By Barbara F. Dunn and Nathan J. Breen
On December 16, 2003, President Bush signed the “Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003,” otherwise known as the “CAN-SPAM” Act. The Act took effect on January 1, 2004, and it preempts all of the various state electronic mail laws that previously applied to commercial e-mail. CAN-SPAM makes it a criminal offense to engage in a variety of fraudulent practices by e-mail, including the harvesting of e-mail addresses and the automatic creation of multiple e-mail accounts by which to send unsolicited commercial messages. The Act also introduces certain generally applicable requirements and limitations as to commercial e-mail.
The Act defines commercial e-mail as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service.” Exempted from the commercial e-mail definition, however, are “transactional or relationship messages,” which primarily “facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender.” Transactional or relationship messages also include certain notifications with respect to ongoing commercial relationships such as subscriptions, memberships, and accounts. With respect to commercial e-mail, the Act prohibits false or misleading transmission information contained in the message’s header, including the originating e-mail address and “from” line. Deceptive subject headings also are prohibited.
CAN-SPAM requires all commercial e-mail to include a functioning e-mail address or other Internet–based mechanism, clearly and conspicuously displayed, that the recipient can use to opt out by requesting that no further messages be sent. The sender of the message is given 10 business days to honor such opt-out requests, at which point sending any additional commercial e-mail represents a violation of the Act. Sharing the e-mail addresses of those who have opted out also is a violation unless such sharing is intended to further compliance with the Act.
CAN-SPAM requires that each commercial e-mail message contain “clear and conspicuous identification that the message is an advertisement or solicitation,” although the manner in which this identification must appear is not specified. Such messages also must contain the postal address of the sender. The Act applies not just to senders of commercial messages and related entities but also to those who allow the promotion of their business through unsolicited commercial e-mail.
Primary enforcement authority is given to the Federal Trade Commission (FTC) and state attorneys general, but other federal and state agencies have enforcement authority to the extent that the violator is subject to that agency’s regulation. Damages are discretionary and can be as high as $2 million. For willful and knowing violations, damages can be tripled. A private right of action is created only as to Internet Service Providers, leaving individuals with no remedy other than to complain to the FTC or their state attorney general.
The Act gives the FTC the authority to adjust many of its provisions after implementation and directs the agency to set up a do-not-e-mail registry similar to the recently introduced do-not-call list. By January 1, 2006, the FTC, in consultation with various other federal agencies, will submit a report to Congress analyzing the effectiveness of the Act and recommending any changes to its various provisions. In addition, the FTC must prepare a variety of reports as to the creation of certain standards for compliance with the Act. So far, the FTC has issued reports assessing the potential effectiveness of a reward system for those who report spam and suggesting that a do-not-e-mail registry would be counterproductive.
Does it go far enough?
Those who believe that CAN-SPAM does not go far enough in preventing unsolicited commercial e-mail have joked that the law should have been titled “You Can Spam” since it contains no outright prohibition on unsolicited commercial e-mail. Many have lamented the fact that the Act preempts many state laws that were much more strict. The concern is that, since there now are clear guidelines as to the legal requirements regarding unsolicited commercial e-mail, the volume of such e-mail will actually increase. Also, since the Act does not provide a private cause of action, federal and state governmental agencies will be left to enforce it. Critics contend that this will ensure that the law is applied only to high-profile violators, allowing many small-time spammers to carry on unscathed. Preliminary reports do suggest that the volume of unsolicited commercial e-mail has not decreased since the Act was passed. Moreover, CAN-SPAM compliance among mass e-mailers has been estimated to be at approximately four percent.
However, given the unsettled state of the law as it applies to commercial faxes, those in the meetings industry may want to utilize e-mail more to avoid the potential for damage claims arising from faxes for which it might be said that the recipient had not given express permission. While the FTC recently further postponed the implementation of stricter regulations as to commercial faxes, these are still due to be implemented as of July 2005. Also, in the meantime, individuals and law firms have been using the private cause of action provided by federal law to demand money from those they claim have not received express permission to send a particular fax. In many situations, the lack of a private cause of action with respect to commercial e-mail makes this mode of communication a safer bet.
(Barbara F. Dunn, Esq. is an attorney and partner with Howe & Hutton. Nathan J Breen is an attorney with Howe & Hutton in the firms Chicago Office.)