Technology Law Column

Published in the Chicago Daily Law Bulletin, June 12, 1997 at page 5.

Internet users aim to can unwanted 'spam'

Copyright 1997 by David Loundy

I get a relatively small amount of "junk e-mail" often referred to as "spam" or, more correctly, as unsolicited commercial e-mail (UCE). Out of the 100-110 messages I receive a day, I find the dozen or so commercial solicitations that arrive during the week annoying, but managing them does not take a lot of my time.

On the other hand, I have canceled an account at another provider because the large volume of UCE destroyed any value the account offered. Unfortunately, a growing number of people are finding themselves in situations that resemble the latter, rather than the former situation-- and that is one reason why controlling UCE has become the hot topic in Internet law.

Recently, two bills have been introduced in Congress to address unsolicited commercial e-mail, several new law suits have been filed, and even several new industry and social action groups have been formed to address the issue. If you never join a mailing list, never post to Usenet news, and never allow your e-mail address to be listed on a web page, you probably will not receive much, if any, UCE. On the other hand, one commentator tried an experiment-- he created a new account, and posted a message to six usenet newsgroups. Over the next six days, he received 77 pieces of UCE. At one point, America Online estimated that between 40-45% of all e-mail coming into its system is UCE.

The resulting outrage stems from the fact that this UCE essentially is being sent postage due. The mail is often sent from free trial accounts or from otherwise "expendable" accounts, distributed to addresses "harvested" from mailing lists or newsgroups with inexpensive, free or homegrown software, and essentially-- unlike traditional postage-bearing "junk mail"-- sent out to thousands of people at virtually no cost. On the other hand, the recipients and the service provider who must handle this mail (as well as the resulting fallout-- undeliverable bounces, attempts at "retaliation" etc.) must pay the cost. These same concerns have produced a ban on unsolicited commercial faxes (47 U.S.C. Section 227).

For some, the worst part thing about UCE is having your name, account, or equipment "hijacked" and used to distribute the e-mail. In some cases, a spammer (a sender of UCE, or spam) will send a message through another system's mail relay in order to speed distribution and mask the true source of the message. This results in degraded system performance for the victim, but, more importantly, attempts to retaliate against the original message sender may be directed against the innocent relay and not the spammer. In the worst cases, a bulk e-mailer will actually use the name of someone the mailer does not like as having originated the message.

This sort of forgery, or theft of service, was at issue in the cases CompuServe and America Online filed against Cyber Promotions, Inc. and its president Sanford Wallace. Both service providers won injunctions against some of the abuses of their systems. Now adding to the list, on May 7, EarthLink Network, another Internet Service Provider, also won an injunction against Cyber Promotions. Los Angeles Superior Court Judge Diane Wayne found that Cyber Promotions' actions constituted a trespass upon EarthLink's computer system.

On June 6, Web Systems, a Houston, Texas web design and hosting company, obtained a temporary restraining order, also against Cyber Promotions, preventing Cyber Promotions from sending out any mail with the company's domain name as the return address. Furthermore, Gavin Clarkson, the company's vice-president, intends to go into court this week to ask to have all domain name owners certified as a class for a class action suit against Cyber Promotions.

In a situation similar to the Web Systems suit, a domain name holder, Tracey LaQuey Parker, her two business partners, and her Internet service provider, have filed suit in Austin, Texas against C.N. Enterprises and Craig Novak of San Diego. Mr. Novak allegedly sent out a bulk mailing which listed Ms. Parker's domain as the return address. It took her service provider half a day to clean up the resulting mess in its system. The suit argues that the mailing was misleading, and that by using the forged return address, it resulted in several users' mailboxes overflowing with returned copies of the mail-- all of which amounts to common law nuisance, trespass and conversion.

Cyber Promotions, perhaps connecting the dots, or perhaps in preparation for Sanford Wallace's participation in planned Federal Trade Commission hearings on UCE, issued a press release stating that the company would not allow its customers to continue the practice of relaying mail through other people's systems-- a practice the company pioneered for sending UCE. Various opponents of UCE were quick to point out, however, that they have received UCE from Cyber Promotions' system which had been relayed through other systems since the Cyber Promotions press release. Furthermore, they point out that the press release does not prevent such activities through other systems to promote Cyber Promotions customers. And worse still, accompanying the press release is an advertisement for Cyber Promotions' own relay service which can be used by its customers.

As all of this was occurring, the Internet E-Mail Marketing Council (IEMMC) was being formed by Wallace, president of Cyber Promotions, and his service provider, AGIS. At the same time, The Coalition Against Unsolicited Commercial E-Mail (CAUCE, was being formed. This organization was formed with the goal of passing legislation which would restrict UCE. Then, after succeeding in ensuring that U.S. legislation against spamming passed, it would try to achieve the passage of similar legislation internationally.

Similar in flavor to the legislation proposed by CAUCE is H.R. 1748, "The Netizens Protection Act of 1997" proposed in the U.S. House by Chris Smith (R-NJ). This legislation aims to expand 47 U.S.C. 227 (the junk fax law) to cover junk e-mail by prohibiting the sending of unsolicited commercial e-mail to someone unless the sender and the receiver have a pre-existing business relationship or unless the recipient explicitly invites the mail. The bill also requires that any UCE clearly indicate the date and time the message is sent, the identity of the business or entity sending the message, and a valid return address for the message originator. Representative Smith argues that his legislation would still allow for advertising on the Internet, but if done by e-mail, recipients would be required to "opt-in" and agree to bear the costs associated with receiving the mail.

A different approach is taken by Senator Frank Murkowski (R-AK) in his bill S. 771, the "Unsolicited Commercial Electronic Mail Act of 1997." This U.S. Senate bill requires that all unsolicited commercial e-mail contain the word "advertisement" in the beginning of the subject line. The bill also further requires that every Internet service provider set up filters that will allow users to request that a service provider block any UCE sent to a user's mail box. For users who do not want to block all UCE, the law requires that any bulk e-mailer remove anyone who asks to be removed from the mailer's mailing list within 48 hours.

This bill in particular is being criticized (except by bulk e-mailers who support it) because it places all of the burden on the users and the service providers, rather than on the entity who is creating the burden, and who will receive the financial benefits of the resulting sales.

Both bills are being criticized by some privacy advocates because of issues that arise in trying to enforce such a law. In order to enforce either of these proposed statutes, the e-mail must be traceable. If e-mail is to be traceable, it leaves no room open for services such as anonymous remailers which strip away information needed to trace a message back to its originator. If remailers are not banned, people will route UCE through the remailers.

However, the Supreme Court has held that people have a constitutional right to certain anonymous communications (see McIntyre v. Ohio Elections Commission, 115 S.Ct. 1151 (1995); Talley v. California, 362 U.S. 60 (1960)), thus it arguably is not possible to ban anonymous remailers, and therefore the bills may not be very effective in the end.

Of course, both proposed statutes also suffer from a jurisdictional limitation-- spammers can simply move off-shore, and send their UCE with impunity. The counterargument is that people will be less likely to deal with someone they have never heard of who is off-shore. However, the counter to that is that, because UCE is such a low cost operation, it only takes a few positive responses to make such mail financially advantageous.

There is no easy solution to this problem. Legislative solutions such as prohibiting the forging of third party addresses may resolve part of the problem, yet that too has shortcomings. Realistically, this is one case where technological solutions, private contracting, and peer pressure are likely to be more effective than legislation.

I do not receive as much UCE as I used to because I have a service provider who advocates its eradication. I forward UCE to him. He traces it. He calls the source provider, and asks to have the user's account terminated, because sending such mail is usually a violation of a provider's service agreement. If the service provider is not responsive, he blocks traffic coming from the service provider. If enough providers respond this way, bulk commercial e-mailers will have nowhere to go for service. Any provider who provides service to such entities will effectively find itself cut off from the network. However, it is not an elegant solution. It is one that is being put into effect now, along with "cracker" attempts to take out systems belonging to bulk e-mailers and those who provide them with service. If you have a better solution, there are many receptive ears.

[Article Index] [E-Law Web Page]