Federal Court Rejects Vagueness Challenge to CAN-SPAM


Last week a federal district judge rejected vagueness and overbreadth challenges to criminal provisions of CAN-SPAM: US v. Twombly, et al., 2007 U.S. Dist. Lexis 12664 (Feb. 22, 2007).  (You can access a pdf version of the 6 page decision here.)

The description of the facts in the opinion is sparse.  Basically Twombly and his cohorts leased servers and sent out millions of spam emails: 

Defendants allegedly sent approximately 1 million spam electronic mail messages, followed several days later by another 1.5 million. The spam messages allegedly contained advertising for computer software, and directed recipients to the website of a software company with an address in Canada. The Government alleges this website was falsely registered under the name of a non-existent business, and that the messages' routing information and "From" lines were falsified, preventing recipients, internet service providers, and law enforcement agencies from identifying, locating, or responding to the senders. Biznesshosting allegedly investigated the complaints, traced the spam to the server leased by Defendant Twombly, and terminated his account.

The Government alleges the traffic generated by Defendant Twombly's leased server led internet-based anti-spam services to blacklist Biznesshosting's network domain, resulting in both immediate and continuing financial loss to Biznesshosting.

Defendants were charged with (among other things) violations of 18 USC 1037, which (1) prohibits the falsification of header information or (2) use of false identity or information in registering for "electronic mail accounts or online user accounts or two or more domain names" along with the initiation of spam in connection with such accounts or domain names. 

The vagueness argument was obviously the more difficult of the two.  And the court does not do a great job of disposing of it.  It's not even clear from the opinion whether the conduct at issue is the transactions with the hosting company ("Biznesshosting, Inc.") or the subsequent emails (and headers in those emails).  The problem, of course, is that the emails sent by defendants caused Biznesshosting to be blacklisted (see italicized text from the court's description of facts).  If Defendants misrepresented the transmission paths of their messages, their misrepresentations were not terribly material or they did not do a very good job.  After all, many ISPs were able to trace the messages to the hosting company (Biznesshosting) and blacklist the hosting company.  (The obvious question here is, what say you Judge Wilkinson ?) 

 Anyway, that's neither here nor there.  At the end of the day there's a continuum between a message that immediately identifies the sender (for example which lists an actual email and physical street address) and messages which do not readily identify the sender but with respect to which the sender can be traced with some difficulty (an advertiser message that lists the domain name for the underlying product or service).  It's unclear from the facts as to where this case sits on that spectrum.  The statute's additional explanation does not shed any light on how difficult the misrepresentation must make it to identify the sender:

header information or registration information is materially falsified if it is altered or concealed in a manner that would impair the ability of a recipient of the message, an Internet access service processing the message on behalf of a recipient, a person alleging a violation of this section, or a law enforcement agency to identify, locate, or respond to a person who initiated the electronic mail message or to investigate the alleged violation. 

(18 USC 1037(d)(2).)  Is the standard measured from a reasonable person's perspective?  A reasonable ISP?  Law enforcement officer?   What does it mean to "impair the ability of [the] recipient . . . to identify, locate, or respond" to the sender?  I think Defendants' argument has some merit.  (I forget whether there are procedural complications – like that you can't challenge vagueness if you clearly fit the statute and it's really difficult to tell from the court's description of the facts.) 

Defendants also raised an overbreadth challenge.  The court denies this challenge on the basis that the overbreadth doctrine is not available to a commercial speaker and that in any event, a limiting construction can or will be placed on the statute. 

The takeaway:  I hadn't previously examined this provision very closely, but it's poorly written.  Given the severe consequences associated with non-compliance, it's extremely problematic in that it may not afford defendants sufficient notice of what is prohibited and what is not. 

The real takeaway
:  CAN-SPAM is quickly turning into a morass. 

 
Trackbacks
  • 3/1/2007 12:03 PM Technology & Marketing Law Blog wrote:
    By Eric Goldman * The California Highway Patrol (which, for reasons unclear to me, has investigatory power here) has concluded...
Comments
  • No comments exist for this post.
Leave a comment

Submitted comments are subject to moderation before being displayed.

 Name (required)

 Email (will not be published) (required)

 Website

Your comment is 0 characters limited to 3000 characters.