Federal Court Finds no Strict Liability Under CAN-SPAM

A Federal District Judge in Arizona recently denied the government's motion for summary judgment in a CAN-SPAM case under the adult labelling portion of CAN-SPAM:  Unived States v. Cyberheat, 2007 U.S. Dist. Lexis 15448 (2007) [access the 13 page pdf version of the order here].

The facts (as recited by the court) are fairly straightforward.  Cyberheat (the defendant) runs adult entertainment websites.  It utilizes a promotional program called "TopBucks" in or through which affiliates agree to promote the websites in exchange for payment upon a successful promotion.  Cyberheat's "affiliates" sent out numerous emails which did not comply with CAN-SPAM's labelling requirement.  The government sought to hold Cyberheat liable.   A quick note here:  this is a fairly significant order in that this is a very typical arrangement, even outside the adult-promotion area.  Many websites operate "affiliate" programs through which third parties promote the websites.  A key, typically contested issue, is to what extent the website can be held liable for the violations by the affiliate of CAN-SPAM.  The order does not decisively answer the question (falling back on some Learned Handesque burden/benefit balancing approach).  But it starts to chip away at the edges.

The Statute:  the Court notes three relevant definitions from CAN-SPAM:  (1) to initiate (originate or transmit); (2) procure (pay or induce a third party to transmit); and (3) sender (the "originator" ??).  The definitions are somewhat confusing and probably of little help.  One of the many critical drafting mistake(s) in CAN-SPAM was to provide for multiple possible initators/originators and to use the word "initiate" in the definition of "Sender".  (I think the expression is open loop or something . . . .)  The key question of what standard is used to determine Cyberheat's potential liability for the actions of its affiliates does not have an answer in the statute - at least according to the court.

Strict liability v. Intent:  The government argued that Cyberheat should be held "directly liable", which I assume is a synonym for "strictly liable."  Cyberheat went to the other extreme, and argued that it should only be held liable when it intended for the affiliates to violate the statute ("Defendant insinuates that the Statute requires intent for Defendant to be held liable for the acts of third parties . . . .").  The Court strikes the middle ground:
the Court does not find the Statute applicable to a business such as Cyberheat for an accidental or mistaken violation, immediately attended to and corrected. By the same token, Cyberheat cannot insulate itself from any liability for the actions of the affiliates on its ultimate behalf and for its financial benefit purely by putting on blinders or inattention to monitoring and supervising the use of its sexually explicit materials. n7 Cyberheat has a duty that it can only delegate at its own peril. In the end, Cyberheat is paying affiliates who are successful in promoting Cyberheat and bringing in business to the company. Because Defendant is a purveyor of that which the Statute explicitly attempts to regulate, sexually explicit materials available on the Internet, the Court does view Defendant as having a duty to oversee the use of those sexually explicit materials when distributed for promotion, and despite the disclaimers, upon receipt of knowledge that affiliates were using their promotional literature in a violative manner, incurred a duty to act reasonably to stop that activity. Here, control over the affiliates and knowledge of the violations of the affiliates are two issues that are pivotal.
The court goes on to cite agency cases where federal courts apply agency principles in analogous contexts.  The court provides a typical list of relevant factors:  control/benefit, etc. etc.

Summary Judgment:  Interestingly, the government presented evidence that Cyberheat received complaints and did not adequately respond to them.  The opinion cites to at least four affiliates who were the subject of complaints but who were not terminated.  Nevertheless, the court denies summary judgment using sweeping language that "whether the breach or violation of a statute has occured . . . is a question of fact for a jury." 

The Take Away:  I'll have to come back to this one.  My instinct is that the result is sort of correct.  The denial of strict liability is definitely a win.  Strict liability should not be lightly inferred in a federal statute.  That said, I recall getting a sense that Congress wanted this type of unsolicited email dealt with differently than normal commercial email because of the additional harm potentially caused (exposure to children primarily, see previous post).  CAN-SPAM has a fairly comprehensive - albeit confusing - framework for when different persons or entities in the chain should be held liable.  Given this, the court's importation of common law/agency principles into this framework seems unnecessary. 

More later, as they say.

  • 3/12/2007 2:43 PM Technology & Marketing Law Blog wrote:
    By Eric Goldman U.S. v. Cyberheat, Inc., 2007 WL 686678 (D. Ariz. March 2, 2007) This case deals with one...
  • 3/12/2007 2:44 PM Technology & Marketing Law Blog wrote:
    By Eric Goldman U.S. v. Cyberheat, Inc., 2007 WL 686678 (D. Ariz. March 2, 2007) This case deals with one...
  • No comments exist for this post.
Leave a comment

Submitted comments are subject to moderation before being displayed.

 Name (required)

 Email (will not be published) (required)


Your comment is 0 characters limited to 3000 characters.