Only months into the life of the Can Spam Act, officially known as the "Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003," the verdict is still out whether the federal statute is accomplishing what its proponents had hoped. The Can Spam Act was the first nationwide attempt to control the assault of unsolicited bulk email on businesses and consumers. As users of email know, the issue isn't merely one of inconvenience–it's a matter of lost productivity, time and money.
But as its critics quickly point out, the Act preempts the more stringent requirements of state anti-spam laws, and arms businesses and consumers with few legal weapons. The Can Spam Act allows email ads to be sent to potential customers who have had no previous business relationship with the sender. On the other hand, the Can Spam Act does provide businesses with some defensive weapons. While the Act permits email advertising, it prohibits common deceptive practices such as misleading headers, or hiding or forging the origin of the email. The law also provides that recipients must be permitted to "opt out" of any future emails, and senders must comply within ten business days. Senders cannot sell or transfer the email addresses of those recipients who have opted-out.
However, unlike the Federal Trade Commission's Do Not Call List, which has proven effective in reducing unsolicited commercial telephone calls from telemarketers, the Can Spam Act requires that recipients tell each sender that they don't want email, and recipients have no assurance that the "opt out" links in messages are genuine. The Can Spam Act also requires that email advertisements and solicitations identify themselves as such, and allows the FTC to adopt rules that contain more specific requirements requiring the labeling of emails as advertising.
The law sets stiff penalties for violations, with damages of up to $2 million, fines, and even jail terms. However, the law bars individual lawsuits for violations of the Act as well as class actions on behalf of individuals. Moreover, the Can Spam Act's preemption provisions are broad. They bar state regulation of junk email, superseding any state law or rule that expressly regulates the use of electronic mail to send commercial messages. The only exception is for state statutes and rules that directly regulate fraud or deception. Proponents of the Can Spam Act point out, however, that the new Act protects legitimate businesses against more restrictive state regulations and simplifies compliance.
It appears that the main impact of the Can Spam Act will only be felt through state attorney general actions, FTC criminal and civil actions and ISP suits. The best hope for enforcement may be the power given to state attorneys general to bring suits on behalf of their citizens, but we are unaware that any such actions have been brought. The Act also empowers the FTC to:
- Enact implementing rules within 12 months of the Act's effective date of January 1, 2004. The rules should define key terms of the Act, including the circumstances under which an e-mail's primary purpose will be found to be the promotion or advertisement of a commercial product or service.
- Develop a plan for a Do Not Spam list within six months – however, the FTC's chairman opposed this provision, arguing that the differences between the telephone system and the Internet make this a bad idea.
Internet service providers (ISPs) also have a right to bring civil lawsuits under the Act and can sue for damages, but they may do so only under limited circumstances. A few high-profile actions by ISPs could change the internet landscape. One such lawsuit has been brought by an ISP, Hypertouch, based in California. Filed in February 2004, the suit claims that the owner of BobVila.com and its affiliate, BlueStream Media, violated the Can Spam Act by sending out email solicitations without the required contact information. The complaint alleges that the solicitations contained forged header information, misidentifying the place of origination of the message.
For the time being, the need for anti-spam software solutions will only increase. In an informal sampling at this law office, 66 percent of internet emails were spam. This figure falls in line with national figures, which suggest that spam comprised 63 percent of internet email traffic in March 2004. This volume of junk mail is up from 48 percent just one year ago, and 8 percent in 2001 (www.brightmail.com). Given the enormity of the problems arising from this onslaught of spam and viruses, many businesses are beginning to question whether email is worth the cost and aggravation. "Can E-Mail Survive," PC Magazine, Feb. 17, 2004 at 65. The Can Spam Act may only be an early chapter in this continuing saga.