|
|
[1] The range of approaches includes seeking legal redress, establishing joint industry association guidelines to set parameters on appropriate behavior, providing user and ISP-based filtering tools, and various vigilante efforts. The complete record of comments submitted to the FTC about UCE can be found at
[2] The political organization Informed Voter is using email to contact potential Democratic voters. In response to criticism, Robert Barnes, a principle in the firm, agreed that he was "just trying to leverage one of the most powerful mass media available today to reach voters who would want to be contacted." Janet Kornblum, Political Mailings Criticized As Spam, CNET NEWS.COM (April 22, 1998)
[3] 117 S. Ct. 2329 (1997).
[4] Attempts to regulate the availability of encryption on the Internet highlight the frustrations that regulators may experience. As many scholars and advocates have pointed out, national attempts to restrict the availability of encryption are likely to be ineffective. For if even one jurisdiction (or one network in one jurisdiction) fails to restrict encryption, individuals world wide will be able to access it over the Internet and use it.
[5] EF-Austin, EF-Florida, and Voters Telecommunications Watch, Comments to the Federal Trade Commission on Unsolicited Commercial Email, June 2, 1997. The cost issues addressed in this section are largely taken from these comments, by permission.
[6] Based on an informal survey of 11 ISPs' expenses related to UCE. As much as $2 of a monthly service bill may be attributed to UCE. Daniel P. Dern, Spam Costs Internet Millions Every Month, CMP NET,(May 4, 1998)
[7] On the state's interest in protecting privacy, see: Florida Bar v. Went For It, Inc., 515 U.S. 618 (1995) (upholding temporal ban on direct mail solicitation by personal injury lawyers). "[A] special benefit of the privacy all citizens enjoy within their own walls, which the State may legislate to protect, is an ability to avoid intrusions." Id. at 625 (citations omitted); Rowan v. Post Office Dept., 397 U.S. 728, 736-37 (1970) (upholding postal regulation of offensive mail).
[8] Numerous state and local laws govern door-to-door solicitations. The U.S. Supreme Court has recognized both the legitimate privacy interests of individuals and the role that door-to-door communication plays in inexpensively disseminating ideas. Martin v. Struthers, 319 U.S. 141, 145-46 (1943). The Court has held that door-to-door solicitations can be governed by time, place, and manner restrictions but not banned. Id. at 149. But see, Breard v. Alexandria, 341 U.S. 622 (1951) (Unsolicited commercial door-to-door solicitation ban upheld). The Court has held that commercial speech could be subject to stricter controls. Central Hudson Gas & Elec. Corp. v. Public Serv. Comm'n, 447 U.S. 557, 564-65 (1980). However, more recent decisions have emphasized the First Amendment protections of truthful and non-misleading commercial speech. See, 44 Liquormart, Inc. v. Rhode Island, 517 U.S. 484 (1996); City of Cincinnati v. Discovery Network, Inc., 507 U.S. 410 (1993).
[9] Interestingly, a number of proposals currently under consideration by Congress attempt to address the problem of direct mail by limiting the sale and rental of personal information by entities who collect it. See, Personal Information Privacy Act of 1997, S. 600, 105th Cong. (1997) (introduced by Sen. Feinstein); H.R. 98, 105th Cong. (1997) (introduced by Rep. Vento); and, H.R. 1287, 105th Cong. (1997) (introduced by Rep. Franks). Other proposals aimed at limiting direct mail have focused on limiting the mail itself.
[10] See, Telephone Consumer Protection Act (TCPA) of 1991, 47 U.S.C. § 227 (1994).
[11] Id. The TCPA prohibits unsolicited facsimiles that contain advertisements. 47 U.S.C. § 227(b)(1)(C) (1994).
[12] Cf. Bolger v. Youngs Drug Products Corp., 463 U.S. 60 (1983), finding that, "the short, though regular journeys from mail box to trash can . . . is an acceptable burden (on individual privacy) . . . so far as the Constitution is concerned." Id. at 72 (citation omitted); State by Humphrey v. Casino Marketing Group, 491 N.W.2d 882 (Minn. 1992), cert. denied, 507 U.S. 1006 (1993), holding that "the residential telephone is uniquely intrusive. The caller . . . is able to enter the home for expressive purposes without contending with such barriers as time or distance, doors or fences. . . . Unlike the unsolicited bulk mail advertisement found in the mail collected at the resident's leisure, the ring of the telephone mandates prompt response, interrupting a meal, a restful soak in the bathtub, even intruding on the intimacy of the bedroom." Id. at 888.
[13] The report accompanying the TCPA details additional costs associated with automatic dialing systems. Findings include:
automated calls are placed to lines reserved for emergency purposes, such as hospitals and fire and police stations; . . .
the automated calls fill the entire tape of an answering machine, preventing other callers from leaving messages;
the automated calls will not disconnect the line for a long time after the called party hangs up the phone, thereby preventing the called party from placing his or her own calls; automated calls do not respond to human voice commands to disconnect the phone, especially in times of emergency;
some automatic dialers will dial numbers in sequence, thereby tying up all the lines of a business and preventing any outgoing calls; and
unsolicited calls placed to fax machines, and cellular or paging telephone numbers often impose a cost on the called party . . . .
S.Rep. No. 102-178, reprinted in 1991 U.S.C.C.A.N. at 1969.
[14] EF-Austin, EF-Florida, and Voters Telecommunications Watch, Comments to the Federal Trade Commission on Unsolicited Commercial Email, June 2, 1997. Over 2,700 people answered the user survey, and 60 ISPs answered the institutional survey conducted for the Workshop.
[15] Joe Keely of Senator Frank Murkowski's (R-AK) office reported many complaints about the cost of unsolicited commercial email due to the expense of connect time in the state of Alaska (as high as $6 per hour). The VTW survey received varied answers for what connect time costs users, ranging from $0.50 to $4 per hour.
[16] The range of responses stated that this cost is approximately $1 per megabyte.
[17] Informal survey findings reported in CMP NET reveal a range of expenditures and a range of costs. Dern, supra note 6. Sample responses:
MindSpring Enterprises Inc., Atlanta: Twenty to 25 percent of the incoming email at this midsize ISP is spam, said Harry Smoak, MindSpring's director of Net abuse and terms of service policy. To support Usenet activity, MindSpring currently has about $500,000 in equipment. "If there was no spam, we could probably do with one-third to one-half this equipment," Mr. Smoak said. E-mail and Usenet spam consume about one to two T1s (1.5 megabits per second to 3 Mbps) of bandwidth between MindSpring and its upstream Internet backbone. Also used up is the time spent byone-and-a-half engineers on spam-related abuse issues.
Erols Internet Services, Springfield, Va.: This midsize ISP spends $75,000 in salaries for three full-time employees whose sole responsibility is to deal with email abuse issues. "I would say it's among the reasons we recently had to up our prices," said an Erols system administrator. "Fully 10 percent to 15 percent of our e-mail disk space is taken up by incoming spam sent to Erols' customers. I estimate that probably five percent of the total traffic through Erols' networks is spam being bounced off our servers onto the rest of the Internet."
GTE Internetworking, Cambridge, Mass.: "There are typically two to four people working full time on spam," said a spokeswoman at this ISP. "GTE has to deal both with spammers and spam itself."
America Online Inc., Dulles, Va.: Of the average of 14 million email messages coming from the Internet to AOL daily, five to 30 percent are spam, an AOL spokeswoman said. "We have to scale the network to handle this," she said. "This costs the members, especially those who pay hourly rates." She declined to elaborate.
[18] See generally, People v. Lipsitz, 663 N.Y.S.2d 468, (N.Y. Sup. Ct. 1997). The New York State Court held that the state attorney general can pursue senders of UCE who violate consumer protection statutes. The defense argued that only federal courts could exercise jurisdiction in such matters. Lipsitz was enjoined from sending UCE advertisements, and ordered to pay restitution to the consumers whom he and his company had defrauded.
[19] Federal Trade Commission, FTC to Junk E-mailers: "No Scamming While You're Spamming" (Feb. 5, 1998) [20] Complaint for permanent injunction and other equitable relief, FTC v. Maher, et al. (visited June 25, 1998) [21] The FTC maintains the address uce@ftc.gov for this purpose. The Junkemail.org Web site contains a questionnaire designed to aid consumers in identifying fraudulent UCE and sending it to the FTC. [22] The content of this paragraph and the following paragraph have been checked with the Federal Trade Commission staff and they consider it to be an accurate statement.
[23] 1998 Wa. ALS 149; 1998 Wa. Ch. 149; 1997 Wa. HB 2752. The statute also creates the Select Task Force on Commercial Electronic Mail Messages. The task force is directed to identify technical, legal, and cost issues in relation to the transmission and receipt of commercial electronic mail messages, evaluate the sufficiency of existing laws, review efforts of the federal and other state governments, and prepare a report identifying policy options and recommend legislation if needed.
[24] State regulations that unduly burden interstate commerce are unconstitutional under the so-called "dormant" commerce clause. See, e.g., Kassel v. Consolidated Freightways Corp. of Del., 450 U.S. 662 (1981). A New York District Court has held that broad regulation of the Internet by a state is unconstitutional under this standard. ALA v. Pataki, No. 97 Civ. 0222 (S.D.N.Y. June 20, 1997) (order granting preliminary injunction).
[25] Without accuracy it is difficult to track down and identify those engaged in online commercial fraud, it is extremely difficult for service providers and users to filter out mail from unwanted senders, and it is nearly impossible for besieged end users to tell senders of UCE to remove them from their list. Accuracy requirements need not run afoul of the First Amendment protections for anonymous speech. Most anonymous remailers forbid the use of their services for UCE and accurately identify the source of the message as an anonymous individual. These services are infrequently used by senders of UCE.
[26] Companies and individuals whose domain names and addresses have been used by senders of UCE have also found relief through litigation. See, Parker v. C.N. Enterprises, No. 97-06273 (Tex. Travis County Dist. Ct. Nov 10, 1997) (visited June 26, 1998) [27] See, 18 U.S.C. § 1343 (1997); and the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (1997). Analysis isavailable courtesy of the Justice Department's Computer Crime and Intellectual Property Section (CCIP). Computer Crime and Intellectual Property Section, U.S. Dept. of Justice, National Information Infrastructure Protection Act of 1996: Legislative Analysis (last modified June 20, 1997) [28] 18 U.S.C. § 1962(c) (1997).
[29] E.g. false, deceptive or misleading advertising. See, VA. CODE ANN. § 18.2-178 (1997) (criminal) and VA. CODE ANN. § 59.1-200A(8) (1997) (civil); and CAL. BUS. & PROF. CODE § 17500 (criminal) and CAL. BUS. & PROF. CODE § 321 (civil).
[30] See, Cyber Promotions, Inc. v. America Online, 948 F. Supp 456 (E.D. Pa 1996) (visited June 26, 1998) [31] 18 U.S.C. § 1030(a)(4), (g) (1997).
[32] The myriad of suits filed against Cyber Promotions by various service providers including AOL, Compuserve, Bigfoot Partners and Concentric Network attests to this problem. Recently, Craig Nowak, who was sued by a group of service providers and enjoined by a Texas court from sending further UCE to them, was identified in a case by Hotmail as engaged in sending UCE. Mr. Nowak is negotiating a consent decree in which he will once again promise not to engage in sending UCE.
[33] Gene Crick, President, Electronic Frontiers Texas, President, Texas Internet Service Providers Association, Director, Texas Community Resource Center Internet Access Project, and Editor/Publisher of the Texas Telecommunications Journal, commenting upon the case of Craig Nowak.
[34] For a full exploration of this issue see, P. Hoffman and D. Crocker, Unsolicited Bulk Email: Mechanisms for Control, Internet Mail Consortium Report: UBE-SOL, IMCR-005, October 13, 1997 [35] Lisa M. Bowman, Outlook 98 Filter Goes Too Far, Some Say, ZDNN (Apr. 3, 1998) [36] A fourth bill, the Data Privacy Act of 1997 (House Bill 2368) introduced by Representative W.L. Tauzin (R-LA) contains a section addressing unsolicited commercial email, and a fifth bill is likely to be introduced by Rep. Merrill Cook (R-CA).
[37] For a copy of the bill and a full explanation of its contents see appendix.
[38] For a copy of the bill and a full explanation of its contents see appendix.
[39] For a copy of the bill and a full explanation of its contents see appendix.
[40] The Anti-slamming Amendments Act of 1998, H.R. 3888, introduced by Rep. Tauzin (R-LA) takes a similar approach to addressing UCE.
[41] Delving into the appropriate remedial structure for a law addressing UCE is beyond the scope of this report. However, several participants in the working group have noted that private rights of action empower individuals with a tool and, if appropriate statutory relief is structured, an incentive to pursue claims. On the downside, others have noted that the private right of action provided under the TCPA is hindered by the rules of small claims courts and the obstacles to bringing class actions, which would offer a better deterrent. In addition, service providers have voiced some concern with the discovery requests that they could potentially face if thousands of individuals are seeking information from them about the origin of a piece of UCE. Needless to say, in addition to structuring the appropriate rules a statutory approach should carefully structure an enforcement system that provides maximum relief, deterrence and incentives to pursue claims.
[42] Several service providers have objected to these sections of the bill because they would burden them with additional administrative andcomplaint-handling responsibilities.
[43] Working Group members have taken vari ous positions on pending legislation, including H.R. 1748, which would ban UCE. Some have supported H.R. 1748; others have opposed it. Some participants have refrained from taking public positions on legislation at all.
[44] Mandatory author self-labeling requirements are compelled speech and raise First Amendment concerns. In general, any regulation that compels speech is content-based and subject to strict scrutiny. Mandatory labeling of all Internet content would also be content-based regulation, because it would compel the speaker to make "statements of fact the speaker would rather avoid." Hurley v. Irish-American Gay Lesbian and Bisexual Group of Boston, Inc., 515 U.S. 557, 573 (1995), citing McIntyre v. Ohio Elections Comm'n, 514 U.S. 334, 341-342 (1995) and Riley v. National Federation of Blind of N.C., Inc., 487 U.S. 781, 797-798 (1988). See also, McIntyre, 514 U.S. at 345 ("[E]ven though this provision [prohibiting anonymous campaign literature] applies evenhandedly to advocates of differing viewpoints, it is a direct regulation of the content of speech").
[45] The commercial speech doctrine does not apply to most communication on the Internet. Commercial speech is a highly limited category, applying generally only to advertising and similar speech. See Rubin v. Coors Brewing Co., 514 U.S. 476, 482 (1995) ("[A] test based on '"the commonsense distinction between speech proposing a commercial transaction, which occurs in an area traditionally subject to government regulation, and other varieties of speech'"), quoting Central Hudson v. Public Services Comm'n of New York, 447 U.S. 557, 562 (1980) (citation omitted). Further, expression does not become commercial speech merely because it is sold or involved in a financial transaction. See, Bolger v. Youngs Drug Products Corp., 463 U.S. 60, 66 (1983).
[46] See Consolidated Edison, 497 U.S. at 563.
[47] See Hurley 515 U.S. at 573 (quoting Zauderer v. Office of Disciplinary Counsel of Supreme Court of Ohio, 471 U.S. 626, 651 (1985)).
[48] 47 U.S.C. § 227(d)(1)(B).
[49] In addition, if email becomes the dominant method of communicating (becoming the 21st century post office and postbox) there may be some other interesting issues. For example, the Court struck down a law that required people who wished to receive "communist literature" to sign-up at the post office - otherwise it would be "filtered" out for them. Lamont v. Postmaster General, 381 U.S. 301 (1965). Requirements that force us to "list" ourselves as interested in particular information may invite some trouble down the line.
[50] Robert J. Hall, How to Avoid Unwanted Email, COMM. OF THE ASS'N FOR COMPUTING (ACM) Vol. 41, No. 3, March 1998, at 88
A longer version is available from the author at [51] Luc ent's Personalized Web Assistant (LPWA) has provided such a feature to its users since June 1997, for email addresses provided via the Web. Lucent Technologies, The Lucent Personalized Web Assistant (last modified May 7, 1998) [52] The Internet Mail Consortium provides an organized listing of the various IETF proposals to address UCE. Internet Mail Consortium, IETF Working Groups (visited June 26, 1998) [53] Lorrie Faith Cranor and Brian A. LaMacchia, Spam!, COMM. OF THE ASS'N FOR COMPUTING (ACM) (forthcoming) (visited June 26, 1998) [54] See, P. Hoffman and D. Crocker, Unsolicited Bulk Email: Mechanisms for Control, Internet Mail Consortium Report: UBE-SOL, IMCR-005, October 13, 1997 [55] In October 1997, RSA Data Security gave the Internet Software Consortium (ISC) a free technology license to encrypt and verify domain name system addresses on the fly.
[56] Internet Consumer Protection Act of 1998, A.B. 1629, 1997-98 Sess. (Cal.). Introduced by Assemblyman Gary Miller (R-60th Dist.), this bill was supported unanimously by the consumer protection committee of the California Assembly. The committee heard testimony in support of the legislation from representatives of the ISP Consortium, AOL, Netcom, CAUCE, and concerned citizens. The ACLU sent a letter of opposition to the committee. The bill must pass through the judiciary committee and the appropriations committee before it will be voted on by the whole assembly.
[57] One service provider sent the following message to a company whose name had fraudulently been used in UCE and therefore had been erroneously black-holed:
It has come to our attention that you are providing service to [name deleted], who are operating the web site [name deleted]. This company is offering an opt-out service to prevent Internet abuse, or "spam". While we laud the efforts of your customer we must ask you to disconnect service to him. Opt-out lists are forbidden by our Acceptable Use Policy, due to the fact that they may cause many sites to block [our]...networks. This global problem is effecting all of our customers, and action must be taken. There have been numerous complaints, and more importantly, black-holing (denial of data traffic) of our domain and IP space....Please disconnect this customer within the next 24 hours or we will be forced to take other action.
Email, 12 June 1998, (author's and recipient's names omitted) (on file with the Center for Democracy and Technology).