Congress Passes New Anti-Spam Legislation



Similar documents
The DMA s Analysis of Can Spam Act of 2003

SUMMARY OF PUBLIC LAW THE CAN-SPAM ACT OF 2003

Privacy, Data Collection and Information Management Practice Team November 13, 2003

Marketing: CAN- SPAM Act Compliance David J. Ervin and Christopher M. Loeffler, Kelley Drye and Warren LLP

Public Law th Congress An Act

Privacy Bulletin. Key Differences between US and Canadian Anti-Spam Laws

ANTI-SPAM LAWS IN WESTERN COUNTRIES: A COMPARISON

Enterprise Managing Risks and Liabilities Avoiding Common Pitfalls under the Federal CAN-SPAM Act

CAN-SPAM Policy & Data Verification Guide

[First Reprint] SENATE COMMITTEE SUBSTITUTE FOR. SENATE, No STATE OF NEW JERSEY. 211th LEGISLATURE ADOPTED MARCH 8, 2004

Frequently Asked Questions (FAQ) on Anti-Spam Legislation. What is the definition of a commercial electronic mail message?

Marketing: CAN- SPAM Act Compliance

The Virginia Joint Commission. on Technology and Science

Acceptable Use Policy of UNWIRED Ltd.

Exhibit A. Federal Statutes Impacting Data Security

Federal Regulations on Advertising:

How To Comply With The Can-Spam Act

Broadband Acceptable Use Policy

MODEL POLICY CONCERNING SOLICITATIONS SENT BY

and Text Message Campaigns. Justine Young Gottshall Partner, InfoLawGroup

whitepaper Marketing CAN-SPAM Compliance Overview

Can Spam Be Legislated?

Messaging Service (SMS) Terms and Conditions

Telemarketing, , and Text Message Marketing: Tips to Avoid Lawsuits

UNITED STATES DISTRICT COURT CENTRAL DISTRICT OF CALIFORNIA

S. 877 IN THE SENATE OF THE UNITED STATES

Anti-SPAM Policy v

Case3:08-cv EDL Document72 Filed04/02/10 Page1 of 11

SERVICES ADDENDUM TO EULA

Canada s New Anti-Spam Legislation: Overview and Implications for Businesses

ARE YOU DOING MARKETING? LEGALLY?

Hibbett Sports Messaging Service (SMS) Terms and Conditions

ACCEPTABLE USE POLICY OF BROADVOX, INC; BROADVOX, LLC; (COLLECTIVELY BROADVOX )

FKCC AUP/LOCAL AUTHORITY

Overview of Mexico s Legislation to Combating Spam

(1) The term automatic telephone dialing system means equipment which has the capacity

PARTNER GUIDELINES

Case3:11-cv RS Document34 Filed07/28/11 Page1 of 8

Cablelynx Acceptable Use Policy

Issue Brief. Arizona State Senate IDENTITY THEFT AND CONSUMER PROTECTION INTRODUCTION IDENTITY THEFT. September 17, 2015.

COUNTY OF ORANGE. False Claims Act and Whistleblower Provisions Policy and Procedures

Introduction to the UEM Ordinance and the Regulation

UNITED STATES DISTRICT COURT WESTERN DISTRICT OF WASHINGTON AT SEATTLE I. INTRODUCTION

Crawford Chondon &Partners LLP. Is your Business Ready for Canada s Anti Spam Law?

UNITED STATES DISTRICT COURT FOR THE EASTERN DISTRICT OF VIRGINIA,

Broker-Dealer Concepts

Acceptable Use Policy

THE ANTI-SPAM REGULATORY POLICY FRAMEWORK FOR THE KINGDOM OF SAUDI ARABIA

COMPUTER FRAUD AND ABUSE ACT. US Code as of: 01/05/99 Title 18 Sec Fraud and related activity in connection with computers

Acceptable Use Policy

TCPA. The Telephone Consumer Protection Act (47 U.S.C. 227), regulations promulgated at 47 CFR Jackson Lewis P.C.

H. R. IN THE HOUSE OF REPRESENTATIVES A BILL

Clergy Counseling Errors and Omissions Application

ACCEPTABLE USE AND TAKEDOWN POLICY

Fusion Acceptable Use Policy. Effective Feb 2, 2015

China s Anti-Spam Works

K&LNGAlert AUGUST 2006

On the Line Consenting To A New Way Of Lead Generation Under The TCPA

OKLAHOMA LAWS RELATING TO IDENTITY THEFT

UNITED STATES DISTRICT COURT CENTRAL DISTRICT OF CALIFORNIA WESTERN DIVISION UNITED STATES OF AMERICA, Plaintiff,

Spam is Not Delicious An Update on the CAN-SPAM Act of Charles R. B. Stowe*

Trext Details: Texting Best Practices, Legality and Security 1 For questions contact Kira McCoy: (303) kira@trext.com

LAKE COUNTY BOARD OF DD/DEEPWOOD BOARD POLICY I. SUBJECT: FALSE CLAIMS PREVENTION AND WHISTLEBLOWER PROTECTION

By writing to: Cougar Wireless, Attention: Customer Service, 4526 S. Regal St., Suite A, Spokane, WA., 99224

CHAMPAIGN COUNTY NURSING HOME SUMMARY OF ANTI-FRAUD AND ABUSE POLICIES

UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION

False Claims Act CMP212

Cass Cable TV, Inc. and Greene County Partners, Inc. CASSCOMM ACCEPTABLE USE POLICY

-Spam- Solicited Pornography and Marketing. A Worldwide Internet Disease. by Judith Leonhardt

" SENATE CONTROLLING THE ASSAULT OF NON-SO- LICITED PORNOGRAPHY AND MAR- KETING ACT OF 2002, OR THE CAN-SPAM ACT OF 2002 REPORT OF THE

UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF TEXAS HOUSTON DIVISION

IN THE SUPERIOR COURT OF DEKALB COUNTY STATE OF GEORGIA

Testimony of Eric Menhart. Re: District of Columbia Spam Deterrence Act of Council of the District of Columbia

Terms of Service. 1. Acceptance Of Terms. 2. Use Of Customer Information And Privacy Policy. 3. Ownership Of Site Content

VNSNY CORPORATE. DRA Policy

Best Practice Standards for Marketing

VILLAGECARE CORPORATE COMPLIANCE POLICY AND PROCEDURE MANUAL ORIGINAL EFFECTIVE DATE: JANUARY 1, 2007

Managing the message Canada s new anti-spam law sets a high bar

HIPAA Privacy and Security Changes in the American Recovery and Reinvestment Act

Case 2:15-cv DB Document 2 Filed 06/12/15 Page 1 of 10

Health Care Entities Get Clarity from FCC on Telephone Communications

PITTSBURGH CARE PARTNERSHIP, INC. COMMUNITY LIFE PROGRAM POLICY AND PROCEDURE MANUAL. False Claims Act Explanation and Reporting Requirements

EmoeHost agrees to provide to Client the Services agreed upon between EmoeHost and Client as selected by Client at

Coffee Regional Medical Center FALSE CLAIMS EDUCATION

FEDERAL & NEW YORK STATUTES RELATING TO FILING FALSE CLAIMS

Interplay Between FDA Advertising and Promotion Enforcement Activities, Product Liability, and Consumer Fraud Litigation

UNITED STATES DISTRICT COURT.,"",,,'I '5..,! I: " 9 MIDDLE DISTRICT OF FLORIDA ORLANDO DIVISION ". "\T

BBB Wise Giving Alliance & The International Committee of Fundraising Organizations Advancing Trust in the Charitable Sector Federal Trade

Prevention of Fraud, Waste and Abuse

MISCELLANEOUS PROFESSIONAL LIABILITY APPLICATION

1. The Telephone Consumer Protection Act

UNITED STATES DISTRICT COURT FOR THE SOUTHERN DISTRICT OF NEW YORK. Plaintiff, the Federal Trade Commission ("FTC"), for its Complaint alleges:

Acceptable Use Policy ("AUP")

- "'. --, ,-~ ') " UNITED STATES DISTRICT COURT DISTRICT OF ARIZONA. Federal Trade Commission,

SOUTH NASSAU COMMUNITIES HOSPITAL One Healthy Way, Oceanside, NY 11572

Updated Administration Proposal: Law Enforcement Provisions

Public Consultation On Draft Resolution to Issue Anti-SPAM Regulations

Direct Edge Regulatory Notice #12-03: Telemarketing Rules - Effective June 29, 2012

Case 0:15-cv WJZ Document 6-2 Entered on FLSD Docket 03/03/2015 Page 1 of 21

United States District Court

Transcription:

DECEMBER 2003 Congress Passes New Anti-Spam Legislation On December 16, 2003, President Bush signed into law the Controlling the Assault of Non-Solicited Pornography and Marketing Act (the CAN-SPAM Act of 2003 or Act ). A key effect of the Act is the establishment of criminal and civil penalties for senders of spam, or unsolicited commercial email messages, using deceptive or misleading tactics. The Act will become effective on January 1, 2004. Additionally, over a two-year period following enactment, the Federal Trade Commission ( FTC ) is required to issue various regulations and recommendations to implement and interpret the Act. The Act also authorizes the Federal Communications Commission ( FCC ) to adopt rules to protect subscribers to wireless services such as cellular and Blackberry from receiving unwanted commercial emails. 1 A summary of the Act follows: I. Scope of the Act The Act primarily regulates the transmission of unsolicited commercial electronic mail messages, defined as email having the primary purpose of advertisement or promotion of a commercial product or service. 2 Because the Act does not define the terms primary purpose, advertisement, and promotion, its scope will remain highly ambiguous until the FTC adopts its implementing regulations. For example, it is unclear whether the use of an automated signature that includes a corporate trademark or slogan that is inherently promotional at the bottom of an email (e.g., we make the best widgets ) would trigger the Act regardless of the email s content. The Act s definition of commercial electronic mail messages excludes transactional or relationship messages, which (1) facilitate, complete or confirm a prior commercial transaction entered into by the recipient; (2) provide warranty, recall or safety or security information for a product or service used or purchased by the recipient; (3) provide account information or other notifications regarding an ongoing commercial relationship with the recipient; (4) provide current employment or related benefit plan information; or (5) deliver goods or services, including product updates or upgrades, under a prior purchase agreement with the sender. 3 II. Summary of the Act s Prohibitions and Requirements The Act provides both civil and criminal penalties (up to $2 million, which can be trebled under some circumstances, or up to five years imprisonment) for a number of common tactics employed by spammers, including the use of deceptive subject header information and sender identification information, other false or misleading header information, and falsely registered email accounts and Internet Protocol ( IP ) addresses. A. Prohibited Commercial Email Practices The federal measure permits businesses to send commercial emails to customers who have not provided an opt-in consent or otherwise do not have a pre-existing commercial relationship with the sender. Rather, the basic regulatory approach of the Act is to broadly prohibit certain fraudulent and misleading email practices, and to impose upon senders of commercial email certain labeling, opt-out and related notification requirements. Note that this approach is different than California s anti-spam law, some provisions of which may be preempted by the Act. Kirkpatrick & Lockhart LLP

1. False or Misleading Header Information The Act prohibits any person from initiating the transmission to a computer 4 of either a commercial email message or a transactional or relationship message that includes materially false or misleading header information. 5 Header information is materially misleading if it fails to accurately identify the computer from which the message originated, because another computer is used to disguise a message s origin. Even where such header information is technically accurate, but the sender s originating email address, domain name or IP address was obtained falsely, such header will fall within the Act s criteria for materially misleading header information. However, if a message s from line accurately identifies any person initiating the message, such header information shall not be deemed materially false or misleading. 6 2. Deceptive Subject Headings The Act prohibits any person from initiating the transmission of a commercial email message to a computer if that person has actual or fairly implied knowledge that the subject heading of the message would likely mislead a recipient about a material fact regarding the contents or subject matter of the message. 7 3. Return Address Required Under the Act, any commercial email message must clearly and conspicuously display a return email address or other Internet-based mechanism by which a recipient may opt-out from receiving future commercial email from that sender for up to thirty (30) days following transmission of the original message. 8 4. Email Transmissions Following Objection The Act requires that a sender of any commercial email message (or its representative) comply with an opt-out request within ten (10) business days of receiving it, on a permanent basis. 9 The Act also prohibits the sale, lease, exchange, transfer or release of any user s email address for which an opt-out request is received. 10 The foregoing restrictions can be superseded by the recipient s subsequently providing an affirmative consent. 11 5. Opt-Out and Other Content Requirements The Act requires that any commercial emails clearly and conspicuously display the following: (i) identification indicating that the message is an advertisement or solicitation (except where the recipient has granted prior affirmative consent to the receipt of the message); (ii) an opt-out notice governing future messages; and (iii) a valid physical postal address of the sender. 12 Unlike ADV and similar content labeling requirements in some state anti-spam laws, the Act does not specify a method for identifying that an email message is a solicitation. This omission is significant because spam filters easily can be configured to block any message with a particular combination of characters, such as ADV in the subject heading. 6. Aggravated Violations In addition to ordinary violations set forth by its terms, the Act prohibits, and provides treble damages for, certain aggravated violations in transmitting commercial emails, including (i) the use of automated technology to generate a recipient s email address either from an unauthorized third party website or service or from combining letters and numbers into permutations (respectively referred to as address harvesting and dictionary attacks ); (ii) the use of scripts or other automated means to register multiple email or user accounts; and (iii) the relay or retransmission of a commercial email from a computer or computer network to which the sender has unauthorized access. 13 7. Warning Label Requirements for Sexually Oriented Materials The Act requires any person initiating commercial emails that include sexually oriented material to identify in the subject heading of such messages specific marks or notices to be prescribed by the FTC not later than 120 days following the Act s passage, or to provide that the material initially viewable to the recipient when the message is opened include only: (i) a mark or notice designating the message as sexually oriented; (ii) any required sender identification, opt-out notice and postal address; and (iii) instructions for accessing the sexually oriented material. 14 Such requirements do not apply where a Kirkpatrick & Lockhart LLP 2

recipient has granted the sender a prior affirmative consent to the receipt of such message. 15 B. Private Rights of Action and Enforcement of the Act The Act authorizes civil enforcement by the FTC (and in certain cases, by other appropriate federal agencies) 16 and state attorneys general and agencies. It also provides a private right of action for Internet service providers. However, individual recipients of commercial emails are barred from bringing civil lawsuits alleging violations under the Act. Because the Act does not allow private rights of action for individual recipients, such rights contained in the noted anti-spam California statute and other state anti-spam laws are likely preempted. Available equitable and statutory damages for civil violations include injunctive relief and damages of up to $250 per violation (or treble damages for willful violations), with a maximum aggregate award of $2 million. 17 C. Criminal Penalties for Email Fraud and Related Activity The Act also criminalizes certain predatory and abusive spam practices, including knowingly doing, or conspiring to do, the following: (i) obtaining unauthorized access to a computer (e.g., hacking a computer) to transmit multiple commercial emails; (ii) using a computer to transmit multiple commercial emails with the intent to deceive recipients as to the origin of such messages; (iii) materially falsifying header information in multiple commercial emails; 18 (iv) registering five or more false email accounts or domain names and transmitting multiple commercial emails from such accounts or domain names; and (v) falsely representing oneself to have registration rights to five or more IP addresses, and transmitting multiple commercial emails from such addresses. 19 Although an ordinary violation of the Act s criminal prohibitions constitutes a misdemeanor, violations involving hacking, increased volumes of commercial emails or falsified registrations, total damages or profits of $5,000 or more per year, and organized criminal spam activity are punishable under a threeyear felony penalty. A maximum five-year felony conviction is available in the event of violations committed in furtherance of another felony or by a defendant previously convicted of a hacking or criminal spam offense under federal or state law. 20 D. Businesses Knowingly Promoted by False or Misleading Email Header Information The Act makes it unlawful for any person, business, or third party representative to knowingly promote any goods, products, property or services in a commercial email, which contains false or misleading header information in violation of the Act. 21 Any third party providing goods or services to another person that violates this prohibition does not violate the Act, unless the third party (i) has a greater than 50% ownership or economic interest in the business of the person violating this prohibition; or (ii) has actual knowledge that the goods or services are promoted in violation of the Act and receives, or expects to receive, an economic benefit from such promotion. 22 III. Federal Preemptive Authority The Act preempts most pre-existing state laws that expressly regulate commercial email, except to the extent that they prohibit falsity or deception in commercial email (such as the Virginia anti-spam law), as well as state statutes and common law relating to fraud or computer crime activity. 23 State laws that are more stringent than the Act may be largely preempted by its terms, including California s opt-in law that otherwise would have become effective on January 1, 2004. In total, approximately 37 states had taken steps to prohibit spam emails prior to the passage of the Act. By preempting state anti-spam laws not directly related to fraud or deception, the Act seeks to create a set of national standards governing antispam requirements. The scope of the Act s preemptive effect of state anti-spam laws will remain uncertain until the Act is interpreted by the courts. It is likely that California s comprehensive anti-spam law will be the subject of one of the first court challenges of the Act s preemptive effect. IV. Do-Not-E-Mail Registry The Act requires the FTC by July 1, 2004, to set forth a plan and timetable in a report to Congress for a nationwide Do-Not-E-Mail registry, similar to the FTC s Do-Not-Call registry applicable to telemarketing practices. 24 The Do-Not-E-Mail registry plan would explain any practical, technical, security, privacy, enforceability or other concerns held by the FTC regarding such a registry, including the application of the registry to children with email Kirkpatrick & Lockhart LLP 3

accounts. 25 Although the Act empowers the FTC with the authority to establish and implement such plan beginning on October 1, 2004, the measure does not mandate the establishment of a Do-Not-E-Mail registry. 26 V. Email Sent to Wireless Devices The Act requires the FCC, in consultation with the FTC, to adopt rules to protect consumers from unwanted mobile service commercial messages. 27 The Act defines mobile service commercial messages as commercial email services, such as cellular and other handheld data services (e.g., Blackberry) ( Wireless Device ). 28 The Act requires the FCC to consider the ability of the sender to reasonably determine whether the recipient is a subscriber to a Wireless Device. 29 Generally, an email sender cannot determine whether the recipient of an email is using a Wireless Device. Therefore, the FCC could reasonably interpret this provision to mean that unless the recipient s email address indicates that the recipient is a Wireless Device subscriber (e.g., John_Doe@MobileService.com), the sender is exempt from the FCC regulations. The Act does not require the FCC to adopt rules applicable to emails transmitted wirelessly to fixed locations, as in the case of wireless local area networks. VI. Important Business Considerations Unfortunately, the Act is unlikely to have any meaningful effect on the greatest source of spam: illegitimate businesses, particularly those operating from abroad. Legitimate businesses will benefit from having a largely unified federal regulatory regime governing commercial email practices, instead of being subject to multiple and varying state laws. In the near term, however, businesses will find compliance difficult until the FTC clarifies several ambiguous provisions of the Act and other provisions are tested and interpreted by the courts. For example, the boundaries between which state laws are preempted and which are not are not completely clear and will undoubtedly be the subject of litigation. Businesses can anticipate early tests of the scope of the Act and its definitions, when a message header is misleading as to the contents of the message and what the tolerances are in the operation of the opt-out mechanism. 1 The Act does not address instant-messaging spam, commonly referred to as spim. 2 CAN-SPAM Act 3(2)(A). 3 at 3(17)(A). 4 In its use of the term computer, the Act uses the term protected computer, which includes any computer used for or by a financial institution, the United States Government or in any interstate or foreign commerce or communication. 18 U.S.C. 1030(e)(2)(B). Because any computer that is used for email or Internet access is almost assured of engaging in interstate commerce or communication, this definition essentially encompasses any computer. 5 CAN-SPAM Act 5(a)(1). 6 7 at 5(a)(2). 8 at 5(a)(3)(A). 9 at 5(a)(4)(A). 10 11 at 5(a)(4)(B). 12 at 5(a)(5). 13 at 5(b). 14 at 5(d)(1). 15 at 5(d)(2). 16 Specific federal and state agencies and officials granted enforcement authority under the Act include the Securities Exchange Commission, the Secretary of Transportation, the Secretary of Agriculture, the Federal Communications Commission, and state insurance authorities. at 7(b). 17 See generally 7 of the Act. 18 Under the Act, header or registration information is materially falsified, if it is altered or concealed in a manner that would impair the ability of a recipient of the message, or other interested party, to identify, locate, or respond to a person who initiated the electronic mail message or to investigate the alleged violation. at 4(a)(1). 19 20 21 at 6(a). 22 at 6(b). 23 at 8(b). 24 at 9(a). 25 26 at 9(b). 27 at 14(b). 28 at 14(d). 29 at 14(b). Kirkpatrick & Lockhart LLP 4

For more information regarding the CAN-SPAM Act, please contact one of the attorneys listed below: Henry L. Judy 202.778.9032 hjudy@kl.com Melanie H. Brody 202.778.9203 mbrody@kl.com Marc S. Martin 202.778.9859 mmartin@kl.com Angela Y. Ball 202.778.9022 aball@kl.com Jonathan D. Jaffe 415.249.1023 jjaffe@kl.com Franklin B. Molin 412.355.6251 fmolin@kl.com Jeffrey M. Gitchel 412.355.8618 jgitchel@kl.com Ira S. Nathenson 412.355.8921 inathenson@kl.com Benjamin S. Hayes 202.778.9884 bhayes@kl.com Kirkpatrick & Lockhart LLP Challenge us. www.kl.com BOSTON... DALLAS HARRISBURG LOS ANGELES MIAMI NEWARK NEW YORK PITTSBURGH SAN FRANCISCO WASHINGTON This publication/newsletter is for informational purposes and does not contain or convey legal advice. The information herein should not be used or relied upon in regard to any particular facts or circumstances without first consulting a lawyer. 2003 KIRKPATRICK & LOCKHART LLP. ALL RIGHTS RESERVED.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information