FRAMINGHAM (09/26/2003) - While California's tough new anti-spam law aims to stomp out unwanted commercial e-mail, the legislation enacted last week could also hamstring legitimate businesses looking to communicate with customers.
Ramifications of the state's Senate Bill 186, signed into law by Governor Gray Davis, will be felt all over the country because it applies not only to e-mail sent from California but also to all messages sent to residents of the state, critics say. They say the law will do little to deter professional spammers responsible for the majority of clutter in e-mail boxes, and force businesses that e-mail their customers to spend extra time and money ensuring they have recipients' consent. The law makes it a crime to send spam, slapping a US$1,000 fine for each unsolicited e-mail sent, and lets individuals, internet service providers (ISPs) or the state file suit against alleged spammers or the company doing the advertising or promoting in the e-mail.
"E-mail is a very legitimate way for individuals and businesses to communicate,"says Bill Glazier, vice president of marketing at anti-spam service vendor Postini Inc. "Any law that restricts the legitimate use of e-mail is unfortunate."
The law makes it illegal to send e-mail that advertises or promotes goods, services or credit without the direct consent of the recipient. Direct consent is defined in the law as a positive response to a "clear and conspicuous request" from the sender asking if the recipient wants to receive the e-mail - also known as opt-in - or a direct request from the sender to receive the e-mail.
The law is unclear on whether companies that purchase lists of e-mail addresses from list brokers have the direct consent of recipients.
Considered the most sweeping and stringent anti-spam law to date, it could become a model for other state or federal efforts. "The time has come for unscrupulous spammers to stop feeding our e-mail in-boxes a daily diet of unwanted e-mail," Davis said.
Many companies that depend on e-mail marketing and communication have built internal databases of customers who have opted in to receive e-mail, says Brian Niles, chief executive officer of TargetX.com LLC, a provider of e-mail marketing software and services, and therefore shouldn't be negatively affected by the law.
"It's the people renting out e-mail lists and doing prospecting - the law's going to affect them," he says. "For folks thinking of building an in-house database, this law may give them more of an incentive to look in that direction."
But there's significant expense associated with building an in-house database of opt-in recipients. And given the California law's hefty fines, even companies that already have such databases would be wise to scour them to ensure they have consent - and can prove it - before hitting the send button, says Deborah Thoren-Peden, a partner with law firm Pillsbury Winthrop LLP. "This law will probably cost companies a significant amount of money to come into compliance," Thoren-Peden says. "Companies will have to drill down to every aspect of their business [to see if] they have e-mail lists that touch California, and make sure they have consent."
The law also stipulates that all legitimate commercial e-mail must contain an opt-out option so that recipients can have their name removed from e-mail lists by checking a box on a Web site or calling a toll-free number. This stipulation changes the opt-out option from a one-time opportunity given to recipients when they sign up to receive e-mails to an on-going chance to halt electronic communication, Thoren-Peden says.
The new law empowers individuals and companies, not just the state government, to go after spammers.
However, it's questionable how many will do so, says Andres Kohn, director of product management at anti-spam software start-up Proofpoint Inc. "Companies are trying to cut their costs, they're not going to go to court and prosecute spammers on their own," he says. And historically, state prosecutors have not focused on pursuing spam cases, Kohn adds.
"It doesn't matter what's in the law if the law goes unenforced. And pretty much all spam laws go unenforced," echoes Paul Hoffman, director of the Internet Mail Consortium. "California has no money, so how are we going to enforce it?"
Whether legislation - particularly on a state level - can thwart spam is a topic of debate. Thirty states have spam laws on their books, and a handful of bills are wending their way through the U.S. Congress, although no federal law has been enacted.
That leaves businesses with a patchwork of state laws to consider when sending e-mail, and forces them to try to associate a state with an e-mail address, which isn't always possible. In addition, any federal law passed could override state laws, depending on how the federal law is written, which could render the work companies do to comply with state laws a waste of time.
Senior Editor Carolyn Marsan contributed to this story.