California took a tough stand against spam this week after Governor Gray Davis signed a law prohibiting anyone from sending unsolicited commercial email advertisements to a California email address.
The law sets up an "opt-in" requirement, the aim being to prevent email users from getting email advertisements unless they asked to be on the sender's list. Senders of unsolicited messages could be held liable for damages up to $1000 for each message to an individual and up to $US1 million for each email advertisement sent out. The recipient, the state attorney general or the email service provider could seek damages.
The law also bans sending spam from California and prohibits the collection of email addresses or registering multiple email addresses for the purpose of sending spam. It passed the state Senate on September 11 as Senate Bill 186. Another bill, Senate Bill 12, which proponents said would have allowed internet service providers to be held liable for spam, died in a state Assembly committee in July. The author of that bill, State Senator Debra Bowen of Redondo Beach, said Microsoft had spearheaded an effort to defeat it. Microsoft denied the charge.
The law is set to take effect on January 1.
Microsoft sees the law as a positive step, according to spokesman Sean Sundwall. The company has taken several steps to keep spammers from taking advantage of its Hotmail service, he says. If a spammer uses such a service to send unwanted email, "that's the fault of the spammer, not the fault of the ISP," Sundwall says.
Its provision for individuals to sue over spam makes this law stand out, say commentators familiar with the legal issues.
Unscrupulous spammers who are hard to track down are unlikely to knuckle under, but the law should have some effect on both senders and recipients of commercial email, they say.
"I don't think this is the silver bullet to spam. You're still going to want email filters and you're still going to receive spam from parts unknown, but this will make a dent," says David Kramer, a partner at the law firm Wilson, Sonsini, Goodrich and Rosati, in Palo Alto, California. Companies that may have been on the fence about whether to send unsolicited commercial email now have a clear sign that it is illegal and the potential for lawsuits will enter the cost equation, he says.
A strong law in the largest US state also will apply pressure toward more effective national laws, Kramer adds. For members of Congress now, "it's hard to go on record supporting weak or pre-emptive legislation," he says.
Washington is where the battle is headed now, says Devin Gensch, an attorney at Fenwick & West, in Mountain View, California.
"I don't think this is the end of it by any means," Gensch says. The new law is likely to spark action by both spam opponents that want stronger laws and industry groups that want to pre-empt California with a more permissive federal law, he says.
Meanwhile, corporations that communicate with customers will need to take steps to make sure they have legally watertight opt-in systems, Gensch adds.
Cindy Cohn, legal director of the San Francisco-based internet rights group Electronic Frontier Foundation, says individuals' right to sue should mean more actions taken against spammers. However, she worries about the larger impact.
"It's very broad, and I think it's likely to seep in to more than just what people think of as spammers," Cohn says. For example, a small business that sends occasional email messages to a few customers could be hit because the law doesn't specify bulk transmissions, she says.
What's more, because it's hard to separate California email addresses from those anywhere else, it could amount to the state imposing its standards all over, she adds.
"It's not appropriate for one state, by writing an overly broad law, to dictate what people do elsewhere," she says. The best way to fight spam is not with a law but with filtering technology, which is more flexible, Cohn says.