick and Vice President of Legal & Strategic Affairs for Hi-Speed Media. Bennet also is Co-Chair of the Legislative Subcommittee of the California Bar's Cyberspace Committee and a regular contributor to the Journal of Internet Law.
About Us
Contact Info
Santa Monica, California Office
Internet Law Center Searise Tower 233 Wilshire Blvd, 4th Floor Santa Monica, CA 90401 (310) 452-0401 (702) 924-8740 (fax)
Washington, D.C. Office
Internet Law Center c/o Aduston Consulting1301 Pennsylvania Avenue, N.W. Suite 500Washington, D.C. 20004(202)689-5660(702) 924-8740 (fax)
Email Address /Internet Address
www.internetlawcenter.net