"Junk E-mail": An Overview of Issues and Legislation Concerning Unsolicited Commercial Electronic Mail ("Spam")

Unsolicited commercial e-mail (UCE), also called “spam” or “junk e-mail,” aggravates many computer users. Not only can spam be a nuisance, but its cost may be passed on to consumers through higher charges from Internet service providers who must upgrade their systems to handle the traffic. Proponents of spam insist it is a legitimate marketing technique and protected by the First Amendment. While 27 states have anti-spam laws, there is no federal law. Four bills are pending in the 108th Congress: H.R. 1933, S. 563, S. 877, and S. 1052. (Spam on wireless devices such as cell phones is discussed in CRS Report RL31636.)

Order Code RS20037 Updated May 15, 2003 CRS Report for Congress Received through the CRS Web “Junk E-mail”: An Overview of Issues and Legislation Concerning Unsolicited Commercial Electronic Mail (“Spam”) Marcia S. Smith Specialist in Aerospace and Telecommunications Policy Resources, Science, and Industry Division Summary Unsolicited commercial e-mail (UCE), also called “spam” or “junk e-mail,” aggravates many computer users. Not only can spam be a nuisance, but its cost may be passed on to consumers through higher charges from Internet service providers who must upgrade their systems to handle the traffic. Proponents of spam insist it is a legitimate marketing technique and protected by the First Amendment. While 27 states have anti-spam laws, there is no federal law. Four bills are pending in the 108th Congress: H.R. 1933, S. 563, S. 877, and S. 1052. (Spam on wireless devices such as cell phones is discussed in CRS Report RL31636.) This report will be updated. Overview One aspect of increased use of the Internet for electronic mail (e-mail) has been the advent of unsolicited advertising, also called “unsolicited commercial e-mail (UCE),” “unsolicited bulk e-mail,” “junk e-mail, “or “spam.”1 Consumer complaints focus on the fact that some spam contains or has links to pornography, and about the steadily increasing volume of spam. According to Brightmail [http://www.brightmail.com], a company that sells anti-spam software, the volume of spam rose from 8% of all e-mail in January 2001 to 45% in January 2003. Some project that spam will reach or exceed 50% of all e-mail by 2004. 1 The origin of the term spam for unsolicited commercial e-mail was recounted in Computerworld, April 5, 1999, p. 70: “It all started in early Internet chat rooms and interactive fantasy games where someone repeating the same sentence or comment was said to be making a ‘spam.’ The term referred to a Monty Python’s Flying Circus scene in which actors keep saying ‘Spam, Spam, Spam and Spam’ when reading options from a menu.” Congressional Research Service ˜ The Library of Congress CRS-2 Opponents of junk e-mail argue that not only is it annoying and an invasion of privacy (see CRS Report RL31408 for more on Internet privacy), but that its cost is borne by consumers and Internet Service Providers (ISPs), not the marketers. Consumers reportedly are charged higher fees by ISPs that must invest resources to upgrade equipment to manage the high volume of e-mail, deal with customer complaints, and mount legal challenges to junk e-mailers. Businesses may incur costs due to lost productivity, or investing in upgraded equipment or anti-spam software. The Ferris Research Group [http://www.ferris.com], which offers consulting services on managing spam, estimates that spam will cost U.S. organizations over $10 billion in 2003. Proponents of UCE argue that it is a valid method of advertising, and is protected by the First Amendment. The Direct Marketing Association (DMA) argued for several years that instead of banning UCE, individuals should be given the opportunity to “opt-out” by notifying the sender that they want to be removed from the mailing list. Hoping to demonstrate that self regulation could work, in January 2000, the DMA launched the Email Preference Service where consumers who wish to opt-out can register themselves at a DMA Web site [http://www.e-mps.org]. DMA members sending UCE must check their lists of recipients and delete those who have opted out. Critics argued that most spam does not come from DMA members, so the plan is insufficient, and on October 20, 2002, the DMA agreed. Concerned that the volume of unwanted spam was undermining the use of e-mail as a marketing tool, the DMA announced that it now would pursue legislation to battle the rising volume of spam. One challenge of controlling spam is that much of it originates outside the United States and thus is not subject to U.S. laws or regulations. Spam is a global problem, and the European Commission estimates that Internet subscribers globally pay 10 billion Euros a year in connection costs to download spam [http://europa.eu.int/comm/internal_market/privacy/studies/spam_en.htm]. Several European countries have anti-spam laws. The FTC and other U.S. and foreign agencies have called on organizations in 59 countries to close “open relays” that allow spam to be routed through third-party computers, permitting spammers to avoid detection [http://www.ftc.gov/opa/2003/05/swnetforce.htm]. Avoiding and Restraining Spam Tips on avoiding spam are available on the Federal Trade Commission’s (FTC’s) W eb s i t e [ h t t p : / / w w w . f t c.gov/ bcp/ m enu-i nt ernet .ht m ] , and from [http://home.cnet.com/internet/0-3793-8-5181225-1.html], a non-government site. Consumers may file a complaint about spam with the FTC by visiting the FTC Web site [http://www.ftc.gov] and scrolling down to “complaint form” at the bottom of the page. The offending spam also may be forwarded to the FTC (UCE@ftc.gov) to assist the FTC in monitoring UCE trends and developments. To date, the objective of restraining junk e-mail has been fought primarily over the Internet or in the courts. Some Internet service providers (ISPs) will return junk e-mail to its origin, and groups opposed to junk e-mail will send blasts of e-mail to a mass e-mail company, disrupting the company’s computer systems. America OnLine, Earthlink, and Microsoft Network all have brought lawsuits under existing laws to stop spammers. CRS-3 Another approach is to enact specific anti-spam legislation. As discussed below, more than half the states already have enacted spam laws, though no federal legislation has passed yet. An oft-discussed approach is requiring senders of UCE to provide a legitimate opportunity for recipients to “opt-out” of receiving additional messages. Others want to prevent bulk e-mailers from sending messages to anyone with whom they do not have an established business relationship, treating junk e-mail the same way as junk fax (see CRS Report RL30763 for information on the law pertaining to junk fax). Another approach is creating a “do not e-mail” list similar to the “do not call” list for telemarketers, under which individuals can place their names on a list to opt-out of receiving UCE. Another possibility is requiring that senders of UCE use a label such as “ADV” in the subject line of the message so the recipient will know before opening an e-mail message that it is an advertisement. Others argue that legislation cannot stop spam because so much of spam originates overseas, or because legislation includes so many “loopholes” that it is ineffective. The fact that spam is rising despite the growing number of state laws suggests that legislation is not a sure solution. One proposed alternative is trying to make spam less attractive economically by increasing the cost of sending spam, perhaps by establishing systems whereby recipients could charge spammers “postage” for UCE. Others believe the issue should be left to the ISPs to resolve since they have the incentive to do so. State Action According to the SpamLaws Web site [http://www.spamlaws.com], 27 states have passed laws regulating spam: Arkansas, California, Colorado, Connecticut, Delaware, Idaho, Illinois, Iowa, Kansas, Louisiana, Maryland, Minnesota, Missouri, Nevada, North Carolina, Oklahoma, Ohio, Pennsylvania, Rhode Island, South Dakota, Tennessee, Utah, Virginia, Washington, West Virginia, Wisconsin, and Wyoming. The specifics of each law varies. Summaries of and links to each law are provided on that Web site. Congressional Action: 105th-107th Congresses In the 105th Congress, the House and Senate each passed legislation (H.R. 3888, and S. 1618), but no bill ultimately cleared Congress. In the 106th Congress, several UCE bills were introduced. One, H.R. 3113 Wilson), passed the House. There was no further action. Several spam bills were introduced in the 107th Congress, but none passed. One, H.R. 718 (Wilson), was reported from the House Energy and Commerce Committee (H.Rept. 107-41, Part I), and the House Judiciary Committee (H.Rept. 107-41, Part II). The two versions were substantially different. A Senate bill, S. 630 (Burns), was reported (S.Rept. 107-318) from the Senate Commerce Committee. There was no further action. Congressional Action: 108th Congress Four bills are currently pending. Three (H.R. 1933, S. 877, and S. 1052) are “optout” bills, while the fourth ( S. 563) is a “do not call” bill. The provisions of these bills are summarized in the following table. Some of the provisions affect all commercial email, while others affect only unsolicited commercial e-mail (spam). CRS-4 Table 1: Brief Comparison of Pending Spam Legislation Provision H.R. 1933 (Lofgren) S. 563 (Dayton) S. 877 (Burns/Wyden) S. 1052 (Nelson-FL) Title REDUCE Spam Act Computer Owners Bill of Rights CAN SPAM Act Ban on Deceptive Unsolicited Bulk Electronic Mail Act Definition of Commercial E-Mail E-mail that is an advertisement or promotion of commercial product or service, unless the sender has a personal relationship with the recipient. None E-mail whose primary purpose is commercial advertisement or promotion of commercial product or service, with exceptions. None, though “electronic mail” is defined as a message sent to an electronic mail address. Definition of Unsolicited Commercial Email (UCE) Commercial e-mail sent to a recipient with whom the sender does not have a pre-existing business relationship in past 5 years, and is not sent at the request of, or with the express consent of, the recipient. None Commercial e-mail sent without the recipient’s prior affirmative or implied consent and that is not a transactional or relationship message. None Prohibits false or misleading transmission information in commercial e-mail No No Yes No Prohibits false or misleading header information in UCE Yes No Yes Illegal to falsify or forge certain header information. Prohibits deceptive subject headings Yes, but in UCE only. No Yes, in all commercial email. No Creates “do not e-mail” registry at FTC No Yes No No Requires specific characters in subject line of UCE to indicate the message is an advertisement Yes, “ADV:” for advertisement; “ADVADLT:” for adult-oriented advertisements. Or identification may comply with standards set by Internet Engineering Task Force. No No, but message must provide clear and conspicuous identification that it is an advertisement. No Requires opt-out mechanism Yes, must contain valid sender-operated return e-mail address to which recipient may opt-out. Creates optout mechanism through do not e-mail registry. Yes, must contain functioning return address or other Internet-based mechanism in UCE to which the recipient may opt-out. Yes, must provide recipient clear and conspicuous opportunity to request to opt-out. CRS-5 Provision H.R. 1933 (Lofgren) S. 563 (Dayton) S. 877 (Burns/Wyden) S. 1052 (Nelson-FL) Damages or Penalties Civil penalties to be set by FTC, except that under private right of action, court may impose penalties up to $10 per violation. Up to $10,000 per violation $10 per violation, up to $500,000, or $1.5 million under certain circumstances. Civil penalties and fines to be set in accordance with 18 U.S.C. Reward for first person identifying a violator and supplying information leading to the collection of a civil penalty Yes, not less than 20% of the penalty. No No No Private Right of Action Yes No No No Affirmative Defense Yes, person is not liable if the person has established and implemented, with due care, reasonable practices and procedures to prevent violations, and violation occurred despite good faith efforts to comply, or if, within 2-days ending upon the initiation of the transmission that is in violation, such person initiated the transmission of such message, or one substantially similar to it, to less than 1,000 e-mail addresses. NA Yes, person is not liable if the person has established and implemented, with due care, reasonable practices and procedures to prevent violations, and violation occurred despite good faith efforts to comply. NA Enforcement By FTC By FTC By FTC, except for certain entities that are regulated by other agencies. Violation considered a predicate offense under RICO and an unfair or deceptive practice under FTC Act. State action allowed NA NA Yes, but must notify FTC or other appropriated regulator, which may intervene. NA CRS-6 Provision H.R. 1933 (Lofgren) S. 563 (Dayton) S. 877 (Burns/Wyden) S. 1052 (Nelson-FL) Effect on ISPs ISPs may bring civil action in U.S. district court. NA ISPs may bring civil action in U.S. district court. NA Does not change law regarding when ISP may disclose customer communications or records; does not require ISP to block, transmit, route, relay, handle or store certain types of e-mail; does not prevent or limit ISP from adopting a policy regarding commercial e-mail including declining to transmit certain commercial e-mail; and does not render lawful any such policy that is unlawful under any other provision of law. Does not affect the lawfulness or unlawfulness under other laws of ISP policies declining to transmit, route, relay, handle, or store certain types of e-mail. Supersedes state and local laws and regulations State and local governments may not impose civil liabilities inconsistent with Act. The Act does not preempt certain remedies available under certain other federal, state, or local laws. NA Yes, with exceptions. NA Prohibits transmission of unlawful UCE from improperly harvested e-mail addresses No NA Yes Prohibits collecting e-mail addresses from public and private spaces for the purpose of transmitting UCE. NA = Not Addressed RICO = Racketeer Influenced and Corrupt Organizations Act