THE FEDERAL “CAN SPAM” LAW
IVAN HOFFMAN, B.A., J.D.
Effective January 1, 2004, there is a federal law dealing with the issues of electronic “spam.” According to the terms of the statute, the federal law is to replace and preempt state and other laws, regulations and rules that expressly regulate commercial email, except as indicated in the federal law. Thus some state and other laws, regulations and rules and/or some aspects thereof dealing with commercial email may still apply. The federal statute in this regard reads:
Other state laws, however, are not affected by this statute.(b) STATE LAW-(1) IN GENERAL- This Act supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto.
Let me then discuss some, but certainly not all, of the provisions of the federal statute.(2) STATE LAW NOT SPECIFIC TO ELECTRONIC MAIL- This Act shall not be construed to preempt the applicability of—(A) State laws that are not specific to electronic mail, including State trespass, contract, or tort law; or
(B) other State laws to the extent that those laws relate to acts of fraud or computer crime.
The statute defines some of the relevant terms of art used in the statute. Some of these definitions are:
This is significant since if a sender claims that a recipient consented to receive commercial email, the sender will have to demonstrate the above “clear and conspicuous request” and this is may be interpreted as not including any simple failure to check a box that says “I do not want to receive solicitations” or words to that effect. In other words, a failure to say that you do not want to receive may not be sufficient “affirmative consent.”(1) AFFIRMATIVE CONSENT- The term `affirmative consent', when used with respect to a commercial electronic mail message, means that—(A) the recipient expressly consented to receive the message, either in response to a clear and conspicuous request for such consent or at the recipient's own initiative; and
(B) if the message is from a party other than the party to which the recipient communicated such consent, the recipient was given clear and conspicuous notice at the time the consent was communicated that the recipient's electronic mail address could be transferred to such other party for the purpose of initiating commercial electronic mail messages.
This leaves the definition of “primary purpose” up to the courts interpreting that definition on a case by case basis. Even after the said regulations are enacted, such interpretation will likely continue to be required as well. [NOTE: The Federal Trade Commission has adopted new rules defining the above, to be effective February 18, 2005 and these can be found at http://www.ftc.gov/os/2004/12/041216canspamfrn.pdf]. Clearly many of emails will be self-evidently of a commercial nature but there may be gray areas that the regulations may address.(2) Commercial electronic mail message-(A) IN GENERAL- The term `commercial electronic mail message' means any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose). [emphasis added. See below.]
(B) TRANSACTIONAL OR RELATIONSHIP MESSAGES- The term `commercial electronic mail message' does not include a transactional or relationship message. [Note: this term is defined in the statute as well but in an effort to simply this article, I have not dealt with the details of the issues related to “transactional or relationship messages”and thus will not cover that said definition more fully. Generally, however, it relates to emails that relate to aspects of a commercial transaction.]
(C) REGULATIONS REGARDING PRIMARY PURPOSE- Not later than 12 months after the date of the enactment of this Act, the Commission shall issue regulations pursuant to section 13 defining the relevant criteria to facilitate the determination of the primary purpose of an electronic mail message. [emphasis added]
The above provision appears to mean that if the email contains only a link or a reference to a commercial web site, such link or reference standing alone may not be deemed to be a commercial electronic mail message if the contents or circumstances indicate some other primary purpose.(D) REFERENCE TO COMPANY OR WEBSITE- The inclusion of a reference to a commercial entity or a link to the website of a commercial entity in an electronic mail message does not, by itself, cause such message to be treated as a commercial electronic mail message for purposes of this Act if the contents or circumstances of the message indicate a primary purpose other than commercial advertisement or promotion of a commercial product or service.
The statute covers activities of both the sender of the commercial email and the party who “procures” the sending of the commercial email. The statute provides in part:
A “sender” is defined:(9) INITIATE- The term `initiate', when used with respect to a commercial electronic mail message, means to originate or transmit such message or to procure the origination or transmission of such message, but shall not include actions that constitute routine conveyance of such message. For purposes of this paragraph, more than one person may be considered to have initiated a message. [emphasis added]
(12) PROCURE- The term `procure', when used with respect to the initiation of a commercial electronic mail message, means intentionally to pay or provide other consideration to, or induce, another person to initiate such a message on one's behalf.
[Discussion of subparagraph (B) omitted from this article for simplicity sake].(16) SENDER-(A) IN GENERAL- Except as provided in subparagraph (B), the term `sender', when used with respect to a commercial electronic mail message, means a person who initiates such a message and whose product, service, or Internet web site is advertised or promoted by the message.
What The Statute Regulates
The statute covers a number of different kinds of activities.
First: the statute regulates and makes criminal the following activities and it says in part:
A “protected computer” is defined to be:`Sec. 1037. Fraud and related activity in connection with electronic mail`(a) IN GENERAL- Whoever, in or affecting interstate or foreign commerce, knowingly—or conspires to do so, shall be punished as provided in subsection (b).`(1) accesses a protected computer without authorization, and intentionally initiates the transmission of multiple commercial electronic mail messages from or through such computer,
`(2) uses a protected computer to relay or retransmit multiple commercial electronic mail messages, with the intent to deceive or mislead recipients, or any Internet access service, as to the origin of such messages,
`(3) materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages,
`(4) registers, using information that materially falsifies the identity of the actual registrant, for five or more electronic mail accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names, or
`(5) falsely represents oneself to be the registrant or the legitimate successor in interest to the registrant of 5 or more Internet Protocol addresses, and intentionally initiates the transmission of multiple commercial electronic mail messages from such addresses,
The term “materially” is defined as:(2) the term ''protected computer'' means a computer –
(B) which is used in interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;
The penalties for violation of the above provisions are quite severe and involve fines, imprisonment and forfeitures.`(2) MATERIALLY- For purposes of paragraphs (3) and (4) of subsection (a), header information or registration information is materially falsified if it is altered or concealed in a manner that would impair the ability of a recipient of the message, an Internet access service processing the message on behalf of a recipient, a person alleging a violation of this section, or a law enforcement agency to identify, locate, or respond to a person who initiated the electronic mail message or to investigate the alleged violation.
Second: the statute also prohibits the sending of commercial email messages containing false or misleading headers, sender information, subject headings or inaccurate return addresses as described in the statute. The statute in this regard reads in part as follows:
(a) REQUIREMENTS FOR TRANSMISSION OF MESSAGES-(1) PROHIBITION OF FALSE OR MISLEADING TRANSMISSION INFORMATION- It is unlawful for any person to initiate the transmission, to a protected computer, of a commercial electronic mail message, or a transactional or relationship message, that contains, or is accompanied by, header information that is materially false or materially misleading. For purposes of this paragraph—(A) header information that is technically accurate but includes an originating electronic mail address, domain name, or Internet Protocol address the access to which for purposes of initiating the message was obtained by means of false or fraudulent pretenses or representations shall be considered materially misleading;
(B) a `from' line (the line identifying or purporting to identify a person initiating the message) that accurately identifies any person who initiated the message shall not be considered materially false or materially misleading; and
(C) header information shall be considered materially misleading if it fails to identify accurately a protected computer used to initiate the message because the person initiating the message knowingly uses another protected computer to relay or retransmit the message for purposes of disguising its origin.
Third: the statute contains an “opt out” provision stating that if a recipient notifies a sender that the recipient no longer wants to receive any commercial email from that sender, it is unlawful for the sender to send further messages to that party, subject to the further provisions of the statute. A recipient can affirmatively consent to continue to receive such messages including withdrawing the above “opt out.” See the discussion above about how such “affirmative consent” must be manifested.(2) PROHIBITION OF DECEPTIVE SUBJECT HEADINGS- It is unlawful for any person to initiate the transmission to a protected computer of a commercial electronic mail message if such person has actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that a subject heading of the message would be likely to mislead a recipient, acting reasonably under the circumstances, about a material fact regarding the contents or subject matter of the message (consistent with the criteria used in enforcement of section 5 of the Federal Trade Commission Act (15 U.S.C. 45)).
(3) Inclusion of return address or comparable mechanism in commercial electronic mail-(A) IN GENERAL- It is unlawful for any person to initiate the transmission to a protected computer of a commercial electronic mail message that does not contain a functioning return electronic mail address or other Internet-based mechanism, clearly and conspicuously displayed, that--(i) a recipient may use to submit, in a manner specified in the message, a reply electronic mail message or other form of Internet-based communication requesting not to receive future commercial electronic mail messages from that sender at the electronic mail address where the message was received; and
(ii) remains capable of receiving such messages or communications for no less than 30 days after the transmission of the original message.
Fourth: the statute goes on to provide that a commercial email message must contain the following elements:
Here too, the prohibition under section (A) (i) does not apply if the recipient has given “affirmative consent” to receive such commercial messages.(5) INCLUSION OF IDENTIFIER, OPT-OUT, AND PHYSICAL ADDRESS IN COMMERCIAL ELECTRONIC MAIL-(A) It is unlawful for any person to initiate the transmission of any commercial electronic mail message to a protected computer unless the message provides—(i) clear and conspicuous identification that the message is an advertisement or solicitation;
(ii) clear and conspicuous notice of the opportunity under paragraph (3) [discussed above] to decline to receive further commercial electronic mail messages from the sender; and
(iii) a valid physical postal address of the sender. [emphasis added]
Fifth: the statute also prohibits sending prohibited commercial email to a protected computer if the email addresses were obtained by automated means, generally referred to as “harvesting” or similar automated processes and provided that the site or online service had posted an appropriate notice and the sender “had actual knowledge, or knowledge fairly implied on the basis of objective circumstances” about such collection methods.. The use of such automated means are deemed to be “aggravated violations” and thus make the sender subject to increased penalties as discussed below. Additionally, the statute in this regard applies not only to the sender but to any party who “assist[s] in the origination of such message through the provision or selection of addresses to which the message will be transmitted,….”
In regard to the above as well, the statute states:
Sixth: the statute also requires that any “sexually explicit” email contain warning labels in the subject line. Here too, the prohibition does not apply if the recipient has given prior “affirmative consent” to receive such commercial messages. The statute in this regard provides for fines and/or imprisonment.(2) AUTOMATED CREATION OF MULTIPLE ELECTRONIC MAIL ACCOUNTS- It is unlawful for any person to use scripts or other automated means to register for multiple electronic mail accounts or online user accounts from which to transmit to a protected computer, or enable another person to transmit to a protected computer, a commercial electronic mail message that is unlawful under subsection (a).
(3) RELAY OR RETRANSMISSION THROUGH UNAUTHORIZED ACCESS- It is unlawful for any person knowingly to relay or retransmit a commercial electronic mail message that is unlawful under subsection (a) from a protected computer or computer network that such person has accessed without authorization.
Seventh: the statute applies to the business whose products or services are the subject of the commercial email described in section 5 (a) (1) (false and misleading header information), subject to the requirement that it be shown that that party:
(1) knows, or should have known in the ordinary course of that person's trade or business, that the goods, products, property, or services sold, offered for sale, leased or offered for lease, or otherwise made available through that trade or business were being promoted in such a message;(b) Limited Enforcement Against Third Parties-
(2) received or expected to receive an economic benefit from such promotion; and
(3) took no reasonable action--(A) to prevent the transmission; or
(B) to detect the transmission and report it to the Commission.(1) IN GENERAL- Except as provided in paragraph (2), a person (hereinafter referred to as the `third party') that provides goods, products, property, or services to another person that violates subsection (a) shall not be held liable for such violation.
(2) EXCEPTION- Liability for a violation of subsection (a) shall be imputed to a third party that provides goods, products, property, or services to another person that violates subsection (a) if that third party--(A) owns, or has a greater than 50 percent ownership or economic interest in, the trade or business of the person that violated subsection (a); or
(B)(i) has actual knowledge that goods, products, property, or services are promoted in a commercial electronic mail message the transmission of which is in violation of section 5(a)(1); and
(ii) receives, or expects to receive, an economic benefit from such promotion.
Only the Federal Trade Commission can enforce the provisions discussed above in item “Seventh.” States and internet service providers are not allowed to sue under the said provisions.
Otherwise, the statute lists a number of federal and state agencies that have enforcement powers, the most significant being the Federal Trade Commission. However, the statute does not give individuals or private parties the right to bring actions against violators except in the instance of an internet service provider which is given the right to bring an action in certain circumstances.
Damages, Penalties and Fines
In actions by the Federal Trade Commission, the procedure is the same as an unfair or deceptive act or practice and the penalties are awarded accordingly.
When a state sues, the courts can award injunctive relief and actual damages. The court can, in lieu of actual damages, award statutory damages from up to $250.00 per violation (“with each separately addressed unlawful message received by or addressed to such residents treated as a separate violation”) up to a maximum of $2,000,000.00. The statutory damages are somewhat different in the instance where an internet service provider sues. In both such instance, however, the amounts can be increased by up to three times by a court in appropriate cases such as when there is an “aggravated violation” as discussed above or other form of willful violation and courts can also award attorneys fees and costs in appropriate circumstances. In appropriate circumstances, damages can be reduced as well.
The statute also establishes a commission to investigate the possibility of setting up a national “Do-Not-Email-Registry” with a mandate to issue a report within 6 months.
Also set up is another commission to investigate other issues with regard to commercial email including the possibility of establishing a system of rewards for parties who report spammers.
The statute also directs the Federal Trade Commission to establish rules regarding the sending of unsolicited commercial messages over the wireless system but the statute states that the current statute dealing with wireless is not affected by this statute.
The statute, although quite complex, is considerably less wide in its scope than many other state laws that it preempts. As indicated above, however, there may be state and other laws, regulations and rules and/or some aspects thereof that may still apply and the reader should always consult with an attorney with experience in these matters.
NOTE: given that the statute, as of the time of this writing, is new, the parameters of the law and how the statute is to be interpreted, are left quite uncertain. Thus the explanations offered in this article are absolutely not to be deemed to be conclusive or definitive and the reader should not rely on the said explanations but should seek legal advice from an attorney with experience in these matters.
Copyright © 2003 Ivan Hoffman. All Rights Reserved.