Slashdot Mirror
Spam Laws Aggregated At SpamLaws.com
Compulawyer writes "I recently came across this website, SpamLaws.com, which has a fairly comprehensive list of laws covering unsolicited commercial email. My new favorite is the Ohio Statute. Spam must include the full name, either residence or business address, and email address of the spammer and provide an opt-out notice in the same type and size as the majority of the text of the message itself. The statute provides not only for damages of $100 per offense ($50,000 cap), but also allows for an injunction against the spammer. ISPs can also sue for $50 per violation ($50,000 cap - $500,000 cap if the violations were willful). The best part (for the non-lawyers and those who want the executive summary) is that forging headers is a FELONY."
And that's the best part? A felony is too severe. I don't like spammers at all, but it's not justice if the punishment doesn't fit the crime. /. had an article the other day about crackers getting penalties that were harsher than real-world crimes, such as robbery or assault. Is this just another example of irrational punishments attached to cyber-crime?
If tits were wings it'd be flying around.
Unfortunately, because of the global nature of the internet, and therefore spam, laws such as Ohio's can never be inforced. Global restrictions or the use of good technology are the only solutions. And because many governments have higher priorities (such as terrorism, the environment, commerce), it may be awhile before any UN Commission on Spam proposes a treaty. As such, we should rely on technology, rather than regulation.
It's funny, these new laws technically shouldn't be necessary to the degree they address fraud and unfair/deceptive trade practices -- that stuff is already illegal. They do set out a framework for enforcement, and clear schedule of penalties, that may make them practical. I would like to see whether penalties are proportional to similar garden-variety fraud such as by telephone or mail.
There are a lot of naysayers here who say laws won't work, but it's quite early to declare failure. The FTC does a TON of consumer protection litigation the public rarely hears about -- and that case list is just the stubborn minority of targets that refused to stop after getting the letter, or to settle. I've seen several of their actions in detail; in one the huckster was so stubborn he ended up in jail for contempt of court. That's unusual -- remedies are typically fines and injunctions. And this guy did not go to jail for deceptive trade practices exactly, rather for defiance of a generic court order.
I would focus not on saying laws won't work, but on influencing the laws to be just and effective. The Ohio law COULD be disproportionate, especially if prosecutors fist leapt for the jugular rather than sensibly working out a settlement with the target. The latter is the just and cost-effective way of doing business -- litigation is very expensive. The federal law that is doubtlessly coming will be our only chance, as Congress may not return to improve the law for years.
* Legislation must be global or, at the very least, federal.
* Mail that claims to be the result of an opt-in must include the name and the circumstances of the opt-in (unlike "... one of our affiliates, which we refuse to name")
* A time limit should be imposed between performing the "unsubscribing" (ha) action and the last mail received. Fake "unsubscribing" links which do nothing (like the ones from big10links.com, freestuffshare.com, azjmp.com, and offerclicks.com) should in some way be discouraged.
* Forged headers and inappropriate use of "Re:" in the subject are fraud.
* When the mail subject claims "free product" consumers are entitled to receive the product for free, even if the body says "with $500 purchase".
* Why are spammers never imprisoned for years for theft of computer resources? (A.K.A. "cyber-terrorism") is it because they almost always choose foreign targets as mail relays?
* What else is missing?
I'm guessing that, as an Ohio resident, if I happen to get spam from a spammer operating here in the state of Ohio, then I can zap him with this statute. Please correct me if I'm wrong (and believe me, I'd love to be wrong about this), but these laws aren't enforceable across state borders, correct? So if some [insert long string of expletives here] spammer from some other state spams me, there's nothing I can do, even if I know who did it. Right?
How about those who have had their name forged in a header. It's one thing to have a fake header forged, but how about the large amount of just plain p*ssed-off emails one gets because a spammer forged your email address as a return.
People should be taught how to read headers... but realistically, why don't all email clients simply parse the header and display the header email in addition to the "real" one.
This was a big California firm. Someone had hired a spammer without checking with the legal department, or Legal hadn't read the law, but once I gave them the cite, there was no argument. Nor am I seeing any more spams from them.
California requires "ADV:" on spam, and, of course, my filters trash those immediately. California also makes it illegal to "send, or cause to send" advertising E-mails without that marking. "Cause to send" is key; it lets you go after the company being advertised (who presumably caused the spam by paying the spammer), and after those outfits with "affiliate programs" that encourage spamming.
Major California lawsuits were stalled for a while by an appeal, but late last year, the California Supreme Court ruled the law is constitutional. The Attorney General is starting to go after spammers.
Once this gets rolling, I expect that hammering spammers in the courts will become a routine moneymaker for the plaintiff's bar.