Return to Nicholas Johnson's Main Web Site www.nicholasjohnson.org
 

On April 12, 1994, a small immigration law firm from Arizona, Canter and Siegel, began an advertising campaign that made history.  Canter and Siegel sent out an unsolicited message to thousands of individuals concerning a Green Card Lottery, using the precursor to the modern Internet.  The response the firm received was overwhelming; hundreds of thousands of hate messages poured in over the coming weeks, crippling and eventually incapacitating the company that provided Internet access to the firm.  The message had another result.  Among the hate mail were hundreds of new clients, interested in learning more about obtaining a Green Card from the Immigration and Naturalization Service.1  The modern day version of "spam" was born.

This paper first looks at the nature of spam and the problems surrounding it.  The paper then briefly discusses the First Amendment concerns that constrain State's attempts at its regulation.  The paper then focuses on the 2003 federal law, the "CAN-SPAM Act," in an attempt to analyze whether this law can deal effectively with the problems associated with spam.  Finally, it looks at two alternative methods of spam regulation.

The CAN-SPAM Act will do little to curtail spam.  Indeed, some view the act as protectionist legislation.  The failure of this law to address the greatest concerns associated with spam almost guarantee continuing increases in volume.  This will lead to further tensions within the international community and stifle some of the great benefits the Internet provides.  Control of this nuisance will only come through strong legislation aimed at reducing the volumes of spam coupled with technology that enables enforcement and international cooperation.

B. The Internet, Email and Spam

The Internet is a network of computers, spanning the globe that permits individuals to connect, communicate, and share information through websites, instant messaging, newsgroups, electronic mail messages, and other methods.2  Electronic mail messaging ("email") has become a popular way for Internet users to correspond.  Emails, written correspondence in electronic form, theoretically travel from the sender to the recipient at the speed of light.3  The messages are stored on the recipient's computer or by a company that provides electronic mail service to the recipient.  The recipient can read the email when she has time to access, read, and respond to the message.

Internet users do not always want the emails they receive.  They may not even know the sender.  Nearly all Internet users receive some quantity of unsolicited email, usually advertisements.  Email is a very cost effective way to advertise.4  Email, by its nature, allows even small businesses to advertise globally to millions of potential customers and at a fraction of the cost of what a television or postal advertising campaign would cost.

Internet users refer to these unsolicited emails as "spam" messages, believed to be a reference to a comedy skit from the television show "Monty Python's Flying Circus."  The skit takes place in a restaurant serving food only containing the Hormel food product "Spam."  A woman attempts to order food that does not contain Spam but is ignored.  Eventually her protests are completely drowned out by a chorus of Vikings singing, "Spam, Spam, Spam" in an ever increasing volume.5  This skit presents an instructive analogy to the sending of unsolicited bulk email despite the recipient's protests and ability to interfere with Internet users attempting to carry out their own email correspondence.

1. The Costs of Spam

2. Spammers Tactics

Spam senders use a variety of tactics to obtain the addresses of individuals.  Their methods range from legitimate methods to brazen violations of laws.  A study done by the Center for Democracy & Technology suggests that email addresses that are posted on either a public website or a Usenet newsgroup are the largest recipients of spam.11 The study's data suggests spammers utilize automated computer programs called "spiders" or "robots" that automatically scan the Internet for potential addresses.12  This tactic presents a dilemma for websites that provide services, support, or want feedback from site visitors.  Once their email addresses are publicly posted, these accounts can be flooded with spam.  Some corporations sell their consumer email address databases to spammers for extra revenue, making it necessary for individuals to read carefully user agreements when submitting their addresses on websites.13  Another method, called a "dictionary" or "brute-force" mail server attack, attempts to guess all of the email addresses at a particular domain.14

Significant problems arise from spam aside from the costs to the recipients.  A significant proportion of spam consists of fraudulent offers.15  They may offer products that the buyers never receive, deals that are not honored, or incentives to entice a consumer to reveal credit card numbers and other personal information that leads to identity theft.  These messages are often quite sophisticated, hard to distinguish from legitimate commerical spam, and may look to be from a legitimate, well known e-retailer. A second problem is the large amount of the spam that contains explicit adult content.  These messages often come to the recpient under a very beneign "subject" line.  Once a user has opened the email they are confronted with sexually explicit images and text.  Such messages are considered offensive and intrusive by most recipients, especially when they result in exposure of minors to such graphic content.

Another problem occurs with brute force or dictionary mail server attacks, mentioned above.  At some level, volumes are large enough to interfere with Internet users' ability to send legitimate email messages as their network tries to deal with the vast amount of traffic.  Finally, spammers sometimes take over, or "hijack," a third party's computer.  This is called "hacking." This may enable them to route messages through "proxy server" or to otherwise hide the origin of the spam.  It has been estimated that thirty percent of all spam messages originate from the computers of innocent third parties hijacked by hackers for the purpose of sending out unsolicited bulk email.16  "SoBig F," a virus released in 2003 that infected millions of computers, is thought to be a successful attempt by spammers to hijack individuals computers for the purpose of spamming.17  This virus caused hundreds of millions of dollars in damage, and is  considered one of the fastest spreading viruses in computer history.

The combination of these malicious and often criminal tactics by spammers, coupled with the staggering amounts of spam generated each day, has led many to believe that regulation of email is desirable or necessary.  This sentiment has been voiced from both the United States and  other nations.

C. First Amendment  Protections of Commercial and Adult Speech

 In the United States regulation of spam must be consistent with federal constituitonal protections granted speech under the First Amendment .

1. Commercial Speech

Most spam messaging is undertaken for commerical purposes and is therefore guaranteed at least the lesser protections given commercial speech under the Central Hudson test.18  Generally,  (1) if the commercial speech is protected it may only be regulated if  (2) there is a substantial government interest in regulating the speech, (3) the regulation directly advances the government interest, and (4) the regulation is reasonably tailored to achieve the government interest.19

Some commercial speech is not entitled to constitutional protection.  Regulation of speech that is misleading, fradulent, or deceptive raises no First Amendment  issues and may be severely or completely restricted.20  Spam that attempts to deceive the recepient with regards to content of the message with a false subject line, the commercial nature of the message, the sender of the message, or similar matters will not be entitled to First Amendment protections.   On the other hand, some spam may be entitled to a much greater protection because the message is protected social, political, religious or other forms of speech.

There is no agreed upon definition of commercial speech. The U.S. Supreme Court has adopted a "we'll know it when we see it" approach to define commercial speech on a case-by- case basis.  Central Hudson states that speech "related solely to the economic interests of the speaker and its audience" is commerical speech. 21 However, when corporations or individuals advertise in order to promote political views that benefit their economic interests they are entitled to more than commercial speech protections.22  The mere fact that the speech is in the form of a paid advertisement23 - or is tied to an issue of public debate24 - is not dispositive.

Regulations that affect First Amendment-protected, commercial speech must advance a substantial government interest.  The courts define "substantial interest" on a case-by-case basis.  In Central Hudson, the Supreme Court majority determined that conservation of energy and maintenance of a fair and efficient rate structure were sufficiently substantial government interests to justify regulating electrical utilities' "promotional advertising."25  The Supreme Court has also found that prohibitions on advertising by Puerto Rican casinos to Puerto Rican citizens for "welfare, health, and safety" were substantial government interests.26  Regulations prohibiting unsolicited faxes, similar in many ways to spam, were found to involve a substantial government interest in preventing advertising cost shifts to consumers. 27 (Fax machines consume paper and toner when printing the, often unwanted, advertisements.)

Regulations of commercial speech must directly advance a significant government interest and be tailored in a reasonable manner to meet those interests.  These last two requirements focus on the fit between the ends the legislature wishes to achieve and the means chosen to meet those ends.28  Legislatures must tailor the regulations in a reasonable manner to serve the government objective.29  There is no requirement that the government choose the least restrictive method of regulation.30

Two factors that may point to a failure to regulate in a reasonable manner are internal inconsistency and improbability that the regulation will achieve the government objective.  An example of internal inconsistency is the successful challenge to governmental regulations prohibiting beer brewers to place alcohol content information on the beer label.31  This regulation was held to be unconstitutional.  It did not "directly and materially advance" the stated goal of the government because (a) it did not prevent alcohol content from being advertised in other ways than on the label and (b) did not ban listings on the labels of other alcoholic beverages other than beer.32  Similarly, state regulations requiring that tobacco advertisements be placed five feet from the ground or higher (to prevent children from being exposed to the advertisements) was unconstitutional because children are often over five feet tall or can raise their heads to observe advertisements above them.33

2. Adult Content

If legislation singles out adult content messages for different treatment, it may raise constitutional issues.  Reno v. ACLU set a very high standard of protection for adult content when it held unconstitutional a regulation that prohibits the display of "patently offensive" language or images on computer screens available to persons under the age of 18.34 In its opinion, the Supreme Court stated that the Internet is entitled to the same protections that the Court has given to books and newspapers.35  This means "indecent" content not considered "obscene"36 enjoys the full protections of the First Amendment.

Other media may have special justifications for content regulation.  Broadcasts, like TV and radio, create a captive audience for indecent content because the audience may have no advance warning of what is coming and programming is uniquely accessible to children.37  Phone networks and cable broadcasters enjoy greater protection from governmental regulation because of the properties of these media.  "Dial-a-porn" phone services are not as invasive as TV or radio because the listener must have made an active choice to place the call.38  Similarly, cable television may offer indecent material only to those who subscribe to, and pay for it.39 The ruling in Reno v. ACLU (that the Internet has the full protections of the First Amendment) means that most regulation of Internet adult content which is not obscene will be subject to strict scrutiny.40  The government will have the burden of proving that regulations singling out adult content serve a compelling state interest that is drawn narrowly to achieve that end.  41

D. State Regulation of Spam under the First Amendment

 States' responses to spam between 1995 and 2003 have dealt with the classic complaints about spam.  Statutes primarily focus on concerns that spam exposes minors to obscene or indecent content.42

Often state legislatures attempt to make it illegal knowingly to distribute indecent material that a minor may be able to view.43  The courts have viewed these statutes as illegal because they create an unconstitutional impediment to protected speech.  44  The difficulty courts find with these statutes is that because of anonymity and freedom of information on the Internet, indecent material inadvertently may be sent to minors.  Thus, they conclude, the only way to comply with this type of law is to avoid adult oriented content entirely - thereby creating an unconstitutional burden on protected adult speech.45  New Mexico enacted a statute that barred using a computer to "knowingly and intentionally" send messages to a minor when the communication contained sexual content.  46  The Tenth Circuit found this statute was similar to the one challenged in Reno v. ACLU; it would chill speech out of the writer's fear that a single minor's viewing of the content might subject the writer to criminal sanctions.47

On the other hand, statutes that focused more on sexual predators on the Internet have been upheld.48  However, these statutes did nothing to really regulate spam. California's statute makes it a crime to knowingly send over the Internet material harmful to a minor with the intent of gratifying one's own, or the minor's, sexual desires and with the intent of seducing the minor.49  This statute was found constitutional when challenged under the First Amendment.

The biggest problem with statutes that regulate indecent material sent to minors over the Internet comes from the anonymity it makes possible.  Constitutionally protected indecent speech would be completely stifled on the Internet since the age of the recipient cannot be verified.

E. CAN-SPAM Act of 2003

 The Controlling the Assault of Non-Solicited Pornography and Marketing Act, CAN-SPAM Act of 2003, was an attempt by Congress to curtail the ongoing problems of spam.  Congress ignored the need for spam regulation until a controversial bill50 was passed by the Californian legislature that would have imposed strong restrictions.51  This legislation prompted marketing and business groups to lobby Congress for a uniform standard to avoid the draconian standards imposed by California and avoid the high costs of fighting this, or similar, legislation passed by other states.52  The Californian law had many provisions that made business and advertising groups nervous, including an "opt-in" provision. 53  Requiring recipients of email to opt-in meant that it would have been illegal for advertisers and businesses to send commercial email to Californian residents unless they specifically consented to such solicitations in advance.  In addition to the opt-in provision, the Californian statute honored private causes of action for those targeted by spam messages.54

 The CAN-SPAM Act applies to commercial electronic mail messages ("CEMMs").55 This is a subset of the unsolicited bulk emails commonly defined as spam.  CEMMs are messages with the "primary purpose" of "commercial advertising" or "promotion of a commercial product or service."  Congress has charged the Federal Trade Commission with defining the criteria for determining what the "primary purpose" of a CEMM by December 12, 2004.56  CEMM regulations do not include "transactional" messages or messages based on a previous "relationship."57  These messages are ones that are sent to an Internet users based on a prior relationship and concern: 1) facilitating a commercial transaction previously agreed on, 2) providing warranty information, product recall or safety information, 3) notifying the user of changing terms, services or features of a product or service or 4) account balance information or similar information.58  This essentially allows advertisers and businesses exemption from liability for sending CEMMs to Internet users where there is a previous relationship or when they are engaged in completing a sales transaction.  Additionally the Act targets both "senders" and "initiators" of CEMMs.59  The definition of an initiator encompasses both companies who want to advertise their products/services and those who advertise on their behalf.60  Senders are those companies who wish to advertise their products/services and who initiate a CEMM or hire an advertiser to send CEMMs on their behalf.61

 The CAN-SPAM Act places uniform requirements on content of unsolicited CEMMs sent to recipients.  The Act first states a general prohibition on false or misleading transmission information.62  This prohibits the inclusion of false or misleading in the 1) header information, 2) the from line 3) or the subject line.63  The header of an email contains information on where an email originated, the domain from which the message was sent, and an Internet Protocol address ("IP address") that is intended to work as a unique address for a computer linked to the Internet.64 This is a specific ban on the use of proxy servers, hacking or editing the header information in any other way when sending CEMMs.65  The "from line" of a CEMM must accurately identify who initiated the message to avoid the definition of false or misleading.66 Most importantly however, the CAN-SPAM Act requires CEMMs to have a subject line that will inform the recipient of the actual contents of the message.67  This prohibits subject lines such as "Read this!" or "A friend told me you'd like this" that spammers often use to bait Internet users into reading spam advertising.  A CEMM must clearly state in the subject line that it is a solicitation or advertisement, unless it is a transactional or relationship message.68 Sexually explicit messages must not only truthfully label the CEMM but there is a Congressional mandate that the FTC publish a rule that all sexually explicit emails have a uniform label in the subject line by late February 2004.69

The CAN-SPAM Act also requires that CEMMs contain a "clear and conspicuous" way for the recipient to opt-out of future messages through a return email address or another Internet based communication option.70  This "opt-out" provision is the reverse of the opt-in provision placed in the Californian legislation.  Under an opt-out provision, it is permissible to send messages to a recipient until that recipient declares that they no longer wish to receive such messages.  CAN-SPAM Act requires that each CEMM contain an opt-out Internet based reply address that remains valid for thirty days from the time that the CEMM is sent.71  In addition to requiring a valid Internet based way for a recipient to communicate with the initiator, the initiator is required to include the sender's physical address the message.72  The initiator has a ten-day window in which to honor the request if the recipient opts to decline future messages.73  After the ten-day grace period is over, the recipient must no longer receive messages concerning the sender but can receive future messages if the recipient affirmatively consents to receiving messages again.74  In addition to forbidding transmittance of CEMMs after opting out, the CAN-SPAM Act also forbids the sale, lease, exchange, or transfer of the recipient's email address to another party.75 After there is an effective "opt-out" request made by the recipient, both the advertiser and the business must honor the request as it pertains to the business's products/services.76  However, the advertiser can send the recipient CEMMs related to other businesses until the recipient opts-out of those messaging campaigns.

The CAN-SPAM Act also has a provision requiring the FTC to report to Congress a plan for enacting a "Do-Not-Email" registry by July 1, 2004.77  The report must set a timetable for enacting such a registry, but it cannot be in place before September 2004.78

Violations of the CAN-SPAM Act can lead to quite severe punishments.  The CAN-SPAM Act authorizes a fine and up to 5 years imprisonment if the sender obscures the origin of the CEMMs and: 1) in furtherance of a violation of a state or federal felony law 2) or if the violator has previously been convicted of a violation of the CAN-SPAM Act, the Federal Fraud and Abuse Act or a similar state law.79  Additionally, three years in prison and fines can be levied for unauthorized access to a computer and 1) registering false email accounts or domain names to send CEMMs 2) the volume of messages exceeds 2500 in twenty four hours or 3) results in losses of five thousand or more in a one year period to any individual.80 For violations of the CAN-SPAM Act that do not include unauthorized access of protected computers or felony violations, there is still the potential of a fine and up to one year in prison.

The CAN-SPAM Act is not enforceable by private causes of action.  The responsibility of enforcement falls primarily to the FTC.81  In addition, actions may be brought by other government agencies, the States, and notably Internet Services Providers whose customers have been targeted by CEMMs.  82 However, the FTC is charged with putting into place a bounty system that rewards private citizens not less than twenty percent of the civil penalties collected for reporting violations of the CAN-SPAM Act that lead to a successful prosecution.83

F. Analysis of CAN-SPAM under the First Amendment

 Some of the terms of the CAN-SPAM Act and regulations are not yet defined.  Until the FTC defines what will constitute the "primary purpose" of an email and what constitutes a "commercial" email or promotion, it is unknown whether the CAN-SPAM Act will infringe on speech given the full protection of the First Amendment.  A single employee sending an email to customers containing both information on a charity that her employer supports and containing the company logo may be considered primarily for a commercial purpose.  The employee's unilateral actions may expose her employer to large penalties.  In addition, the corporation's constitutional rights to engage in speech other than commercial speech may be violated.

1. Commercial Speech

 Constitutionally protected commercial speech regulations are constitutional if there is a substantial government interest in regulating the speech, the regulation directly advances the government interest, and the regulation is reasonably tailored to achieve the government interest.

 Many of the provisions of the CAN-SPAM Act deal with regulating fraudulent, misleading, or deceptive commercial advertising.  These provisions undoubtedly will pass scrutiny by the courts,84 as this type of advertising is not entitled to constitutional protection.

When regulating legitimate CEMMs however, the government must show a substantial government interest in regulating CEMMs.  Section 1 of the CAN-SPAM Act presents Congressional findings on the issue of spam.  Among its findings are:

1) Email is a low cost and efficient way to communicate and facilitate commerce.
2) That incredibly large volumes of spam threatens to eliminate the benefits email provides.
3) That many of these unsolicited emails are fraudulent.
4) That the spam imposes significantly large monetary costs on "ISPs, businesses, educational and nonprofit institutions."
5) That opt-out opportunities are not always provided or not honored by spammers.
6) That email addresses are often harvested by spammers from Internet services where Internet users must submit their email address to make use of the services.
7) That state spam statutes had differing regulations and businesses could not comply with individual state's laws because email addresses do not specify geographic location.85

The real constitutional issues arise when considering whether the CAN-SPAM Act directly advances the government interest and whether the Act is sufficiently tailored to meet those ends.  The Congressional findings focus on the amount of spam messaging being a hindrance to commerce and imposing large costs.  The CAN-SPAM Act only minimally affects the amounts of spam sent to recipients.  The legislation legalizes spam by permitting advertisers and businesses to send unsolicited messages over email.88  The Act's implicit permission for spam means that large monetary costs incurred by institutions and businesses still exist and that spam still threatens to minimize the benefits that email provides.  However, the CAN-SPAM Act does provide a uniform format and requirements on spam, which allows businesses to run email-advertising campaigns without the worry of complying with differing state requirements.

If one were to view the CAN-SPAM Act as a consumer protection statute or email curtailment statute, it most likely is not a sufficiently narrow statute that directly advances the substantial government interests.  The statute exempts transactional and relationship messages from the definition of CEMM.89  There is no clear reason why these messages should not have to provide accurate header, subject line, clear opt-out provisions, or the sender's physical address.  This exemption looks suspiciously like the government regulations prohibiting beer labels from displaying alcohol content but other alcoholic beverages and forms of advertisement besides labels that was struck down for inconsistency.90  Additionally, other forms of mass mailing, such as charitable solicitations and political advertisements can impose the same costs on consumers but are not primarily for a commercial purpose.  This means that non-commercial mass solicitations are free to engage in deception to entice readers to open messages, ignore opt-out requests, and obscure the origins of the messages without concern for the CAN-SPAM Act.  However, the CAN-SPAM Act both directly advances a government interest and is tailored narrowly when viewed as a statute protecting commercial and advertising industries from non-uniform state laws that interfere with interstate commerce.  By establishing a uniform standard for unsolicited commercial email messages, the federal government is able to regulate the format of these messages and provides easy compliance guidelines for businesses that wish to continue to use spam as a form of advertising.  The focus on commercial messages coincides with the fact that these messages make up the vast majority of unwanted unsolicited messages that states were trying to eliminate.  As a preemption statute, the CAN-SPAM Act serves its purpose well and most likely does not place unconstitutional burdens on protected commercial speech.

2. Sexually Explicit Content

 The requirement that CEMMs with sexually explicit content carry special "adult" labeling in the subject line may violate the First Amendment rights of the senders.  Reno v. ACLU gave the Internet full protection from government regulation.  All attempts to restrict non-obscene material must pass strict scrutiny in order to survive.  Reno v. ACLU contemplated that the Internet was unlike radio or television, where an individual may turn on the radio and be surprised by indecent material.91  However, the prolific use of email by individuals at work and at home coupled with the tactics used by spammers to disguise the content of sexually explicit means that recipients often are surprised by the indecent material.  These developments signal that the inherent nature of the Internet medium is now less like a book or newspaper and more like television, counseling a reevaluation of the vast protections given to sexually explicit content in all areas of the Internet.  The adult label requirement must be linked to a compelling state interest that is drawn narrowly to achieve that end.92 The government's requirement that all email that contains "sexually explicit" content carry a special label may overreach and require advertisements for medication such as "Viagra" to be given this label.  The compelling interest cannot be considered to protect minors from such material, because a labeling requirement will not prevent minors' exposure to such material.  Additionally\, it is not tailored narrowly because it would reach materials that could be considered obscene and indecent material.  Indecent material, although not always appreciated, has First Amendment protection.

G. Anticipated Effectiveness of the CAN-SPAM Act

 The CAN-SPAM Act will not stop the flood of spam mail sent to recipients in the short term.  Email addresses that already receive spam will continue to receive unsolicited messages, although they will most likely include the regulations required by law.  Spamhaus, a group providing tracking of spammers and providing solutions to spam, has produced scathing editorials on the influences of spammers on the CAN-SPAM Act and their success in redefining the term "spam" to apply to only a small subset of unsolicited bulk emails.93  Spamhaus feels that the Direct Marketing Agency and other lobby groups hijacked the legislative process, effectively limiting anti-spam legislation to fraudulent and sexually explicit messages.  This allegation, when compared to the text of the CAN-SPAM Act, does have merit.  While the Act mandates uniform standards on spam and prohibits fraudulent content, the Act does very little to push back the flood of spam that originates from inside the United States each day.  Spam by its very nature is distributed in ever increasing quantities and it is this aspect of spam that exacts a toll from United States businesses of over nine billion dollars per year.  In the wake of the CAN-SPAM Act, spam advertisers are thought to be increasing their distribution capacities now that they enjoy the legal protection.  Alan  Ralsky, described by Spamhaus as a "Spam King," was quoted as saying he was very pleased with the passage of the Act and that he was in the process of upgrading his facilities.94  As of February 2004, the United States was responsible for fifty-six percent of the world's spam messages, almost ten times as much spam as any other country.95 This amounts to almost seven billion pieces of spam sent per day in 2003, conservatively estimating that spam constituted forty percent of the thirty-one billion messages sent daily.96 Requiring non-fraudulent headers will not decrease these numbers.

 However, zealous enforcement of the CAN-SPAM Act may lead to some reduction in spam.  South Korea, the third highest spam producer, has been able to reduce the amount of spam sent by fifteen or twenty percent.97  This has been done through legislation requiring non-misleading headers, opt-out provisions and labeling in the subject lines.98  Most of this success has come through strict enforcement of the South Korean anti-spam provisions, very public prosecution of spam offenders and large fines.99  There is little reason to think that the same enthusiastic approach to enforcement of opt-out provisions, specifically, could not result in a similar decrease in spam.  Especially since the CAN-SPAM Act can hold the companies hiring spam advertisers responsible for violating opt-out requests.100  It stands to reason that most U.S. corporations will require their commercial advertising agencies to respect opt-out requests to avoid monetary or criminal liability.  Although spam is pervasive and resilient, spammers still will listen to those that hold the money.  Unfortunately, the FTC Chairperson Timothy Muris, does not share the enthusiasm that its Korean enforcement counterpart, the Korean Information Security Agency (KISA), enjoys.  Muris has publicly stated that he is pessimistic about the chances of legislation to curtail spam and looks to technology as the primary method of control.101 As head of the lead agency charged with curtailing spam, Muris's comments do not seem to have the same flavor of the South Korean attitude towards spam.
 In the short term, the major enforcers of the CAN-SPAM Act are likely going to be ISPs who wish to stop the large influx of spam that clogs their email servers.  The four largest email providers, Microsoft, Yahoo, America Online, and EarthLink have announced a coordinated legal campaign against the largest U.S. spam generators.102  They have currently filed six lawsuits, naming several hundred spammers.  If successful, this could result in jail time for the spammers and millions of dollars in fines.103  There is a difficulty even identifying who the spammers are however and many of the spammers are known only as "John Doe" in the suits.104

 The effectiveness of the CAN-SPAM Act in the long term will most likely be minimal.  Spam advertisers are often very skilled at covering their tracks.  Tactics used include hijacking computers overseas to send emails, routing emails through open computers overseas, and using shell companies to obscure their identity.  The spammers are often colorful individuals, who delight in circumventing efforts, both legal and technological, to stop the proliferation of spam.  Individuals like Davis Wolfgang Hawke, a former Neo-Nazi of Jewish descent, are likely to see the CAN-SPAM Act as a challenge rather than a restriction on their behavior.105  There are approximately two hundred spam operations like Hawke's that account for nearly 6.3 billion spam messages sent daily, ninety percent of the total spam sent each day.106  The CAN-SPAM Act offers a tempting set of rules and loopholes that spammers will likely exploit.  Worldwide levels of spam are unlikely to drop, since 139 out of the top 200 most prolific spam groups reside in the United States and now enjoy the statutory right to spam.  107  Email addresses that are collected by spammers will be widely distributed for profit before a recipient receives a single message in the future.  This tactic will avoid the opt-out provision in the CAN-SPAM Act that forbids distribution of an address after requests to opt-out.108  Addresses are likely be collected by individuals outside the United States using unscrupulous methods and sold to spammers, possibly laundered through a few off shore corporations in order to cover the origins of the information.  As spammers being to understand the limitations of the government to find and penalize spammers, they will become more brazen.

 Additionally, although the CAN-SPAM act contemplates the ability of advertisers to legally spam, it does not completely preempt the field of email regulation.  State trespass, tort, and contract law all remain in place, allowing for a chaotic mix of lawsuits against spammers brought by private individuals for spam messaging.109

 Finally, there exists a likely possibility of increasing international tension over the issue of spam.  The European Union has adopted a ban on unsolicited email when it passed the Electronic Communications Privacy Directive ("ECPD"), requiring recipients to opt-in, much like the proposed California law.110  The effectiveness of the ECPD will be minimal since over fifty percent of the world's unsolicited email comes from the United States.  European businesses will continue to incur costs dealing with spam, much which is directed at United States customers but reaches individuals in Europe.  As the international community's tolerance for spam decreases, the United States' CAN-SPAM Act will be viewed as providing a safe-haven for spammers.

 It is clear that in the short term, the CAN-SPAM act may have some success, however the long-term prospects of the CAN-SPAM Act are not promising, resulting in international disfavor of what will be viewed as the United States' spam protectionist policy and encouragement of even greater volumes of unsolicited mail.

H. Alternatives to Legislative Blocks on Spam

 Notable figures in the computer industry suggest technological solutions and changes to the email infrastructure to deal with the problem of spam.  These solutions focus mainly on blocking spammers' ability to reach or devising a system to verify the origin of all email.  Blocking spammers has involved filtering messages in order to keep spam from reaching recipients.  The Spam Prevention Early Warning System (SPEWS) is an anonymous, and controversial, organization that identifies large areas of the Internet that are sources of spam, and publishes them in a list.111  Networks and ISPs often will preemptively block these areas of the Internet, prohibiting both legitimate email and spam messages from these areas.  Another tactic that would make spammers easier to catch and prosecute would be to install a verification system for sent email.  This would make it easier to identify a spammer and harder to fake the address of someone else.  Yahoo hopes to implement an encryption system that would sign emails with a signature in order to verify who sent the messages.112  However, at this point no single solution has been adopted by the industry.  In addition, the creativity and expertise of spammers most likely means that technology will not be enough to eliminate the problem of spam.  Regulation and enforcement will likely continue to be an essential element to the curtailment of spam.  It will be up to technology to find ways to identify the offenders so actions can be brought against them.

 Vigilante tactics are often used to combat the spam epidemic.  Although it has not been part of the popular dialogue, there is a war occurring between the spam groups and anti-spam vigilantes.  A growing number of individuals with technological expertise are hacking back at spammers, collecting information on their tactics by breaking into spammers' computers.  In one case a network administrator working in his free time, hacked into the computer of a notorious spammer, and posted incriminating information about her on a website, along with partially nude photos found on her computer.113 There is even speculation that the spam wars have resulted in the murder of two spammers.  114  Anti-spam organizations like Spamhaus and SpamCop.net have reported similar tactics used against them.  These tactics include "denial of service attacks" which floods a computer system with data, which effectively shuts down the network and even postal mail bomb threats.  115

I. Conclusions

 Spam regulation is necessary, and effective regulation is needed more each year.  The CAN-SPAM Act of 2003 does little more than prohibit already criminalized practices of consumer fraud and computer hacking.  Congress completely ignored the problem that the billions of pieces of spam create separate from the issue of the content of the unsolicited emails.  Additionally, the content regulation they have put into place may be subjected to multiple constitutional challenges, especially after the FTC finally defines key terms of the act as mandated.

 An effective solution to the problem of spam will couple advances in technology with international agreements on spam regulations.  Undoubtedly, these agreements need to include opt-in provisions in order to curtail the volume of spam sent.  Opt-out provisions allow spammers to maintain the status quo and ensure that addresses already in the hands of spammers will continue to attract spam.  The United States, as a technological center of the world, needs to eliminate the gross amount of spam generated.  By reducing the volume of spam, it will help to legitimize the use of email for advertising purposes and ensure that email remains a vital and growing part of the global communications and commerce systems.  Technology must be developed to successfully trace those responsible for the vast amounts of spam.  Current technology has proven unsuccessful at this, and we have seen spammers hijack large portions of the global Internet with viruses such as SoBig F for spamming.  These tactics must be solved both on a technological and legal level.

 Congress has failed to pass meaningful legislation, "opting-out" of passing effective legislation that would lead to a meaningful reduction in the volumes of spam and instead choosing to pass a feel good Act that has little chance of reducing the toll that spam takes on commerce and the Internet.

1 Sharael Feist, The father of modern spam speaks, News.com at http://news.com.com/2008-1082-868483.html (last modified Mar 26, 2002)
2 Reno v. American Civil Liberties Union, 521 U.S. 844 (1997)
3 Individual email account has a unique address in the following format: [name]@[domain].[organization code].  See Anatomy of an Email, Huge.org, at http://www.huge.orgclaspres/cla_4.html (visited Mar 20, 2004).
4 An email account normally allows an individual to send an unlimited amount of messages without cost.  Often, email accounts can be obtained for free from service providers like Yahoo, Hotmail or Lycos.
5 Hormel Foods, maker of the canned meat "Spam" has disclaimed any endorsement for the practice of "spamming" electronic mail messages.  See Hormel Foods, Spam, Spam.com, at http://www.spam.com/ci/ci_in.htm (visited Mar, 29, 2004).
6  Keith Regan, Microssoft, AOL, Yahoo, Earthlink sue Spammers, E-Commerce, at http://www.ecommercetimes.com/perl/story/33086.html (Mar 10, 2004).  Postini, a prominent California company that provides an email filtering service, processes 150-200 million messages a day and also reports that half of all email it processes is spam.  Cade Metz, Can Email Survive?, PC Magazine, at http://www.pcmag.com/print_article/0,1761,a=117514,00.asp (Feb. 17, 2004).
7 Jonathan Krim, Spam's Cost To Business Escalates Bulk E-Mail Threatens Communication Arteries, Wash. Post, March 13, 2003, at A01
8 The study based its estimation on the average of 5 seconds employees spent per spam message received.  See Spam: The Silent ROI Killer, Nucleus Research, at http://www.gwtools.com/sales/pdf/spam_roi_analysis.pdf (last visited April 13, 2004).
9 Anick Jesdanun, Spam costs U.S. firms about 8.9 billion annually study says, Spamcop.net, at http://news.spamcop.net/pipermail/spamcop-list/2003-January/029374.html (last modified Jan 5, 2003).
10 The Cost of Spam, Computer Mail Services Inc., at http://www.cmsconnect.com/marketing/spamcalc.htm (visited Feb 29, 2004).
11 Why am I getting all this spam: Unsolicited Comemrcial Email Research Six Month Report, Center for Democarcy and Technology, at http://http://www.cdt.org/speech/spam/030319spamreport.shtml (last modified Mar, 2003).
12 Id. The Democracy and Technology study explored methods of fooling these automated programs.  The programs will record any text that is in the form of [name]@[domain].[organization code].  By typing out the address in a form a human could read such as name at domain dot organization code the spam mail to that address was almost non-existent.
13 Uri Raz, How do spammers harvest email addresses?, Uri Raz's Homepage, at http://www.private.org.il/harvest.html (visited Mar 20, 2004).
14 Why am I getting all this spam: Unsolicited Comemrcial Email Research Six Month Report, Center for Democarcy and Technology.
15 The body of spam messages have been found in statistical studies to contain false or misleading material 40% of the time. See FTC Division of Marketing Practices, False Claims in Spam, Federal Trade Commission, at http://www.ftc.gov/reports/spam/030429spamreport.pdf (last modified April 30, 2003).
16 Sophos outs 'dirty dozen' spam producing countries, Sophos, at http://www.sophos.com/spaminfo/articles/dirtydozen.html (last modified Feb 26, 2004).
17 Bob Sullivan, The secret tricks that spammers use, MSNBC, at http://www.msnbc.msn.com/id/3078640/ (August 11, 2003).
18Central Hudson Gas v. Public Serv. Comm'n, 447 U.S. 557, 562 (1980).
19 Id. at 563-564
20 Id. at 563.
21 Id. at 561
22 Id. at 579, Justice Steven's concurrence
23 See New York v. Sullivan, 376 U.S. 254 (1964).
24 See Bolger v. Youngs Drug Products, 463 U.S. 60 (1983)
25 447 U.S. at 556-557.
26 Posadas de Puerto Rico Assocs. v. Tourism Co., 478 U.S. 328, 340-341
27 See Destination Ventures Ltd. v. FCC, 46 F.3d 54 (9th Cir. 1995).
28 Posadas, 478 U.S. at 341.
29 Edenfield v. Fane, 507 U.S. 761, 770-771 (1993).
30 Board of Trustees v. Fox, 492 U.S. 469, 475-481 (1989).
31 See Rubin v. Coors Brewing Co., 514 U.S. 476 (1995).
32 Id. at 488-490
33 Lorillard Tobacco Co. v. Reilly, 533 U.S. 525, 566 (2001), A regulation cannot be sustained if it "provides only ineffective or remote support for the government's purpose."
34 Reno, 521 U.S. 844.
35 Id. at 870 "We agree with [the district court] conclusion that our cases provide no basis for qualifying the level of First Amendment scrutiny that should be applied to [the Internet]."
36 Miller v. California, 413 U.S. 15, 24 (1973).  The test for if material is obscene is "a) whether the average person applying contemporary community standards would find the work, take as a whole, appeals to prurient interest, b) whether the work depicts or describes, in a patently offensive way, sexual conduct specifically defined by state law, and c) whether the work, taken as a whole lacks serious literary, artistic, political or scientific value."
37 See Federal Commun. Comm'n v. Pacifica Found., 438 U.S. 726 (1978).
38 See Sable Communcations Inc v. FCC, 492 U.S. 115 (1998).
39 See United States v. Playboy Entm't Group, 529 U.S. 803 (2000).
40 See Widmar v. Vincent, 454 U.S. 263 (1981).
41 Id.
42 Statutes that attempted to regulate commercial spam generally ran into challenges under the dormant commerce clause.  This issue is not relevant today since the Federal CAN-SPAM Act of 2003 preempted these statutes and federal laws are not challenged under the dormant clause.  See Amy Keane, Annotation, Validity of State Stgatutes and Administrative Regulatiosn Regulating Internet Communications under Commerce Clause and First Amendment of Federal Constitution, 98 A.L.R.5th 167 (2003).
43 Va. Code Ann. § 18.2- 391 (as amended 2000) Prohibiting the "knowingly display of materials used for a commercial purpose that are harmful to juveniles."
44 PSINET, Inc. v. Chapman, 167 F. Supp. 2d 878 (W.D. Va. 2001)
45 Keane, 98 A.L.R.5th at .  3a
46 N.M. Stat. Ann. § 30-37-3.2(A) (1998)
47 ACLU v. Johnson, 194 F.3d, 1149, 1157-1158 (10th Cir, 1999)
48 Sexual Predators Online, Protect Kids, at http://www.protectkids.com/dangers/onlinepred.htm (visited Mar 27, 2004).
49 Cal. Penal Code § 288.2(b) (2000) Harmful is defined under the statute as sexually explicit with no political, artistic, educational, or other social value.
50 Cal. B. & P. Code §§ 17529, 17538.45
51 Alston, Bird, New Law Targets Spam; Will Affect Broad Range of Businesses, 8 No. 9 CLCYLAW 8, 9 (Dec. 2003)
52 D. Freeman Jr., CAN SPAM Act: A Compliance Challenge, E-Commerce Law and Strategy, Vol. 20 No. 9, Pg. 1 (Jan 14, 2004).
53 Charles H. Kennedy, Christine E. Lyon, Understanding the CAN-SPAM Act of 2003 4 NO. 4 Privacy & Info. L. Rep. 13 (Dec 2003)
54 Cal. B. & P. Code §§ 17529.8
55 15 USCA §7702(2)(A)
56 15 USCA §7702(2(C)
57 15 USCA §7702(2(B)
58 15 USCA §7702(17)(A)
59 15 USCA §§7702(9) and (16)
60 15 USCA §§7702(9)
61 15 USCA §§7702(16)
62 15 USCA §7704(a)(1)
63 15 USCA §§7704(a)(1) and (2)
64 An IP address normally consists of four groups of numbers, each ranging from 0 to 255, separated by decimal points.  An example would be 127.0.0.1.  IP Addresses can normally allow an individual to trace back an email to the computer that sent the message, or to an Internet Service Provider who can trace the message back to its source.
65 15 USCA §7704(a)(1)(A) and (C)
66 15 USCA §7704(a)(1)(B)
67 15 USCA §7704(a)(2)
68 15 USCA §§7704(a)(5)(A)(i) and (5)(B)
69 15 USCA §§7704(d)(1)(A) and (d)(3).  The FTC currently has proposed a rule that would require all sexually explicit CEMMs to carry a subject line that begins with the phrase "Sexually Explicit Content"  See Proposed Rules -CAN-SPAM Act, 69 Fed. Res. Bull. 4263, 4264 (2004).
70 15 USCA §7704(a)(3)
71 15 USCA §7704(a)(3)(ii)
72 15 USCA §7704(a)(5)(iii)
73 15 USCA §7704(a)(4)(A)(i)
74 15 USCA §7704(a)(4)(B)
75 15 USCA §7704(a)(4)(A)(iv)
76 15 USCA §7704(a)(4)(A)
77 15 USCA §7708
78 15 USCA §7708(b)
79 15 USCA §7703(a) enacted as 18 USCA §1037(b)(1)
80 See, 4 NO. 4 Privacy & Info. L. Rep. 13, 18. for a detailed look at the fine structure.
81 15 USCA §7706(a)
82 15 USCA §§7706(b) - (g)
83 15 USCA §7710(1)(A)
84 Central Hudson Gas 447 U.S. at 563 (1980)
85 15 USCA §§7701(a)
86 See Destination Ventures, 46 F.3d at 64
87 478 U.S. at 556-557.
88 15 USCA §§7704  The CAN-SPAM Act places requirements with which spam must comply, however there is no ban on the practice of spamming.
89 15 USCA §7702(17)
90 Rubin 514 U.S. 476 (1995)
91 Reno 521 U.S. at 869-870
92 Id.
93 The Spam Definition and Legalization Game, Spamhaus, at http://www.spamhaus.org/news.lasso?article=9 (visited Mar 25, 2004).
94  See United States Set to Legalize Spamming on January 1, 2004, Spamhaus, at http://www.spamhaus.org/news.lasso?article=150 (visited Mar 28, 2004).
95 See Sophos outs 'dirty dozen' spam producing countries, Sophos.
96  Spam Statistics 2004, Spam Filter Review, at http://www.spamfilterreview.com/spam-statistics.html (visited Mar 28, 2004).
97 Martyn Williams, Spam falls after South Korea Strengthens email law, IDG News Service, at http://www.infoworld.com/article/03/09/15/HNkoreaspam_1.html (last modified Sept 15, 2003).
98 Rebecca Bolin, Spam Law Worldwide: South Korea, LawMeme at http://research.yale.edu/lawmeme/modules.php?name=News&file=article&sid=1329 (visited Mar 26, 2004)
99 Id.
100 15 USCA §7704
101 Tim Lemke, No slap on the wrist for spam in South Korea, Washington Times, at September 02, 2003, http://www.washingtontimes.com/functions/print.php?StoryID=20030901-102352-8411r (visited Sept 02, 2003).
102 Jonathan Krim, Email Giants Join in Court to Fight Spammers, Washington Post, March 11, 2004, at E01.
103 Mike Brunker, Email giants sue alleged spam senders, MSNBC.Com, March 10, 2004 http://www.msnbc.msn.com/id/4496759/ (Last visited Mar 28, 2004)
104 Jonathan Krim, Email Giants Join in Court to Fight Spammers, Washington Post , Thursday March 11, 2004, Page E01.
105 Register of Known Spam Operations, Spamhaus at http://www.spamhaus.org/rokso/, (visited Mar 28, 2004).
106 Id.
107 Id.
108 15 USCA §7704(4)(A)(iv)
109 15 USCA §7707(b)(2)
110 See, John Magee, The Law Regulating Unsolicited Commercial Email: An International Perspective, 19 Santa Clara Computer & High Tech. L.J. 333, May 2003.
111 SPEWS.ORG at http://www.spews.org (visited Mar 29)
112 StoneLion, Sendmail takes sender authentication seriously, Newsforge, at http://www.newsforge.com/article.pl?sid=04/02/25/1348210 (last modified Feb 25, 2004).
113 Mike Brunker, In the trenches of the spam wars, MSNBC, at http://www.msnbc.msn.com/id/3078650/ (last modified Aug 7, 2003).
114 Id.
115 Id.