[[Greets, Declan. Thought you could use a comprehensive, _somewhat_ concise summary of the Senate's spam bill. Please only UNATTRIBUTED/ANONYMOUS if you wish to share with Politech.]] ----- The Senate passed an amended version of S.877, the Wyden-Burns anti-spam bill that has been percolating through Senate committee for the past few years. Contrary to what you are seeing in most press, this is not the "first" anti-spam bill to pass the Senate. Bills have made it out of both the House and Senate in the past. (S.1618 in the 105th Senate, and HR 3113 in the 106th House, among others.) (Just a reminder, the Senate passing a bill is a big deal, but not nearly as big as if/when the President signs it into law _after_ the House passes it too.) But that's not to say this passage is not meaningful, such consensus in the more "legislatively reserved" Senate likely means that even if the House doesn't pass the exact same bill, at least some of the language of this bill could show up in the appropriations bills Congress is rushing to finish right now. --- The bill that passed the Senate has three main parts; (1) criminal prohibitions, (2) spam labeling requirements and civil prohibitions, and (3) several studies and reports, including requiring "plans" for an FTC "do-not-spam" list. SUMMARY --- (1) CRIMINAL prohibition The criminal part comprehensively prohibits a list of "bad acts" if they are done in the act of intentionally sending more than 100 commercial email/day; things like registering multiple accounts, obscuring or forging headers, logging on to or using computers without access. A sexually explicit labeling and content prohibition amendment was added by Sens. Santorum and Enzi on the floor at passage. It requires that unsolicited commercial email be labeled in the subject line, (in a manner the FTC will decide) and no sexually explicit content be visible when the email is opened. Violate the criminal provision and you face fines, asset forfeiture and up to 5 years in federal prison, depending on volume, severity, prior offences, and prior or concurrent crimes committed. The bill also provides for sentence enhancements if the "spamming" was done with "harvested" addresses or stolen address lists, or by "dictionary attack" auto-generation of email addresses. [[ comments - anonymous or pseudonymous accounts and anonymous remailing aren't prohibited outright, but only if they are used to send commercial email. The labeling of sexually explicit content could get messy, if done in a way other than what the FTC prescribes, (say labeling ADLT if the FTC required "ADULT") that would seem to be a violation resulting in a fine or jail.]] (2) GENERAL LABELING AND OPT OUT REQUIREMENTS The second part of the bill contains civil prohibitions and labeling requirements, including sexual content labeling, for commercial email. Materially misleading or falsified header or subject information in ANY commercial email is prohibited. MOST commercial email must have a valid reply address or reply mechanism. ("Transactional emails" like billing notifications and "update/patch available" emails from existing business relationships are exempt) UNSOLICITED commercial email must have clear notice (somewhere) that it is an advertisement, and an opt-out mechanism, and a valid physical postal address of the sender. Once a sender has received an opt-out, UNSOLICITED commercial email cannot be sent to someone who has exercised their right to opt-out. (Several of the more common ways to get around this, such as hiring someone else to send, or reselling an opted-out address, are also prohibited.) Similar to the criminal provisions, scripting or auto-generating email accounts, harvesting email addresses, or autogenerating email addresses is also prohibited, if those acts are part of sending unsolicited commercial email that doesn't follow the rules above. Violations of these requirements can be pursued by the FTC and in some cases other federal agencies. (i.e. SEC, FCC) State Attorneys General and ISPs can also sue, but individual recipients cannot. In most cases, damages are capped at $1 million. State laws dealing specifically with unsolicited email would be mostly pre-empted - NOTABLY California's recently-adopted "opt-in" anti-spam law. These civil provisions also target 3rd parties who knowingly "let" their products be promoted in someone else's illegal spam, (HYPOTHETICAL example - Pfizer "knowingly" benefiting from spammers promoting Viagra) but only the FTC can enforce against these 3rd party violators. [[ comments - The short summary is: the bill sets up an "opt-out" regime that allows any spammer one free spam. Consumer enforcement is (except for a few state laws that aren't preempted) left only in the hands of FTC employees and 50 state Attorneys General. ISPs can sue, and are given rather strong standards and penalties. The bill actually removes individual consumers' access to redress in court under several state laws. The "3rd party" section, an amendment by Sen. McCain in committee, aims at companies who hire out spammers or separate themselves from spammers by shell corporations, but knowingly benefit nonetheless. Although this part of the bill is extensively tailored, the Viagra hypothetical indicates it could still potentially be problematic.]] (3) "DO NOT SPAM" LIST AND "BOUNTY" STUDIES The bill requires the FTC to develop a plan for a national "Do Not Spam" email address registry, including documenting potential problems. The FTC "may" implement the plan, but doesn't have to, and can't for at least 9 months. The bill requires the FTC to develop a plan for a "bounty" system of a portion of any fine collected for people who report spam to the FTC. The FTC is similarly not required to implement such a bounty plan, but it "may," after 12 months. The bill also requires the FTC to study and report (but doesn't authorize action) on a whole slew of issues, including "ADV" labeling, the efficacy of any enforcement actions, newly emerging bad business practices, etc. [[ comments - The email address registry plan, required in an amendment by Senator Schumer, has been reported as a major sticking point for passage. The bounty plan is similar to the Rep. Lofgren House bill associated with Prof. Lessig's proposal to allow individual users to collect a bounty on identifying spammers. Sen. Corzine introduced a similar Senate bill, and when this bill came up, attached his language as a "study" amendment. Draw your own conclusions about these two amendments and the press they will get the respective Senators, but in the end, the Senate didn't "require" the FTC to implement either. ]] _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2b30 : Tue Oct 28 2003 - 08:02:30 PST