Congress Passes First National Spam Law; Critics Question Whether It Will Work

Congress Passes First National Spam Law; Critics Question Whether It Will Work



For the first time, Congress adopted national standards for unsolicited commercial email, or "spam," on December 8, 2003. The White House has indicated that President Bush intends to sign the Controlling the Assault of Non-Solicited Pornography and Marketing, or "CAN-SPAM," Act so that it can take effect on January 1, 2004. Although the consideration of anti-spam legislation has been an annual ritual in Congress since 1998, no previous proposal was passed by both the Senate and the House of Representatives. While the new law will provide email advertisers with the first national standards for commercial email, opponents complain that the law will not prohibit all unwanted messages.

National Law Replaces Patchwork of State Laws

Without a national spam law, states filled the void with their own anti-spam legislation, imposing a wide range of restrictions and requirements for commercial email.State anti-spam initiatives are discussed in our July 7, 2003, December 11, 2002 and October 26, 1999 Internet Alerts. As discussed in our November 29, 2000 Internet Alert, some of these measures were questioned by courts on several grounds, including arguments that only Congress can lawfully regulate interstate commerce. As discussed most recently in our July 30, 2003 Internet Alert, some courts ruled that mass email messages were a form of "trespassing" that caused harm to unwilling recipients. A sweeping anti-spam law in California set to become effective January 1, 2004 would have required email advertisers to obtain prior consent from consumers before sending commercial email from California or to persons in California, unless the advertiser had a preexisting or current business relationship with the intended recipient.

The new national legislation will preempt California's strict "opt-in" requirement.The federal law will supersede all state laws regulating commercial email except for provisions that prohibit falsity or deception in commercial email messages or attachments.

New Federal Regulation of Commercial Electronic Mail Messages

The new legislation sets standards for "commercial electronic mail messages" the primary purpose of which is to advertise or promote a commercial product or service, including a commercial Internet web site. Unlike the European Union's strict new opt-in policy for commercial email (see our August 12, 2002 and June 11, 2003 Internet Alerts), the new federal legislation adopts the less stringent "opt-out" approach in which commercial email is permitted until a recipient acts to stop it. Many anti-spam advocates have favored the opt-in approach, while email marketing interests prefer the opt-out model.

The new legislation will:

  • make it a crime to use a non-consenting third party's computer to send or relay commercial email or to falsely identify the sender of a mass commercial email; and
  • encourage the Justice Department to use existing laws against spam that facilitates federal crimes such as pornography, fraud, and the dissemination of computer viruses, worms, and Trojan horses.

Senders of commercial email messages will be required to:

  • identify the message as an advertisement or solicitation, unless the recipient has given prior consent to receive the message;
  • use subject lines that are not materially misleading;
  • state clearly and conspicuously that the recipient may decline to receive further email messages from the sender and maintain a functioning return email address that allows recipients to opt out of receiving future email from the sender for at least 30 days after the original message is transmitted;
  • provide a valid physical postal mailing address that may be used to contact the sender;
  • stop sending unwanted commercial email within 10 business days after receiving an opt-out request and refrain from providing other senders with the email addresses of persons who have opted out; and
  • ensure that sexually oriented material is not immediately viewable upon opening the email message, except with the recipient's prior consent.

Advertisers cannot avoid the federal legislation by retaining third parties to send unsolicited commercial email on their behalf. The law will prohibit a person from allowing a third party to use illegal spamming techniques to promote the person's trade or business.

Federal Authority Supplemented by State and ISP Enforcement

The legislation grants extensive regulatory authority to the Federal Trade Commission (FTC). For example, the FTC will be required to issue rules for determining whether an email is "commercial," will be authorized to modify the 10-day period for honoring opt-out requests, will be required to specify labeling requirements for sexually-oriented commercial email, and must determine whether to adopt a national email labeling requirement such as the familiar "ADV" labeling convention previously mandated by several states. The FTC will also be authorized-but not required-to implement a national "Do Not E-Mail" registry similar to the popular "Do Not Call" registry created under the telemarketing regulations administered by the FTC and the Federal Communications Commission (FCC). Thus, the new law leaves significant policy challenges to be resolved by the FTC, the chairman of which recently expressed concern about the effectiveness of anti-spam legislation and said that a Do Not E-Mail registry would be a waste of consumers' time and effort.

Spamming violations generally will be subject to FTC enforcement, which may lead to cease-and-desist orders and civil penalties of up to $11,000 per violation. Criminal violations may be referred to federal prosecutors, who may seek significant fines and/or imprisonment. Other government agencies that regulate commercial advertising and communications may enforce the spam standards against entities subject to their jurisdiction.

If there is no pending federal civil or administrative enforcement action, state attorneys general will be permitted to bring their own civil actions seeking to enjoin spammers or to collect damages of $250 per recipient up to $2 million per violation, or actual damages, whichever is greater. Internet access service providers may also initiate civil lawsuits against spammers who use the ISP's facilities to transmit illegal spam email. Civil damages may be trebled in aggravated cases, such as when spammers obtain recipients' email addresses through improper "harvesting" techniques. The law will not authorize private individuals to bring lawsuits against spammers

Wireless Spamming Regulations Coming Soon

The law addresses wireless communications, too, giving the FCC nine months to develop regulations to protect consumers from unwanted mobile service commercial messages.

But Will It Work?

The arrival of national spam legislation will not stop unsolicited commercial email and will not necessarily make it any easier to catch spammers, especially those operating from abroad. In fact, the law will allow many commercial email messages that would have been barred under more restrictive state laws and may be viewed as legitimizing spam that complies with the new requirements. The new law will, however, end the confusing proliferation of state spam laws and will, once again, place the FTC center stage as the leading guardian of U.S. consumer privacy in the Internet era.

Barry Hurewitz
[email protected]

Kevin Pinkney
[email protected]