G The Tech Group Alert January 2004 The CAN-SPAM Act: Federal Government Regulates Unsolicited Commercial E-mail By David Leit, Esq. · n December 16, 2003, President Bush Falsifying header information; O signed into law the “Controlling the · Sending messages from e-mail accounts or Assault of Non-Solicited Pornography domain names that are registered under and Marketing Act of 2003.” The Act became names which falsely identify the registrant; effective on January 1, 2004. The “CAN-SPAM” · Using deceptive subject headings; Act represents the federal government’s first effort · Sending an e-mail that does not contain a to address the rapid growth in the volume of functioning reply mechanism or other unsolicited commercial electronic mail. It may not comparable means which allows the recipient be the last such effort, as the Act specifically to opt out of future mailings; contemplates review of the effectiveness of the Act · Sending e-mail to anyone who has opted out; within the next two years. · Sending commercial e-mail without a “clear The Act focuses mainly on stopping deceptive and conspicuous” identification of the practices often used by senders of bulk commercial e- message as an advertisement or solicitation; mail, and on providing recipients with a method to · Sending commercial e-mail without clear and opt out from receiving future communications from conspicuous notice of an opt-out option; any particular sender. The Act does not prohibit the · Sending commercial e-mail without including sending of unsolicited commercial e-mail that a physical postal address of the sender; complies with the requirements of the Act. · “Harvesting” of e-mail addresses from web sites; What the Law Prohibits · The CAN-SPAM Act prohibits: Use of automated routines that generate · possible e-mail addresses by combining Accessing someone else’s computer, without names, letters, or numbers into numerous their authorization, and using it to transmit permutations (“dictionary attacks”); multiple commercial e-mail messages; · · Sending sexually oriented material without Using someone else’s computer to relay or including notice that such material is retransmit e-mail so that it appears to come included in the subject heading; from them, rather than the actual sender; This document is published by Lowenstein Sandler PC to keep clients and friends informed about current issues. It is intended to provide general information only. L Roseland, New Jersey Telephone 973.597.2500 65 Livingston Avenue www.lowenstein.com 07068-1791 Fax 973.597.2400
G Finally, the new law directs the FTC, in · Sending sexually oriented material in any way consultation with the Department of Justice, to that presents the material to the recipient issue a report by the end of 2005 analyzing the immediately upon opening, rather than effectiveness and enforcement of the CAN-SPAM providing the required notices and further Act, and making recommendations to Congress for instructions on how to access the sexually oriented material; or any amendments to the Act. · Knowingly allowing one’s business to be Affirmative Consent promoted by a third party who sends commercial e-mail in violation of the Act. Senders can avoid some of the restrictions of the CAN-SPAM Act by obtaining affirmative consent Fleshing out the Details before sending e-mail to any particular recipient. If The CAN-SPAM Act leaves a number of details a recipient expressly consents to receive e-mail to be sorted out at a later date. Most significantly, messages, the sender of the e-mail is no longer the law directs the FTC to issue a report within the obliged to identify messages as an advertisement or next 6 months regarding recommendations for solicitation, nor is a sender of sexually explicit implementing a national Do-Not-E-mail registry, materials obligated to label them as such. In akin to the new Do-Not-Call registry. The FTC is addition, a sender of sexually explicit materials may pre-authorized to implement its plan at any time send those materials directly in an e-mail if the after nine months from the date of the enactment. recipient has already given affirmative consent. Thus, we can reasonably expect to see a Do-Not- Affirmative consent does not affect the E-mail registry some time after September 16, 2004. requirements that e-mails contain an opt-out provision or a valid postal address, nor does it alter The FTC is also charged with issuing regulatory any of the provisions regarding false and misleading guidance on how certain aspects of the Act will be headers, routing information, etc. implemented. For example, the Act specifically directs the FTC to prescribe clearly identifiable Preemption of State Laws marks or notices to be included in or associated The CAN-SPAM Act supersedes all State and with commercial e-mail that contains sexually local laws that expressly regulate the use of e-mail to oriented material, both for the purposes of send commercial messages. Thus, the Act nullifies informing the recipient and to aid in e-mail filtering other statutes that have been recently passed, many schemes. These regulations are due by April 2004. of which are more restrictive than the CAN-SPAM It is also reasonable to expect that the FTC will Act. For example, California had recently passed a issue further guidance on such issues as what statute which prohibited all commercial e-mail from constitutes “clear and conspicuous” identification California or to California e-mail addresses except of messages as advertisements, and what it with affirmative consent. This law has now been considers a sufficient means for exercising an opt- preempted by the CAN-SPAM Act. out right.
G for certain violations of the Act, if the ISP is Enforcement adversely affected by such violations. In The CAN-SPAM Act does not provide for a addition, it is important to note that the CAN- private cause of action; that is, an individual who SPAM Act does not prevent ISPs from adopting believes he or she received e-mail in violation of their own spam policies, which may be more the Act cannot sue the sender directly. The FTC restrictive than the requirements of the CAN- has the principal authority to enforce the civil SPAM Act. aspects of the law, although other federal agencies have authority to enforce the law against entities Conclusion falling within their regulatory purview. The While the CAN-SPAM Act certainly requires Department of Justice will enforce the criminal senders of commercial e-mail to be more careful aspects of the Act. The Attorneys General of the about their practices, it should not present an States have authority to enforce certain portions of insurmountable hurdle for most legitimate the Act, provided that they notify the FTC or businesses. Now is a good time for senders of other appropriate federal regulatory agency before commercial e-mail to review and update their taking action. In addition, if a federal agency has mailing practices and privacy policies. brought an action for violation of the Act, the States are prohibited from taking action while that Clients having questions regarding the CAN-SPAM action is pending. Act are urged to contact the Lowenstein Sandler attorneys with whom they work. In addition, questions The sole exception to the rule preventing can be directed to David Leit at (973) 597-2340 or private causes of action is a limited authority dleit@ lowenstein.com. granted to Internet service providers to bring suit
Recommend
More recommend
