An overview of the new can spam legislation and other developments in cyberspace torts

AN OVERVIEW OF THE NEW CAN SPAM LEGISLATION AND OTHER
DEVELOPMENTS IN CYBERSPACE TORTS
Lewis Brisbois Bisgaard & Smith, LLP Lewis Brisbois Bisgaard & Smith, LLP
I. INTRODUCTION
With the advent of every new discovery, especially those that most profoundly change our very way of life, comes the inevitable push of ingenuity in ways that may not always benefit society. There can be no denying that e-mail has changed the way the vast majority of the world communicates. With the push of a button, we can instantly forward messages, both good and evil, to quite literally, millions of people. Early on in the evolution of the web, internet hucksters figured out how to use the medium to send what is known as unsolicited commercial e-mail and which you know as SPAM. Interestingly, the term SPAM finds its roots in the early 1990s where internet users likened the practice to a chorus sung in a Monty Python sketch. According to Hormel, the purveyor of the lunch meat equivalent to Cheez Whiz®, “ in this skit, a group of Vikings sang a chorus of "spam, spam, spam . . . in an increasing crescendo, drowning out other conversation. Hence, the analogy applied because unsolicited commercial e-mail was drowning out normal discourse on the Internet”. Somewhat reluctantly, Hormel has embraced the fact that one of its prized trademarks has become the generic name for unsolicited commercial e-mail while at the same time understanding that eventually, young computer users will learn of SPAM before learning of Spam® and will inevitably ask, “why did Hormel name this tasty product after internet junk mail?” It did not take long for the practice of spamming to create a whole host of issues for computer users. SPAM bottles up bandwidth, carries viruses and delivers unwanted messages. Moreover, pornography and gambling, two of human history’s most enduring vices, thrive on the internet’s efficient and cheap delivery of content and there is a strong sentiment that solicitations related thereto should not be indiscriminately delivered to minors. Additionally, very important and valuable information about medicine, for example, can be quickly delivered to those who need it over the internet, but most people would balk at their ten year olds being warned about the potential for 4 hour erections when using Cialis®. SPAM solicitations also lure unsuspecting internet users to provide sensitive personal information like credit card numbers and banking information in response to on-line offers. Because of the anonymity e-mail offers its users, it is often impossible to track down these types of thieves.
ENACTMENT OF THE CAN SPAM ACT
Effective January 1, 2004, congress enacted the Controlling The Assault of Non- solicited Pornography and Marketing Act of 2003, i.e. the CAN SPAM Act. 15 U.S.C. Section 7701 et seq. Congress articulated a series of findings which lay the foundation for the statute. Some of these findings include: • Unsolicited commercial e-mail is currently estimated to account for over half of all electronic mail traffic, and most of these messages are fraudulent or deceptive in one or more respects. 7701 (a)(2) • E-mail contains material that many recipients may consider vulgar or • Many senders of unsolicited commercial e-mail purposefully disguise the • Many senders of unsolicited commercial e-mail purposefully include misleading information in the messages’ subject lines in order to induce the recipients to view the messages. 7701 (a)(8) • Opt out requests are frequently not honored 7701 (a)(9). In light of the above, Congress concluded: It has been estimated that 80% of AOL’s e-mail traffic in 2004 was spam. Optinrealbig.com v. Iron Port Systems, 323 F.Supp.2d. 1037 (N.D. Cal. 2004). 2 In 2003, the notorious “Buffalo Spammer” was arrested and prosecuted by New York AG Elliot Spitzer. He was accused of sending more than 825 million unsolicited e-mails which he largely did to steal the identity of others. • There is a substantial government interest in regulation of commercial electronic mail on a nationwide basis; 7701 (b)(1) • Senders of commercial electronic mail should not mislead recipients as to the source or content of such mail; 7701 (b)(2) • Recipients of commercial electronic mail have a right to decline to receive additional commercial electronic mail from the same source. 7701 (b)(3) SUMMARY OF THE CAN-SPAM ACT’S REQUIREMENTS
The CAN-SPAM Act establishes requirements for those who send commercial e- mail and spells out penalties for spammers and companies whose products are advertised in spam if they violate the law, and gives consumers the right to ask e-mailers to stop spamming them. First, the law covers only those e-mails whose primary purpose is advertising or promoting a commercial product or service, including content on a Web site. 15 U.S.C. Section 7702 (2)(A). As such, a "transactional or relationship message" – e-mail that facilitates an agreed-upon transaction or updates a customer in an existing business relationship is exempt from most provisions of the CAN-SPAM Act because such communications are not, in essence, solicitations. 7702(2)(B). REQUIREMENTS AND PROTECTIONS OF THE LEGISLATION
False or misleading header information.
An e-mail message’s "From," "To," and routing information – including the originating domain name and e-mail address – must be accurate and identify the person who initiated the e-mail. The Act prohibits deceptive subject lines. The subject line cannot mislead the recipient about the contents or subject matter of the message. 15 U.S.C. Section 7704(a)(2). The Act requires that e-mails give recipients an opt-out method.
A solicitor must provide a return e-mail address or another Internet-based response mechanism that allows a recipient to ask the solicitor not to send future e-mail messages to that e-mail address. The solicitor must honor the request. Any opt-out mechanism must be able to process opt-out requests for at least 30 days after the message is sent and the opt out request must be acted upon within 10 business days to stop sending e-mail to the requestor's e-mail address. Moreover, a solicitor cannot by pass this element by attempting to help another send e-mail to the opt outer’s address. It is illegal for a solicitor to sell or transfer e-mail addresses of people who choose not to receive e-mail. 7704 (a)(4)(A)(iv). The Act requires that commercial e-mail be identified as an
advertisement and include the sender's valid physical postal
address.
An applicable message must contain a clear and conspicuous notice that the message is an advertisement or solicitation and that the recipient can opt out of receiving more commercial e-mail from the solicitor. It also must include a valid physical postal address for the sender. 7704(a)(5)(A)(iii). V. ENFORCEMENT
GENERALLY
The Act’s ultimate affect on civil litigation is as yet not fully known as there are only a handful of reported cases and most do not go beyond fairly straightforward issues unknown. The case law is largely bereft of any cases turning on any interpretation of the statute and moreover, standing to bring a claim is circumscribed by the Act itself. The Federal Trade Commission (FTC), the nation's consumer protection agency, is authorized to enforce most of the violations. 7706(a). Additionally, other Federal Agencies are empowered to enforce the Act when the violations are within the purview of the agency’s jurisdiction. 7706(b)(1-10). State attorneys general are also empowered to bring claims on behalf of the citizens of a state. 7706(f). Finally, Internet Service Providers (ISPs) who have been damaged may bring a direct action. Missing from the above list is the right of private parties other than an ISP, to bring a claim. The Act, therefore, appears to expressly limit the entities which have standing to bring a claim. However, an interesting question arises as to whether State Unfair Competition laws can be invoked to utilize the protections of the act for the benefit of private individuals. For example, California has a sweeping anti-competitive law which makes illegal any “deceptive practice”. California Business & Professions Code Section 17200. (the “UCL”) Moreover, anyone affected by an illegal or deceptive practice can bring a UCL claim and seek restitution and injunctive relief. B & P Section 17203. Case law in California has made clear that the UCL is sweeping. Consider then, a scenario in which a spammer attacks the computers of ordinary citizens or even of a large corporation. Do the citizens or the corporation have standing to sue under the Act? As indicated above, the Act seems to expressly provide standing to only the FTC, certain other Federal Agencies, state AGs and ISPs. However, could not a citizen or group of citizens under a class action or corporation bring a claim under California’s UCL citing the violations as deceptive practices? In measuring whether some act violates Section 17200, The California Supreme Court has said, “The UCL covers a wide range of conduct. It embraces anything that can properly be called a business practice and that at the same time is forbidden by law.” Korea Supply v. Lockheed Martin, 29 Cal. 4 1134, 1143 (2003). As such, even though the CAN SPAM Act does not provide standing to individuals or non ISP corporations, California’s UCL has been used historically by “borrowing” from other statutes. For example, in the Korea Supply case, a UCL action survived when it was premised upon activity, which allegedly violat. There are no reported cases in California on this point, but spammers should be wary of potential actions by California citizens, perhaps in the form of class actions, premised upon the UCL. Also, what case law is available, does not at this time point to federal preemption as a likely defense to a UCL action premised under California law. REMEDIES
The remedies are powerful. The Act provides for statutory damages which can mount quickly. For each violation the Court is empowered to levy a statutory damage of up to $250. Each separately addressed message is treated as a separate violation. 7706(3)(A). The Act does limit statutory damages in most instances to no more than $2,000,000. The Court can also treble the damages in cases of willful violations. The Act also provides for attorneys’ fees. THE DISGRUNTLED EMPLOYEE
E-mail torts can, of course, exist separate and apart from simply spamming. As noted previously, the ease, efficiency and inexpensive nature of mass communication through e-mail means that many can use it as a weapon to exact retribution. Consider the various scenarios wherein e-mail users bombard in-boxes with offensive and coustic e-mails. Can any action be taken against a disgruntled former employee, for example, in possession of his former employer’s mass e-mail distribution list that repeatedly lobs disruptive and nasty speech? Trespass to Chattel.
In the above hypothetical, perhaps the employee, as part of his or her employment agreed, as a contractual matter, not to use the company’s e-mail systems for anything other than business use, which could therefore give rise to a claim of breach of contract if the employee exceeded that restriction. However, in the absence of a breach of contract claim, is there any other theory that can be used to stop this type of abusive conduct from a former employee? Perhaps, facts might lie for a common law trespass to chattel claim. Trespass to chattel is established when the quality or value of Some litigants have already attempted to utilize the CAN SPAM Act as grounds for blocking State regulations. To date, this has been unsuccessful. See e.g., White Buffalo Ventures v. University of Texas, 420 F.3d 366 (Fifth Circuit 2005) and see Gordon v. Impulse Marketing Group, 375 F.Supp.2d 1040 (E.D. Wash., 2005). 4 Presumably, there would be strong grounds to request injunctive relief, i.e., an order ordering the ex-employee to cease the practice. property is diminished even though the property may not be physically damaged by the defendant’s conduct. Thrifty-Tel, Inc. v. Bezenek, 46 Cal.App.4th 1559 (1996). The conduct does not have to amount to substantial interference with possession or the right to possession, but may consist of intermeddling with or use of the personal property. Zaslow v. Kroenert (1946) 29 Cal.2d 541, 551. Indeed, in California, such types of invasions on computer systems can be characterized as a trespass to chattel if damage can be established. The access cannot simply impede an owner’s use in the property, but rather it must also cause damage. Wilson v. Interlake, (1982) 32 Cal.3d 229, 2333-234. Also, the Indiana Supreme Court has recognized that a computer hacker’s unauthorized access to a computer constituted a civil trespass. State v. McGraw (Indiana 1985) 480 N.E. 2nd 552, 554. As such, if an employer can illustrate that the ex-employee’s abusive e-mails are causing damage to the companies’ system (perhaps slowing it down), then a trespass claim might lie. THE COMPUTER FRAUD AND ABUSE ACT OF 1986
Another potential claim based on cyber space activity lies in the computer fraud and abuse act of 1986. 18 U.S.C., § 1030 et. seq. The act makes it unlawful to intentionally access a computer without authorization or exceed authorized access and obtain information or cause damage a cause of action lies. As such, to the extent that a hacker, or “robot” obtains information from a server beyond that which is authorized (e.g., exceeding the terms of use of a particular website) this can be a viable cause of action. In Register.com, Inv. v. Verio, Inc. 126 F. Supp. 2d. 238 (S.D.N.Y. 2000), the Court enjoined the practice of robots scouring web site databases to secure information related to the contact information of person’s within the database. CONCLUSION
There are a variety of tools available in the law to combat cyber torts and it would appear that the state and federal legislatures, as well as the courts will continue to develop avenues to combat this type of unlawful activity.

Source: http://www.thefederation.org/documents/16.%20-DeCarlo%20&%20Zappala.pdf