|
 |
|
|||||
|
July 14, 2003
CDT agrees that the time has come to enact federal anti-spam legislation. We believe that a reasonable spam bill would include:
A bill with these provisions could be effective in reducing the amount of spam while protecting the free flow of information and the open, decentralized qualities of the Internet. It would give government agencies and ISPs additional remedies while also empowering users.
On the other hand, we strongly oppose mandatory labeling of email whether for all commercial email or for the odious subcategory of pornographic email. Provisions for labeling sexually oriented email are unconstitutional - they will become mired in the same litigation that has ensnared other government efforts to regulate content on the Internet. Provisions giving the FTC rulemaking authority to dictate standard markings for email, such as is proposed in H.R. 2214 and 2515, essentially involve the FTC in setting technical standards for the Internet. This is a terrible precedent. FTC labels would empower gatekeepers rather than users. This is fundamentally inconsistent with the openness of the Internet.
Finally, we note that it is really impossible to say with assurance what effect any of the proposed bills will have on the amount and nature of spam. CDT believes that any spam legislation must include a provision that Congress will monitor the degree to which the law is effective and will revisit the issue in a time certain. Congress should include in the bill a provision for a study commission to evaluate the effectiveness of these measures and report back on needed changes, if any.
The legislative process has reached the point where it is important to pay very close attention to the actual language. Several of the provisions being considered are drafted with overbroad language. We make specific suggestions below on these provisions.
Prohibitions on Spoofing - Ensuring that Pseudonyms and Screen-names Are not Made Illegal: CDT supports legislative prohibitions against falsifying routing information. However, the language should make it clear that the pseudonyms used by many Internet users will not be rendered illegal by the law. We are concerned that language in some of the bills could cover screen-names. For example, the Senate CAN-SPAM Act would make it illegal to send a message that contains header information that is false or misleading.
The criminal provisions of H.R. 2214 and 2515 make it a crime to falsify the sender's identity
and go on to say that an identity may be falsified by any means.
If someone uses the email address falsified her identity
or used header information that is false?
Many people use as their email addresses funny names that aren't their own or other pseudonyms that they haven't registered as tradenames. We know it isn't the intent of the drafters to criminalize or outlaw this behavior, but that needs to be made clear.
The language in the Hatch-Leahy bill, S. 1293, is preferable: falsifies header information.
This comes closer to conveying the notion that the issue is the integrity of the routing information as a technical matter.
However, S. 1293 very broadly defines header information as the source, destination, routing information, or information authenticating the sender, associated with an electronic mail message, including but not limited to the originating domain name, originating electronic mail address, information regarding any part of the route that an electronic mail message travels or appears to travel on the Internet or on an online service, or other authenticating information.
It is not clear what authenticating information
is. Could it include one's personal name? The CAN-SPAM Act also includes in the definition of header information any other information that appears in the line identifying, or purporting to identify, a person initiating the message,
without regard to whether there is an intent to deceive. In contrast, the definition of header information in H.R. 2214 and 2515 is the narrowest: The source, destination, and routing information attached to an electronic mail message, including the originating domain name and the originating electronic mail address.
We believe that the best approach is to combine the definition of H.R. 2214/2515 with the substantive language of S. 1293. Thus, we would recommend that the civil provision of H.R. 2515 be rewritten to read as follows:
No person may initiate in or affecting interstate commerce the transmission, to a covered computer, of any commercial electronic message or any commercial transactional electronic mail message that contains or is accompanied by falsified header information. Falsified header information includes -
- header information that uses a third party's domain name without the third party's permission; and
- header information that includes an originating electronic mail address the use of which in connection with the message was not authorized by a legitimate holder of the address, or access to which was obtained by means of false or fraudulent pretenses.
The criminal provision should use the same formulation.
We note that the criminal provisions of H.R. 2214 and 2515 also include another specific prohibition: registering, using information that falsifies the identity of the registrant, for multiple electronic mail accounts or domain names, and sending the message from those accounts, or from or advertising those domain names, but failing to include in a conspicuous form in the message the identity and current contact information of the sender.
CDT recommends that this be dropped. It may implicate the so-called Whois
database, which contains identifying information about domain name holders. There is an ongoing debate over what personal information should be required to be made public in the Whois
databases. We are concerned that this provision could be seen as prejudging or foreclosing a balanced resolution of that debate. Until that debate is resolved in the context of all the interests implicated by Whois, it would be best not to criminalize conduct related to the disclosure or non-disclosure of information for Whois databases.
Prohibition on Use of Deceptive or Misleading Subject Headings: CDT believes that it should be unlawful to use fraudulent language in the subject heading of a commercial email. However, we are concerned that the pending bills do not adhere to the principle of technology neutrality. It is not clear to us whether the standard for false or misleading
subject lines included in several of the bills adopts a different standard for email than already applies to other types of commercial advertisements or solicitations. Why is it necessary to enact a special law to prohibit false or misleading
advertising in the form of commercial email when all deceptive advertising is already illegal under the FTC Act, regardless of medium? This should be clarified.
Opt-out: We support the opt-out provisions of the bills at this time, even though we believe that opt-out has serious limitations in the case of email, mainly because consumers often have no means of knowing whether to trust that their opt-out request will be honored. Exercising an opt-out with an unscrupulous spammer merely tells the spammer that your email address is working. Currently, CDT recommends that consumers not exercise opt-out offered in spam from users they don't know, and if the current bills become law, we will have to keep giving that advice. Nevertheless, opt-out is effective with legitimate marketers, and we support it as part of this package, on the ground that it gives consumers control over some commercial email.
We believe that it is appropriate to explore various mechanisms for trusted opt-out, but great care must be exercised to ensure that they do not result in the creation of a gatekeeper Internet. Such proposals are still in the discussion phase, and it would be premature to legislate them now. For these reasons, we support the opt-out that is in the bills as the best that can be done now.
Enforcement - Private Right of Action: CDT believes that, if legislation is to be effective, it must be enforced by the Federal Trade Commission, state attorneys general on behalf of their citizens, and ISPs. CDT also believes that a private right of action provides an additional appropriate deterrent to senders of spam and empowers users, who currently feel helpless. CDT endorses the approach taken in the Telephone Consumer Protection Act (TCPA), which prohibits the sending of unsolicited commercial faxes. TCPA allows individuals to bring claims in small claims court. Under the TCPA, there is no burdensome discovery and there are no class actions. The language from the TCPA, 47 U.S.C. sec. 227(b)(5), which could easily be modified to fit the spam context, is -
(5) PRIVATE RIGHT OF ACTION. A person who has received more than one telephone call within any 12-month period by or on behalf of the same entity in violation of the regulations prescribed under this subsection may, if otherwise permitted by the laws or rules of court of a State bring in an appropriate court of that State -
- an action based on a violation of the regulations prescribed under this subsection to enjoin such violation,
- an action to recover for actual monetary loss from such a violation, or to receive up to $500 in damages for each such violation, whichever is greater, or
- both such actions.
It shall be an affirmative defense in any action brought under this paragraph that the defendant has established and implemented, with due care, reasonable practices and procedures to effectively prevent telephone solicitations in violation of the regulations prescribed under this section. If the court finds that the defendant willfully or knowingly violated the regulations prescribed under this subsection, the court may, in its discretion, increase the amount of the award to an amount equal to not more than 3 times the amount available under subparagraph (B) of this paragraph.
Federal Preemption - Congress will Need to Revisit the Spam Issue: Given the difficulties of enforcing inconsistent state laws on the Internet, CDT supports federal pre-emption in this case. However, we do so with the recognition that any legislation Congress passes on spam this year will NOT be the last word on the subject. No one really knows what impact these provisions will have on the nature and amount of spam. No one really knows if any of the ideas in the bills will be effective. Therefore, the preemption provision should be thought of as a moratorium. Given uncertainties about what will work, if Congress is going to shut off further responses by the states, Congress should create a mechanism for ensuring that the effectiveness of the law will be fully assessed and further ideas will be examined. Therefore, we recommend that Congress create a broadly representative commission to report back on the effect of the opt-out, the risks and possibilities of trusted opt-out, and the desirability of opt-in, as well as other issues that emerge as the law is implemented.
Requirement that Commercial E-mailers Provide Contact Information: CDT believes that there should be a means to identify and contact commercial emailers just as there are in other business contexts. However, it is not necessary that the contact information be a street address. Many people who earn their sole livelihood online do so by working out of their homes full-time. A large percentage of these are women, probably many of them single. They should not be required to disclose their home address in every communication with their customer. Rather, it should be sufficient if there is some means of identifying them in the case of a dispute. For example, AOL will disclose true names behind screen names, pursuant to a subpoena or court order. We recommend that the language be amended to say É unless the message provides É a means of contacting the sender in case of dispute.
Standardized Labeling (ADV) - CDT opposes standardized labeling, such as the proposed requirement that senders of commercial email include an ADV
in the subject line. Such labeling represents a form of forced speech, burdening the speaker by requiring him or her to characterize the nature or content of the email. With this requirement, government would be forcing individuals to say something they would not otherwise say, in a government-specified manner. There are other effective ways to reduce spam.
Labeling of Sexually Oriented Content - FTC Rulemaking for Technical Standards: The provision in H.R. 2214 and 2515 on labeling of sexually oriented material suffers from the same constitutional defects as Congress' earlier attempts to regulate sexually related commercial email. It is vague and will get tied up in litigation, with no effect on the volume of porn spam, which generally comes from illegitimate spammers who will probably not cooperate with labeling schemes.
Moreover, we strongly oppose FTC rulemaking to dictate standard markings for email, whether for all commercial email or for the odious subcategory of pornographic email, such as is proposed in H.R. 2214 and 2515. FTC specification of technical standards will set a terrible precedent for the Internet, empowering gatekeepers rather than users. This is fundamentally inconsistent with the openness of the Internet. When it comes to the content of speech (as opposed, e.g., to ingredients labels), labeling systems should be voluntary, they should include multiple systems developed in the marketplace, and they should not be government controlled or enforced.
For further information, contact Jerry Berman, Ari Schwartz or Paula Bruening, (202) 637-9800.
|
The Center For Democracy & Technology 1634 Eye Street NW, Suite 1100 Washington, DC 20006 (v) 202.637.9800 (f) 202.637.0968 Contact CDT Copyright © 2005 by Center for Democracy and Technology. |