• PC World
• »Software
• »Browsers & Add-Ons

In Virginia, it's a felony to send out bulk e-mail with forged return-address information. Spammers who use misleading subject lines can be sued for $500 per infraction in Washington state. Fourteen states require e-mail advertisements to carry the label ADV in the subject line, and Delaware bans all forms of unsolicited commercial e-mail. But anyone with an in-box knows that none of these laws--nor any of the 15 other state antispam statutes now on the books--has stopped unwanted bulk e-mail.

According to the e-mail security vendor MessageLabs, the volume of spam has now surpassed the quantity of legitimate e-mail arriving in people's in-boxes. Federal lawmakers are finally responding by attempting to pass spam laws of their own. Can the feds succeed where the states have not?

Popular demand for a cure to the spamdemic has prompted a flurry of new federal legislation, aggressive legal action, and innovative technological proposals. Yet none of these responses guarantees relief, and some might make things worse over the long term.

That's because two battles are being waged over spam. The first is the one legislators are fighting today over how to keep your e-mail account free of sleazy come-ons for pornography, herbal Viagra, and other junk. The second battle involves what your in-box will look like if and when the slimy spam messages are eradicated. Mainstream marketers--the Citibanks, Fords, and Microsofts of the world--and large ISPs, which may end up profiting from the traffic, want to be able to deliver ads to your in-box until you tell them to stop (a procedure known as "opting out").

The antispam community--which consists largely of individual activists and small-to-midsize ISPs--wants legislation that requires any marketer, sleazy or otherwise, to obtain your permission before it can send you a message: the "opt-in" approach. Otherwise, they say, the volume of commercial mail most people receive could grow large enough to kill e-mail as a communications medium.

Billions of dollars--and the future of your in-box--are riding on the outcome. And so far, the marketers are winning.

Down by Law

Last April, Senator Conrad Burns (R-Montana) stood before 400 attendees at the Federal Trade Commission's Spam Forum in Washington, D.C., and declared that spam is "killing e-mail, the very tool we use every day." The senator's appearance was intended to drum up support for the Can-Spam Act, which Burns cosponsored with Senator Ron Wyden (D-Oregon).

This act would impose stiff criminal and civil penalties for sending fraudulent e-mail--messages that use bogus address information, deceptive subject lines, and misleading or spurious content. But it's just one of a half-dozen similar federal bills that lawmakers have proposed this year. In April, Representative Zoe Lofgren (D-California) introduced the Reduce Spam Act, which would require e-mail advertising to bear an ADV label, and would establish rewards for users who turn in spammers. Senator Charles Schumer (D-New York) introduced the Stop Pornography and Abusive Marketing Act (the SPAM Act) in mid-June; it proposes to create a registry of people who don't want to receive e-mail advertising, similar to the telemarketing industry's Do Not Call list.

The federal bill with the best chance of passing this year may be the Reduction in Distribution of Spam Act (RID Spam), introduced last May in Congress by Representative Richard Burr (R-North Carolina). Burr's bill would penalize spammers who harvest e-mail addresses, use false or misleading information, send pornographic images, or fail to abide by consumers' opt-out decisions. Violators could face prison terms of up to two years and could have to pay statutory damages of up to $3 million.

Burr's bill has two powerful cosponsors--Representatives Billy Tauzin (R-Louisiana), chair of the House Energy and Commerce Committee; and F. James Sensenbrenner Jr. (R-Wisconsin), chair of the House Judiciary Committee--and it is endorsed by the Direct Marketing Association, a powerful industry lobby.

Some federal bills, like Burns-Wyden, would preempt stronger state laws; antispammers argue that those bills would make prosecuting spammers more difficult because they would substitute hard-to-prove fraud statutes for existing consumer-protection guidelines. Other proposals, like Lofgren's and Burr's, would rely largely on overburdened state and federal authorities to pursue violators and would prevent consumers from filing antispam civil suits. And all currently proposed federal legislation would require users to opt out of mailings--freeing marketers to send you an initial pitch without penalty. Furthermore, even if you opt out, nothing would prevent a company from selling your name to other marketing firms or starting to send you ads from one of its subsidiaries.

John R. Levine, author of Internet for Dummies, says that laws based on an opt-out approach are "hopeless." "I get mail from a dozen different spammers every day," Levine says. "Am I supposed to spend an hour every day figuring out the opt-out hoops they want me to jump through?"

After several years of inaction, Congress may pass one of these bills this year. Too bad none of them is the right one.

Better Solutions

The strongest antispam legislation currently on the table in the United States isn't before the U.S. Congress at all. In May, the California Senate approved Senate Bill 12, sponsored by State Senator Debra Bowen (D-Redondo Beach).

Bowen's SB 12 takes as its model the federal Telephone Consumer Protection Act of 1991. Better known as the Junk Fax Law, the TCPA has proved extremely effective against unsolicited faxes. SB 12 prohibits sending commercial e-mail without a consumer's prior permission, and it permits individuals who receive unsolicited commercial e-mail messages to sue for $500 to $1500 per offense. So a consumer who received ten pieces of e-mail from one spammer could sue for $5000--or $15,000, if a court deemed the violation intentional.

"The only thing spammers will understand is if they can't make money any more," says Bowen, who wrote California's existing opt-out antispam statute. She now says a stronger law is needed. "That's the only thing that will stop this." (A 1997 U.S. Senate bill sought to amend the Junk Fax Law to cover junk e-mail, but it died in committee.)

Editor's Note: California's state legislature is reconsidering its antispam measures. Senate Bill 12 failed to pass out of an Assembly committee, which instead favored the similar SB 186, endorsed by Microsoft. SB 186 still needs Assembly approval to become law.

Antispam activists widely favor giving individuals the right to sue spammers for damages--known as a private right of action--but marketers oppose it, fearing that such a right would result in a rash of suits against legitimate advertisers. Meanwhile, the marketers argue, underground spammers would go untouched.

"It essentially provides incentives for plaintiff attorneys to go after easy-to-hit targets, which are legitimate businesses," says Trevor Hughes, executive director of the E-mail Service Providers Coalition. Hughes points to a Utah statute that allows individuals to sue mailers for up to $25,000 per day for sending bulk mail that lacks a valid street address or ADV label. He says attorneys have exploited the law to pursue judgments against companies that hired marketers without knowing exactly how they operated.

Attorney David Kramer, who represented the ISPs CompuServe and Concentric in lawsuits against self-proclaimed "Spam King" Sanford Wallace during the mid-1990s, agrees that the Utah antispam law is flawed; he adds that California's SB 12 lacks a cap on damages, leaving it open to abuse. But he says, "It's a problem that can be solved with a few minutes of careful drafting.... Any law that doesn't have a private right of action is paying lip service to the problem instead of solving it."

According to Andrew Barrett, executive director of The SpamCon Foundation, a nonprofit antispam organization, any spam law should absolve bulk mailers who obtain permission before sending mail, yet should allow individuals and ISPs to enforce the law through private legal action. "Those two things absolutely must happen together," he says. "Almost anything else is worse than no federal law at all."

The success of the anti-junk fax TCPA indicates that a well-crafted law could have an impact on spam. "We didn't see a tidal wave of junk-fax litigation," Kramer says, "but we certainly saw enough to hold back the flood of junk faxes we used to receive."

Follow the Money

As you might expect, opt-in opponents include not only some of the most powerful marketers in the world, but also ISPs such as America Online, EarthLink, and Microsoft Network.

Large ISPs that charge fees for delivering ads oppose any scheme that might limit the volume of mail they can send; and the Direct Marketing Association argues that an opt-in law would choke off Net commerce, preventing new businesses from making themselves known to consumers. "For opt-in to work, consumers would already have to know the entire universe of all offerings, all markets, at all times," says Louis Mastria, director of public and international affairs for the DMA. "When you go to an opt-in law, you close off the universe to new entrants."

Jennifer O'Shea, an aide to Senator Burns, says that the Burns-Wyden bill is designed to punish fraudulent spammers while permitting legitimate advertisers to "take a shot" at reaching consumers through e-mail. "Senator Burns feels we shouldn't put an end to the opportunity for legitimate businesses to be working with e-mail and the Internet," she adds.

Antispam advocates reply that tech-savvy marketing companies have been using opt-in lists with great success. "Direct marketers have put quite a bit of fear in the minds of legislators that an opt-in approach will destroy all marketing on the Internet," says Ray Everett-Church, counsel for the Coalition Against Unsolicited Commercial E-mail (CAUCE). "But there are many in the direct marketing industry who've gone completely to opt-in and are doing tremendous volumes of business as a result."

The E-mail Service Providers Coalition's Hughes acknowledges that some legitimate senders are moving toward opt-in, but he opposes any laws that would mandate obtaining such permission. "The opt-in/opt-out debate has led to four or five years of stasis," Hughes says. "We need to move forward by accepting a standard like Burns-Wyden and focus on building accountability into the system."

In an open letter to Congress, CAUCE condemned opt-out bills. "In our opinion, these bills have no business being called 'anti-spam.' [They] do little more than establish minimal ground-rules for a federal license to spam. If marketers can meet these rules, they may send as much e-mail as they wish."

The Enforcers

Another big snag is enforcement. Most federal proposals give the FTC and state attorneys general more power to go after spammers, but limited resources and competing priorities make adjudication of many spam cases unlikely.

The FTC has filed 53 civil suits against spammers that allegedly used deceptive practices, says staff attorney Brian Huseman. One case required 21 separate subpoenas before investigators could identify the spammers' true location--and this case involved e-mail messages that listed a physical address, which should have made the spammers easier to find. With more than 130,000 spam complaints pouring into the FTC's offices each day, the agency can pursue only the most egregious offenders.

Meanwhile, AOL, EarthLink, and MSN resort to private litigation. Last year, EarthLink sued spammers for trespass, breach of contract, and violations of the Computer Fraud and Abuse Act, among other statutes. "I've got my guns loaded with a dozen bullets, any one of which would get the spammer," says Atlanta attorney Pete Wellborn, who won judgments of $24 million and $16.4 million for EarthLink. In June, Microsoft filed 15 suits against marketers for sending 2 billion unsolicited messages.

Of course, pursuing spammers isn't always easy, because they can set up shop abroad, and they aren't required to disclose their location. The Center for Democracy & Technology's Ari Schwartz notes that the Junk Fax Law is easier to enforce than a similar spam provision would be because the sender can't fake the source of the faxes--the sending number--and faxing from overseas greatly increases costs. "Spammers can move offshore," says Schwartz. "Junk faxers can't."

Wellborn says that most spammers have a financial link to the United States that plaintiffs can use to find out who's sending the messages. "It's very rare that spam will ask a recipient to send a payment to Timbuktu," Wellborn explains. "There's almost always a U.S. connection through which you can track the money and identify the responsible party." In most cases, the company whose products or services are being marketed, or the marketer, or both parties may be held accountable. Experts say that most of the spam delivered to U.S. addresses originates in the United States, even if the senders route it through foreign servers. Furthermore, foreign spammers are subject to U.S. laws governing civil liability if they spam U.S. residents.

Take a Stand Against Spam

Most marketers, ISPs, and antispammers agree that only a combination of strong federal laws, effective litigation, and technological innovation will solve the spam problem.

Some Capitol Hill insiders believe that Congress will have to act against spam. "We've reached a point where people are saying, 'The spam problem is extreme--let's get something that can pass and make a difference'," says Schwartz.

That mood makes antispammers nervous. "We're worried that in its haste to do something--anything--about the problem," SpamCon's Barrett says, "the current Congress is going to pass legislation that'll be incredibly damaging to the Internet and everyone who uses it."

Comparing the Bills: Who Can Can Spam?

Congress is weighing a number of proposals designed to put a lid on unsolicited commercial e-mail, but none requires advertisers to obtain your permission before sending ads to your in-box. A California state bill does.

Legal Definitions: Spam Laws: Opt-In vs. Opt-Out

Every federal law under consideration relies on an opt-out scheme: You must take action to prevent a marketer from sending you additional e-mail. Under that setup, some marketers may send a one-time mailing to gauge your interest. Some may give up if you don't reply; others will keep spamming until you tell them to stop.

With an opt-in proposition, ideally, you would have to give permission before receiving any e-mail, but the actual practice can be tricky. For example, having purchased a product from a vendor may be interpreted as proof of a "preexisting business relationship," in which case the vendor would be free to send you an e-mail under most opt-in requirements. In other cases, you may unwittingly opt in to e-mail ads by signing up for free newsletters or online contests. Confirmed opt-in, in contrast, adds a step in which marketers must get you to verify your subscription before they can send any further mailings.

• See more like this:
• spam,
• government,
• federal,
• law,
• laws,
• anti-spam,
• antispam,
• Can-Spam,
• Act,
• RID,
• Lofgren,
• Wyden,
• Burns,
• Burr,
• Schumer,
• Tauzin,
• Sensenbrenner,
• Bowen,
• CAUCE,
• opt-in,
• opt-out,
• opt