more marketing compliance obstacles: do not call/fax/spam
DESCRIPTION
TRANSCRIPT
More Marketing Compliance Obstacles: Do Not Call/Fax/Spam
By Robert M. Jaworski, Esq. and Robert H. Jackson, Esq.
Your client’s business is down. Print ads don’t seem to have much impact in its markets. Its
website doesn’t get enough traffic. Direct mail is too expensive. So it decides to pursue a
telephone, fax, or e-mail campaign that goes directly into its customers’ home. These campaigns
are focused, direct, personal, and not overly expensive. Unfortunately, they carry with them new
and ever expanding compliance risks that your client will need to consider. This article will
explore these risks and how they have expanded during 2005.
I. DO NOT CALL
A. Brief History of “Do Not Call” Rules . Congress enacted the Telephone
Consumer Protection Act (“TCPA”)1 in 1991. The TCPA restricted the use of telephones to
deliver unsolicited advertisements and gave authority to the Federal Communications
Commission (“FCC”) to administer its provisions over all calls: international, interstate and
intrastate.2 Three years later, Congress passed the Telemarketing and Consumer Fraud and
Abuse Prevention Act (“Telemarketing Act”),3 giving the Federal Trade Commission (“FTC”)
similar regulatory authority over interstate calls.
Although both agencies adopted implementing regulations,4 neither initially chose to exercise its
authority to create a national “Do Not Call” (“DNC”) Registry. Instead, each established rules,
which among other things, required sellers to maintain lists of consumers that requested not to be
called by that company (“Company DNC Lists”), and required telemarketers to honor such
requests. When these rules ultimately proved ineffective in the eyes of individuals, consumer
advocates and privacy groups, the FTC, on January 29, 2003, revised its regulations to include
provisions to establish, maintain and administer a national DNC Registry (collectively, with the
similar rules adopted by the FCC, “DNC Rule”).5
B. How “Do Not Call” Works 6
The FTC’s DNC Rule cover any plan, program, or campaign to sell goods or services through
interstate telephone calls and include telemarketers who solicit consumers on behalf of third-
party sellers as well as sellers that are paid to provide, offer to provide, or arrange to provide,
goods or services to consumers.7 The FCC’s DNC Rule also covers intrastate telemarketing
calls.8
The DNC registry essentially works as follows:9 (1) Consumers may register their residential
telephone numbers—including wireless numbers10—on the DNC List at no cost for a period of
five years (renewable at five year intervals), and may remove their number from the DNC List at
any time; (2) telemarketers may not make calls to persons on this list beginning within a
11 Pub. L. No. 102-243, 105 Stat. 2394 (1991).22 47 U.S.C. § 227(b)(1).33 Pub. L. No. 103-297, 108 Stat. 1545 (1994).44 7 FCC Rcd. 8752, 47 C.F.R. § 64.1200 (Sept. 17, 1992); 60 Fed. Reg. 43842, 16 C.F.R. § 310 (Aug. 23,
1995).5 5 68 Fed. Reg. 4580. This regulation was almost immediately struck down as unconstitutional by a
Colorado District Court. Mainstream Mktg. Services, Inc. v. FTC, 283 F. Supp. 1151 (C. Colo. 2003), rev’d 358 F.3d 1228 (10th Cir. 2004). While the case was on appeal, Congress enacted Pub. L. 108-10 (2003), the Do Not Call Implementation Act (“Implementation Act”), and Pub. L. 108-82 (an Act to Ratify the Authority of the [FTC] to Establish a Do Not Call Registry (“Ratification Act”). The Ratification Act ratified the FTC’s authority to adopt its DNC Rules, and the Implementation Act directed the FCC to adopt similar rules, which it did on July 25, 2003. 68 Fed. Reg. 44144.
6 6 There existed over 64 million registered telephone numbers on the DNC list as of December 15, 2004 (Annual Report on the National DNC Registry).
77 16 C.F.R. § 310 et seq.88 47 U.S.C. § 152.9 9 47 C.F.R. § 64.1200 (c)(2) and (f). (Citations to the DNC Rule will be to the FCC’s rule, unless
otherwise indicated.) 1010 Note that the federal government does not maintain a separate national cell phone registry.
2
“reasonable time”—but not more than 30 days—after such request has been made; and (3)
beginning January 1, 2005, telemarketers must search the registry at least once every 31 days to
synchronize their calling lists with an updated version of the registry and to “scrub” (i.e., drop)
from their distribution lists any registered subscribers.11
Exempt from these DNC requirements are: (i) business-to-business calls; (ii) calls made directly
by charitable institutions and political candidates, parties or groups; (iii) telephone requests for
bona fide surveys (that are not merely disguised attempts to sell goods or services); (iv) calls to
consumers who, after placing their telephone number on the DNC Registry, give the seller
express permission to call; (v) calls to consumers with whom the individual telemarketer has a
“personal relationship”; (vi) calls by, or on behalf of, tax-exempt non-profit organizations; and
(vii) under certain circumstances, calls by businesses to former or potential customers who have
made inquiries about the business’s products or services (the “established business relationship”
or “EBR” exemption).12
Established Business Relationship. An EBR exists under the DNC Rule: (1) for 3 months after a
consumer makes an inquiry or application regarding goods or services offered by a seller; or (2)
for 18 months after a consumer purchases, rents, or leases the seller’s goods or services, or
engages in a financial transaction with the seller.13 A telemarketer may call a consumer’s phone
1111 16 C.F.R. § 310.4(b)(3)(iv).12 12 2003 TCPA Order, 18 FCC Rcd. at 14034, para. 28. Congress determined that such an exemption
was necessary to allow companies to communicate by telephone with their existing customers. See H.R. Rep. No. 102-317 at 13-14.
13 13 16 C.F.R. § 310.2(n). United States of America v. Columbia House Company, U.S.D.Ct., D.N.Ill., E.D. (FTC File No. 042 3078, Civil No. 05C4064). (Columbia House agreed in July 2005 to pay the FTC $300,000 to settle charges that it violated the DNC Rule by placing telemarketing calls to customers whose names were on the DNC Registry but whose purchases from Columbia House were made beyond the allowable 18-month period or who had placed their names on its Company DNC List.)
3
number (despite its inclusion on the national DNC list) so long as that consumer has not
terminated the EBR by requesting that he/she be placed on that Company’s DNC List.
(Affiliates fall within the EBR exemption only if the consumer would reasonably expect them to
be included, given the identity of the affiliate and the goods and services being offered.14)
“Telemarketer” is defined broadly in the DNC Rule to include any person (including a seller
seeking to induce the purchase of its own products or services) who, in connection with a
campaign to induce the purchase of goods or services by the use of one or more telephones and
which involves more than one interstate call, initiates or receives telephone calls to or from a
customer.
Calls made directly by telephone common carriers, banks, airlines, insurance companies, and
credit unions are covered by the FCC’s DNC Rule, and not by the FTC’s DNC Rule, but
virtually every other interstate call is subject to the FTC’s regulations. The DNC Registry is
funded entirely by fees paid by telemarketers each time they purchase the national DNC list.15
Effective September 1, 2005, the price for access to the national DNC database is $56 per fee
year for each area code after the first five, which are free; or $15,400 for 280 or more area
codes.16 It is also unlawful for any person to split the costs for access to the DNC list.
Safe Harbor. A company can avoid liability under the DNC Rule for calls made to a number on
the national DNC List only if it can show that the calls were the result of an error and that the
company, as part of its routine business practice, (i) has written policies and procedures to
14 In August, 2005, the FCC granted State Farm Insurance’s petition for declaratory ruling that its exclusive agents may make telemarketing calls to consumers who have an EBR with State Farm. [GET CITE]
1515 Telemarketing Act, §§ 2, 3.1616 16 C.F.R. § 310.8(c), amended FTC File No. P034305 (July 26, 2005).
4
comply with the DNC Rule, (ii) trains personnel in these procedures, (iii) monitors and enforces
compliance with these procedures, (iv) maintains its Company DNC List, (v) accesses the
national DNC Registry no more than 31 days before calling any consumer and maintains records
that document this procedure, and (vi) purchases the relevant DNC data directly from the
administrator of the DNC Registry. Companies that can demonstrate, by a signed written
agreement, that they received prior permission to contact the consumer, or show that they had a
personal relationship with the recipient of the call, can also escape liability.
C. Enforcement
The FCC and the FTC, as well as the states, are authorized to pursue enforcement actions in
federal district court against violators of the DNC Rules and pursue fines of up to $11,000 per
violation. Individuals can also sue in state court (“if otherwise permitted by the laws or rules of
court of [that] state”17) and seek injunctive relief, and the greater of actual damages or $500
(which can be tripled if the violation was “willful or knowing”). 18 Recently, there has been
consumer criticism of both agencies for their limited number of prosecutions of companies
accused of violating the telemarketing rules.19
Preemption and Jurisdiction
17 At least one court has held that such state laws or state court permission need not be stated expressly but may be implied. Schulman v. Chase Manhattan Bank, NY App. Div. 2d 03585-99, 6/12/00, reported in BNA’s BANKING REPORT, Vol. 74, No. 26 (June 26, 2000) at p. 1169.
1818 47 U.S.C. § 227(b)(3), (c)(5) and (f).19 Christopher Conkey, “National Do-Not-Call List Scrutinized,” Baltimore Sun, Oct. 3, 2005,
available online at http://www.baltimoresun.com/business/bal-donotcall1003,1,2846736.story?track=rss. (Despite receiving daily complaints of 1000-to-2000 per day, the FTC has initiated only 14 telemarketing lawsuits and imposed a mere four fines. The FCC has issued a significant number of warnings, but only two fines.)
5
The federal DNC rules preempt any less-restrictive state DNC regulations. In addition, the FCC
has indicated that any state’s attempt to regulate interstate or international calls more vigorously
than its own rules would likely suffer preemption.20 However, the FCC has also said that states
may adopt more restrictive intrastate regulations than its own, essentially free from federal
interference.21 Several petitions have been filed with the FCC seeking to preempt more stringent
telemarketing provisions in states such as Florida, Indiana, New Jersey, North Dakota, and
Wisconsin .22 The FCC has not yet decided any of these petitions as of the date of this article, but
several state attorneys general, governors and members of Congress are pushing strongly for the
FCC to permit states to administer stricter rules even for interstate calls, despite the confusion
that such a result could cause to interstate marketing companies.
II. DO NOT FAX
A. How “Do Not Fax” Works
In addition to regulating unsolicited telephone calls, the TCPA prohibits any person, including a
business, individual, or tax-exempt non-profit organization, from “us[ing] telephone facsimile
machines, computers, or other devices to send an unsolicited advertisement, [also known as a
‘junk fax’], to another fax machine.”23 An “unsolicited advertisement” is “any material
2020 See, e.g., 68 Fed. Reg. 44155, pgh. 62.21 21 Order, 18 FCC Rcd. at 14065, para. 85 (“Nothing that we do in this order prohibits states from
enforcing state regulations that are consistent with the TCPA and the rules established under this order in state court.”).
22 22 Public Notice, “Consumer & Governmental Affairs Bureau Seeks Comment on American Teleservices Association, Inc. Petition for Declaratory Ruling on Preemption of New Jersey Telemarketing Rules,” CG Docket No. 02-278, DA 04-3185 (rel. Oct. 4, 2004); Public Notice, “Consumer & Governmental Affairs Bureau Seeks Comment on Express Consolidation, Inc. Petition for Declaratory Ruling on Preemption of Florida Telemarketing Rules,” CG Docket No. 02-278, DA 04-3185 (rel. Oct. 4, 2004); Public Notice, “Consumer & Governmental Affairs Bureau Seeks Comment on Advertising Petition For Declaratory Ruling on Preemption of North Dakota Telemarketing Rules,” CG Docket No. 02-278, DA 04-3186 (rel. October 4, 2004).
6
advertising the commercial availability or quality of any property, goods, or services which is
transmitted to any person without that person’s prior express invitation or permission.”24
Defenses. The FCC’s’s original implementing Do Not Fax (“DNF”) regulations (“DNF Rule”)
established that it is a good defense to a charge of faxing unsolicited advertisements if the fax
was not for commercial purposes, was not advertising property, goods or services, was sent to
persons with whom the sender had an EBR,25 or was sent to persons from whom the sender had
secured a “prior express invitation or permission.”26 The original rules defined an EBR as a prior
or existing relationship, which has not been previously terminated by either party, and which is
voluntarily formed on the basis of the fax recipient’s inquiry, application, purchase, or business
transaction, with regard to goods or services offered by the sender.27
When the FCC amended its DNF Rule on July 25, 2003, it eliminated this EBR exemption and
required that consent be in the form of a written, signed agreement granting express permission
to send fax advertisements to the consumer and listing the fax number to which advertisements
may be sent to the recipient.28 This amendment was initially scheduled to take effect on October
1, 2003, but was postponed several times as a result of a storm of protest from interested
2323 47 U.S.C. § 227(b)(1)(C).2424 47 U.S.C. § 227(a)(4).25 25 1992 TCP Order, 7 FCC Rcd. at 8779, para. 54 n.87. (in which the FCC declared it was
permissible to send unsolicited fax advertisements to a recipient with whom the sender had an EBR and that a prior business relationship provided a business with the necessary express permission to transmit faxes to their customers). See also Discussion at 68 Fed. Reg. 44167-44168 (concerning the FCC’s decision to eliminate the pre-existing EBR exemption). And see Rudgayser & Gratt v. Enine, Inc., Nos. 2002-1700 KC & 2002-1740 KC (N.Y.Sup.Ct.App.Term, April 14, 2004) (purely informational fax, which also mentions the company’s name, constitutes unsolicited advertising, suggesting that the sender’s identity, motives, purposes, and intentions may be relevant to whether the fax was merely “information” or “advertising”).
2626 47 C.F.R. § 64.1200(a)(3)(i).27 27 47 C.F.R. § 64.1200(f)(3). The FCC’s June 26, 2003 order amended this provision and provided
specific time limitations to be employed in determining the existence of an EBR.7
industries that lobbied Congress to reinstate the FCC’s original EBR exemption.29,30,31 In the
meantime, Congress passed the Junk Fax Prevention Act (“Fax Act”), on July 9, 2005.32
The New Fax Act. The Fax Act became effective immediately and amended the TCPA by
allowing companies to send commercial faxes without prior permission so long as the sender and
the recipient have an EBR; and the recipient’s fax number was provided by the recipient or was
made publicly available, as in a directory, advertisement, or Website. One should keep in mind
that most, if not all, lists of fax numbers that are obtained in the marketplace would not likely
pass this test and are, therefore, unlawful to use.
More specifically, the Fax Act: (1) created an EBR exemption free from any time limitations
(although the FCC has discretion to decide whether or not to impose such limitations); (2)
required that unsolicited commercial faxes include a clear and conspicuous “opt-out” provision
on the first page, and provide a free 24-hour means for recipients to request removal from the
distribution list; (3) mandated that fax numbers to which any unsolicited advertising is delivered
be obtained either directly from the recipient or from a public source to which the recipient gave
the number for publication; and (4) “grandfathered” (as to the means by which such numbers
were obtained) fax numbers already in the possession of the sender when the Fax Act was
passed.
2828 47 C.F.R. § 64.1200(a)(3)(i).2929 68 Fed. Reg. 50978 (Aug. 25, 2003).30 30 See, e.g., HR 4600 that was approved by the House of Representatives in July, 2004; and S 2603,
which reported to the full Senate by the Senate Commerce, Science and Transportation Committee on September 28, 2004.
3131 69 Fed. Reg. 62816 (Oct. 28, 2004).3232 Pub. L. 109-21 (July 9, 2005).
8
The Fax Act, however, left intact the rule that recipients may terminate an EBR at any time
merely by requesting that the sender refrain from transmitting further faxes, that it is unlawful to
send unsolicited fax advertisements to businesses, individuals, or organizations with whom the
sender has no EBR (unless it has express permission to do so), and that all faxes—whether
solicited or unsolicited—must identify the registered name and telephone number of the entity on
whose behalf the fax is being sent, and the date and time the fax was transmitted,.
B. Enforcement
As it does for DNC violations, the TCPA gives the FCC authority to impose fines of up to
$11,000 for each DNF violation. It also provides that an aggrieved individual may, “if otherwise
permitted,” file a complaint in state court or with the FCC to seek an enforcement action.33
Unlike the DNC provisions, there exists no safe harbor in the DNF Rule. Also, unlike a court
action, a complainant before the FCC need not prosecute her action: merely filing the initial
complaint is sufficient (although it is unlikely the FCC would act upon a single complaint, unless
truly grievous actions are alleged).34 Consumers who decide to sue in court may recover the
greater of $500 or their actual monetary loss for each unsolicited fax transmission (tripled if the
violation was “willful or knowing”35) and may do so based upon receipt of even a single
unsolicited fax advertisement.
33 33 47 U.S.C. § 227(b)(3). See Mulhern v. MacLeod, No. SJC-0915, slip. Op. (Mass. May 20, 2004) (absence of a Massachusetts law prohibiting consumers from suing under the TCPA was sufficient to allow a DNF lawsuit to be heard in a Massachusetts state court).
3434 See Note 18.35 35 See Manufacturers Auto Leasing, Inc. v. Autoflex Leasing, Inc.,No. 2-03-225-CV, slip. Op.,
(Texas App-Ft. Worth, May 6, 2004) (defendant’s violation of the DNF rule held “willful and knowing” despite evidence that defendant relied upon advice of counsel in continuing to send faxes after plaintiff told it to stop).
9
Private actions—or at least threats to institute private actions (often as class actions)—to enforce
the provisions of the DNF Rule have become fairly commonplace and seem likely to continue to
proliferate.
C. Preemption
The TCPA does not appear to preempt state laws that impose more restrictive intrastate
requirements than provided in the TCPA with respect to the sending of unsolicited fax
advertisements or which prohibit the use of fax machines to send unsolicited fax advertisements.
The TCPA does preempt more restrictive interstate requirements.36 The Fax Act makes no
change to this preemption standard.
III. DO NOT E-MAIL: CAN-SPAM
On December 16, 2003, Congress enacted the CAN-SPAM Act of 2003 (Controlling the Assault
of Non-Solicited Pornography and Marketing Act) (“CAN-SPAM”), which became effective on
January 1, 2004.37 CAN-SPAM seeks to create a uniform, national standard for the regulation of
commercial electronic mail (“Commercial E-Mail”). It was passed by Congress specifically to
preempt a more restrictive California law that would have required specific permission to send
Commercial E-Mail to anyone or any computer located in California.38
A. Definitions
36 36 But see, California S.B. 833 (2005) that, if signed by Governor Schwarzenegger, would prohibit the sending of any faxes (inter- or intrastate) to California residents or business that have not specifically given permission to receive faxes. The bill is specifically designed to conflict with the new federal Junk Fax Law’s reinstatement of the EBR. Governor Schwarzenegger has not signed or vetoed S.B. 833 as of the date of this article.
3737 Pub. L. 108-187, 117 Stat. 2699 (2003).3838 S.B. 186 (California 2003).
10
CAN-SPAM defines Commercial E-Mail as e-mail whose primary purpose is to advertise or
promote a commercial product or service, including content on an Internet website operated for a
commercial purpose.39 It generally seeks to limit fraudulent or abusive activity conducted over
the Internet by: (1) establishing requirements for those who send Commercial E-Mail; (2)
enumerating penalties for violators, including both spammers and companies whose products are
advertised by spammers; and (3) giving consumers the right to request e-mailers to stop sending
them spam. Specifically exempted from the definition of Commercial E-Mail are “transaction
and relationship messages,” defined as e-mail that facilitates, completes, or confirms a
transaction, or that updates a consumer with whom the company has an existing business
relationship about a warranty, product safety information, changes in terms, features, or the
customer’s status, etc.40
Per the FCC’s implementing regulations, adopted on December 16, 2004, mixed messages that
include both a commercial purpose and (i) a transactional/relationship purpose or (ii) a purpose
that is neither commercial nor transactional/relationship, will be deemed to be Commercial E-
Mail if: (i) a recipient reasonably interpreting the subject line would likely conclude that the
message advertises or promotes a product or service, (ii) in the case of a message including both
commercial and transactional/relationship content, the message’s transaction or relationship
content does not appear at or near the beginning of the message, or (iii) in the case of a message
including commercial content and content that is neither commercial nor
transactional/relationship, a recipient reasonably interpreting the body of the message would
3939 CAN-SPAM Act, § 3(2)(A); 15 U.S.C. § 7702(2)(A).4040 CAN-SPAM Act, § 3(17)(A); 15 U.S.C. § 7702(17)(A).
11
likely conclude that the primary purpose of the message is to advertise or promote a product or
service.41
B. How CAN-SPAM Works
Specifically, CAN-SPAM: (1) prohibits senders of Commercial E-Mail from providing headers
or subject lines (i.e., “From” and “To” routing information) that are materially false or
misleading42; (2) requires senders to (a) clearly and conspicuously identify Commercial E-Mail
as an advertisement or commercial solicitation, (b) include a clear and conspicuous notice that
the recipient can “opt out” of receiving further Commercial E-Mail from the sender, and (c)
provide the sender’s valid physical postal address and a functioning return e-mail address (or
another Internet-based response mechanism) that remains operational for at least 30 days after
transmission of the Commercial E-Mail; (3) mandates senders and any person acting on the
sender’s behalf to honor opt out requests within 10 business days and prohibits them from
transmitting (or assisting in the transmission of) Commercial E-Mail to that recipient absent the
recipient’s subsequent, affirmative consent;43 and (4) prohibits senders from selling or
transferring any e-mail addresses belonging to individuals who have opted out, unless such
transfer is to enable the entity to comply with the Act.
Sellers or lessors that allow their goods and services to be promoted by a third party through
Commercial E-Mail that violates the above prohibitions are equally liable, along with the
4141 69 Fed. Reg. 50106.42 42 See State of Washington v. Natural Instincts, No. 51204-8-1 (Wash. Ct. App., Division One, June
28, 2004) (Sender of unsolicited promotional emails -- 100,000 to 1,000,000 per week -- using subject lines: “Did I get the right email address?” or “For your review – HANDS OFF!” fined $100,000 for violating Washington state’s version of CAN-SPAM).
4343 CAN-SPAM Act, § 5; 15 U.S.C. § 7704.12
transmitting third party, for the violation, if they (1) knew or should have known that their
products or services were being promoted in such Commercial E-Mail; (2) received or expected
to receive an economic benefit from the promotion; and (3) took no reasonable action to prevent,
or detect and report, the transmission.44
E-Mail Messages to Wireless Devices. Additionally, under the FCC’s implementing regulations,
adopted on September 16, 2004, senders are generally prohibited from initiating or sending
Commercial E-Mail to any address associated with a subscription to a wireless service (cell
phone service or other service to personal or mobile wireless equipment, but not laptop
computers—even if they use a wireless connection.45), unless the individual addressee has
supplied the sender with express prior authorization, either orally, on paper, or electronically.
The only exceptions are where (1) the person is forwarding the message to its own address, (2)
the person is forwarding the message to another address without compensation, provided it does
not advertise or promote a product, service or website of the person forwarding the message, or
(3) the address to which the message is being forwarded does not appear on a list of wireless
domain names posted by the FCC for a period of at least 30 days before the message was
initiated.46
The FCC’s regulation also mandates that anyone initiating a mobile service Commercial E-Mail
must (1) cease sending further messages within ten (10) days after a subscriber requests such
action; (2) include a functioning return e-mail address or other web-based mechanism to receive
4444 15 U.S.C. § 7705.4545 47 C.F.R. § 64.3100.46 46 It is important to distinguish between Commercial E-Mail sent to a wireless phone via an Internet-
based E-mail address (which is covered by CAN-SPAM) and a text message (also known as “short message service” or “SMS”) sent to a wireless phone via a telephone number (which is not covered by CAN-SPAM, but that is governed by the TCPA).
13
such requests, and (3) provide recipients who grant express permission to send Commercial E-
Mails with a functioning option to reject further messages.
C. Enforcement
Unlike the DNC Rule and the DNF Rule, CAN-SPAM creates no private right of action by
individuals, and prohibits class actions. However, CAN-SPAM violations are deemed to
constitute unfair or deceptive acts or practices under the FTC Act, and are punishable as such, by
action of the FTC, or by the offending company’s principal federal regulator (e.g., FDIC, OCC,
OTS, NCUA, SEC), or, if it is an insurance company, its state insurance regulator.47
Additionally, CAN-SPAM provides that states may enforce its provisions by filing actions in
federal court seeking injunctive relief and/or actual or statutory damages. CAN-SPAM violators
can be fined $250 per violation, up to a maximum of $2,000,000, with the fine being tripled if
the violations are “willful or knowing” or include one or more “aggravated violations”
enumerated in the Act (e.g., “address harvesting,” “dictionary attacks,” automated creation of
multiple e-mail accounts, and relaying or retransmitting through unauthorized access to a
protected computer or network).
In addition, CAN-SPAM authorizes the DOJ to pursue criminal sanctions—including
imprisonment—for senders of Commercial E-Mail who conspire to or engage in certain
activities, including: (1) using another computer without authorization to send Commercial E-
Mail; (2) using a computer to relay Commercial E-Mail so as to deceive or mislead recipients or
ISPs about their true origin; (3) falsifying header information and transmitting such e-mail, or
registering for multiple e-mail accounts or domain names using information to falsify the identity
4747 15 U.S.C. § 7706.14
of the true registrant; and (4) falsely representing themselves as owners of multiple ISP
addresses, which are used to transmit Commercial E-Mail messages.
Finally, and perhaps most significantly, CAN-SPAM gives authority to Internet service providers
(“ISPs”) to sue violators in federal district court to enjoin further violations and/or to recover
actual or statutory damages. Statutory damages in such actions are set at $100 per violation, for
transmitting materially false or misleading header information, and $25 per violation for any of
the other violations mentioned above, up to a maximum of $1,000,000.48
D Preemption
CAN-SPAM preempts any state or local law or regulation expressly regulating the sending of
Commercial E-Mail, except to the extent that any such state law or regulation prohibits falsity or
deception in a Commercial E-Mail or any attachment to a Commercial E-Mail.49 To date, there
48 48 15 U.S.C. § 7705(g). See Microsoft Corporation v. Khoshnood, No. CV03-4269R (VBKx), Final Judgment (C.D.Cal. July 7, 2004) ($4 million federal court judgment obtained by Microsoft in 2004 against a California man and his company for sending SPAM to MSN and Hot Mail customers that unlawfully attempted to deceive customers into believing that Microsoft recommended they download the defendants’ web toolbar)
4949 15 U.S.C. § 7707.
Robert M. Jaworski is a partner in the Consumer Financial Services and the Bank Regulatory Group of Reed Smith, LLP in Princeton, New Jersey and a former Deputy Commissioner of the New Jersey Department of Banking. He is also Co-Chair of the RESPA and Housing Finance Subcommittee of the American Bar Association’s Consumer Financial Services Committee; the former Editor of Pratt’s Mortgage Compliance letter, a national publication on mortgage compliance issues; and a member of the Board of Directors of the New Jersey Bar Association’s Banking Law Section. Mr. Jaworski provides compliance and regulatory advice to banks and other lenders, and regularly assists Reed Smith litigators in defending lenders in individual and class actions.
Robert H. Jackson operates his own telecommunications and Internet legal practice in Washington, D.C. and is also affiliated with Reed Smith LLP. He has been in the telecommunications industry, both as an attorney and as an executive, since 1977. Mr. Jackson’s practice includes both regulatory advice and advocacy, as well as assistance on telecommunications transactions.
This article would also not have been possible without the able assistance of Andrew V. Brisker, a law student at Cornell University School of Law and a 2005 Summer Associate at Reed Smith, LLP in Princeton, New Jersey.
15
has not been any significant attempt by states to “override” CAN-SPAM with more restrictive
state regulations. On the other hand, various private entities, including Spamhaus, refuse to
acknowledge the ability of persons or entities in the U.S. to send unsolicited, bulk Commercial
E-Mail on a lawful basis and also create pressure on ISPs to block all e-mail messages sent from
such persons’ or entities’ Internet addresses. Some believe that these “self-help” remedies are
more effective than CAN-SPAM is reducing unwanted spam.
IV. SUMMARY
As is apparent from the above, marketing by telephone, fax and e-mail faces many new (and
some not-so-new) federal regulatory hurdles, with more likely to come. Companies looking to
increase sales of their products and services must take note of these changes and act accordingly
to ensure that they are in compliance—or suffer the (financial and reputational) consequences.
16