I wonder if it is the company or the reporter who gave the wrong figures in the article. The article says:
By way of comparison, Cornell University’s David Pimentel, an authority on ethanol, says that one acre of corn produces less than half as much energy, equivalent to only 328 barrels. If a few hundred barrels of crude sounds modest, recall that millions of acres of prime U.S. farmland are now used to make corn ethanol.
A remarkable number, but as far as I can find Pimentel claims no such thing about BARRELS per acre, but I can find that number in GALLONS per acre per year, e.g., see http://healthandenergy.com/ethanol.htm. So 328 gallons of ethanol per acre = 7.8 barrels of ethanol per acre per year
Among his [Pimentel's] findings are:
An acre of U.S. corn yields about 7,110 pounds of corn for processing into 328 gallons of ethanol. But planting, growing and harvesting that much corn requires about 140 gallons of fossil fuels and costs $347 per acre, according to Pimentel’s analysis. Thus, even before corn is converted to ethanol, the feedstock costs $1.05 per gallon of ethanol.
So one thought has occurred to me. If this technology involves growing green gunk in vertical clear walled tanks, then perhaps they have chosen to talk about the yield per tank in terms of tank horizontal footprint, i.e the amount of light input coming in the side of 1 square foot of tank horizontal footprint could be many times the amount hitting just the top... I can imagine a tank fourteen feet tall, 3 feet wide, but only 4 inches deep. So its footprint is only 1 square foot, but it catches 30 square feet of light if at Boston's 42 degrees latitude (or heck, 60 feet if one reflects light in on the back side.)
I am not a lawyer, so this isn't legal advice, just my experience. I have sued a number of times (and won) in small claims court, including in Santa Clara County -- where Mountain View is located as it happens. I know of someone in Florida who files small claims spam cases in California and flies in for the hearing. Nolo Press has a great book dedicated to small claims court in California Incidentally, in California lawyers aren't allowed to represent clients in small claims cases, although they are allowed for the re-trial if the defendant appeals a loss. As far as collections goes, handily enough VeriSign is also in Santa Clara County. So rather than chase down a spammer in some far off state to collect, you can just threaten to go down the road and seize a non-paying defendant's business property i.e. their.com domain name if they don't pay.
As the Nolo Press book explains, you can file two $7500 small claims lawsuits a year and an unlimited number of $2500 suits. California law awards $1000 per illegal spam. Santa Clara county even has specific rules for filing two or more small claims cases at the same time. So for example I filed simultaneously two lawsuits both against the defendants for 8 spam each per lawsuit. The two cases were heard at the same time and ultimately I collected $16000 plus interest. (In the course of the cases I also raised $40,000 for Second Harvest and the Darfur Stove Project charities...)
IANAL, but that's not really true. They do have possession of email as it passes through. If I send Google a subpoena, then at least for 15-30 days they'd have to retain copies of all the responsive emails that they receive. But clearly that's not the case, otherwise I'd subpoena monthly the opposing party and get a continuous copy of their emails. Law firms can hire any number of outside agencies to handle privileged docs, e.g. paralegals from temp agency, graphic artists, etc and not lose privilege.
As they have explained it to me, once you voluntarily hand information off to an uninvolved third party, the veil of privilege is breached and it can be discovered.
IANAL, as well, but that statement is incomplete. You can clearly outsource at least one IT function: email, without risking privilege. Google's Postini is the the email service provider for many (most) of the nation's best and/or biggest lawfirms. (e.g. lookup the mx records of steptoe.com, chadbourne.com, perkinscoie.com, gibsondunn.com, bakernet.com, dlapiper.com, whitecase.com, sidley.com, mayerbrown.com).
All *.psmtp.com.
Call me cynical, but when they claim two MONTHS of standby time and 18 hours of talk time, all on a 1850 mAh battery -- it makes me a bit leery. After all, no matter how efficient its electronics are, it still has to burn power transmitting packets. For example the Nokia 6205 on its 1020mAh BL-5C battery only gets up to 4 hours talk, up to 11 day standby. Spec for Nokia: http://www.nokiausa.com/find-products/phones/nokia-6205/specifications
Spec for the phone, I think: http://www.sonimtech.com/pdf/xp3quest_ds.pdf
Anti-spammer David Ritz lost the SLAPP lawsuit filed by
Jerry Reynolds
filed for running "unauthorized" DNS
lookups on their servers. Knowing "commands are not commonly known to the average computer
user" can get you into serious peril in some judges' court rooms.
I kid you not. The Judge ruled that "In all intended uses of a zone transfer, the secondary server is operated by the same party that operates the primary server." The original complaint is here.
Ritz was a thorn in Reynolds' side during the years when Ritz was trying to get the Netzilla/Sexzilla porn spam operation to stop spamming. Reynolds has been quite aggressive in trying to get his past erased from the net (including forged cancel posts). The North Dakota Judge also awarded attorneys fee which could theoretically make the total bill over $500k for doing a domain zone transfer. (I believe they had claimed $250k in attorney fees in their failed suit against Ed Falk) Reynolds also filed a criminal complaint against Ritz which was on hold pending resolution of this trial.
Here is a literal worst-case scenario of what can happen when a court fails miserably to understand technology. The judge ruled:
Ritz has engaged in a variety of activities without authorization on the Internet. Those activities include port scanning, hijacking computers, and the compilation and publication of Whois lookups without authorization from Network Solutions.
The scary sounding port scanning/hijacking computers is posting a test message through one of Verizon's machines to prove to Verizon they had an open relay --i.e. posting to 0.verizon.security via the relay a note to Verizon's security saying "What's it going to take to get you to secure this gaping hole in what you call your network," or words to that effect. Verizon apparently had no problem with the demo post and closed the relay.
Take note, for those anti-spammers out there, this Judge is ruling that if you post the whois record for a spammer's domain your are doing a malicious, tortious act. If you telnet to a spammer's mail
server and type HELO or VRFY you're illegally impersonating a mail
server.
It seems clear that the Judge for whatever reason really, really,
really didn't like the Defendant Ritz. But the Judge seems to want no
sunshine on her trial because she ordered the entire affair sealed,
except of course for her judgments of "facts."
There is a legal defense fund that was set up for his case. I believe he does not have the resources to appeal and this would be a very bad precedent to stand.
2. A person commits computer crime by intentionally and either in excess of authorization given or without authorization gaining or attempting to gain access to, altering, damaging, modifying, copying, disclosing, taking possession of, introducing a computer contaminant into, destroying, or preventing the authorized use of any computer, computer system, or computer network, or any computer software, program, or data contained in the computer, computer system, or computer network. A person who commits computer crime is guilty of a class A misdemeanor.
Ritz also got a $10k fine by the Judge for violating the preliminary Injunction, but since the Judge sealed the records, it is hard to tell what the story behind that.
Just checked with a client who lives in Saginaw. Using default DHCP settings which presumably point to Charter's DNS servers, we just get normal dns lookup errors. Now, Charter does know they are using Macs, and I noticed the www11.charter.com webpage that others here have cited on slashdot currently seems designed to look like a PC error page so is it possible they are doing this on limited basis? Who knows.
I had not heard that ISPs are starting to do this... If so we'll have to do some investigation. We (like many others) have Federal trademarks on the word in our domain name. If an ISP doing redirects that make them money on people who are attempting to get to a URL that uses a trademark, then the ISP is making money based essentially on confusion or mistakes with a registered trademark owner and themselves. Trademark violations carry a (US)$100,000 statutory penalty per incident.
So I'd expect this will stop a soon as the ISPs' own lawyers hear about it and tell 'em "No! bad marketing driod, no donut for you!"
While its encourageing to hear of such suits, especially when they bring on TRO, I can't help but feel a little let down. Once AG's stop doing civil suits and start criminal prosecutions for spam then you will see a fundamental shift in the amount of spammer and the make up of the spammers doing it. Only AG or DA can do prosecutions, anyone of us can sue spammers.
Our own suit file last month against Kraft/Gevalia for $11 million may help change their mind about using spam. (http://legal.hyperotuch.com/ They already seemed to be taking steps to change. However, one interesting note is that some number of news
organizations never heard of the suit, ironically because their spam filters
caught emails that talked about Gevalia. Makes me wonder if the defendants
have ever stopped to evaluate how spamming may be hurting their
word-of-mouth advertising.
The following statement is released by Jack Hill, chief executive officer of BVWebTies LLC, owner of BobVila.com, in response to media inquiries involving the anti-spam lawsuit against BVWebTies LLC filed by Hypertouch Inc.:
BOSTON (March 5, 2004) - "BVWebTies LLC, owner of BobVila.com, takes the issue of junk e-mail seriously and believes it has operated in full compliance with the CAN-SPAM Act of 2003. We remain committed to respecting and serving our customers. We were shocked by this action, and believe that BVWebTies will show that it operated in good faith and in full compliance with existing law."
It appears that one of BlueStream Media's customers is also in Foster City, DrySkinOnly.com... Small world. The local DA is taking complaints about spam, though you have to get through a disinterested police force. If you have any pre-2004 spam that has no ADV label, that is punishable under the old CA law by up to one year in jail. If you have the time and energy, file a complaint and follow up on it...
Hi All,
Just FYI, We will be posting updates to the case as they happen at http://legal.hypertouch.com. We think the CAN-SPAM Act is an open license to spam with very little protection for the public, but we are attempting to use what few protections are available to punish some unrepentant spammers.
One of the biggest problems with CAN-SPAM Act that we are hoping to educate the press so they can inform the public is that the Act says end users _must_ contact each spammer and opt-out. This is of course exactly the opposite of what ISPs have been tell their customers to do. "Opting out" merely gives the spammer have a live address. Some of the email addresses defendants sent spam to were unique addresses submitted to a "virus software 90 % off" spam. In no uncertain terms, "opting out" of spam signs you up for more spam.
We were surprised when even after we told BobVila.com about the quality of the lists their hired spammer was using, they still refused even just to promise they'd never use BlueStream Media again... Right before we filed the action, one of our users received a new BobVila spam, this time sent through a Florida based spammer.
Well, we were in contact with them for a bit before we filled the suit. Even after we told them a number of their spam were sent to addresses that were submitted to the opt-out links of other spam, they still refused to promise to never use BlueStream Media again. Shortly before we filed the suit, one of our users recieved another BobVila UCE, this time from a spammer in Florida.
One of the most compelling aspects in deciding to file this case was that among the various emails messages in their spam run they managed violate nearly every ISP-actionable part of CAN-SPAM. Specifically various email of the spam run had one or more of the following violations:
1) No street address
2) False headers, including
a) SMTP HELO's with names whose IP addresses don't match the originating IP
b) Domain names used in the headers that were registered with false names...
3) Addresses that had been submitted to the opt-out mechanisms of other spam
4) Random and harvested addresses, include domain registration contact addresses.
In 2001 Bill Jones started spamming for his (eventually failed) California election campaign.
Nice!
The spam was even relayed, IIRC, through an elementary school server in Korea.
Nicer touch!
When the story originally broke about Bill Jones campaign admitting sending spam, I proactively sent via a fax and via the contact form on their website a formal notice to not sent any Unsolicited email to any of our users. Funnily enough the Billjones.org's website only offers a webform for email...I guess they don't want spammers finding _their_ email addresses and spamming them. How classy. Even their web contact form, when it sends a confirmation copy of your message back to you, they used _your_ address as the sender. I never received a reply to my notice, but I did start receiving Bill Jones spam...
Nicest touch!
Our notice included a $1000/message fee for additional email addresses, though we never sent an invoice
Fast forward to 2004. Yesterday we received spam for Bill Jones' new campaign -- for Senator of California.
New nice touch!
In fact, not one, but two spam on the same day sent to the same address
One million dollars eh? Recall the Wired article this summer of the bigger penis spammer the nets a half million or more a month. A million dollar bond often costs 5 to 10% of the value. So, for a couple days profits, that spammer is back up and running with FTC approval. And this is how Congress expects the CAN SPAM act to stop the madness?
Sigh...
That is true that individuals may sue under other laws. However, the true power in anti-spam laws came from statutory damages, i.e. $XXX/dollars per message. Otherwise you have a huge hurtle of proving the amount of damage you suffered, from each individual message. That makes your lawsuit a much larger gamble as far as even recovering your expenses, to say nothing of providing incentive for the spammer to stop.
Junk faxes cost me over 10 cents a page. If you had to prove your damages in court, junk faxing exploded and essentially ended faxing as a useful medium. The TCPA essentially dealt with the explosive growth of junk faxers by giving individuals a $500-$1500 incentive to enforce the law. That still is not enough to stop some companies for using junk faxes.
We are currently involved in a junk fax class action against Perry Johnson for sending a huge number of junk faxes. In 2000 they were cited by the FTC for junk faxing. They continued to send them out. After getting sixteen junk faxes, we finally filed suit in 2001. The case is still ongoing. In contradiction of previous statements, including in Perry Johnson's written response to the FCC's citation for TCPA violations, they have now asserted in sworn testimony they do not maintain and have Never maintained a Do Not Fax database. So we subpoenaed their phone company for their records. Global Crossing, as indicated in an affidavit, has 59,099 records of calls to the "Removal" number on Perry Johnson's junk faxes. A subpoena to another phone company who also provided service for Perry Johnson's toll-free "Remove" number has provided documentation of another large number of phone calls. That could bring the size of the class to well over 100,000 identified members, just from those companies and individuals who took the time and effort to ask to be placed in Perry Johnson's (nonexistent) "Do Not Call" database.
Perry Johnson is faxing a huge number of people. If there were no statutory damages for this, there would be no way to induce them to stop. A smack by the FTC did not do it. (preview for the future there?) Iindividuals complaining and opting out did not do. Individual prior lawsuits didn't do it.Proving actual damages for each class member can be a huge barrier for a plaintiff.
And heads up boys and girls -- Perry Johnson has now also begun to advertise via spam (using "throw away" domains like onlinepji.net, infoiso.net and isomail.net) They've even tried to relay their spam through our servers. That would be illegal under the new law, but under the new, why would they bother relaying through someone else. At the moment, it now appears there will be little hope in ever stopping them from legally pumping spam after spam into your mailbox.
That's exactly right. False or misleading is not the same as ambiguous. Or even pointlessly accurate:
Subj: Did you get this email?
Subj: Something to think about
Subj: Re: what was on the news last night
Subj: She was very pleased
But even if they are accurate, our user's in boxes will still get creamed:
Subj: 1.95% Mortgage Rate - NO JOKE
Subj: have hundreds of lenders help you get the lowest rates
Subj: Mortgage Leads as Low as $8.00/lead vovlmh.hhpdo tmfkieqjl ffkdly:
Now that last one, can I afford to bank roll a Federal Lawsuit on the gamble that a hash buster is ruled misleading by a jury -- and then gamble on what portion of the "up to $25" the judge gives us?
Finally, the point is spammers can now consider putting their real IP addresses in their headers because what they are sending is now legal. If their IP addresses begin to get blacklisted, then they can and will again pump their spam through any number of overseas IP addresses without breaking the law. I do not like to black list all of Russia or China to block spam, even if I know I will lose little legitamate email. There is nothing illegal in the law about making it difficult to contact the sender, as long as its legal.
The spammer we brought a class action against, Link It Software (legal.hypertouch.com)
did just that. After we filed they stopped sending through their California Sprint T-1 line and started sending via a front business in India (xactmailer.net) No hidden IP address of the "originating machine" but the domain was registered to some company in India and the header trail ended in India.
Proving your address was harvested might be done easily enough, especially with tagging, spamtraps, etc. But the I CAN SPAM act then puts a well nigh insurmountable barrier...you have to prove the spammer using the address had ACTUAL knowledge that it was harvested:
It is unlawful for any person to initiate the transmission, to a protected computer, of a commercial electronic mail message that is unlawful under subsection (a), or to assist in the origination of such message through the provision or selection of addresses to which the message will be transmitted, if such person had actual knowledge, or knowledge fairly implied on the basis of objective circumstances [that the addresses were harvested or dictionary attack create]
So, every spammer and their uncle buys their addresses from a third party's Million Addresses CD and they are home free. They don't have ACTUAL Knowledge [a legal term of art] of where the addresses come from. Harvesting and dictionary attackes themselves don't appear to be illegal.
I believe you are not correct in projecting the effects of this bill. The primary reason that spammers had in falsifying information in their headers was that many states had prohibitions on spam. WA (and MD, etc) put laws on their books prohibiting emails with such falsehoods which nicely side-stepped the problem of being content related. When the WA Supreme Court upheld the WA law, they said "Hey, we're only banning fraudulent emails so that can't possibly interfere with Interstate commerce, it can only encourage it..." Spammers will now just send a WA resident email with no false headers or or deceptive subject lines.
So now they will send spam to you with a subject line of "Hi" about Mini RC Cars and Viagra and you can't do a thing about it under Federal or WA law. California law did prohibit that, but we're hosed. The one thing you might be able to preserve is a private right of action in a state court, but that will be a battle someone has to be willing to finance. The big ISPs won't do it, they'd rather file in the Federal Court down the street from their HQ.
Hey, we have a US Trademark on Hypertouch (R), but that has not given us a claim, under US law for those that send spam to hypertouch.com. Yahoo, AOL, Earthlink, etc would have those claims as part of every one of their lawsuits. It's well established case law that a phone book cannot be copyrighted -- it's just a collection of facts. I'm not sure what other claim of IP you could have except for trademark or copyright on a domain name.
In fact, spammers need only set-up a new Division for each of their domains and they are home free. Buy a new domain ($7) every 10 days, setup a new Division to do its marketing and you can spam any address without fear, forever.
I am the CEO of Hypertouch Inc, one of the few corporations in California to have brought suit against a spammer under the existing CA anti-spam laws, and the only person so far who has be able to get the local DA to take a criminal complaints against spammers under the criminal provision of CA law. (see http://press.hypertouch.com/)
Some of the "minor changes" that the Senate made before sending it back to the House include changing the statutory damages from a flat $25 to "up to $25." Now small ISPs can't even count on the paltry $25/message when they decide to take a spammer on in Federal Court.
I should note one interesting wrinkle. Unlike what is common in other Federal laws, the act "supersedes any statute, regulation, or rule of a State or political subdivision of a State " but says _nothing_ about the District of Columbia. Soooo, if people can rally the DC council to pass a California-like law, perhaps there may be a new place to host your mail servers.
A final copy of the
act can be found on my website.
http://www.hypertouch.com/legal/s877-eas.html
I'm pretty
pessimistic about things right now. Here are my chief concerns about the bill.
1."I CAN SPAM " Actlegalizes unlimited spam -- even
after"opt-outs " The
"SEPARATE LINES OF BUSINESS OR DIVISIONS " clause in the act
permits spammers to send repeatedly to you even after you've
opted out as long as they change domain names, a.k.a. lines of
business.
(B) SEPARATE LINES OF BUSINESS OR
DIVISIONS- If an entity operates through separate lines of business or
divisions and holds itself out to the recipient of the message, in
complying with the requirement under section 5(a)(5)(B) [the opt out
section], as that particular line of business or division rather
than as the entity of which such line of business or division is a part,
then the line of business or the division shall be treated as the sender
of such message for purposes of this Act.
The impression we have is that the DMA asked for this so that one cannot
opt out of spam from the Fortune 500 by giving notice to their corporate
HQ, you have to track down each"Division. " But more to
the glorious point from the Viagra spammers perspective, see what happens
if I opt out of a spam for today's mail bin: (picked at random)
Easiest method to enlarge your $&#@%, stick on the patch, and
forget about it! easy as 1-2-3. Find out how we can help your manhood
[url in spam:
www.prosize-health.biz/in.php?id=43&p_id=2 ]
By my sending email (or going to Prosize-Health.biz or whatever
hoops they choose to put up for their process), I can"opt
out. " However that spammer will be able to spam me LEGALLY
from all of their other lines of business, e.g.
Biggersize-health.biz, etc. Note that the spammer's email only represents
itself as Prosize-Health.biz... All they have to do is spend $7
every couple of weeks for a new domain for their new"Line of
Busines " (they might even bother to call it a new Division) and they
are home free. There is NOTHING I can do to stop this.
I can track down every big spammer and personally serve them with an
opt-out, but that doesn't trickle down to their thousands of
"Divisions. "
Let's be
clear -- Spammers are already talking about this open license on their
bulletin boards and mailing lists.
2."I CAN SPAM " punishes only the spammer, not the marketer
By
rotating through US based spammers, or using untraceable overseas
spammers, often in Russia or China, businesses will be allowed to
advertise via spam with abandon. The great strength of the upcoming
California law is that is target both the marketer and the spammer.
That will be gone when California laws are made void. For example, we
have been trying to get Discover Credit Card to stop sending spam to us
for over 18 months. They literally just regularly rotate through
new
S.877 will supersedes state laws on Jan. 1, 2004, but the wording is
interesting:
SEC. 8. EFFECT ON OTHER LAWS. [snip] (b) STATE LAW-
(1) IN GENERAL- This Act supersedes any statute, regulation, or rule
of a State or political subdivision of a State that expressly
regulates the use of electronic mail to send commercial messages,
except to the extent that any such statute, regulation, or rule
prohibits falsity or deception in any portion of a commercial
electronic mail message or information attached thereto.(emphasis added)
So, here's the question we are pondering: CA, (and MD, WA, etc)
have/will have laws that prohibit "falsity or deception." Do those stay intact?
The wording seems to indicate so. If so, then CA (and MD, WA, etc)
offer several enhancements; do those remain intact? For example in
California's case on Jan. 1st will there be:
Private right of action
Right of action against email "Advertisers" rather than just the
untraceable spammer who sends the message, as provided by CA's new
17529.
Much larger penalties. It's not the $1000/message CA law would have made but it is up to $2500/message -- at the judges option which would make it easier for
small ISPs to mount an action without having to do a class action to
ensure a spammer is stopped for everyone.
Right of action for local District Attorneys -- S.877 only allows
state AGs to bring criminal actions, not local county District
Attorneys. I'm having enough difficulty getting San Mateo County's DA
office to move forward on our complaints with criminal actions. I've
no hope the AG of California will do anything -- they prefer to do
only civil actions unless there is a conflict with the local DA's
office and the AG has to step in.
There is some ray of hope in this debacle perhaps. Initial conversations with our lawyers seem to show that as worded, many portions of state laws may stand.
Joe
I am really disappointed this is looking like it will make it into law. In 1991, Congress authorized the telephone "do not call list" by the FTC. That list took more than a decade to go into effect. How long do you think you'll wait for this one?
As far as the effectiveness of asking spammers to "remove" email addresses, we have done some study on the matter. Below is a partly snipped declaration I made regarding some Florida spammers who use "remove" requests as a source to harvest new requests.
From Thursday, [date snip] through Saturday, [date snip], a number of unique email addresses were submitted to approximately 35 different email address "Remove me," "Unsubscribe," "Opt-out," etc. web pages whose URLs were found in various unsolicited commercial email (UCE or "spam). The email addresses submitted were created solely for this purpose and had never before nor since been given out nor used in any manner. Each unique address was submitted to only a single "opt-out" page, allowing easy tracking of the origin of that email should it ever receive email in spite of the opt-out request.
By the following Tuesday morning, [date snip], our mail servers began receiving UCE/spam to those same unique addresses, advertising software found on [snip]'s website, e.g. http://www.allthebestsoftware.com/mcafee007.htm
[snip]' UCE/spam messages contained a disclaimer at the bottom of the email asserting, e.g.:
"Your personal email address was obtained from an opt-in list. Opt-in UEC (United Ecommerce Coalition) Approved List - Type NNS Suffix = zT%22d%H&EUSA. To unsubscribe from this list, please Click here . You need to allow 5 Business days for removal. We do not condone spam in any shape or form. Thank You kindly for your cooperation. "
The statements in the [snip]' disclaimer are thus clearly false as explained above in Declaration #1.
The "unsubscribe" link in the [snip]' UCE messages was to other [snip]' web sites, e.g.: http://www.upgradesrus.net/remove.asp
As chance would have it, and indicative of the prolific nature of [snip]' email marketing practices, that exact URL ( http://www.upgradesrus.net/remove.asp ) was one of the 35 used in Declaration #1. Thus a number of unique email addresses were submitted to upgradesrus.net. Those unique addresses, submitted only to upgradesrus.net, have since received hundreds and hundreds of UCE/spam.
Hypertouch, Inc. never requested any email from [snip].
Hypertouch, Inc. had no relationship with [snip] prior to receiving their email.
[snip] in their unsolicited emails offer to remove the recipient's email address from [snip]' lists. This offer is demonstrably made in bad faith. [snip] do not merely ignore removal requests, they apparently use such opt-out requests rather as a source to harvest fresh addresses to send more UCE/spam.
Hypertouch, Inc. continues to receive email from the [snip].
As is common industry practice, Hypertouch, Inc. routinely advises its clients NOT to reply nor attempt to "opt-out" to UCE/spam because such requests often result in an email address receiving even more UCE/spam as a confirmed "live address." Hypertouch, Inc.'s first hand experience with the [snip]' unethical, fraudulent and illegal behavior demonstrates conclusively the soundness of this advice.
Without exception, every one of [snip]' emails violated both Section 17538.4 and 17538.45 of the California Business and Professions Code.
You can imagine once spammers all go to internationally registered and thus untraceable domain names tracking this sort of trickery will become tougher. We tell our users that we know from first hand experience that responding to and attempting to opt out of spammers lists are a bad idea. This law is just a license to spam.
As owner of a business who has taken spammers to court and whose lawfirm defended California's current antispam law in the CA Supreme Court, let me be emphatic: This is a horrible law. It absolutely overides California and all other state laws which is why the DMA is pushing for it so hard. It removes a private right of action for end users. Let's be clear:
This law makes it legal to send spam in all 50 states.
The law has many things wrong with it:
It removes any and all laws individual states passed to protect their citizens.
It removes private right of actions. Junk faxes are only just annoying rather than crippling today because of the TCPA, which allows Joe Public call to carpet any junk faxer in small claims court for $1500/fax.
Anyone can spam you until you specifically asked them to stop -- what percentage of the 25 million business in the US do you think you have time to individually contact.
"Valid" return addresses on spam offers no aid to people fighting spam. How does a spammer having some (possibly even valid) street address in an obscure corner of the world and an mail server that dumps all incoming email to/dev/null give me any help in fighting spam. A large percentage of our incoming spam all have "valid" return addresses.
In 1991, Congress authorized the telephone "do not call list" by the FTC. That list took more than a decade to go into effect. How long do you think you'll wait for this one?
"At the FTC's Spam Forum in May 2003, FTC officials and a representative of the National Association of Attorney's General stated clearly that neither the FTC nor state law enforcement agencies have the time, money, or resources, needed to engage in enough anti-spam prosecutions to make a dent in the problem." (Cauce.org)
As currently written, the email "do not call list" will only be by individual email address, not by domain.
Time in earnest to call your local congressional rep. The Senate appears to be a lost cause.
Slashdot Mirror
By way of comparison, Cornell University’s David Pimentel, an authority on ethanol, says that one acre of corn produces less than half as much energy, equivalent to only 328 barrels. If a few hundred barrels of crude sounds modest, recall that millions of acres of prime U.S. farmland are now used to make corn ethanol.
A remarkable number, but as far as I can find Pimentel claims no such thing about BARRELS per acre, but I can find that number in GALLONS per acre per year, e.g., see http://healthandenergy.com/ethanol.htm. So 328 gallons of ethanol per acre = 7.8 barrels of ethanol per acre per year
Among his [Pimentel's] findings are:
An acre of U.S. corn yields about 7,110 pounds of corn for processing into 328 gallons of ethanol. But planting, growing and harvesting that much corn requires about 140 gallons of fossil fuels and costs $347 per acre, according to Pimentel’s analysis. Thus, even before corn is converted to ethanol, the feedstock costs $1.05 per gallon of ethanol.
Joule Unlimited's website does says "20,000 gallons of renewable ethanol or hydrocarbons per acre annually" ( http://www.jouleunlimited.com/news/2009/joule-biotechnologies-introduces-revolutionary-process-producing-renewable-transportation- )
So one thought has occurred to me. If this technology involves growing green gunk in vertical clear walled tanks, then perhaps they have chosen to talk about the yield per tank in terms of tank horizontal footprint, i.e the amount of light input coming in the side of 1 square foot of tank horizontal footprint could be many times the amount hitting just the top... I can imagine a tank fourteen feet tall, 3 feet wide, but only 4 inches deep. So its footprint is only 1 square foot, but it catches 30 square feet of light if at Boston's 42 degrees latitude (or heck, 60 feet if one reflects light in on the back side.)
I am not a lawyer, so this isn't legal advice, just my experience. I have sued a number of times (and won) in small claims court, including in Santa Clara County -- where Mountain View is located as it happens. I know of someone in Florida who files small claims spam cases in California and flies in for the hearing. Nolo Press has a great book dedicated to small claims court in California Incidentally, in California lawyers aren't allowed to represent clients in small claims cases, although they are allowed for the re-trial if the defendant appeals a loss. As far as collections goes, handily enough VeriSign is also in Santa Clara County. So rather than chase down a spammer in some far off state to collect, you can just threaten to go down the road and seize a non-paying defendant's business property i.e. their .com domain name if they don't pay.
As the Nolo Press book explains, you can file two $7500 small claims lawsuits a year and an unlimited number of $2500 suits. California law awards $1000 per illegal spam. Santa Clara county even has specific rules for filing two or more small claims cases at the same time. So for example I filed simultaneously two lawsuits both against the defendants for 8 spam each per lawsuit. The two cases were heard at the same time and ultimately I collected $16000 plus interest. (In the course of the cases I also raised $40,000 for Second Harvest and the Darfur Stove Project charities...)
IANAL, but that's not really true. They do have possession of email as it passes through. If I send Google a subpoena, then at least for 15-30 days they'd have to retain copies of all the responsive emails that they receive. But clearly that's not the case, otherwise I'd subpoena monthly the opposing party and get a continuous copy of their emails. Law firms can hire any number of outside agencies to handle privileged docs, e.g. paralegals from temp agency, graphic artists, etc and not lose privilege.
As they have explained it to me, once you voluntarily hand information off to an uninvolved third party, the veil of privilege is breached and it can be discovered.
IANAL, as well, but that statement is incomplete. You can clearly outsource at least one IT function: email, without risking privilege. Google's Postini is the the email service provider for many (most) of the nation's best and/or biggest lawfirms. (e.g. lookup the mx records of steptoe.com, chadbourne.com, perkinscoie.com, gibsondunn.com, bakernet.com, dlapiper.com, whitecase.com, sidley.com, mayerbrown.com). All *.psmtp.com.
Call me cynical, but when they claim two MONTHS of standby time and 18 hours of talk time, all on a 1850 mAh battery -- it makes me a bit leery. After all, no matter how efficient its electronics are, it still has to burn power transmitting packets. For example the Nokia 6205 on its 1020mAh BL-5C battery only gets up to 4 hours talk, up to 11 day standby. Spec for Nokia: http://www.nokiausa.com/find-products/phones/nokia-6205/specifications Spec for the phone, I think: http://www.sonimtech.com/pdf/xp3quest_ds.pdf
I kid you not. The Judge ruled that "In all intended uses of a zone transfer, the secondary server is operated by the same party that operates the primary server." The original complaint is here.
Ritz was a thorn in Reynolds' side during the years when Ritz was trying to get the Netzilla/Sexzilla porn spam operation to stop spamming. Reynolds has been quite aggressive in trying to get his past erased from the net (including forged cancel posts). The North Dakota Judge also awarded attorneys fee which could theoretically make the total bill over $500k for doing a domain zone transfer. (I believe they had claimed $250k in attorney fees in their failed suit against Ed Falk) Reynolds also filed a criminal complaint against Ritz which was on hold pending resolution of this trial.
Here is a literal worst-case scenario of what can happen when a court fails miserably to understand technology. The judge ruled:
Ritz has engaged in a variety of activities without authorization on the Internet. Those activities include port scanning, hijacking computers, and the compilation and publication of Whois lookups without authorization from Network Solutions.The scary sounding port scanning/hijacking computers is posting a test message through one of Verizon's machines to prove to Verizon they had an open relay --i.e. posting to 0.verizon.security via the relay a note to Verizon's security saying "What's it going to take to get you to secure this gaping hole in what you call your network," or words to that effect. Verizon apparently had no problem with the demo post and closed the relay.
Take note, for those anti-spammers out there, this Judge is ruling that if you post the whois record for a spammer's domain your are doing a malicious, tortious act. If you telnet to a spammer's mail server and type HELO or VRFY you're illegally impersonating a mail server.
It seems clear that the Judge for whatever reason really, really, really didn't like the Defendant Ritz. But the Judge seems to want no sunshine on her trial because she ordered the entire affair sealed, except of course for her judgments of "facts."
There is a legal defense fund that was set up for his case. I believe he does not have the resources to appeal and this would be a very bad precedent to stand.
Here's the code the _civil_ lawsuit is based on:
12.1-06.1-08. Computer fraud - Computer crime - Classification - Penalty.2. A person commits computer crime by intentionally and either in excess of authorization given or without authorization gaining or attempting to gain access to, altering, damaging, modifying, copying, disclosing, taking possession of, introducing a computer contaminant into, destroying, or preventing the authorized use of any computer, computer system, or computer network, or any computer software, program, or data contained in the computer, computer system, or computer network. A person who commits computer crime is guilty of a class A misdemeanor.
Ritz also got a $10k fine by the Judge for violating the preliminary Injunction, but since the Judge sealed the records, it is hard to tell what the story behind that.Just checked with a client who lives in Saginaw. Using default DHCP settings which presumably point to Charter's DNS servers, we just get normal dns lookup errors. Now, Charter does know they are using Macs, and I noticed the www11.charter.com webpage that others here have cited on slashdot currently seems designed to look like a PC error page so is it possible they are doing this on limited basis? Who knows.
I had not heard that ISPs are starting to do this... If so we'll have to do some investigation. We (like many others) have Federal trademarks on the word in our domain name. If an ISP doing redirects that make them money on people who are attempting to get to a URL that uses a trademark, then the ISP is making money based essentially on confusion or mistakes with a registered trademark owner and themselves. Trademark violations carry a (US)$100,000 statutory penalty per incident.
So I'd expect this will stop a soon as the ISPs' own lawyers hear about it and tell 'em "No! bad marketing driod, no donut for you!"
While its encourageing to hear of such suits, especially when they bring on TRO, I can't help but feel a little let down. Once AG's stop doing civil suits and start criminal prosecutions for spam then you will see a fundamental shift in the amount of spammer and the make up of the spammers doing it. Only AG or DA can do prosecutions, anyone of us can sue spammers. Our own suit file last month against Kraft/Gevalia for $11 million may help change their mind about using spam. (http://legal.hyperotuch.com/ They already seemed to be taking steps to change. However, one interesting note is that some number of news organizations never heard of the suit, ironically because their spam filters caught emails that talked about Gevalia. Makes me wonder if the defendants have ever stopped to evaluate how spamming may be hurting their word-of-mouth advertising.
It appears that one of BlueStream Media's customers is also in Foster City, DrySkinOnly.com... Small world. The local DA is taking complaints about spam, though you have to get through a disinterested police force. If you have any pre-2004 spam that has no ADV label, that is punishable under the old CA law by up to one year in jail. If you have the time and energy, file a complaint and follow up on it...
One of the biggest problems with CAN-SPAM Act that we are hoping to educate the press so they can inform the public is that the Act says end users _must_ contact each spammer and opt-out. This is of course exactly the opposite of what ISPs have been tell their customers to do. "Opting out" merely gives the spammer have a live address. Some of the email addresses defendants sent spam to were unique addresses submitted to a "virus software 90 % off" spam. In no uncertain terms, "opting out" of spam signs you up for more spam.
We were surprised when even after we told BobVila.com about the quality of the lists their hired spammer was using, they still refused even just to promise they'd never use BlueStream Media again... Right before we filed the action, one of our users received a new BobVila spam, this time sent through a Florida based spammer.
One of the most compelling aspects in deciding to file this case was that among the various emails messages in their spam run they managed violate nearly every ISP-actionable part of CAN-SPAM. Specifically various email of the spam run had one or more of the following violations:
1) No street address
2) False headers, including
a) SMTP HELO's with names whose IP addresses don't match the originating IP
b) Domain names used in the headers that were registered with false names...
3) Addresses that had been submitted to the opt-out mechanisms of other spam
4) Random and harvested addresses, include domain registration contact addresses.
- In 2001 Bill Jones started spamming for his (eventually failed) California election campaign.
- Nice!
- The spam was even relayed, IIRC, through an elementary school server in Korea.
- Nicer touch!
- When the story originally broke about Bill Jones campaign admitting sending spam, I proactively sent via a fax and via the contact form on their website a formal notice to not sent any Unsolicited email to any of our users. Funnily enough the Billjones.org's website only offers a webform for email...I guess they don't want spammers finding _their_ email addresses and spamming them. How classy. Even their web contact form, when it sends a confirmation copy of your message back to you, they used _your_ address as the sender. I never received a reply to my notice, but I did start receiving Bill Jones spam...
- Nicest touch!
- Our notice included a $1000/message fee for additional email addresses, though we never sent an invoice
- New nice touch!
- In fact, not one, but two spam on the same day sent to the same address
- New nicer touch!
- Both spam were sent to our email abuse address.
- Nicest touch of them all...
I think it's time to finally send an invoice...Fast forward to 2004. Yesterday we received spam for Bill Jones' new campaign -- for Senator of California.
One million dollars eh? Recall the Wired article this summer of the bigger penis spammer the nets a half million or more a month. A million dollar bond often costs 5 to 10% of the value. So, for a couple days profits, that spammer is back up and running with FTC approval. And this is how Congress expects the CAN SPAM act to stop the madness? Sigh...
Junk faxes cost me over 10 cents a page. If you had to prove your damages in court, junk faxing exploded and essentially ended faxing as a useful medium. The TCPA essentially dealt with the explosive growth of junk faxers by giving individuals a $500-$1500 incentive to enforce the law. That still is not enough to stop some companies for using junk faxes.
We are currently involved in a junk fax class action against Perry Johnson for sending a huge number of junk faxes. In 2000 they were cited by the FTC for junk faxing. They continued to send them out. After getting sixteen junk faxes, we finally filed suit in 2001. The case is still ongoing. In contradiction of previous statements, including in Perry Johnson's written response to the FCC's citation for TCPA violations, they have now asserted in sworn testimony they do not maintain and have Never maintained a Do Not Fax database. So we subpoenaed their phone company for their records. Global Crossing, as indicated in an affidavit, has 59,099 records of calls to the "Removal" number on Perry Johnson's junk faxes. A subpoena to another phone company who also provided service for Perry Johnson's toll-free "Remove" number has provided documentation of another large number of phone calls. That could bring the size of the class to well over 100,000 identified members, just from those companies and individuals who took the time and effort to ask to be placed in Perry Johnson's (nonexistent) "Do Not Call" database.
Perry Johnson is faxing a huge number of people. If there were no statutory damages for this, there would be no way to induce them to stop. A smack by the FTC did not do it. (preview for the future there?) Iindividuals complaining and opting out did not do. Individual prior lawsuits didn't do it.Proving actual damages for each class member can be a huge barrier for a plaintiff.
And heads up boys and girls -- Perry Johnson has now also begun to advertise via spam (using "throw away" domains like onlinepji.net, infoiso.net and isomail.net) They've even tried to relay their spam through our servers. That would be illegal under the new law, but under the new, why would they bother relaying through someone else. At the moment, it now appears there will be little hope in ever stopping them from legally pumping spam after spam into your mailbox.
Just a clarification...You've until January 1, 2004
- Subj: Did you get this email?
- Subj: Something to think about
- Subj: Re: what was on the news last night
- Subj: She was very pleased
But even if they are accurate, our user's in boxes will still get creamed:- Subj: 1.95% Mortgage Rate - NO JOKE
- Subj: have hundreds of lenders help you get the lowest rates
- Subj: Mortgage Leads as Low as $8.00/lead vovlmh.hhpdo tmfkieqjl ffkdly:
Now that last one, can I afford to bank roll a Federal Lawsuit on the gamble that a hash buster is ruled misleading by a jury -- and then gamble on what portion of the "up to $25" the judge gives us?Finally, the point is spammers can now consider putting their real IP addresses in their headers because what they are sending is now legal. If their IP addresses begin to get blacklisted, then they can and will again pump their spam through any number of overseas IP addresses without breaking the law. I do not like to black list all of Russia or China to block spam, even if I know I will lose little legitamate email. There is nothing illegal in the law about making it difficult to contact the sender, as long as its legal.
The spammer we brought a class action against, Link It Software (legal.hypertouch.com) did just that. After we filed they stopped sending through their California Sprint T-1 line and started sending via a front business in India (xactmailer.net) No hidden IP address of the "originating machine" but the domain was registered to some company in India and the header trail ended in India.
So now they will send spam to you with a subject line of "Hi" about Mini RC Cars and Viagra and you can't do a thing about it under Federal or WA law. California law did prohibit that, but we're hosed. The one thing you might be able to preserve is a private right of action in a state court, but that will be a battle someone has to be willing to finance. The big ISPs won't do it, they'd rather file in the Federal Court down the street from their HQ.
Hey, we have a US Trademark on Hypertouch (R), but that has not given us a claim, under US law for those that send spam to hypertouch.com. Yahoo, AOL, Earthlink, etc would have those claims as part of every one of their lawsuits. It's well established case law that a phone book cannot be copyrighted -- it's just a collection of facts. I'm not sure what other claim of IP you could have except for trademark or copyright on a domain name.
In fact, spammers need only set-up a new Division for each of their domains and they are home free. Buy a new domain ($7) every 10 days, setup a new Division to do its marketing and you can spam any address without fear, forever.
I should note one interesting wrinkle. Unlike what is common in other Federal laws, the act "supersedes any statute, regulation, or rule of a State or political subdivision of a State " but says _nothing_ about the District of Columbia. Soooo, if people can rally the DC council to pass a California-like law, perhaps there may be a new place to host your mail servers.
A final copy of the act can be found on my website. http://www.hypertouch.com/legal/s877-eas.html
I'm pretty pessimistic about things right now. Here are my chief concerns about the bill.
1."I CAN SPAM " Act legalizes unlimited spam -- even after"opt-outs "
The "SEPARATE LINES OF BUSINESS OR DIVISIONS " clause in the act permits spammers to send repeatedly to you even after you've opted out as long as they change domain names, a.k.a. lines of business.
The impression we have is that the DMA asked for this so that one cannot opt out of spam from the Fortune 500 by giving notice to their corporate HQ, you have to track down each"Division. " But more to the glorious point from the Viagra spammers perspective, see what happens if I opt out of a spam for today's mail bin: (picked at random)
By my sending email (or going to Prosize-Health.biz or whatever hoops they choose to put up for their process), I can"opt out. " However that spammer will be able to spam me LEGALLY from all of their other lines of business, e.g. Biggersize-health.biz, etc. Note that the spammer's email only represents itself as Prosize-Health.biz... All they have to do is spend $7 every couple of weeks for a new domain for their new"Line of Busines " (they might even bother to call it a new Division) and they are home free. There is NOTHING I can do to stop this. I can track down every big spammer and personally serve them with an opt-out, but that doesn't trickle down to their thousands of "Divisions. "
Let's be clear -- Spammers are already talking about this open license on their bulletin boards and mailing lists.
2."I CAN SPAM " punishes only the spammer, not the marketer
By rotating through US based spammers, or using untraceable overseas spammers, often in Russia or China, businesses will be allowed to advertise via spam with abandon. The great strength of the upcoming California law is that is target both the marketer and the spammer. That will be gone when California laws are made void. For example, we have been trying to get Discover Credit Card to stop sending spam to us for over 18 months. They literally just regularly rotate through new
- Private right of action
- Right of action against email "Advertisers" rather than just the
untraceable spammer who sends the message, as provided by CA's new
17529.
- Much larger penalties. It's not the $1000/message CA law would have made but it is up to $2500/message -- at the judges option which would make it easier for
small ISPs to mount an action without having to do a class action to
ensure a spammer is stopped for everyone.
- Right of action for local District Attorneys -- S.877 only allows
state AGs to bring criminal actions, not local county District
Attorneys. I'm having enough difficulty getting San Mateo County's DA
office to move forward on our complaints with criminal actions. I've
no hope the AG of California will do anything -- they prefer to do
only civil actions unless there is a conflict with the local DA's
office and the AG has to step in.
There is some ray of hope in this debacle perhaps. Initial conversations with our lawyers seem to show that as worded, many portions of state laws may stand. JoeAs far as the effectiveness of asking spammers to "remove" email addresses, we have done some study on the matter. Below is a partly snipped declaration I made regarding some Florida spammers who use "remove" requests as a source to harvest new requests.
You can imagine once spammers all go to internationally registered and thus untraceable domain names tracking this sort of trickery will become tougher. We tell our users that we know from first hand experience that responding to and attempting to opt out of spammers lists are a bad idea. This law is just a license to spam.
This law makes it legal to send spam in all 50 states.
The law has many things wrong with it:
- It removes any and all laws individual states passed to protect their citizens.
- It removes private right of actions. Junk faxes are only just annoying rather than crippling today because of the TCPA, which allows Joe Public call to carpet any junk faxer in small claims court for $1500/fax.
- Anyone can spam you until you specifically asked them to stop -- what percentage of the 25 million business in the US do you think you have time to individually contact.
- "Valid" return addresses on spam offers no aid to people fighting spam. How does a spammer having some (possibly even valid) street address in an obscure corner of the world and an mail server that dumps all incoming email to
/dev/null give me any help in fighting spam. A large percentage of our incoming spam all have "valid" return addresses.
- In 1991, Congress authorized the telephone "do not call list" by the FTC. That list took more than a decade to go into effect. How long do you think you'll wait for this one?
- "At the FTC's Spam Forum in May 2003, FTC officials and a representative of the National Association of Attorney's General stated clearly that neither the FTC nor state law enforcement agencies have the time, money, or resources, needed to engage in enough anti-spam prosecutions to make a dent in the problem." (Cauce.org)
- As currently written, the email "do not call list" will only be by individual email address, not by domain.
Time in earnest to call your local congressional rep. The Senate appears to be a lost cause.