Slashdot Mirror
First Test of Utah Anti-Spam Law Dismissed
fwoomer writes "Apparently, Utah feels that once you've 'opted-in' you can't opt back out as fast as you've opted in. From the story: 'Gillman requested removal on May 14, 2002, from the e-mailing lists his visit to Audio Galaxy a month earlier had linked him to. Two days later, he received a Sprint ad, and on May 28 he filed suit. The court found his attempt to have himself removed from the lists was insufficient to void the pre-existing business relationship.' If he was receiving spam in May after 'opting in' in April, I don't see how it could be unreasonable to expect to be removed from lists as fast as he was added. Unfortunately there's not much detail in this story. A good read, nonetheless." I don't see how signing up with Audiogalaxy establishes a business relationship with Sprint, but, whatever. Presumably some of the other lawsuits filed are against people that have no possible claim to the receiver opting-in.
so businesses could group together, making the receipt of "email notifications" part of the terms of service... poof, no more opting out.
If you opt-in, it's quite easy to put an entry to the data entry department. If you opt-out, you need someone who's trained to delete (which believe it or not, is a big deal in the data entry industry).
Do you think that AudioGalaxy connects to all its partners in real time when it comes to sharing email addresses? If they generate a list for their partners every week, for example, wouldn't it make sense that it also takes at least a week to get off the list? I'm against spam but I'm also for common sense. Which this guy didn't seem to have when he gave permission to be emailed in the first place.
Most likely, the agreement to opting in to AudioGalaxy includes recieving offers from third parties.
Michael Loves Me!
Unfortunately there's not much detail in this story. A good read, nonetheless.
A "good read" has lots of details, not media bullshit. Remember that submitters and staff before posting a story please.
Pretty soon everyone in Utah is going to be getting spammed with extra wives.
:)
Well at least then the people in Utah will find a purpose for the "Add inches onto your member!" spam won't they?
Seriously though folks, this ruling can't be good for us, I hope the guy appeals, the last thing we need is precident for spammers.
The argument sounds a little on the weak side too, kind of like saying "You bought a car so you established a buisness relationship with Baskin Robins"... spam is not just spam people.
This was clearly outlined in paragraph 7 of page 83 of the AudioGalaxy Terms of Service. It's right below the paragraph outlining the rights to your lungs in case of death by bear mauling. I don't know you could miss it, it was in huge 1pt print.
What does it matter if you opt-out of a mail list?
Once you've opted in, the third party can then sell your address again and you then have NO way of tracking it around.
Unless a system identical to the national "Do-Not-Call Registry" can be established for email addresses, there's not a damn thing you can do about spam in relation to opt-in/opt-out lists.
I agree with the comment; how does opting in for Audiogalaxy ammount to a Sprint ad?
I may be a member of the ASPCA; but I don't expect to receive credit cards in the mail as a result..
For those who don't know this already, all that does is validate that there is a user who actively checks/reads that email account. A list of valid email addresses is VERY valuable to other spammers, who eagerly shell out the $$$ so they can send you MORE spam.
So in reality "Opting out" often will only bring you MORE spam, not less.
There's a Mercedes gap too. I want one and can't afford one, but it's not government's job to do anything about it.
And what does a "good post" have?
(-1, Raw and Uncut is the only way to read)
I plan on taking a stand against this personally by breaking off business relationships with companies that insist on sharing my data with their "exclusive marketing partners" and crap like that. I signed up for the Massachusetts State Opt-Out list for a reason.
... because in no other era could my penis have had this much correspondence dedicated to its well-being. We're living in a Golden Age, people, but none of you appreciate it...
Roving Web-Teleoperated Robot
Secondly, without using tagged addresses, how are we, as end users, supposed to know if we've "opted in" to receiving an email? (This assumes the email in question in this article was not sent by AudioGalaxy on behalf of Sprint, but by Sprint itself to a list it bought from AudioGalaxy.) For example, if I sign up for AudioGalaxy on Monday, they sell their list of addresses to Sprint on Tuesday, and Wednesday I get emails from both Sprint and MCI. The Sprint one is "legit," the MCI one is not, but there's no way to differentiate between them.
I was referrin' to the average Joe, but point taken.
From the article, it seems that this is what happened:
- User signs up on website run by company A (Audio Galaxy)
- company A sells User's email address to company B (Sprint)
- User opts-out on company A's web site
- User gets spam from company B
I hate spam as much as everyone else, but I don't see how this can violate any law. If the User opted-in, which it appears he did, and then later opted-out, Audio Galaxy can't be expected to go around to everyone they sold his email address to and say "Hey, that email we sold to you before? Stop using it!" Audio Galaxy should stop selling his email address at that point, but that would have no effect on the apparent sequence of events here.
If anyone is able to find the actual court ruling I'd be interested in reading it. I don't see where the "existing business relationship" exists (for all we know he may be a Sprint customer), but if the events happened as I listed, I don't think it's relevant.
Apparently Paul doesn't have enough spam to really help him understand that spam is spam, regardless of wether it comes from a large "deep-pocketed" company, or a small time bedroom spammer.
Coincidentally, his email address is pcd@pwlaw.com
"Arent said her bill's language could use some fine-tuning, included (sic) providing e-mailers reasonable time to comply with requests for removal."
It seems to me that in this connected electronic world the maximum "reasonable time" for removal would be the amount of time it takes to add someone.
If you plan to share the data with your "partners" then you should be damn certain that you have a mechanism in place to effect removals from all associated databases just as fast.
This would of course only apply to time of message origination - you can't unregister on Monday and then sue on Tuesday for receiving a mail sent on Sunday but stuck in an intermediate server.
~~~~~~~
"You are not remembered for doing what is expected of you." - Atul Chitnis
With how quick he was to sue Sprint, I wouldn't be surprised to find out that he had some kind of plan to do this.
Why would he opt-in one month, opt-out the next, and then sue 2-days later the second he gets another piece of spam?
Seems awfully orchestrated to me.
buy a domain name (or get a free subdomain from someone -- whatever). I have all my email directed to one account.
o ebob-slashdot@junk.foofoofoobar.com
so for signing up with any service i use this address
joebob-audiogalaxy@junk.foofoofoobar.com
or
j
and that redirects to my real email address
joebob@foofoofoobar.com
any email with To "junk.foofoofoobar.com" i direct to a spam folder. If i find a site that vlaims it won't sell my information, but magically sprint is emailing my audiogalaxy address... it tends to perk my ears up. Proof.
WTPOUAWYHTTOTWPA
What's the point of using acronyms when you have to type out the whole phrase anyways?
I usually just block it instead of opting out, but I've found that SO MANY TIMES when I try to opt out, their servers never seem to respond. Surprisingly, their opt-in servers never have the same problem.
This guy wants to opt-out. I never opted-in.
Sometimes when I accidentally get fooled by the sender name and subject line, and accidentally open a spam email, the email says I opted in. At least there is a real business that can be sued in this Utah case. I don't think that the listed PO Box in Florida is really the address of the spammer, do you?
This isn't a sig, I just typed it.
Open source development is my way of competing with the low-cost programmers in India...
You have to give telemarketers 30 days to remove you from their lists when you ask. I dont see how online spam should be different.
If you opt in, and then later opt-out, and get an e-mail 2 days later, I don't see it as some great evil. You shouldnt have opted in in the first place.
You all need to chill pushing for all these spam laws, regulating the internet is a bad thing in the end. Do you really want your real name and SSN tied to your e-mail account for the sake of ending spam? (Because thats about the only solution the government will come up with).
Beef up your filters and accept it.
I don't need no instructions to know how to rock!!!!
The majority of the responsibility here belongs to the individual. If a firm handles addresses improperly, it's the user's choice whether or not to continue using the service. No company is forcing any user to subscribe to their services. Use some common sense - protect your main address by only giving it out to those you trust, and give everyone else a separate address. That's how I keep myself spam free.
Part of the hardcore faithful who believed in Apple long before it was cool again to do so
If the courts have decided that you've got a business relationship, could you send sprint employees mail as well with the message at the bottom which reads "This email is permitted under the terms of the court identying that Spring and ____ person have a business relationship."? Although it sounds very childish, is possible to throw it back in their faces?
Unless you use sneakemail. Whenever I encounter a webform where it seems like I need to provide a valid email address, e.g. to recieve a tracking number or an initial PIN code or some such thing, I just pull up sneakemail, create a new address, label it with the date and the party who is getting the initial address (March 14 03, audiogalaxy).
That way, if audiogalaxy sells that address to someone else, not only do I know where that someone else got my address from and (approximately) when it must have happened, but (and this is the important part)
I CAN CUT THEM OFF
Sprint can send as many emails as they want to the address from audiogalaxy... that address is no longer valid, because sneakemail let me kill it.
yes, i'm a paying subscriber, and i've been using it for about 2 years now.
Humpty Dumpty was pushed.
I don't see how signing up with Audiogalaxy establishes a business relationship with Sprint, but, whatever.
I don't see how being a Slashdot Editor gives you justification for attaching your comments to the story submission instead of leaving a comment like everyone else, but, whatever.
Time, I think, to go to Preferences and banish Michael to the bit bucket. I'm sure Jon Katz would be glad to switch places with him.
What lesson would that be? Thats my special public email address anyways. Just collects spam to be used for my filters and hopefully result in a few unsolicited spam lawsuits.
Thanks for the help!
The judge was 100% correct. The technical part of what is happening is that site P (Provider) gets your email address and adds it to it's database.
Site P's database is sold to company B (Broker) on a monthly basis. Company B replicates the information from the database once a month on a given date.
Company C (Consumer) buys the rights to send email to company B's list once a month.
If then you request not be be spammed from site P a month later, you must not expect that this change will be reflected immediately in Company B's database.
As much as it would have inconvenienced this guy to have to go through the process of opting out and then just waiting to see if it worked, it would have gone a long way to validating his case. If he was, indeed recieving mail from the people he intended to opt out from.
What did bother me about the article was that they somehow seemed to make a distinction between unsolicited commercial e-mail and commercial e-mail from third parties whom you've had contact with. I think what bother me about it is that opt-out only works for people who read the contract/agreement/license they are OKing. the problem is that (as they well should know), NOBODY ever reads this stuff. That's why old people will always get scammed by people selling things they "need" or the computer illiterate who buys into CD-ROMs purported to teach them how to use a computer.
What is really needed is a blanket non-commercial sign up list which basically says:
"I do not wish to receive any commercial solicitations of any kind (electronic, published, etc...). This applies to opt-in and opt-out lists as well as unsolicited ads. For any, and every bit of communication that I recieve of this nature, I will charge no less than $25."
But that would never happen since it stomps over what people percieve to be the American Way: "Profit at any cost or inconvenience to everyone else".
Oh well... hopefully someone will come up with a more interesting case in the future.
Denver Snuffer
Un-news
The basic facts in the article are right: Gillman opted-in to GroupLotto's list to receive stuff, then some time later opted out. A day after he had opted-out, a received an email from Sprint, an GroupLotto "partner". Gillman sued.
Sprint moved for summary judgment on four grounds:
1. Sprint itself did not send the email
2. The email was sent unitentionally
3. Gillman had consented to receive the email
4. Gillman had a preexisting relationship with Audiogalaxy that made the email not "unsolicited."
The court decided as follows:
1. The law defines the spammer as either the sender, or the one who causes email to be sent. So Sprint is still a spammer.
2. This argument calls for a factual judgment, so it isn't appropriate to rule on as a matter of law.
Sprint basically said that it was GroupLotto's fault that it was sent -- Sprint only wanted to send to opted-in people. Thus the sending was unintentional. However, there are several issues about what the different parties obligations are, so this claim was rejected.
3. Sprints third argument was also not suitable for summary judgment. Sprint argued that at the time Sprint contracted with GroupLotto to send the email, Gillman was opted-in, and had therefore consented to receive the spam. This argument was partially based on a "two-to-three day" unsubscription time that Sprint claimed was standard -- Gillman could not have expected that he had opted-out until several days had passed. However, there was no such temporal disclaimer from GroupLotto, and it was granted that Gillman had unsubscribed by the time the email was actually sent. This issue of fact was unsuitable for summary judgment. Therefore, it is explicitly undecided if the fact that the email was "in the pipeline" when Gillman opted-out makes it spam or not.
4. For this argument, Sprint argued that Gillman had a preexisting business relationship that made the spam not "unsolicited." Unfortunately, they were right. The Utah law reads as follows:
"commercial email is not 'unsolicited' if the sender has a preexisting business or personal relationship with the sender."
The law makes no provision for discontinuing a business relationship. Thus, you have a "preexisting business relationship" with *anyone* you have ever done business with under the Utah law.
The judge noted that this is probably not what the legislature meant, but still, she was constrained to follow what they actually passed into law, not what she thought they meant.
There were a few other problems with the case, but that one flaw was enough to grant summary judgment.
Sometimes, doing a blind mailing is the only way you are going to get customers. This applies to snail mail as much as e-mail. Much like junk snail mail, if you don't want it, trash it.
Opting out should always be included with spam.
If the companies you do business with are trying to make extra money on your data, lawmakers will have to make sure this happens only on terms that protect your privacy.
What worse do spam advocates want to wait for? To have their own Blackberry pagers rendered useless as Herbal Whatever, Nigerian Scams & Enlarged Everythings etc. get advertised 800 times a day even to everyone working on Capitol Hill?
Europe also did not react until damage figures had reached the $10 billion mark, but then this is what they finally came up with (Attention: Legalese@length ahead):
Directive 2002/58/EC (excerpt)
(40) Safeguards should be provided for subscribers against intrusion of their privacy by unsolicited communications for direct marketing purposes in particular by means of automated calling machines, telefaxes, and e-mails, including SMS messages. These forms of unsolicited commercial communications may on the one hand be relatively easy and cheap to send and on the other may impose a burden and/or cost on the recipient. Moreover, in some cases their volume may also cause difficulties for electronic communications networks and terminal equipment. For such forms of unsolicited communications for direct marketing, it is justified to require that prior explicit consent of the recipients is obtained before such communications are addressed to them. The single market requires a harmonised approach to ensure simple, Community-wide rules for businesses and users.
(41) Within the context of an existing customer relationship, it is reasonable to allow the use of electronic contact details for the offering of similar products or services, but only by the same company that has obtained the electronic contact details in accordance with Directive 95/46/EC [i.e. the General Data Protection Directive]. When electronic contact details are obtained, the customer should be informed about their further use for direct marketing in a clear and distinct manner, and be given the opportunity to refuse such usage. This opportunity should continue to be offered with each subsequent direct marketing message, free of charge, except for any costs for the transmission of this refusal.
(42) Other forms of direct marketing that are more costly for the sender and impose no financial costs on subscribers and users, such as person-to-person voice telephony calls, may justify the maintenance of a system giving subscribers or users the possibility to indicate that they do not want to receive such calls. Nevertheless, in order not to decrease existing levels of privacy protection, Member States should be entitled to uphold national systems, only allowing such calls to subscribers and users who have given their prior consent.
(43) To facilitate effective enforcement of Community rules on unsolicited messages for direct marketing, it is necessary to prohibit the use of false identities or false return addresses or numbers while sending unsolicited messages for direct marketing purposes.
(47) Where the rights of the users and subscribers are not respected, national legislation should provide for judicial remedies. Penalties should be imposed on any person, whether governed by private or public law, who fails to comply with the national measures taken under this Directive.
Article 13
Unsolicited communications
1. The use of automated calling systems without human intervention (automa
Check out this new forum for discussing spam: http://antispamist.dyndns.org/forum/index.php
FoundNews.com - get paid to blog.,
Perfect for a Friday. Somebody calls bullsh*t and the original caller actually posts a link backing up his claim!
Doesn't he know he's supposed to say - I'm too busy right now, but if you do a google search on Utah sex...
"I hear chopping, but I don't hear digging..."
Veteran, Bermuda Triangle Expeditionary Force, 1992-1951
Those of you who read the article will note that the guy asked to be removed and then two days later got "spammed" by Sprint. Two days is not enough time to be removed. This is something he signed up for. It doesn't mention if he continued to receive spam afterwards.
The truely annoying spam is the spam that you never sign up for. Where your email address has been snatched by a spider and there is no way to unenroll. That was not the case here.
This was simply a bad test case.
Lasers Controlled Games!
To extend the analogy a bit... I don't normally receive 40 junk snail mail messages at random times each day, with all of them appearing (or claiming) to be "important". Nor do they tend to include envelopes mentioning body parts that most people only talk about to doctors and really close friends.
The only good part of junk snail mail is that it can be used as fuel for a properly modified wood stove.
Opting out of snail mail spam has had the effect of greatly reducing the amount I receive.
Opting out of email spam has had no noticeable effect on the amount of email spam I get, other than possibly increasing it.
See the difference yet?
The LDS church has *recently* taken a more public stand against polygamy, but the fact that its so widespread (a recent NYT article suggested 10s of thousands in Utah are in polygamous marriages) indicates that church "opposition" to it has been muted for a long time. The recent Elizabeth Smart case will focus some rather unpleasant publicity on LDS practices and attitudes, even if they aren't "official."
Besides, as a parent poster noted, they had an anti-porn czar. If polygamy is so bad, why wasn't there an anti-polygamy czar? Sounds to me like it was more ignored or looked over than actively banned.
Not that it's worth anything, but who knows. When I get spam from a reputable company, I typically try to find their customer service email address and send them this little form letter. I doubt that it does any good, but if enough people showed the larger corporations that we don't want spam, perhaps the meat and potatoes of the spam mailing list scumbags would be dropped just a little.
Dear: Company
Today I received an unwanted, unsolicited email from your company (spam). I always believed that your corporation was honest and forthright, and it is beyond my comprehension why you would decide to set yourself alongside pornographers and scam artists by using unsolicited spam email.
Regardless of what your spam mailing company has told you, I have never consciously 'opted in' to receive email from them, you, or any of their partners. They have either gained my 'approval' using deception or trickery, or they have simply lied and found the email address somewhere on the Internet. In either event, I have never, nor will ever want to receive unsolicited spam email. In other words, I don't want to get this type of mail. Ever. And I have never actively asked to receive it.
Spam mailing companies such as the one you use are corrupt and crooked. These are not honest businesses. And I cannot with good conscious do business with any company that chooses to partner with near criminals to conduct marketing. As such, I will not do business with you until you stop associating with these shady organizations.
Please do not forward this to your spam mailing list provider in a show of 'good faith' to 'opt me out'. All this will do is inform them that this is a valid email address, and place me on numerous other mailing lists. Like I said, these are not honest business people. If you doubt this, ask them exactly where and where I 'opted in' to get this junk. Ask them why they often use different and misleading domains to get around my 'block sender list'. They will be unable to provide you with an answer, because I have never actively 'opted-in', and they will try every trick in the book to get their junk through. Again, this is because they are dishonest.
If you decide to stop using this sort of unethical marketing, please inform me. I would be more then happy to continue doing business with you.
The Internet is generally stupid
Spam filters, certain ISPs, hotmail, etc, will often just delete mail, not bounce it. With no bounce, they just know it didn't bounce and will keep using that address. however, when you click the opt-out link, (or even open some emails that have images tied to dynamic pages) you just verified with 100% certainty that they have found a real, in-use, and monitored email address.
The truth doesn't care what I think.
But doesn't that "SCREAM" that selling "email-based permission" lists illegal?
After all, if business A sells your email address for 2.95, and business B sells it to C for 5.95 and business C does something illegal with it, how would business A sue business C for illegal use? It can't, and that places the burden on the customer. But since you can't limit WHO they sell your "permission to" (obstruction of commerce) that means you're writing them a blank check, with little to zero chance of ever having your rights respected. (the amount of spam makes prosecution for a single spam unlikely in the extreme) YET each spam is an individual crime, that must be investigated seperately.
There is also the question of just how "valid" the permission you gave to A for purpose X be translated to C for any purposes other than X... And with X usually being "promotions related to a product I bought" X is of little sale value to C... purpose Y is however, very valuable... Hence C wants to buy address "blue" from business A, for purpose Y, now if purpose Y wasn't known at the time permission was given, how can permission be considered to have been given(say permission to advertise an invention that didn't exist when blue gave permission to A)?
Doesn't the burden it places on the victim(the person whose rights have been abused, by receiving mail whom in most other contexts would be considered illegal) signify to legislators that
1) to properly track when a permission is given, when most spammers close up shop within a few days and just reappear with the same list, under a different company, require an independant registry of permissions?
2) to be able to correlate permission with origins of spam, you require to be able to track the origin of any single email message. By that reasoning wouldn't sending a message with forged header be considered illegal until proven otherwise(a bit like how a radar detector or any other device that allows one to bypass enforcement of a law illegal)?
3) Since permission would have to be tracked by purpose and by sender, shouldn't access to that single registry be paid for to cover administration costs? And once headers are fully considered thrustworthy again, shouldn't it be possible to bill per spam sent?
I think those are all valid questions, that the legislators should consider
The other part of the solution is data protection law - as with the parent post, this is a European Union law, meaning it applies to governments and not to individuals (the EU law is like a specification, EU governments have to impose laws that "implement" it).
Google for "Data Protection Act 2000" to see the UK's version, which came into force in 2001 (an earlier version, which was a bit less restrictive, has been around since the early 90s) and places specific restrictions on storage and use of "personally identifiable information". As far as I can see, this makes trading e-mail lists without specific permission illegal - it also has other nice effects, like preventing companies from sharing any other information they've gathered about you without your permission. (So your bank can't tell any other companies about your spending without your permission, for instance.)
The USA doesn't have a similar law, which actually means companies in Europe aren't allowed to send personal data to their American branch without the subject's permission.
...the problem with this is that if your approach becomes common, you can "anti"-spam your site. If you own foo.com competing with bar.com, simply send out lots of spam for bar.com. Since they won't know jack shit about the spam, they won't be able to prove anything one way or the other, causing customers to move to foo.com instead.
The key issue is, you need to get to the senders. Punishing the company will eventually lead to wrong conclusions if the spammers are smart enough.
Kjella
Live today, because you never know what tomorrow brings
Think about all the use a polygamist would have for a penis enlarger, though!
Junk mail is paid for by the sender; spam, like junk faxes, is paid for by the receiver (directly or indirectly, though higher ISP bills). This is why junk faxes were made illegal, and its why spamming should be illegal.
I'm always glad to see junk mail, because I know it means that someone out there is helping to fund the post office, and making it cheaper for me when I want to send snail-mail myself. I'm furious as hell when I see spam, because I know it means that someone out there is costing my ISP money, making it more expensive for me to be able to send email.
you send me a spam at my hotmail address and you will not get a bounced message. Your message may or may not get to me, though, it depends on my filter rules. You send an email to me at my aol account and you prolly won't get a bounce message, more or likely, but I won't get your email.
Compliant? Who cares? I'm talking about the real world.
The truth doesn't care what I think.
I'll bite Troll.
First, a full text search of Utah Code Annotated only pulls up the word "anal" in reference to children and rape. I assume those aren't the laws you call screwed up. Show me the law you are talking about, because I don't believe you.
Second, A full text search of all Utah state and federal cases brings up *not one result* for Universal Life Church, which means no case was tried involving it. The same for a full text search of Utah Code Annotated. Again, I don't belive you, so you will have to show me.
Finally, if you read the article and other posts here about the case, the reason he lost is fairly reasonable. Also, the clause exempting a previous business relationship is found in other state statutes, including Colorado, Delaware, and Ohio.
While your claims about Utah law are so far entirely unfounded, the message your post is stating pretty clearly is that you have some sort of emotional objection to Utah and the people there. I suggest you get over it, but the least you could do is verify your misinformation before spreading it around.
Boom Shanka
For example, some of my web design and hosting customers pay me to send out their newsletters (strictly opt-in). Say company X sends me their newsletter and mailing list on Feb 25th to be mailed out on March 1st... if somebody decides to opt-out on Feb 28th, they're still going to get the March newsletter because I don't maintain the list.
I think it's only fair to give companies a few business days to sort things out in an opt-in/opt-out scenario, as outgoing mail may already be in a sense "queued".
Let me also head off any insistance that the large spam brokers be responsible for handling the opt-out requests and maintaining a live database: this service usually involves large setup fees, and the client may not want to get married to one spam broker right away... so they will often send a static mailing list for a one-time mailing instead.
I personally think it's rediculious that this article even found its way onto slashdot. For chrissake, it might have taken two full days or more to process a single LARGE mailing list if they are contending with SMTP flood thresholds at large ISPs with lots of opt-in subscribers. You can't just rapid-fire 10,000 emails to MSN accounts from one server and not expect to get your IP blocked! Infact, most companies even tell you when you opt-out that it may take a few days before you stop receiveing emails.
Now, watch me get modded down by the idealist slashdot spam nazis for having a potentially unpopular opinion.
Slashdot: rejecting tech news in favor of rubber band guns since 1997.