October 29, 2009

Ninth Circuit: Obscenity in E-Mail Messages Judged by National Community Standards

The U.S. Court of Appeals for the Ninth Circuit decided United States v. Kilbride a couple days ago, producing an opinion that interpreted criminal provisions in the CAN-SPAM Act and also discussed at length whether in a prosecution for transmission of allegedly obscene e-mail messages the contemporary community standard should be a local or national one.

Community Standards and E-Mail Communications

In a nutshell, the defendants used spam to promote adult websites.

The court ruled that the appropriate standard for e-mailed obscenity is a national community standard, due in large part to the fact that e-mail senders lack the ability to control which communities will receive their messages. The court reached this result by threading through the five opinions written in the U.S. Supreme Court's decision in Ashcroft v. ACLU, 535 U.S. 564 (2002), a case involving the constitutionality of a federal statute prohibiting the commercial online transmission of indecent speech. The problem, of course, is that subjecting e-mail speech to the community standards of the least tolerant community in the country may have an unconstitutional chilling effect on protected speech.

The Ninth Circuit wrote that, in light of Ashcroft, the application of a local community standard to e-mail speech was unconstitutional. However, the Ninth Circuit added, the application of a national community standard may also present constitutional problems. What? In a footnote, the court remarked that the application of local community standards "raises grave constitutional doubts" whereas the application of national community standards "does not raise grave constitutional doubts." Just to make sure that the reader understood that the court was not putting a stamp of approval on a national community standard, the court added that a First Amendment challenge to a national community standard will not necessarily be found meritless. Figure that one out, First Amendment lawyers.

(Personally, and this is probably an embarrassing confession of ignorance, but I have trouble understanding how a juror can determine what a "national community standard" looks like. Presumably, different communities have different sensibilities about artistic expression and obscene speech. How does a person deduce a national standard from a collection of varying local standards? Take an average? That can't be right. It's like asking, "What color is a rainbow?" A rainbow can't be reduced to a single color, can it. Same thing with community standards.)

Along the way, the court rejected the government's argument that e-mail speech is not entitled to the same First Amendment protection as the Internet communications at issue in Reno v. ACLU, 521 U.S. 844 (1997). "[F]or purposes of the First Amendment concerns raised by Defendants, Defendants' email communications are analogous to other Internet communications," the Ninth Circuit wrote.

Meaning of `Materially Falsifies' in CAN-SPAM Act

To carry out their spam operations, the defendants created several nonsense domain names, fake originating e-mail addresses, and fictitious names for e-mail senders. They also supplied false information when they registered their domain names. They argued on appeal that the definition of "materially falsified" in the criminal liability portion of the CAN-SPAM Act, 18 U.S.C. 1037(a)(4), was unconstitutionally vague -- raising both facial and as-applied challenges.

The court rebuffed these challenges. However, as it did so, the court remarked that domain name registrants who use private registration services that conceal the registrant's true identity have materially falsified their registration information. The court wrote:

[P]rivate registration is a service that allows registration of a domain name in a manner that conceals the actual registrant’s identity from the public absent a subpoena. We fail to perceive any vagueness on this point. Based on the plain meaning of the relevant terms discussed above, private registration for the purpose of concealing the actual registrant’s identity would constitute “material falsification.” Defendants assert that many innocent people who privately register without the requisite intent may be subject to investigation for violation of § 1037 until their intent can be determined, allowing for abuse by enforcement authorities. This may be so, but it does not make the statute unconstitutionally vague.

It is important to note that the CAN-SPAM Act requires proof "material falsification" plus an intent to send unlawful spam messages. Nevertheless, this court's belief that use of privacy-enhancing domain registration services -- a very common practice -- is a "material falsification" that helps create criminal liability is something e-mail senders should be aware of.

Posted by Thomas O'Toole on October 29, 2009 in Computer Crime, Content Regulation, Marketing | | Comments (1)

October 07, 2009

Takeaways for Social Media Advertisers in the FTC's New Endorsement Guides

Puffins

Blogging late about a news event is a mixed blessing. The blogger has the benefit of reading everyone else's hastily keyed impressions and thus can seem oh-so-much smarter with several days to think about issues others gave about five minutes' thought to (sort of reminds me of law school, actually). The downside is that after a couple days the news event is essentially played and now the late blogger must try to place something interesting on top of a pile of prior opinion that is already gathering dust. Blogosphere, I make you this deal: I won't poke holes in your snap judgments, and you won't expect me to be smart or interesting.

That said, the Federal Trade Commission's Monday release of its Guides Concerning the Use of Endorsements and Testimonials in Advertising (warning: big PDF) is another example of the government attempting to place old media rules on new social media. These developments throw off the sort of fascinating policy discussions that make my job so enjoyable. Cyberspace exceptionalism. Notice or norms? It's a conversation, it's not "media." Any market failures here? You can't regulate the Internet. Government paternalism.

Early campfire stories from CNET, where the web welkin is always falling, Yes, new FTC guidelines extend to Facebook fan pages, and the Guardian, America's memo to bloggers: don't lie or we'll fine you, conjure up scary images of FTC lawyers hunting down tweeters and Facebook "fans" of Corporate America. Censorship and naivete in Washington are eloquently decried by Jeff Jarvis at BuzzMachine, FTC regulates our speech, and Dan Gillmor at Mediactive, A Dangerous Federal Intervention in Social Media. The most entertaining take I've read on the new endorsement guides is this post from Edward Champion at Reluctant Habits, Interview With FTC's Richard Cleland, in which a dogged interviewer bests an FTC official in a game of reductio ad absurdum.

Bloggers, Tweeters, Fans: Type With Confidence

Since 1980, the FTC has had guidelines in place concerning the use of testimonials and endorsements to sell a product or service. Rules on substantiation, and rules calling for disclaimers on typicality and paid sponsorship, were a part of those guidelines. (For my non-lawyer readers, the endorsement guidelines are detailed descriptions of advertising techniques that FTC staffers believe run afoul of the FTC Act, 15 U.S.C. 45, which forbids unfair and deceptive trade practices.)

The new guidelines extend existing guidance to social media advertising, by setting out several circumstances where FTC staffers believe that disclosures about compensation should be made.

The intended audience for the guidelines is advertisers, not bloggers. The FTC is chasing its traditional nemesis -- marketers -- who have lately taken to social media to hawk products and services. It's no secret that marketers are turning to social media in a big way. That's where the eyeballs are. Moreover, social media is well-suited to advertising, see Robert Cialdini's book Influence (Disclosure: This is not an affiliate link and I am not being compensated by Cialdini, his publisher, or Amazon.com). Social proof is powerful; marketers want to tap into it.

Bloggers, tweeters, fans: The FTC is not targeting you. They are targeting the companies who are impersonating you. Just like the mighty humpback whale that travels north in search of krill and herring off the Alaska coast, the FTC is following advertisers' migration into social media. Bloggers, you're more like the puffins. The FTC is not really interested in you.

The guidelines cover only "endorsements," a category of speech that addresses an infinitesimally small percentage of cyberspace. At least I hope so. The guidelines define an "endorsement" as:

any advertising message (including verbal statements, demonstrations, or depictions of the name, signature, likeness or other identifying personal characteristics of an individual or the name or seal of an organization) that consumers are likely to believe reflects the opinions, beliefs, findings, or experiences of a party other than the sponsoring advertiser, even if the views expressed by that party are identical to those of the sponsoring advertiser.

Presumably, a blogger/tweeter/fan will know whether he or she has received a cash payment or freebie. If the blogger/tweeter/fan writes an "endorsement," he or she must disclose the cash payment or a freebie. This doesn't happen very often, and the burden seems slight. The FTC will not be targeting bloggers who violate the guidelines.

Homework for Lawyers and their Marketer Clients

The flip side of this coin is that the FTC will be looking hard at companies who use social media to advertise their products and services. Which means that lawyers will have new compliance advice to sell to companies using social media for advertising. A cottage industry in compliance/avoidance strategies has been created.

Here are the FTC examples that specifically pertain to  social media marketing. I've (helpfully) bolded the portions that advertisers should linger on.

Example 5:

A skin care products advertiser participates in a blog advertising service. The service matches up advertisers with bloggers who will promote the advertiser’s products on their personal blogs. The advertiser requests that a blogger try a new body lotion and write a review of the product on her blog. Although the advertiser does not make any specific claims about the lotion’s ability to cure skin conditions and the blogger does not ask the advertiser whether there is substantiation for the claim, in her review the blogger writes that the lotion cures eczema and recommends the product to her blog readers who suffer from this condition. The advertiser is subject to liability for misleading or unsubstantiated representations made through the blogger’s endorsement. The blogger also is subject to liability for misleading or unsubstantiated representations made in the course of her endorsement. The blogger is also liable if she fails to disclose clearly and conspicuously that she is being paid for her services.

In order to limit its potential liability, the advertiser should ensure that the advertising service provides guidance and training to its bloggers concerning the need to ensure that statements they make are truthful and substantiated. The advertiser should also monitor bloggers who are being paid to promote its products and take steps necessary to halt the continued publication of deceptive representations when they are discovered.

Example 7:

A college student who has earned a reputation as a video game expert maintains a personal weblog or “blog” where he posts entries about his gaming experiences. Readers of his blog frequently seek his opinions about video game hardware and software. As it has done in the past, the manufacturer of a newly released video game system sends the student a free copy of the system and asks him to write about it on his blog. He tests the new gaming system and writes a favorable review. Because his review is disseminated via a form of consumer-generated media in which his relationship to the advertiser is not inherently obvious, readers are unlikely to know that he has received the video game system free of charge in exchange for his review of the product, and given the value of the video game system, this fact likely would materially affect the credibility they attach to his endorsement. Accordingly, the blogger should clearly and conspicuously disclose that he received the gaming system free of charge. The manufacturer should advise him at the time it provides the gaming system that this connection should be disclosed, and it should have procedures in place to try to monitor his postings for compliance.

Example 8:

An online message board designated for discussions of new music download technology is frequented by MP3 player enthusiasts. They exchange information about new products, utilities, and the functionality of numerous playback devices. Unbeknownst to the message board community, an employee of a leading playback device manufacturer has been posting messages on the discussion board promoting the manufacturer’s product. Knowledge of this poster’s employment likely would affect the weight or credibility of her endorsement. Therefore, the poster should clearly and conspicuously disclose her relationship to the manufacturer to members and readers of the message board.

The foregoing examples suggest at least three new compliance obligations that advertisers need to immediately take on:

  • Monitoring: Endorsers who receive payments or freebies must be monitored to ensure that endorsers are making required disclosures and to ensure that endorsers are not making unsubstantiated claims.
  • Training: Endorsers who receive payments or freebies must be given training in the new FTC guidelines, to minimize the chance that endorsers will make unsubstantiated claims or will fail to disclose their connection to the advertiser.
  • Workplace Social Media Policies: Advertisers must have in place policies for employees that require them to disclose their status as an employee when making endorsements in social media and other online venues.

Beyond these obvious initiatives, there are a lot of other gray areas for lawyers and their advertiser clients to discuss:

  • How permissive will the FTC be with promotional messages that fall short of an endorsement of a specific product? Could Coca Cola sponsor social media messages about the benefits of carbonated sugar water without making a disclosure?
  • What does "clear and conspicuous" mean? Would "ADV" work for a tweet?
  • With a blog, would it be sufficient for the endorser to publish -- much like a privacy policy -- a one-time message indicating that the endorser frequently receives gratis goods in exchange for reviews? Or would the blogger need to make disclosures on a case-by-case basis (e.g., "This review is positive, so it needs a disclaimer," "This review is negative, so I don't have to run a disclaimer.")
  • To what extent will endorsers be allowed to downplay the connection to the advertiser? Will a terse "Promotional consideration received" be sufficient? Will an icon be sufficient?

Finally, I wonder if any of this applies to lawyer communications in social media. Would a lawyer who has AT&T as a client be able to post, without disclosing the attorney-client relationship, "I just love my iPhone and I don't mind being locked-in to a two-year contract at all" on a blog or message board? That's just nuts, right? I withdraw the question.

Loose Change

A few other random thinking-out-loud notions that arose while going through the FTC guidelines.

First, the FTC was not impressed with arguments made by several commenters that (1) self-regulation is the best policy route and (2) that regulation would adversely affect the growth of social media. These arguments have prevailed in Washington since the dawn of the commercial internet, particularly in the area of privacy, so it was surprising to see the commission reject them, and pointedly so. "The Commission disagrees ... with those who suggest that there is not yet an adequate basis to provide guidance in this area." Whether or not this kind of thinking translates into other areas where self-regulation is king remains to be seen.

Nytreview

Second, it was disappointing to see the commission draw a line between user-generated media and traditional media. That seems to be an untenable distinction in 2009, and it promises to create mischief. I personally don't agree with the commission's reasons for requiring user-generated endorsements to contain disclosures (the internet has a way of sorting this stuff out on its own), and I certainly don't agree with its reasons for not saddling traditional media with similar disclosure obligations. Does this mean that Engadget.com must run a disclaimer but the Washington Post's tech toy reviewer need not? This may turn out to be unimportant in the long run, however, because traditional media seem to be embracing the idea that transparency is an attribute with commercial significance.

Third, if an when these guidelines are challenged on First Amendment grounds, how will social media speech be categorized? We are already seeing in the FTC's new guidelines how marketers who venture into social media spaces have brought along their federal regulators. Will they also bring the lesser protections that the First Amendment accords to commercial speech?

(Image: Marydoo)

Posted by Thomas O'Toole on October 07, 2009 in Marketing, User-Generated Content | | Comments (0)

October 05, 2009

Challenge to Utah Child E-Mail Registry Law Dismissed

A constitutional challenge to Utah's child e-mail protection registry statute passed away quietly in its sleep late last week. A federal district court in Utah dismissed the case Sept. 30, several days after receiving a stipulation from all parties consenting to its dismissal.

The Utah Child Protection Registry Act, Utah Code Section 13-39-101, allows parents to register their children's "contact points" with a state registry. Essentially, the Utah law is a "do not email" statute for kids. It is unlawful to send a commercial message to a contact point that has been on the registry for more than 30 days.

Way back in 2005, a group known as the Free Speech Coalition challenged the law on First Amendment, CAN-SPAM preemption, Supremacy Clause, and dormant Commerce Clause grounds. The district court ruled in 2007 that the plaintiffs were not likely to prevail on their constitutional claims, denying a request for an injunction. The plaintiffs did not appeal to the Tenth Circuit, and the case has not been actively litigated since then.

The particulars of the lawsuit are set out in defendant Unspam Registry Services Inc.'s motion to dismiss the case, filed Sept. 3.

Posted by Thomas O'Toole on October 05, 2009 in Marketing, Privacy | | Comments (0)

September 22, 2009

California Privacy Law Not Preempted by CAN-SPAM Act

In California, the Song-Beverly Credit Card Act forbids merchants from asking for "personal information" when a customer uses a credit card to make a purchase. Addresses and telephone numbers are clearly covered by Song-Beverly. Zip codes are not, per Party City Corp v. Superior Court, 169 Cal.App.4th 497 (Cal. Ct.App. 2008).

How about e-mail addresses? Are they "personal information" forbidden to be collected by Song-Beverly? And if e-mail addresses are regulated by Song-Beverly, then is this aspect of Song-Beverly preempted by the federal CAN-SPAM Act?

Yesterday, in the case of Powers v. Pottery Barn Inc., D054336 (Cal. Ct.App., Sept. 21, 2009), a California intermediate appellate court ruled that the CAN-SPAM Act does not preempt a cause of action alleging that Song-Beverly was violated when a merchant (Pottery Barn, in this case) asked for and received the plaintiff's e-mail address during the course of a credit card transaction. CAN-SPAM does not preempt state laws of general applicability that only incidentally regulate e-mail, the court said. "Because Song-Beverly's regulation of what may be asked of credit card customers is not a regulation of what can be sent in commercial e-mails and is not in any manner specific to e-mail, we conclude Song-Beverly is not pre-empted by CAN-SPAM."

So the plaintiff's lawsuit, which seeks class status, lives on. As for the preliminary question of whether e-mail addresses are in fact "personal information" under Song-Beverly, the court didn't make a conclusive ruling on this point. It said that the record wasn't sufficiently developed to decide the question, adding that the allegations in the complaint were sufficient to avoid summary dismissal of the case. So the parties are free to fight this one out in a future hearing.

This could be a close question. E-mail addresses are generally considered -- see HIPAA, COPPA, GLBA here and PIPEDA in Canada -- to be personal information; but ... one leading federal privacy proposal, H.R. 2221 (the DATA Act), excludes e-mail addresses from its definition of personal information. State-law definitions are all over the map. And of course Song-Beverly does not specifically include e-mail addresses within its definition of personal information because, as the court pointed out, California lawmakers did not have e-mail regulation in mind when they wrote the law.

Finally, the court turned back Pottery Barn's claim that Song-Beverly's restriction on its ability to collect customer e-mail addresses violates the First Amendment. The court acknowledged Pottery Barn's First Amendment right to collect e-mail addresses, but added that this right was overcome by the state's "well-established and substantial" interest in protecting the privacy of its citizens. Marketers have lately been asserting a First Amendment right to access commercially valuable data, though without much success so far. A recent example I blogged about was IMS Health Inc v. Ayotte, in which the First Circuit turned back a First Amendment challenge to a New Hampshire law banning the sale of prescription drug information that identifies doctors' prescribing patterns. The U.S. Supreme Court declined June 29 to review the case.

Posted by Thomas O'Toole on September 22, 2009 in Marketing, Privacy | | Comments (0)

August 27, 2009

Marketers Make Good on Threat to Challenge Maine Privacy Law

The Progress and Freedom Foundation is reporting that a group of marketers and publishers filed a lawsuit yesterday challenging the constitutionality of Maine's Act to Prevent Predatory Marketing Practices Against Minors, a law that prohibits companies from collecting "health-related information or personal information for marketing purposes from a minor without first obtaining verifiable parental consent of that minor's parent or legal guardian." That's a tall order for marketers, requiring fundamental changes in their operations.

The listed plaintiffs are the Maine Independent Colleges Association, Maine Press Association, NetChoice, and Reed Elsevier Inc.

The law becomes effective Sept. 12.

The lawsuit was reportedly filed in the U.S. District Court for the District of Maine, though it is not yet available on the court's PACER/ECF site. A copy of the plaintiffs' motion for a preliminary injunction distributed by PFF is available here.

Plaintiff's allege that the Maine law violates the First Amendment (they allege it should be tested under the rigorous standards applicable to non-commercial speech), the dormant Commerce Clause, and state preemption provisions in the Children's Online Privacy Protection Act, a federal measure applicable to children under age 13.

Posted by Thomas O'Toole on August 27, 2009 in Computer Crime, Marketing, Privacy | | Comments (1)

March 19, 2009

Stanford E-Commerce Best Practices Conference

The Sixth Annual E-Commerce Best Practices Conference will take place on June 12, 2009, on the Stanford University campus. Right now, this is probably the best annual event going for learning about cyberlaw topics (in my uncompensated, unsolicited opinion).

Posted by Thomas O'Toole on March 19, 2009 in Communications Decency Act, Computer Crime, Contracts, Copyrights, Intellectual Property, Internet Governance, Legal Profession, Marketing, Patents | | Comments (0)

Technorati Tags:

March 04, 2009

High Court Cert In Jaynes Case Seems Unlikely

Venkat Balasubramani has a post speculating on whether the U.S. Supreme Court will grant certiorari to review the Virginia Supreme Court's ruling that the state's unsolicited bulk e-mail law violates the First Amendment. He thinks the high court will take the case of Commonwealth v. Jaynes. Nobody can really know what the court will do. Just for fun, I'll argue that the court will not take the case.

First, the Supreme Court has a rule setting out the grounds for granting a certiorari petition. The court is pretty good about following its own rules. Rule 10 provides:

Rule 10. Considerations Governing Review on Writ of Certiorari

Review on a writ of certiorari is not a matter of right, but of judicial discretion. A petition for a writ of certiorari will be granted only for compelling reasons. The following, although neither controlling nor fully measuring the Court's discretion, indicate the character of the reasons the Court considers:

(a) a United States court of appeals has entered a decision in conflict with the decision of another United States court of appeals on the same important matter; has decided an important federal question in a way that conflicts with a decision by a state court of last resort; or has so far departed from the accepted and usual course of judicial proceedings, or sanctioned such a departure by a lower court, as to call for an exercise of this Court's supervisory power; (b) a state court of last resort has decided an important federal question in a way that conflicts with the decision of another state court of last resort or of a United States court of appeals; (c) a state court or a United States court of appeals has decided an important question of federal law that has not been, but should be, settled by this Court, or has decided an important federal question in a way that conflicts with relevant decisions of this Court.

A petition for a writ of certiorari is rarely granted when the asserted error consists of erroneous factual findings or the misapplication of a properly stated rule of law.

I don't see where the Jaynes case presents any of these grounds for granting the writ. There are no other federal or state decisions on the same issues presented in Jaynes, namely, whether a statute criminalizing the transmission of bulk e-mail with false header information violates the First Amendment right to anonymous speech. None. Rule 10 makes clear that the Supreme Court is not in the business of correcting errors. The Virginia Supreme Court might have gotten the Jaynes decision wrong. Way wrong, even. But that's not the kind of case that interests the high court.

Second, only a handful of states (3?) regulate bulk e-mail. All the others regulate commercial e-mail -- speech that is analyzed under an entirely different set of First Amendment rules. It is hard to believe that the Supreme Court would take a case that has such small national significance.

Third, Virginia is in the process of turning its unsolicited bulk e-mail statute into an unsolicited commercial e-mail law, thereby eliminating the problems identified by the state supreme court. H.B. 1396 passed the Senate on Feb. 25 and is now ready for the governor's signature. Granting cert in this case wouldn't even have much of an impact in Virginia.

Posted by Thomas O'Toole on March 04, 2009 in Computer Crime, Marketing | | Comments (0)

Technorati Tags: , ,

December 11, 2008

Virginia Attorney General Takes Spam Case to High Court

Virginia Attorney General Bob McDonnell filed a petition for certiorari today seeking U.S. Supreme Court review of a state-court ruling that Virginia's unsolicited bulk e-mail law violates First Amendment protections for anonymous speech. Nearly all state anti-spam laws regulate commercial speech; Virginia's law, on the other hand, regulates all bulk unsolicited e-mail. The attorney general's press release announcing the filing spends a lot of time making the point that Jeremy Jaynes is a horrible individual but not much about why the lower court erred.

The petition for certiorari doesn't defend the statute either. Instead, the petition argues that the state supreme court misapplied the U.S. Supreme Court's substantial overbreadth doctrine, improperly permitting Jaynes to assert the free speech rights of persons engaged in protected political speech, then invalidating the state law because it might have a conceivable impact on the exercise of those rights.

A like to the petition should be working here later today.

Posted by Thomas O'Toole on December 11, 2008 in Marketing | | Comments (0)

Technorati Tags: ,

November 19, 2008

First Circuit Severs Connection Between Data Privacy, Free Speech

Yesterday's decision by the First Circuit in IMS Health Inc. v. Ayotte, No. 07-1945, could very well be a turning point in the way courts address data privacy issues. The court rejected a First Amendment challenge to a New Hampshire law that forbids data-mining companies from selling information about a physician's drug-prescribing habits to drug manufacturers. (Apparently this data is powerful when wielded by a skilled prescription drug marketer. New Hampshire legislators believed that brand-name drug marketers, armed with knowledge about a physician's drug-prescribing habits, are partially responsible for millions of dollars in increased state health care costs, which are incurred when physicians depart from medical guidelines and prescribe higher-priced, brand-name drugs in lieu of lower-cost generics.)

Most discussions about privacy assume that, as privacy expands, important First Amendment values (the freedom to discover and distribute truthful information, for example) are diminished. Relevant to marketing communications, the First Amendment has been held to protect pure data (Universal City Studios v. Corley) and even mundane expression such as product prices (Va. Board of Pharmacy v. Va. Consumer Council).

What is important about the IMS Health v. Ayotte decision is not that the court found no First Amendment violation, but its conclusion that the New Hampshire law regulated conduct entirely outside the protection of the First Amendment. A 2-1 majority of the court held that the target of the New Hampshire law -- namely, communications about a physician's drug-prescribing habits -- did not merit First Amendment protection at all. The court said that the information restricted by the New Hampshire law was similar to fighting words, misleading commercial speech, speech in furtherance of a crime, restraints of trade, or promises of benefits in order to influence a union election -- all of which have been held to be outside the protection of the First Amendment. Here are the key passages from Judge Selya's majority opinion:

This case poses the relatively narrow question of whether the Prescription Information Law constitutionally may bar these plaintiffs (data miners) from aggregating, manipulating, and transferring data for one particular purpose only. ...

To be sure, certain information exchanges are foreclosed by the Prescription Information Law. They are not, however, the sorts of exchanges valued by the Supreme Court's First Amendment jurisprudence but, rather, are exchanges undertaken to increase one party's bargaining power in negotiations. We believe that in moving to combat the novel problems presented by detailing in the information age, New Hampshire has adopted a form of conduct-focused economic regulation that does not come within the First Amendment's scope. ...

 We believe that the transfers of prescriber-identifiable information regulated by the Prescription Information Law (transfers that otherwise would flow from pharmacies to data miners to detailers for the purpose of promoting the dispensation of expensive brand-name drugs) fit within this integument. The challenged portions of the statute principally regulate conduct, and to the extent that the challenged portions impinge at all upon speech, that speech is of scant societal value. We say that the challenged elements of the Prescription Information Law principally regulate conduct because those provisions serve only to restrict the ability of data miners to aggregate, compile, and transfer information destined for narrowly defined commercial ends. In our view, this is a restriction on the conduct, not the speech, of the data miners.

I think what the First Circuit has done here is show state legislatures a way to write privacy legislation that can withstand First Amendment objections. (True, the state did not seriously advance the argument that the law was justified as a matter of physician privacy. It was the dramatic increase in health care costs due to brand-name drug prescriptions that caught the state's, and this court's, attention. Nevertheless, the First Amendment point is the same: some kinds of data communications are outside First Amendment protection.) The idea that a restriction on the use of a particular kind of data, in order to serve a clearly defined social purpose, does not implicate the First Amendment at all, is a powerful one that should attract a lot of attention in the next few years.

Posted by Thomas O'Toole on November 19, 2008 in Marketing, Privacy | | Comments (0)

Technorati Tags: ,

October 29, 2008

CAN-SPAM Preemption Ruling Leaves State Spam Laws in Jeopardy

Every state's anti-spam statute is in jeopardy of CAN-SPAM Act preemption under the test set out by the court in Hoang v. Reunion.com Inc., No. 06-3518 (N.D. Calif. Oct. 6, 2008). In a case involving spammy invitations to join a social networking site, the court ruled that unless the plaintiffs' allegations established all of the elements of common law fraud, it would be preempted.

That's a lot to ask. Let's see how the court got there:

CAN-SPAM preempts state statutes that “expressly regulate[ ] the use of electronic mail to send commercial messages,” except to the extent such statutes prohibit “falsity or deception in any portion of a commercial electronic mail message or information attached thereto.” See 15 U.S.C. § 7707(b)(1). Section 7701(b)(1) has been interpreted to preempt state law claims, unless such claims are for “common law fraud or deceit.” See Omega World Travel, Inc. v. Mummagraphics, Inc., 469 F. 3d 348, 353-56 (4th Cir. 2006) (affirming dismissal of claim under Oklahoma statute based on defendant’s having sent email containing “immaterial” false statement, because common law fraud claim cannot be based on “immaterial” false statement); Kleffman v. Vonage Holdings Corp., 2007 WL 1518650, *3 (C.D. Cal. 2007) (holding claim under § 17529.5(a) preempted, where claim not based on “traditional tort theory” of “fraud and deceit”).

“The necessary elements of fraud are: (1) misrepresentation (false representation, concealment, or nondisclosure); (2) knowledge of falsity (scienter); (3) intent to defraud (i.e., to induce reliance); (4) justifiable reliance; and (5) resulting damage.” Alliance Mortgage Co. v. Rothwell, 10 Cal. 4th 1226, 1239 (1995) (internal quotation and citation omitted). Here, plaintiffs fail to allege facts to support a claim of fraud, which must be alleged with particularity. See Fed. R. Civ. P. 9(b). In that regard, plaintiffs fail to allege with the requisite specificity why the statements at issue were false and why defendant knew they were false when made. Further, plaintiffs fail to allege plaintiffs relied to their detriment on any misrepresentation and that, as a result of such reliance, they incurred damage.

Accordingly, plaintiffs’ claims are preempted and subject to dismissal. (bolded emphasis mine).

Think about that. Plaintiffs are required to show detrimental reliance and actual damages or their claim is preempted by CAN-SPAM. Proof that an individual detrimentally relied on an e-mail message's routing information or subject line would seem to be a near-impossible hurdle. What "detriment" is there to opening an e-mail that appears to be from a friend but is in fact spam? As for damages, even CAN-SPAM itself does not require proof of actual damages.

The plaintiffs in the Hoang case alleged that Reunion.com's e-mail invitations for them to sign-up were false and misleading because (1) the "From" line falsely indicated that the message originated with a friend rather than from Reunion.com, and (2) the "Subject" line falsely indicated that the friend wanted to connect with them on Reunion.com.

It will be interesting to see if the court's preemption analysis stands up to additional scrutiny. Other than the obvious fact that every state anti-spam law now on the books fails the court's preemption analysis, the court's reading of the available caselaw is a little suspect. This the first time I have seen the Fourth Circuit's Omega World decision described as holding that only claims for common law fraud are not preempted by CAN-SPAM. I couldn't find anything close to that in the Omega World opinion. Omega World, it seems to me, held that CAN-SPAM preempts state-law claims for immaterial errors in e-mail messages. (See also Ferron v. Echostar Satellite LLC, No. 2:06-cv-00453 (S.D. Ohio Sept. 24, 2008), where the court, following Omega world, held that claims that e-mail advertisements violated an Ohio law prohibiting inaccurate address information are preempted by the CAN-SPAM Act absent a showing that the inaccuracy included an intentional or misleading falsity.)

As for the Kleffman ruling, the concern is the same. Kleffman just didn't say what the court here says it did. In Kleffman, a case in which the plaintiff challenged Vonage's tactic of using multiple message origination addresses to avoid spam filters, the court called the plaintiff's theory of liability a novel one because the Vonage origination addresses were not false or misrepresented in any ordinary sense of these terms. The court said: "[Congress] left states room only to extend their traditional fraud prohibitions to the realm of commercial emails because it was confident that legitimate businesses would not unwittingly transgress such well-established prohibitions."

Do anyone see in that language a holding that state-law causes of action that fall short of requiring proof of all elements of common law fraud are preempted? I don't either.

The Hoang case is different than any prior preemption case because the plaintiffs have a much stronger claim that the messages at issue were false and misleading. Omega World involved a mere immaterial error; Kleffman involved a tactic to evade spam filters that did not employ the use of false information; and Ferron involved an "inaccurate" originating address.

The Hoang court gave the plaintiff leave to amend so perhaps the issue of CAN-SPAM preemption will be revisited, and we'll see if the court meant what it said in this opinion.

Posted by Thomas O'Toole on October 29, 2008 in Federal Preemption, Marketing | | Comments (0)

Technorati Tags: , , ,

Next »
Subscribe to this blog's feed

Twitter Updates

    follow me on Twitter

    Recent Posts

    Recent Comments

    Notice to Subscribers

    Categories

    Archives

    More...

    Copyright

    About