Lydia Pallas Loren
Northwestern School of Law of Lewis and Clark College
(Created July, 1999, updated August, 2000)
PHASE TWO: Regulating From The Top Down Through Statute
STEP ONE: The State Level
While OSPs have been quite successful in their suits against the senders of UCEs, the causes of action asserted are not air tight and would be extremely difficult for individuals to use because individuals do not experience the same level of mass mailings. Strong support for legislation banning, or at least regulating, UCE has resulted in the passage of several state laws in this area. Summarized below are three state laws aimed at curbing certain practices relating to UCE, although more than just these three states have passed this kind of legislation. (Summaries of all state laws regulating spam can be found at www.spamlaws.com). The full text of each of the three laws discussed here is hyperlinked as well.
California
California has adopted two different provisions concerning
unsolicited email. The first, codified at Section
17538.4 of the Business and Professions Code, prohibits the
sending of unsolicited commercial email that advertises the lease,
sale, rental, gift offer, or other disposition of any realty, goods,
services, or extension of credit unless the sender has taken certain
steps. First, the sender must establish a toll-free number or valid
sender operated return email address that a recipient of the UCE can
call or email to notify the sender not to email any further UCE. Cal.
Bus. & Prof. Code § 17538.4(a)(2)
(West 1998). Second, the recipient must include a statement informing
the recipient of the toll-free number or valid return email address.
That statement must be the first text in the body of the message and
it must be of the same size as the majority of the text of the
message. § 17538.4(b). In addition
to including this information in the body of the message, California
law also requires that every UCE must include "ADV:" as the first
four characters in the subject line, or "ADV:ADLT" as the first eight
characters if the material being advertised may only be viewed or
purchased by someone who is 18 years of age or older. §
17538.4(g). Finally, once notified that an individual does not
want to receive any unsolicited advertising material from an entity,
that entity must not send any email to that individual. §
17538.4(c). Violations of section 17538.4 is a misdemeanor. Cal.
Bus. & Prof. Code § 17534 (West 1998). In addition to
Section 17538.4, California has given a weapon to on-line service
providers through the adoption of section 17538.45.
Cal. Bus. & Prof. Code § 17538.45 (West 1998). This section
permits an OSP to bring suit against anyone who sends UCE via OSP
equipment located in the State of California if the UCE is sent in
violation of the OSP’s policy that either prohibits or restricts
the use of that equipment to deliver UCE. §
17538.45(b)-(c)Only OSPs are authorized to bring suit, not
individuals who receive UCE. Actual damages are recoverable or the
OSP can elect to recover statutory damages in the amount of $50 per
email message with a $25,000 per day cap. §
17538.45(f). While this law applies to subscribers of the OSP as
well as to non-subscribers who are merely sending UCE "through" the
California OSP’s equipment, in order to prevail the OSP must
prove that the defendant had actual notice of: (1) the OSP’s
policy on the sending of UCEs; and (2) the fact that the
defendant’s unsolicited electronic mail "would use or cause to
be used" the OSP’s equipment in California. §
17538.45(f)(3).
Washington
The Washington law on UCE prohibits the use of false or misleading information in the subject line. This law also prohibits the use of a third party’s Internet domain name without permission of the third party or otherwise misrepresenting or obscuring any information in identifying the point of origin of the transmission path of the UCE. Wash. Rev. Code §§ 19.190.005-.050 (1998). The law only applies to email that is initiated from a computer located within Washington or to an electronic mail address that the sender knows or has reason to know is held by a Washington resident. Unlike the California sections concerning UCE, the Washington law neither provides for criminal prosecution, nor does it limit the cause of action to OSPs. Washington permits the recipient of an email sent in violation of the Washington law to sue and recover $500 or actual damages; OSPs can recover actual damages or $1,000. Additionally, Washington law expressly authorizes OSPs to block UCEs that the OSPs believes violate the law and exempts OSPs from liability for such blocking activity.
Virginia
Virginia has approached the issue of UCE by defining certain types of UCE to constitute "computer trespass" and thus unlawful under that state’s computer trespass statute. Va. Code Ann. § 18.2-152.4. UCE will only constitute computer trespass if, in connection with the transmission of unsolicited bulk electronic mail, the sender falsifies or forges the electronic mail transmission or other routing information. § 18.2-152.4(A)(7). A unique aspect of the Virginia law is that it also makes it a criminal violation to sell or distribute software designed for facilitating the sending of mass UCE with false electronic mail or routing information. § 18.2-152.4(B). Violation of either of these provisions is a class 3 misdemeanor. Additionally, malicious violation which results in damages over $2,500 is a felony. §18.2-152.4(C). The statute also provides for a private right of action by individuals or on-line service providers. § 18.2-152.12. Plaintiffs may seek actual damages or may elect statutory damages of the lesser of $10 per message sent or $25,000 per day, plus attorney’s fees.
NOTES, COMMENTS, AND QUESTIONS:
1. Prohibiting falsification of return address. UCE can be
even more burdensome if the sender falsely identifies the account or
server from which the messages are sent. This false information is
then used by computers for various purposes, including sending
notification of undeliverable addresses to the listed "sender" of the
original UCE message. If the sender identification is incorrect,
these undeliverable messages then burden the falsely used account or
service provider. If the false account or service provider do not
exist, the situation can become even worse. In attempting to send an
"undeliverable" message to the false sender, an error message may be
generated, indicating that the "undeliverable" message was, itself,
undeliverable! All of this results in multiple messages, in
addition to the original UCE message. The falsification of return
email addresses was part of the problem in the CompuServe v. Cyber
Promotions case.
Those who send UCE falsify the return address for various reasons, as
discussed in the introduction to this module. Falsification helps to
avoid filters that might otherwise block the messages. If a false
return address is given not only does the message pass through the
filters, but it is quite possible that the falsified address will be
subject to filtering in the future, despite the fact that the no UCE
has ever actually been sent from that server or by that account
holder. Falsification also helps the sender of the UCE avoid the
retaliation that is sometimes targeted at the sender of UCE. If a
false address is given, recipients of UCE cannot tell the true origin
and may bombard the account and/or server with nasty emails, or even
worse, email bombs or viruses. The actual sender avoids the wrath of
cybercitizens who have taken justice into their own hands It is
important to note that retaliation in the form of email bombing, SYN
floods, Denial of Service attacks, or hacking into the sending
computer, even if the target is the true originator of UCE, will
often constitute a federal offense under the Computer Fraud and Abuse
Act, 18
U.S.C. § 1030. as well as many state laws.
Because of the multiple problems created by falsifying information,
most legislation directed at UCE, at a minimum, prohibits such
falsification. As noted above, California requires a valid, sender
operated return email be listed in any UCE or a toll-free number.
Also, in California knowingly using the Internet domain of another in
connection with the sending of email messages without permission is a
violation of the California Penal Code if it causes damage to a
computer, a computer system or a computer network. Cal. Penal Code
§ 502(c)(9) (West 1998). So long as there is no injury, the
penalty for a first offense is $250. Violations that result in injury
or repeat offenders are subject to a fine of up to $5,000 and/or
imprisonment in a county jail for up to one year. § 502(d)(4).
The major portion of the Virginia statute concerning UCE and the
Washington statute are both directed solely at falsification in
commercial email messages.
If falsification is eliminated, has the UCE "problem" been
solved?
2. Facilitating the use of filters. One
approach to dealing with UCE has been to use various filtering
technologies. Filters can be set up in most email programs by
individual email account holders. For example, if I prefer to not
read any email sent by a certain individual whose email account is
"johndoe@aol.com", I can program my mail program to delete all mail
that contains johndoe@aol.com in the "from" line. If I wanted to, I
could also set my filter to delete all messages that contained
"@aol.com" in the "from" line, thus filtering out all email from any
AOL account. Filters can also be set up at the server level. An OSP
might determine that all mail coming from a particular account, or
even a particular domain name, is UCE and none of that OSPs customers
want to receive UCE. The OSP could then filer all mail sent from that
particular location.
This system of filtering works well on two conditions. First, all
senders of UCE must be known so that the filter can be put in place.
Second, all senders of UCE must accurately identify the origin of the
message. Assuming the law will provide effective deterrent for
falsification, thus satisfying the second condition, the real problem
is the first condition. Not all senders of UCE are known, or can ever
be known. New UCE senders arrive in cyberspace everyday. Relying on
filters based on the origin of the message will not be a complete
filter of UCE. Thus, some of the new laws proposed and the one
enacted by California, are designed, at least in part, to facilitate
the use of filters. California requires that the first characters of
the subject line of all UCE messages be "ADV:" and if the product or
service being advertised is directed at adults, the first characters
must be "ADV:ADLT". If all UCEs are required by law to include these
characters, then setting up a filter to delete all message that
contain those characters in the subject line will filter all UCE
except those that are violating the law. In this way, the California
law facilitates a technological solution to the UCE problem. But this
technological solution would not work effectively without the
assistance of the law.
Finding ways in which the law and the technology can work together to
solve a problem can be an effective way of regulating cyberspace
activity. Enforcement, however, may still be a problem. See note 6,
below. As you study law in cyberspace, consider ways in which the
requirements of the law could facilitate a technological solution to
a problem.
3. Opt-in v. Opt-out. While UCE is almost universally
loathed, some people are interested in receiving email offers
of new products or services. The marketers who would like to continue
sending UCE point to these individuals as a reason why UCE should not
be completely prohibited. Legislators have been receptive to the idea
of developing a way to permit mass emailers to continue sending email
to those who desire it. A major issue has been whether to use an
"opt-out" or "opt-in" system.
In an "opt-in" system, individuals would have to take an
affirmative step to be included on a list of those to whom UCE can be
sent. Most of the laws proposed or enacted actually include a variant
of an "opt-in" system. The opt-in nature of these laws is typically
embodied in the definition of what is an unsolicited
commercial email. For example, the California law is directed at
"unsolicited e-mailed documents" which is defined to not include
email sent to a recipient with whom the sender has an existing
business of personal relationship, or email sent at the request of,
or with the express consent of, the recipient. Therefore, if
individuals have requested to receive the messages, i.e., opted-in,
by definition the sender is not sending unsolicited email.
Virginia law also only places restrictions on "unsolicited"
electronic mail. While that statute does not provide a definition of
"unsolicited" it does state that "(t)ransmission of electronic mail
from an organization to its members shall not be deemed to be
unsolicited bulk electronic mail," thus indicating that mail sent to
individuals with whom the sender has some kind of connection were not
intended to be encompassed within the restrictions.
While these laws do embody some form of opt-in provisions, they are
not a true opt-in system because they do not take the next step of
placing an absolute ban on the sending of email to recipients who
have not opted-in. Under these laws, individuals who have not
opted-in can still be sent UCE. What these laws provide are certain
restrictions with which the sender must comply in order to legally
send the UCE to those who have not opted-in. These restrictions
include, for example, no falsified return addresses and, in
California, inclusion of "ADV:" as the first four characters of the
subject line.
The California law is more accurately characterized as taking an
"opt-out" approach. Individuals who do not want to receive additional
UCE from any particular sender can either use the toll-free number or
the valid sender operated return email listed in any UCE to notify
the sender to not send anymore UCE to that individual. Under
California law it is a crime to then send UCE to a person once that
notification has been given. This is a type of "opt-out" scheme. A
more universal "opt-out" scheme would provide for the creation of a
master list of email addresses that do not wish to receive any email
and then require that senders of UCE abide by that list. Oregon, for
example, has an opt-out system in place for telephone solicitation.
Individuals may request identification in the telephone directories
that they do not wish to receive telephone solicitations. Someone
engaging in telephone solicitations of such an individual is guilty
of an unlawful trade practice and subject to fines up to $25,000,
plus attorney’s fees. Or. Rev. Stat. § 646.569 (1998).
Which is a more appropriate approach to UCE: opt-in or opt-out?
Should the law have both an opt-in and an opt-out provision,
or is one enough? Is your evaluation affected by your bias toward
UCE?
4. Industry specific regulation of UCE. In addition to laws
of general applicability, different industries may develop their own
regulations concerning UCE. Lawyers are not immune to the regulation
of their email. Indeed, it is generally accepted that the first case
of mass scale spamming was by lawyers. In April 1994, the husband and
wife immigration law team of Laurence Canter and Martha Siegel posted
advertisement messages to over 6,000 USENET groups offering
assistance in the "green card lottery." Their actions created the
first uproar over spam.
One way to regulate the email practices of lawyers is through the
rules of ethics of each state. At least one state has incorporated
into its ethics rules provisions regulating unsolicited emails sent
by lawyers. In Oregon an unsolicited email communication to someone
who is known to be in need of legal services on a particular matter
must include the word "Advertisement" in type that is larger and
darker than the type of the email message, or if that is not
possible, it must be set-off from both the beginning and end of the
message. Oregon Code of Professional Responsibility, DR
2-101(H). While not required in the subject line of the email,
the mandated inclusion of the word "Advertisement" in the body of the
text could be used as a basis for filtering, as discussed in
note 2.
5. Constitutional Problem 1: First Amendment. Unlike the situation in the CompuServe v. Cyber Promotions case, the state laws summarized above all involve government action directed at regulating a certain type of speech. In the United States, when government regulation is involved, the requisite state action is present to trigger the prohibitions of the First Amendment. Indeed all of the Internet, because it is communication in one form or another, is speech. Thus attempts at regulation of any activity in cyberspace, in the United States, will almost always raise potential First Amendment problems. This does not mean that regulation cannot occur, but that such regulation must pass First Amendment muster. Understanding the tests that are applied to determine whether any particular regulation violates the First Amendment requires study of that body of law which is covered in the module on The First Amendment in Cyberspace. When considering regulation directed at UCE, remember that such activity is, mostly likely, commercial speech which must be analyzed under Supreme Court jurisprudence relating to commercial speech. See note 2 to Unit 5 in the module on the The First Amendment in Cyberspace [Link]. See also, Joshua A. Marcus, Commercial Speech on the Internet: Spam and the First Amendment, 16 Cardozo Arts & Ent. L. J. 245 (1998).
6. Constitutional Problem 2: Due Process and Jurisdiction.
Regulation of any activity in cyberspace is only as effective as
the jurisdiction to enforce that regulation. When a state attempts to
enforce its laws, a court must first determine whether it has
jurisdiction over the matter. Both personal jurisdiction and subject
matter jurisdiction must be satisfied.
In the United States, personal jurisdiction over defendants in
criminal cases is typically a matter of obtaining physical custody of
the person to be charged. Determining personal jurisdiction over
out-of-state defendants in civil cases is governed by state long-arm
statutes and, ultimately, by the Due Process Clause of the
Constitution. The requirements of Due Process and fundamental
fairness are more fully explored in the module on Jurisdiction
in Cyberspace.
In civil cases, a court may exercise personal jurisdiction over a
nonresident defendant only if there are sufficient "minimum contacts"
between the defendant and the forum state. If a defendant has
"purposefully availed" himself of the forum state, minimum contacts
exist. Consider the court’s statement in CompuServe v. Cyber
Promotions that the defendants' contact with plaintiff's
computers was "clearly intentional" and that "[a]lthough
electronic messages may travel through the Internet over various
routes, the messages are affirmatively directed to their
destination." Does this mean that senders of UCE have "purposefully
availed" themselves of the forum of each and every state in which
recipients of their messages are located and are thus subject to that
state’s jurisdiction?
A court must also consider the subject matter jurisdiction for the
matter at issue. The subject matter jurisdiction of the court is
governed by federal and state rules dictating which laws the various
courts are competent to adjudicate. When discussing subject matter
jurisdiction in cases involving cyberspace activities it is also
important to consider whether the state has the authority to regulate
the activity in question; does that activity come within the
jurisdiction of that state, or is the state attempting to regulate
activity occurring extra-territorially. Because of the non-physical
nature of cyberspace, out of state defendants often assert that the
state is attempting to enforce its laws beyond its borders. State
will argue that they are merely trying to enforce their laws against
out-of-state defendants because the defendant’s actions have an
effect within the territory of the state .
The various state laws that have been passed concerning UCE each
specify the activity that the statute attempts to reach. For example,
in California the law provides that it "shall apply when the
unsolicited e-mailed documents are delivered to a California resident
via an electronic mail service provider's service or equipment
located in this state." Washington, on the other hand, specifies that
its regulation is directed at those who initiate transmission of UCE
from a computer located in Washington or "to an electronic mail
address that the sender knows, or has reason to know, is held by a
Washington resident." While a sender of UCE can easily determine
whether they are initiating a transmission from computer located in
Washington, determining the residence of any particular UCE recipient
is an entirely different matter. Washington’s law softens this
requirement by insisting on knowledge on the part of the sender, but
Washington’s law also provides that knowledge that the recipient
is a Washington resident shall be attributed "if that information is
available, upon request, from the registrant of the Internet domain
name contained in the recipient’s electronic mail address."
California’s law does not require that the sender know
the recipient is a resident of California.
Does Washington’s law comply with the requirements of the Due
Process Clause? How about California’s law? Is the problem one
of subject matter jurisdiction or personal jurisdiction?
7. Constitutional Problem 3: Commerce Clause. The Commerce
Clause of the United State Constitution gives Congress the power to
regulate interstate commerce. However, this clause also has been read
to have a reverse side to it, referred to as the "dormant commerce
clause." The dormant commerce clause is a phrase used to describe the
implication of the Commerce Clause that individual states may not
regulate interstate commerce, and that state regulation of commerce
occurring within that state may not unduly burden interstate
commerce. Because of the interstate (and international!) nature of
cyberspace, any regulation of activity in cyberspace by states is
subject to attack on dormant commerce clause grounds. Dormant
commerce clause attacks on state regulations of cyberspace activity
have been successful in other contexts. See American Civil
Liberties Union v. Johnson, 1998 U.S. Dist. LEXIS 9849 (June 30,
1998) (enjoining enforcement of New Mexico’s Communications
Decency Act-style law); American Library Association v. Pataki, 969
F. Supp. 160 (S.D.N.Y., 1997) (enjoining enforcement of a New York
cyber pornography law) available at: <http://www.aclu.org/court/nycdadec.html
>, see also Dan L. Burk, Federalism in Cyberspace,
28 Conn. L. Rev. 1095 (1996) {copies of this article may be obtained
in .pdf format from available through SSRN}.
Both the Washington and California Spam laws have been held by lower
courts to be unconstitutional on dormant commerce clause grounds. See
Washington v.
Heckel (King County Court, March 2000); Ferguson v. Friendfinder,
(San Francisco County Court, June 2000) http://www.law.washington.edu/LCT/lctnews.html
. The Washington Attorney General's office has requested the
Washington Supreme Court review the lower court's ruling (see
statement).
Merely because a state regulation impacts interstate commerce,
however, does not automatically make the law unconstitutional. In
Pike v Bruce Church, 397 U.S. 137 (1970) the Supreme Court
laid down the balancing test used to judge facially neutral
regulations that affect interstate commerce. Pike requires a two fold
inquiry. The first level of examination is directed at the legitimacy
of the state's interest served by the regulation at issue, while the
second level weighs the burden on interstate commerce in light of the
local benefit derived from the statute. This balancing of interests
seeks to determine whether the burden on interstate commerce created
by the law at issue is justifiable given the local benefits derived
from the law. Only if the legitimate local benefits outweigh the
burden on interstate commerce will the statute pass constitutional
muster.
How might you build a case either for or against the
constitutionality on dormant commerce clause grounds of the various
state laws summarized above?
A state regulation can also burden interstate commerce by creating
inconsistent requirements, or even the possibility of inconsistent
regulation. The classic examples of individual state regulation that
is inconsistent with the encouragement of interstate commerce is the
requirement of certain types of mudguards on trucks, Bibb v. Navajo
Freight Lines, Inc., 359 U.S. 520 (1959), and state regulation of the
maximum number of freight and passenger cars allowed in any railroad
train, Southern Pac. Co. v. Arizona ex rel. Sullivan, 325 U.S.
761 (1945). The Internet poses new challenges for state regulation.
Addressing the potential problems of inconsistent state regulation,
one court stated:
The courts have long recognized that certain types of commerce demand consistent treatment and are therefore susceptible to regulation only on a national level. The Internet represents one of those areas; effective regulation will require national, and more likely global, cooperation. Regulation by any single state can only result in chaos, because at least some states will likely enact laws subjecting Internet users to conflicting obligations. American Library Association v. Pataki, 969 F. Supp. 160 (S.D.N.Y.1997) available at: <http://www.aclu.org/court/nycdadec.html>
Does this mean that all state regulation of Internet activity is unconstitutional?
STEP TWO: The Federal Level
After considering the problems with state regulation of UCE, the next logical place to consider regulation is the federal government. For the past several years, bills have been introduced in the United States Congress concerning UCE. These bills have taken various approaches to regulating UCE. The approaches in these bills have ranged from amending the federal prohibition on sending "junk faxes," 47 U.S.C. § 227 (1994), to include UCE, to creating elaborate regulatory mechanisms for policing those who send UCE through a governmental agency such as the Federal Trade Commission. Absolute bans have also been introduced. See, e.g., Netizen’s Protection Act of 1997, H.R. 1748, 105th Cong. (1997). Several different bills with different approaches have been introduced in Congress.
In July, 2000 on July 18th, the US House of Representatives passed HR 3113, the "Unsolicited Commercial Electronic Mail Act of 2000", in a vote of 427-1. This legislation was the product of extensive negotiations between consumer groups, Internet Service Providers (ISPs), e-commerce businesses, and direct marketers. The key provisions of HR 3113 include:
On May 11, 2000 the "Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2000" was introduced in the Senate, S.2542. Like H.R. 3113, this Senate bill prohibits the use of false return addresses, requires senders of UCE to inform recipients of the ability to "opt-out" of receiving further emails, and requires senders to adhere to requests by recipients to opt-out. This bill also makes the distribution of spam enabling software unlawful. Additionally, under this proposed law ISP would be able to"decline to transmit unsolicited commercial e-mail messages to its subscribers without compensation from the sender." The FTC would be given enforcment authority, as would state attorney generals in certain circumstances. ISP would also have a private cause of action, however individuals would not.
Introduced by Senator Frank Murkowski, S. 759 would prohibit the sending of unsolicited commercial email messages to those who have notified the sender that they do not wish to receive such messages. Under this law, a person who secures a good or service from, or otherwise responds electronically to an offer in a commercial electronic mail message shall be deemed to have constructively authorized the receipt of unsolicited commercial email from the provider of the good, service, or offer. Unique to this law is a domain name wide opt-out provision, permitting the owner of a domain name to chose to be included on a list that would be maintained by the Federal Trade Commission and posted on the web. Sending unsolicited commercial email to any accounts on domain names contained on that list would be a violation of federal law. While the opt-out list is for domain name only, if the domain name is an Internet service provider, individual account holders may elect to receive UCE. Internet service providers who have opted out would be required to maintain a list of those subscribers that have chosen to continue receiving UCE. As of July 1999, the bill does not specify how such a list of account holders is to be made available, but rather leaves it to the FTC to promulgate rules.
Is this combination system of domain name wide opt-out and individual account holder opt-in a good compromise between the competing interests at stake?
As with other laws directed at UCE, the Inbox Privacy Act of 1999 requires senders of UCE to clearly and accurately identify themselves and the routing information, and to indicate that recipients can notify the sender that they do not wish to receive additional UCE from that sender. This act, however, specifies the procedure recipients and senders are supposed to follow: a recipient would send a message with the word "remove" in the subject line. Why might such a uniform procedure be beneficial?
Enforcement of this act is three-fold. First, persons who believe the Act has been violated could submit complaints to the FTC that would then investigate and prosecute violations. This Act would also give increased authority to the FTC to regulate commercial email practices through rules adopted by that agency. Second, states would also be permitted to bring actions for violations of the Act if the interests of the state were being adversely affected. Finally, on-line service providers could bring a civil action against violators. Remedies for such private actions include injunctions, damages of up to $50,000 per day of violation, and attorney’s fees. Are all three of these enforcement mechanisms necessary?
Can Spam Act (House version of the "can spam" act)
Introduced by Representative Gary Miller, H. R. 2162 prohibits the transmission of UCE to a provider that is in violation of the provider’s policy. In addition to posting the policy on the provider’s website, this Act provides for some technical mechanisms with which a provider must comply. A provider that has a policy banning UCE must include
"in the initial banner message that is automatically transmitted upon the establishment of a connection to any standard port for accepting electronic mail of any mail host designated to receive mail for the provider (which connection results from an attempt to send any electronic mail), of a textual message reading `NO UCE'" H.R. 2162, 106th Cong. (1999).
Enforcement of the prohibition on UCE is through civil action. However, only electronic mail service providers who suffer damage or loss by reason of a violation may bring a civil action for relief. In this case, is the law facilitating a technological solution, or dictating one?
The Can Spam Act also creates a new federal crime. Anyone who "knowingly and without authorization uses the Internet domain name of another person in connection with the sending of one or more electronic mail messages and, as a result of such conduct, causes damage to a computer, computer system, or computer network" would be violating federal law. This provision would be an amendment to the Computer Fraud and Abuse Act, 18 U.S.C. § 1030.
NOTES, COMMENTS, AND QUESTIONS:
1. Federal and state regulation? All of these proposed federal laws would be in addition to the state laws that are already in place. Should federal and state law be permissible? What types of problems might exist with both layers of regulation? Both the Unsolicited Commercial Electronic Mail Act of 2000 and the Senate Can Spam Act have express preemption provisions that preempt state law causes of action that would be inconsistent with the federal law, although they both expressly exclude from preemption actions for tresspass and computer fraud and abuse claims. California has its own provision indicating that it will no longer be effective if federal legislation regulating UCE is adopted. Is the California provision necessary? Who decides whether both federal and state regulation is compatible or appropriate?
2. Junk mail and junk fax comparison. There is no federal
law banning sending of unsolicited postal mail, often referred to as
junk mail. Over the course of a year individuals receive can receive
hundreds and even thousands of pieces of junk mail. From an
environmental impact perspective, this type of mail is much more
damaging. Consider the tremendous amount of paper and ink wasted in
printing, not to mention the environmental costs of the fuel required
to run the plants that print them and the fuel required to deliver
the tons of mail across the country. Should we be encouraging email
as an environmentally friendly alternative and considering bans on
junk mail? Or, is there a difference between the costs of these two
forms of advertising?
When faxes became a popular means of business communication,
thousands of marketers used the opportunity to advertise their
products by faxing information to potential customers. Federal law
was enacted to stop this practice. See David Sorkin,
Unsolicited Commercial E-Mail and the Telephone Consumer
Protection Act of 1991, 45 Buff. L. Rev. 1001 (1997). Is UCE more
like junk faxes, which have been prohibited, or more like junk mail,
which has proliferated?
3. Enforcement and the international nature of cyberspace.
As with state law, if federal law were enacted, enforcement would
become a critical issue. Many argue that federal law will merely
cause senders of mass UCE to merely move off-shore, beyond the reach
of federal legislation. While some believe the risk of such off-shore
emailers is not that great, see, e.g., Unsolicited Commercial Email,
Quick FAQ <http://www.cauce.org/faq.shtml#offshore>
the possibility raises one of the most difficult issues in government
regulation of any activity in cyberspace. Because the Internet
connects people from all over the world, any one country’s laws
cannot govern all of cyberspace. Regulation of cyberspace activity
boils down to the ability to enforce that regulation. The United
States cannot enforce its laws against an individual living in
Turkey, unless, in criminal cases extradition can be obtained. In
civil matters, a due process and fundamental fairness analysis will
be employed. Even if a court finds that personal jurisdiction over a
Turkish resident is appropriate, enforcement of any monetary
judgement would turn on the finding assets located in a country
willing to recognize the validity of the judgment entered by the U.S.
court.
An alternative is to have international treaties relating to the
governance of cyberspace activity that are, in turn, enforced by each
country. This would still relegate lawsuits to the judicial process
of the country in which the defendant is located, or at least to
countries in which the defendant is legitimately subject to
jurisdiction.
STEP THREE: The International Level
The United States in not the only country that is attempting to regulate the sending of mass commercial emails. In Europe, the European Commission adopted Article 10 of the Directive of 20 May Concerning Distance Contracts (97/7/EC 23) relating to UCE. This is the same approach that is used toward junk telephone solicitors in Europe. Article 10 directs member countries to provide for a basic opt-out system for UCE, although it leaves the details of that system to each member state. Member states are in the process of adopting conforming legislation. Article 14 of that Directive permits member states to adopt provisions that are more stringent than the minimum required by the treaty.
The European Union provides, on a small scale, an example of countries harmonizing their laws relating to the regulation of activity in cyberspace. Is the European approach to regulating UCE on that could be implemented on a larger scale?
Go to the next unit of this module
Return to the Main Module page
Return to the Learning Cyberlaw homepage
