|
 |
|
|||||
|
Dear
The Center for Democracy and Technology takes this opportunity to comment on H.R. 2214, anti-spam legislation currently under consideration in the Commerce Committee. CDT agrees that the time has come to enact federal anti-spam legislation. We believe that a reasonable spam bill would include:
Many of these features are in the latest draft of H.R. 2214 and we commend the sponsors and other Members who have worked hard to bring the legislation to this point. However, we have several concerns with the proposed language, both in terms of what is still missing (a private right of action) and in terms of some of the provisions in the draft that would interfere with the open, decentralized qualities of the Internet. (These comments speak to the version of the bill dated September 10, 2003, the last draft available to us.)
1. The criminal anti-spoofing language in H.R. 2214 could reach lawful, pseudonymous email addresses.
In prohibiting spoofing, it is important that any anti-spam legislation does not prohibit the use of pseudonyms. Many email users, including many small entrepreneurs, use pseudonymous email addresses: "johnnyonthespot@hotmail.com" may not actually be named Johnny. We are concerned that the current criminal provision of H.R. 2214 makes it a crime to "falsify the sender's identity" and goes on to say that "an identity may be falsified by any means." The real issue should be the integrity of routing information. We believe that the language "falsifies header information" is better. The criminal section of the bill contains a good definition of" header information."
Therefore, we recommend that the criminal provision of H.R. 2214 (the proposed new 18 U.S.C. 622) be rewritten to read as follows:
"(a) IN GENERAL. Ð Whoever intentionally sends to a covered computer a commercial electronic mail message that the sender knows contains or is accompanied by falsified header information shall be punished as provided in section 624.
"(b) METHODS OF FALSIFYING HEADER INFORMATION. Ð For the purposes of subsection (a), the following conduct shall be considered to be a falsification of header information:
(1) By accompanying the message with header information that is false as to the originating domain name or originating electronic mail address (including header information that uses a third party's domain name without the third party's permission) or as to the routing of the message.
(2) By accessing a covered computer or computer network without authorization or exceeding authorized access and, by means of such conduct, sending, from or through that computer or network, the message that falsifies header information.
(3) Registering, using information that falsifies the identity of the registrant, for multiple electronic email accounts or domain names, and sending the messages from those accounts, or from or advertising those domain names, but failing to include in the message the identity and current contact information of the sender."
2. Spam legislation should include a private right of action, based on the successful approach Congress took in the Telephone Consumer Protection Act (TCPA), which prohibits the sending of unsolicited commercial faxes.
We support the provisions of HR 2214 for FTC, state AG and ISP enforcement. However, the bill lacks what might be the most effective means of enforcement Ð a narrowly drawn individual right of action. The TCPA allows individuals to bring claims in small claims court. Under the TCPA there is no burdensome discovery and there are no class actions.
We recommend inclusion in H.R. 2214 of a private right of action, based on the TCPA, 47 U.S.C. sec. 227(b)(5), which could easily be modified to fit the spam context.
3. Labeling requirements are a form of forced speech and pose constitutional issues; FTC prescription of technical standards for labeling is particularly undesirable; and the labeling provision in the bill has drafting problems.
We oppose mandatory labeling of email whether for all commercial email or for pornographic email. Requirements to label sexually oriented email are unconstitutional and will ultimately face the same litigation that has ensnared other government efforts to regulate content on the Internet. Provisions giving the FTC rulemaking authority to dictate standard markings for email, such as is proposed in H.R. 2214, essentially involve the FTC in setting technical standards for the Internet. FTC labels would establish a terrible precedent, empowering gatekeepers rather than users. This is fundamentally inconsistent with the openness of the Internet.
Drafting issues in Section 101(e) of the latest version of H.R. 2214 illustrate the difficulty of imposing a mandatory labeling requirement: As we last saw it, the labeling provision is susceptible to a "damned if you do, damned if you don't" reading that is facially unconstitutional. We assume it is unintended, but 101(e) says that it is unlawful to send a message that includes "sexually oriented material" and (A) fail to label it or (B) fail to provide that the message when initially opened does not include sexually oriented material but only instructions on how to access sexually oriented material. This means that if you send a message with sexually oriented content and you label it, you still violate 101(e) because you have failed to send the message in a way that includes only instructions on how to access the sexually oriented material. In essence, the "fail to" language makes it illegal to fail to do (A) and illegal to fail to do (B) and (B) is a prohibition against including sexually oriented material in the initial message. (In this case, changing "or" to "and" doesn't cure the problem.) The effect of (B) is to prohibit sending commercial email that includes anything more than instructions on how to access sexually oriented material, even if the material is lawful. Thus, as drafted, (B) becomes not a labeling requirement, but a prohibition on including lawful sexually oriented material directly in a commercial email. That is clearly unconstitutional.
To compound the confusion, if you comply with (B), and don't actually "include" sexually oriented material but only instructions on how to access sexually oriented material, then the whole section doesn't apply. But (B) also says that even if you don't include sexually oriented material, (B)(iii), you must still label your message as including sexually oriented material, (B)(i). The circularity is mind-numbing. If nothing else, 101(e) fails the constitutional requirement of clarity in legislation regulating speech.
Moreover, the draft language of 101(e)(B)(iii) seems to be based on a misconception of how email works. Already, much "porn spam" consists only of "instructions" on how to access sexually explicit images. Those instructions are machine-readable. Many users have set their email programs to automatically execute those instructions and access and display the image, whatever it is. But technically much porn spam already complies with the "include only a link" provision, because the email ONLY includes a HTML link to an image, and the user's email client has to be set (pursuant to user instructions but they may come set that way on default) to undertake a separate action to retrieve the image.
The draft also suffers from overbroad terminology. The draft makes it a federal crime not to label a commercial email that includes "sexually oriented material." That phrase encompasses a good deal of lawful content, and could include the latest Britney Spear's album, a family planning site, or an art exhibit. Later the bill defines "sexually oriented material" as depictions of "sexually explicit conduct." That is surely a better definition, so we wonder why section 101(e)(1) doesn't use it directly.
4. Given the limited and unpredictable effects that H.R. 2214 may have on spam, the bill should include a "sunsetted" preemption, rather than a perpetual pre-emption, of state regulation.
Given the difficulties of enforcing inconsistent state laws on the Internet, CDT supports federal pre-emption in this case. But we do so with the recognition that Congress will have to revisit the spam issue. The effect of H.R. 2214 on the amount and nature of spam is highly speculative. Congress should monitor the degree to which the law is effective, and we support the provisions in Sections 301(b) and 303 of H.R. 2214 that will assist Congress in doing so. However, the bill should go further by forcing Congress to revisit the issue substantively. The best way to do this would be in the context of a sunset of the preemption. If the preemption provision were to sunset in three to five years, Congress would have to formally confront the question of whether the bill was effective. If it wasn't, Congress would likely face public pressure, appropriately, to pass more effective provisions or open the issue again to state regulation.
Therefore, we recommend that the preemption provision, 302(b), expire after a period of years.
* * *
CDT urges Congress to adopt legislation to reduce the amount of spam while protecting the free flow of information and the open, decentralized qualities of the Internet. We believe that the only practical approach is an incremental one Ð given changes in technology and the conflicting values at stake, it is impossible to come up with a dispositive solution at this time. With the changes we recommend above, H.R. 2214 would stand an excellent chance of curbing the flood of spam without infringing on other important values.
We look forward to continuing to work with you on this important legislation.
Yours truly,
James X. Dempsey
|
The Center For Democracy & Technology 1634 Eye Street NW, Suite 1100 Washington, DC 20006 (v) 202.637.9800 (f) 202.637.0968 Contact CDT Copyright © 2005 by Center for Democracy and Technology. |