Page Two

By Larry Seltzer  |  Posted 2003-12-08 Print this article Print

Meanwhile, much has been made of the fact that CAN-SPAM includes no right of action by private persons against spammers. This means that only the government can pursue cases. In many of the state laws, private individuals and organizations can sue spammers in court under the law. You might remember that Microsoft filed suit against several big-time spammers this past June under the Washington state law. CAN-SPAM would specifically preempt all the state laws, but it leaves in some exceptions:
    "Section 8(b)(1)IN GENERAL. This Act supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto."
So, the states still have some leeway to pursue claims of their own related to falsity and deception, and perhaps private rights of action can still proceed in these cases. In fact, falsity and deception were at the heart of the Microsoft cases, so I wouldnt be surprised if they are important tests of how much life is left in the state laws.
Microsoft also filed some cases in United Kingdom courts, so presumably the suits could continue there. There is another set of exceptions for the state law preemption related to non-spam issues. In other words, CAN-SPAM does not have an effect on state laws related to trespass, contract or torts, fraud, or general computer crimes.

However, Im ambivalent about the private rights of action because there are too many lawsuits in this country. Still, in spite of the initial hostile reaction, CAN-SPAM does strike a good balance—only time and court cases will tell in this regard.

But for the most part, the law expects state attorneys general to be bringing cases in federal district court on behalf of aggrieved residents using this bill. No doubt, many of them will base their future gubernatorial bids in part on their anti-spam stance. (Maybe the legislation would be better called the Eliot Spitzer for Governor of New York Act or ES-GNY instead of CAN-SPAM.)

In addition, its interesting to note that the bill bans several uses of e-mail which are provided for, explicitly or implicitly, in the SMTP specification. Perhaps this will be further incentive to change the specification itself.

CAN-SPAM is not a bad thing as far as I can see, but its not going to make a big dent in the spam problem. Far too much spam comes from overseas from entities unreachable, for practical if not legal reasons, by laws in the United States. Even within the U.S. its not hard to see how spammers, who we already know to be unscrupulous, will evade effective prosecution. But at least the law will pick off some low-hanging fruit, the really-stupid amateur spammers, as well as deter some others. As Scott Petry, founder and vice president of products and engineering at Postini put it to me: Its just one more arrow in the quiver.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

More from Larry Seltzer

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel