A Briefing On Public Policy Issues Affecting Civil Liberties Online
from
The Center For Democracy and Technology
(1) Congress Sends Spam Bill to President for Signature
(2) CAN-SPAM Includes Criminal and Civil Provisions
(3) CAN-SPAM May Help Curtail Spam, but Bill Has Some Troubling Provisions
On December 8, 2003, the U.S. House of Representatives passed by unanimous consent an amended version of S. 877, the "CAN-SPAM Act," sponsored by Senators Conrad Burns (R-MT) and Ron Wyden (D-OR). The Senate on November 25 had passed identical language, so the action by the House clears the legislation to be sent to the President, who is expected to sign it.
The final version of the bill sets rules for commercial email and makes no distinction between solicited and unsolicited messages. It does not prohibit unsolicited email. Rather, it prohibits certain deceptive practices and requires every commercial email message to provide an opt-out option and meet certain disclosure rules. The bill does not generally apply to "transactional or relationship messages" - such as messages that facilitate or complete a transaction already in progress or that deliver goods or services, including product updates, to existing customers.
The CAN-SPAM Act imposes criminal sanctions for use of materially false or misleading header information in commercial email messages, with fines or imprisonment. The civil provisions also prohibit false or misleading header information as well as deceptive subject lines that are likely to mislead a recipient. In addition, the civil provisions require that commercial email disclose certain specified information and provide recipients an opportunity to decline to receive any additional messages.
One troublesome aspect of the bill is a labeling requirement for all messages containing sexually explicit material. The law requires the Federal Trade Commission to specify marks or notices that will facilitate filtering of sexually oriented material, thereby inserting, in a small way, a federal agency into the design of an Internet technology.
While CDT hopes that the bill will be effective in stemming the flood of spam into users' mailboxes, it is clear that filtering technologies and careful online behavior on the part of users will be more effective in giving users control over unwanted commercial email.
For a copy of S. 877 as passed by Congress, go to http://www.cdt.org/legislation/108th/junkemail/
To learn more about what users' can do to avoid spam, see CDT's report "Why Am I Getting All This Spam," available at http://www.cdt.org/speech/spam/030319spamreport.shtml
The CAN-SPAM bill covers all commercial email, not only that which is unsolicited, with a combination of criminal and civil provisions:
The Act takes effect (with the exception of the "do-not-spam registry") on January 1, 2004.
CDT's detailed summary of the CAN-SPAM bill as passed is at http://www.cdt.org/speech/spam/031211cdt.pdf [pdf]
With the exception of the labeling requirements, CDT supported in principle the core provisions of the CAN-SPAM Act as appropriate but limited steps in addressing spam. The bill may indeed have some positive effect in slowing the growth of spam, if not actually reducing it. The bill should help ISPs filter spam and sue spammers. Prohibitions on dictionary attacks and harvesting could also be meaningful. We expect that the FTC and some state Attorneys General will diligently use the enforcement mechanisms and will be open to consumer complaints.
From a consumer perspective, the opt-out provision is useful with respect to legitimate companies. However, CDT advises users not to exercise an opt-out if they are not sure of the legitimacy of the sender - otherwise, users may just be confirming to an outlaw spammer that their email address is valid.
Clearly, passage of this legislation is only one step in the effort to curtail spam. As discussed in the CDT study, "Why Am I Getting All This Spam?," effectively stemming the flow of spam will still depend on consumer awareness of the online behaviors that spammers exploit and effective use of filtering technologies by users and ISPs.
CDT is concerned that the CAN-SPAM Act lacks what might have been the most effective means of enforcement - a narrowly drawn individual right of action. We had recommended an approach that would have allowed individuals to bring claims in small claims court involving no burdensome discovery and no class actions. Congress did not include such a provision.
Given the difficulties of enforcing inconsistent state laws on the Internet, CDT supported federal preemption of inconsistent state spam laws. But we did so recognizing that the effect of the CAN-SPAM Act on the amount and nature of spam is highly uncertain. Therefore, we recommended a mechanism to force Congress to revisit the issue substantively. We felt that the best way to do this would have been with a sunset of the preemption. If the preemption provision were to have sunsetted in three to five years, Congress would have been required to formally confront the question of whether the bill was effective. As it is, if this law does not stem the tide of spam, Congress will still face public pressure to pass more effective provisions or open the issue again to state regulation.
Finally, we are concerned about how the provisions on falsified or concealed header information could be interpreted. On balance, however, we think that it would be unreasonable to interpret the statute as prohibiting use of non-spoofed pseudonymous email addresses even for multiple commercial emails. CDT raised some of these concerns in a letter to the House Commerce Committee on Oct. 15, 2003: http://www.cdt.org/speech/spam/031015cdt.shtml
Detailed information about online civil liberties issues may be found at http://www.cdt.org/.
This document may be redistributed freely in full or linked to http://www.cdt.org/publications/pp_9.23.shtml.
Excerpts may be re-posted with prior permission of ari@cdt.org
Policy Post 9.23 Copyright 2003 Center for Democracy and Technology
