TechLaw

Colorado's House Judiciary Committee approved an interesting anti-spam measure yesterday. From what I can tell, the drafters intended to walk right up to the edge of what the CAN-SPAM Act permits without stepping over the line.

Colorado H.B. 08-1178 has a lot of language in it that seems to have been written in response to the Fourth Circuit's reading of the CAN-SPAM preemption provision in Omega World Travel v. Mummagraphics Inc., 469 F.3d 348 (4th Cir. 2006). The drafters seem intent on making the point that, unlike the ill-fated Oklahoma statute discussed in Mummagraphics, Colorado will treat spam as a form of fraud, requiring an intent on the part of the sender to mislead or deceive the recipient.

Colorado H.B. 08-1178 first declares that any violation of the CAN-SPAM Act is also a deceptive trade practice under Colorado law. The bill then ventures outside CAN-SPAM to prohibit, among other things, (1) failing to disclose a commercial message's point of origin and (2) falsifying transmission and routing information.

This is where the Oklahoma anti-spam statute got into trouble in Mummagraphics. The Mummagraphics court held that the CAN-SPAM Act left room for states to write their own anti-spam laws insofar as those laws prohibited falsity or deception. CAN-SPAM preempts states from punishing mere errors in e-mail message paths and routing information, the court said.

The Colorado bill seems to have been drafted with Mummagraphics in mind. Whereas the Oklahoma anti-spam law at issue in Mummagraphics made it unlawful to merely "misrepresent[ ] any information" in a message's transmission path, the Colorado proposal adds a mental state and inserts the notion of deception:

A person engages in a deceptive trade practice when, in the course of such person's business, vocation, or occupation, such person:
...
(b) Knowingly fails to disclose the actual point-of-origin electronic mail address of a commercial electronic mail message in order to mislead or deceive the recipient as to the source or sender of the message;
...

The bill employs similarly careful language when describing the prohibition on false routing and transmission information. Other portions of the bill contain tough talk like "All violations of the federal CAN-SPAM Act are inherently false and deceptive" and "Falsity and deception in any portion of a commercial electronic mail message or an attachment thereto harms Colorado consumers and threatens Colorado's economy."

Another noteworthy feature of the Colorado law is the extent to which it departs from CAN-SPAM in terms of the statutory damages it authorizes. In Colorado, a CAN-SPAM violation will be very expensive. The civil enforcement provisions of the bill authorize damage awards of $1,000 per unlawful message, up to $10 million against a single defendant. CAN-SPAM damages forgiving by comparison: $250 per unlawful message up to $2 million. How do lawmakers come up with these numbers? A recently introduced anti-spam measure in New Jersey (S.B. 416) would authorize civil damages between $2 and $8 per unlawful message. Almost inviting spam you might say.

The Federal Trade Commission announced this afternoon that it will hold what it calls a "town hall meeting" to discuss consumer protection issues raised by new mobile commerce technologies. The event is set for May 6-7, 2008, at the FTC Conference Center.

This is good news for companies doing business over mobile devices. Washington is pretty in May. More importantly, an FTC town hall or workshop typically signals the end of FTC interest in a particular topic rather than the onset of regulatory scrutiny. You can look it up: spam, spyware, the role of social security numbers in identity theft, privacy, broadband competition, behavioral advertising, consumer protection, more spam, still more spam, online profiling, RFID privacy, consumer information privacy, more consumer information privacy. So many interesting policy issues, yet every single one of them, the FTC believes, will be best governed by market forces and industry self-regulation.

I wish FTC staffers would take another look at online disclosures and online contracting. Today's announcement suggests that it is going to do just that. The agency's 2000 publication, Dot Com Disclosures, a document intended for online advertisers but consulted widely by attorneys drafting online contracts and other online documents, contains a lot of advice that is very difficult to apply to small-screen commerce. An update for mobile businesses is needed. Key concepts like "proximity," "prominence," and "conspicuousness" don't translate easily to mobile devices. If you've ever used a Blackberry or iPhone, you'll immediately appreciate that advice such as "Avoid Web page formats that discourage scrolling" misses the mark by a long shot.

And while the FTC blesses (as do many courts) the practice of making important disclosures via hyperlink-accessible pages, there are enough differences between desktop computers and mobile devices (screen size, screen resolution, data transmission speeds, input technologies) that this common contracting strategy might have to be worked out all over again for mobile devices.

Verizon management didn't like it much when a handful of union organizers created fake e-mail accounts bearing the names of Verizon officials and proceeded to send hundreds of e-mail messages urging its employees to join the Communications Workers of America.

The telecom company sued the union officials under the CAN-SPAM Act, alleging that the messages were unsolicited, contained false and misleading information, and failed to include a means to opt-out of future communications. The union officials' first line of defense were claims that the e-mails were protected under the First Amendment and were beyond CAN-SPAM's reach because they were not commercial in nature.

A good defense one would think, but not good enough for Judge T.S. Ellis III, who tossed it aside somewhat summarily. The judge held that the e-mails were commercial under CAN-SPAM and that union representation is a "commercial service." The CAN-SPAM Act is intended to regulate only commercial speech.

"To the extent that the Act is applied only to fraudulent or misleading speech, it poses no First Amendment questions, as unions can claim no special privilege to engage in misleading representations of fact," the judge wrote. "First Amendment jurisprudence does not compel the conclusion that union organizing speech is per se non-commercial, nor prohibit application of the CAN-SPAM Act to misleading speech by labor unions."

In explaining that union representation is a "commercial service," the court remarked that the CWA performs economically valuable services such as providing representation in workplace disputes, and bargaining for workers' interests in wages and conditions and hours of work. These services are typically performed for a fee by unions and by competing providers such as lawyers and mediators, the court wrote.

It appears that the union officials, thus shorn of any First Amendment protections, now face an uphill battle. The identity of the sender of the e-mails was admittedly faked, and the message body--which enumerated the benefits of union membership and urged the recipient to call the CWA--did not contain the sender's physical address nor a ready means for opting-out of future mailings.

The case is Aitken v. Communications Workers of America, No. 1:06cv1161 (E.D. Va., July 12, 2007).

The House of Representatives yesterday voted 368-48 to approve the SPY Act (H.R. 964). On the surface, the vote was a resounding victory for consumers who would like to know what kinds of information is being collected online and by whom. But on closer inspection we see that over three dozen legislators walked away from the SPY Act yesterday, even though they had voted for tougher versions of the same bill in prior Congresses.

As Winston Churchill might have put it, the vote was not the beginning of the end for spyware but the end of the beginning in the marketing lobby's war against the war on spyware.

In 2004, the SPY Act (H.R. 2929) passed the House 399-1. The next year, the House voted 393-4 to approve the SPY Act (H.R. 29). Marketers, who apparently have little to fear from the Senate, had been working hard to improve their fortunes in the House this time around. A strongly worded letter, signed by the U.S. Chamber of Commerce, the Direct Marketing Association, the American Bankers Association, Acxiom Corp., Experian, and other leading representives of the business community, circulated in advance of the vote. Signers charged that H.R. 964 is bad for business. The measure "cuts to the heart of the information economy," they wrote.

The problem with H.R. 964 was that it is privacy legislation, an idea whose time has apparently not yet come. Section 3 creates a notice-and-consent scheme for the online collection of personal information. Lobbyists working Congress on the eve of the vote said they could not support any spyware legislation that contained a notice-and-consent mechanism. Giving consumers notice of online information collection technologies, they said, "would limit the seamless Internet experience that is responsible for the widespread adoption of the Internet by consumers."

This argument resonated with the following legislators, all of whom had once cast votes in favor of the SPY Act:

1. Rep. Robert B. Aderholt (R-Ala.)
2. Rep. W. Todd Akin (R-Mo.)
3. Rep. J. Gresham Barrett (R-S.C.)
4. Rep. Judy Biggert (R-Ill.)
5. Rep. Rob Bishop (R-Utah)
6. Rep. Roy Blunt (R-Mo.)
7. Rep. Jo Bonner (R-Ala.)
8. Rep. Kevin Brady (R-Texas)
9. Rep. Chris Cannon (R-Utah)
10. Rep. John R. Carter (R-Texas)
11. Rep. K. Michael Conaway (R-Texas)
12. Rep. Geoff Davis (R-Ky.)
13. Rep. Tom Davis (R-Va.)
14. Rep. Tom Feeney  (R-Fl.)
15. Rep. Jeff Flake  (R-Az.)
16. Rep. Virginia Foxx (R-N.C.)
17. Rep. Phil Gingrey (R-Ga.)
18. Rep. Bob Goodlatte (R-Va.)
19. Rep. Alcee L. Hastings (D-Fl.)
20. Rep. Peter Hoekstra (R-Mich.)
21. Rep. Michael M. Honda (D-Calif.)
22. Rep. Bob Inglis (R-S.C.)
23. Rep. Sam Johnson (R-Texas)
24. Rep. Jack Kingston (R-Ga.)
25. Rep. Tom Latham (R-Iowa)
26. Rep. Zoe Lofgren (D-Calif.)
27. Rep. Daniel E.Lungren (R-Calif.)
28. Rep. Donald A. Manzullo (R-Ill.)
29. Rep. Jerry Moran (R-Ks.)
30. Rep. Devin Nunes (R-Calif.)
31. Rep. Stevan Pearce (R-N.M.)
32. Rep. Tom Price (R-Ga.)
33. Rep. Pete Sessions (R-Texas)
34. Rep. Mac Thornberry (R-Texas)
35. Rep. Todd Tiahrt (R-Ks.)
36. Rep. Lynn A. Westmoreland (R-Ga.)
37. Rep. Joe Wilson (R-S.C.)

Most of these legislators voted not once but twice in favor of earlier versions of the SPY Act. Tougher versions of the measure didn't attract much interest in the Senate two years ago. It is hard to imagine it will do better this time around.

E-mail marketers, who frankly have had little to smile about the past few years, can at least take comfort in the gradual accumulation of cases giving a broad reading to the CAN-SPAM Act's state-law preemption provision. If this trend continues, state legislatures will have almost no room to regulate beyond the modest set of e-mail restrictions negotiated by direct marketers in the process leading up to the CAN-SPAM Act.

The Fourth Circuit's ruling in Omega World Travel Inc. v. Mummagraphics Inc., No. 05-2080 (4th Cir., Nov. 17, 2006) (state cause of action for "immaterial" errors in header information preempted by CAN-SPAM), was followed recently by Gordon v. Virtumundo Inc., No. 06-204 (W.D. Wash., May 15, 2007) (to extent that marketer's use of vm-mail.com as "from" address was materially misleading under state law, law was preempted by CAN-SPAM).

A third case recently came down, holding that a state-law challenge to an e-mail marketer's tactic of launching messages from multiple domain names is preempted by the federal CAN-SPAM Act. The case is Kleffman v. Vonage Holdings Corp., No. 07-2406 (C.D. Cal., May 22, 2007).

California law gives anyone a cause of action to sue marketers whose messages are "accompanied by falsified, misrepresented, or forged header information." Cal. Business & Professions Code 17529.5. According to Kleffman, Vonage employed numerous e-mail addresses to originate its messages in order to evade spam filters. Kleffman contended that this tactic was misleading under California law.

The Kleffman court ruled that the plain language of the California statute would not support the plaintiff's novel theory, but, assuming that California law did outlaw Vonage's tactic, the law would be preempted by CAN-SPAM. The court remarked that CAN-SPAM's preemption provision "left states room only to extend their traditional fraud prohibitions to the realm of commercial emails because it was confident that legitimate businesses would not unwittingly transgress such well-established prohibitions."

The court ascribed to Congress a sensitivity to the needs of e-mail marketers, stating that Congress did not want to them to have to guess at the meaning of state e-mail restrictions. Theories like the one advanced by the plaintiff -- e.g., the use of multiple but accurate "from" addresses is unlawful because it diminishes the effectiveness of spam filters -- seemed to the court to be the kind of claim Congress did not want marketers to have to beat back on a state-by-state basis.

Before parting, the court, in a footnote, challenged the reasoning of a pair of early cases rejecting CAN-SPAM preemption arguments. These cases, the court said, "merely compared the language of the statues at issue to the savings clause, as opposed to examining the nature of the plaintiffs' theory of liability. See Gordon v. Impulse Mktg. Group, 375 F. Supp.2d 1040, 1045-46 (E.D. Wash. 2005); Beyond Sys. v. Keynetics Inc., 422 F. Supp.2d 523, 535 (D. Md. 2005). The Supreme Court has indicated that this method is improper. See Cippollone v. Liggett Group, 505 U.S. 504, 523-24 (1992)."

MySpace.com and two of its litigation counsel, Ian C. Ballon and Wendy M. Mantell, at Greenberg Traurig, appear to have found a winning recipe for keeping spammers off MySpace.com's social network: Start with a creative interpretation of federal and state anti-spam provisions, top off with an aggressive terms of service agreement that demands liquidated damages for violations.

MySpace.com yesterday announced it had reached a settlement with The Globe.com, an outfit Myspace.com said was using MySpace accounts to send unsolicited commercial "MySpace e-messages" to other users. Over 400,000 such messages were sent from 95 dummy MySpace.com accounts. The seeds of the settlement were sown on Feb. 27, 2007, when Judge R. Gary Klausner ruled, in an unpublished opinion:

• MySpace e-messages meet the CAN-SPAM Act's definition of electronic mail, despite the fact that MySpace e-message addresses do not have a traditional domain name component and the messages never leave the MySpace.com network during transmission.
• MySpace.com qualifies as an "Internet access service" eligible to invoke CAN-SPAM's civil remedies. The court rejected the defendant's contention that the CAN-SPAM Act protects only "traditional ISPs," an argument that succeeded recently in Gordon v. Virtumundo Inc., No. 06-204 (W.D. Wash. May 15, 2007).
• Header information accompanying the e-messages was "false and misleading" in violation of CAN-SPAM even though literally accurate, because the MySpace accounts were opened using fictitious information that did not identify The Globe.com as the message sender.
• The Globe.com was liable under the California anti-spam statute, Cal. Bus. Code 17529.5, which provides a cause of action against senders of e-mail messages containing false or misleading headers or subject lines, provided the message is transmitted to or from a California e-mail address.
• The Globe.com was liable for breaching MySpace.com's terms of service agreement. The court ruled that the TOS was enforceable and that its liquidated damages provision calling for a penalty of $50 per forbidden message was reasonable. (CAN-SPAM sets statutory damages in a range between $25-$300 per message.)

The damage calculations derived from the court's order placed The Globe.com's liability at $5.5 million, a strong impetus toward settlement one would think. The terms of the May 31 settlement were not disclosed.

The case is MySpace Inc. v. The Globe.com Inc., No. 06-3391 (C.D. Cal. Feb. 27, 2007).

Just days before a scheduled hearing on a fully-briefed motion for summary judgment, the Northern District of California issues an order questioning whether it has jurisdiction to adjudicate a class action dispute between Google and its advertisers. CLRB Hanson Indus. LLC v. Google Inc., No. C 05-03649 (N.D. Cal. Oct. 30, 2006).

The court expressed doubt about whether the dollar value of the individual claims -- less than $5 in the case of one of the named plaintiffs -- could possibly meet the $5,000,000 threshold for federal jurisdiction of class action lawsuits under the Class Action Fairness Act of 2005.

"If such claims are typical of other class members, even with a class comprised of thousands, the amount in controversy requirement is not satisfied," said Judge Elizabeth Garcia, who ordered the parties to show cause why the case should not be remanded to state court.

The class action lawsuit alleges that Google billed advertisers for clicks that exceed the "daily budget amount" specified by the advertiser. CLRB Hanson originally filed the case in state court, but then Google removed it to the Northern District of California. CLRB did not contest the removal.