California spam law may face court challenge

A broadly worded ban on unsolicited commercial e-mail could prove vulnerable to challenges on interstate commerce and First Amendment grounds, legal experts say.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
6 min read
When California Gov. Gray Davis signed one of the nation's most sweeping antispam laws this week, he didn't end a debate over how the proposal would affect businesses in the richest, most technology-savvy U.S. state.

Davis merely shifted it from the Sacramento statehouse--the scene of tense negotiations among antispam activists, direct marketers and technology companies--into the court system.

More so than any other state antispam law, the California measure is worded so broadly it is thought to be especially vulnerable to expected legal challenges, either from unapologetic spammers who claim it violates their constitutional rights or from legitimate businesses that claim it interferes with traditional marketing practices.

That's exactly the kind of lesson the Federal Trade Commission learned this week, after the Direct Marketing Association and telemarketers won a legal bid to nix the national "Do Not Call" list, just days before the Oct. 1 deadline for it to take effect.

A federal judge said Congress never authorized the FTC to set up the list in the first place. "Absent such a grant of authority in this case, the court finds the do-not-call provision to be invalid," wrote Lee West, the senior judge for the western district of Oklahoma.

California's law, which is scheduled to take effect on Jan. 1, 2004, could face similar vulnerabilities. Possible lines of attack include the First Amendment, which broadly prohibits restrictions on freedom of expression, and the constitution's ban on state laws that interfere with interstate commerce, known as the dormant commerce clause.

"Certainly the California antispam law is going to face some constitutional challenges," said Ray Everett-Church, a California attorney at the ePrivacy Group who follows spam laws. "The one that I'm looking to see first is the commerce clause challenge. The California law has a provision that says people may not send unsolicited commercial e-mail to California e-mail addresses. The legislation does not define a California e-mail address or how one determines what a California e-mail address is. That ambiguity is very likely to be the basis of a challenge."

Legal remedies not succeeding
Legal remedies to spam have proliferated in recent years, with some 36 states enacting laws seeking to restrain unbridled Internet marketers. In addition, new national laws have recently gained traction overseas, and may be gaining ground in the United States.

But those efforts have so far failed to stanch the flow of unwanted junk e-mail, which has ballooned over the years and now makes up about half of all e-mail traffic by some counts. The expense to business has spiraled upward along with the volume of junk. Spam will cost U.S. organizations more than $10 billion in 2003, according to research firm Ferris Partners, in a study quoted by California lawmakers in their introduction to Tuesday's law.

Increasingly tough measures, such as California's law, reflect the growing sense of crisis around the problem, which is rapidly diminishing the value of e-mail as a corporate communications tool. But local restrictions, even in as influential a state as California, may have only a limited effect on a global problem that may require technical solutions to make it harder for spammers to exploit the Internet's open architecture.

Calls for tougher legislation have been echoed by technologists seeking to address the underlying conditions that make it easy for spammers to hide and steal network resourcesin order to deliver their payloads. On the wish list: strong authentication for all e-mail messages and better controls over the Internet's Whois registry of domain name owners.

According to the California law, drafted by Kevin Murray, a Democratic state senator from Los Angeles, no person--inside or outside the state--may send any advertisement "in an unsolicited commercial e-mail advertisement to a California electronic mail address." Violators can be sued civilly for $1,000 per unwanted commercial e-mail received, either by an individual, their Internet service provider or the state attorney general.

This "opt-in" approach is far different from the traditional way that states have tried to restrict the growing tide of spam, which is clogging inboxes and--when combined with the recent re-emergence of e-mail worms--driving network administrators to distraction. Other states, and nearly all proposals in the U.S. Congress, take an "opt-out" approach or merely require that spam be labeled with a text string such as "ADV:".

The U.S. Supreme Court has said that commercial speech such as advertisements and marketing information receives less protection than "core" expression such as political speech. Because California's law is so restrictive, however, it bans unsolicited commercial communications sent through e-mail that would be perfectly acceptable if sent by way of the U.S. Postal Service.

A handful of other courts--including a California state judge--have suggested that antispam laws can run afoul of the commerce clause, but the U.S. Supreme Court has not taken a case that would clarify the situation. In 2001, the court declined to hear a constitutional challenge to a Washington state antispam law, one of the first measures to set standards for junk e-mailers and levy stiff fines for violators.

"It's all an interesting question in terms of how California will enforce a law against someone who otherwise has no jurisdictional ties to the state," Everett-Church said.

Congress may interfere
Another obstacle not just for California but for any of the dozens of states that have enacted antispam laws is an unusual one: the U.S. Congress. The federal government has never enacted a bill to limit unsolicited commercial e-mail, but most of the ones under consideration on Capitol Hill "pre-empt"--that is, override--state laws.

On Wednesday, the House Subcommittee on Commerce, Trade, and Consumer Protection approved one of the few bills that does not pre-empt state laws. The measure, called the International Consumer Protection Act, would turn the FTC's investigators into virtual spam cops, granting them the power to serve secret requests for subscriber information on Internet service providers, peruse FBI criminal databases and swap sensitive information with foreign law enforcement agencies.

The new powers would not be limited to fraudulent or deceptive unsolicited e-mail and are designed to be employed in other forms of investigations as well.

That kind of approach has its place, said Karl Jacob, CEO of antispam company Cloudmark, but in general technological solutions to the spam problem are more effective.

"We believe a lot of progress has been made in technological solutions to these problems," said Jacob, whose San Francisco-based company has raised $5.5 million in venture funding. "It's very hard to legislate what consumers want. A better way is to allow them to express their preferences through technology."

Jacob predicted that the California law "makes it very hard for marketers to comply," and will therefore encourage businesses to lobby for federal laws that override it and other state measures.

Kenneth Hirschman, general counsel of Digital Impact, an e-mail marketing company whose clients include Microsoft, Sony, MasterCard, Hewlett-Packard, Verizon Communications and Gap, said the California law would harm legitimate marketers. "In the long run, we don't expect this law to mean anything to (our clients)," Hirschman said. "But in the short term we expect it to create quite a nuisance to us and our clients."

That's because the law places the burden of proof on the sender of a commercial message, not the recipient, Hirschman said. "Legitimate companies will have to go to court again and again and again and defend these nuisance suits. They won't be guilty. But it's pretty annoying to have to prove that 500 times."

Federal legislation is probably necessary to pre-empt state laws that are too antibusiness, Hirschman said. "If you're going to have a private right of action, you need some kind of safe harbor or affirmative defense for legitimate businesses."

On Wednesday, embarrassed officials in Washington scrambled to react to the news that the "Do Not Call" list was on indefinite hold. Since President Bush highlighted the registry in a June ceremony on the south lawn of the White House, about 50 million Americans had submitted their phone numbers. Late in the day, the FTC asked for an emergency stay of the court order so that it could prepare an appeal, while the Direct Marketing Association released a statement saying it was "grateful" for the court's decision.

On Capitol Hill, the outcry was thoroughly bipartisan. Billy Tauzin, R-La., and John Dingell, D-Mich., the senior members of the House Energy and Commerce Committee, sent reporters a joint statement saying: "We were disappointed to learn that a federal district court has invalidated the Federal Trade Commission's national do-not-call registry. We are confident this ruling will be overturned."