1. An Overview of the Law on Spam Anti-Spam Research Group San Francisco, CA March 20, 2003 Jon Praed Internet Law Group JonPraed@aol.com

2. Spam is Unsolicited Bulk Commercial Electronic Messages Electronic messages – anticipate convergence Commercial – not inherently illegal Bulk – substantially similar messages Unsolicited – intent of recipient is key

3. Spam Fighting Tools Shield -- Internet Architecture & Filters Sword -- Legal Enforcement

4. To Evade Filters, Spam = Fraud Source and hypertext links are anonymous, transient or falsified –Free email accounts; anonymous credit cards; mail relays; obfuscated URLs; encrypted source code; DNS servers turned on/off; false domain name registrations (ICANN 9/02 action Verisign) Third Party Conspirators Provide Cover –Spam Houses make $10,000/month to host webpages and hide identities of spammers (“I terminated him and deleted his info”) –Affiliate Program Operators – in search of plausible deniability

5. Law’s Purposes General & Specific Deterrence Compensation of Victims Retribution Education

6. Legal Weapons Injunctions Money Judgments –non-dischargeable in bankruptcy –disgorge profits from spammers –fund anti-spam fight Imprisonment

7. A Hierarchy of Anti-Spam Rules AUPs – setting expectations to protect private property Common Law – trespass to chattels recognized in all 50 states State Statutes – 26 states and counting (www.spamlaws.com) –codifying trespass with statutory damages –labeling requirements –outlawing fraudulent spam or requiring respect for do not email lists Federal Statutes – –Computer Fraud & Abuse Act, 18 USC 1030 –Analogs: 47 USC 227 (unsolicited fax law); 18 USC 2257 (Adult Model Statute) –Pending Legislation (www.thomas.loc.gov)www.thomas.loc.gov Burns-Wyden CAN SPAM Act, SB 630 & others International Law – none? –How will this affect the impact of anticipated Federal fixes?

8. Goals of Federal Proposals Discourage use of fraud Encourage transparency in identity Ban spam, regardless of fraud Regulate spam through labeling Minimize impact on solicited marketers

9. A “Sunshine” Proposal for Federal Legislation Modeled after Custodian of Records Law requiring Proof of Age of Adult-Movie Performers (18 USC 2257) All commercial email (including solicited) must disclose a “custodian of records” (US resident, address, phone, email) Failure to disclose = presumption of spam and high civil penalties (dollars per email) False disclosures = criminal penalties Disclosures subject to reasonable due diligence Truthful disclosures, but inadequate records = reduced statutory damages (fraction of penny per email)

10. What the Law Needs From Internet Architecture IDENTITY –accurate records reflecting status of Internet structure (domain names, IP addresses) –details of email transaction –intelligent record preservation GEOGRAPHY –provides notice to spammers of applicable laws –empowers Netizens to avoid lawless-parts of the Internet

11. Limits of the Law Dependence on technical information for identification Slow and Costly Legal Jurisdictions are Geographic-Based

12. Why We Will Defeat Spam Victory Doesn’t Require 100% Spam-Free –Banks survive bank robberies Spammers Struggle on Small Margins Email is Incredibly Resilient –Email thrives despite 40% spam rate Spam is the Parasite, Email is the Host –If spam kills email, spam dies too Filters + Lawsuits Work, and Spammers Know It

13. Questions? An Overview of the Law on Spam Anti-Spam Research Group San Francisco, CA March 20, 2003 Jon Praed Internet Law Group JonPraed@aol.com