Spam in the Courtroom
Saturday, January 31, 2004
Posted by: Charles Oriez
On June 16 and 17, Microsoft filed 15 anti-spam lawsuits in various courts in the United States and the United Kingdom. They claimed, among other things, that spammers had forged MSN and Hotmail addresses on some of their spam, used domain names without permission and violated various other provisions of U.S. and U.K. law. I know from personal experience that one particular spam package so reliably forged MSN and excite.com addresses in combination that my filters were able to identify and delete those spams before they hit client inboxes based solely on that signature. The problem for MSN, of course, was that bounces from spam sent to invalid addresses would clog MSN servers.
None of the cases have been heard yet. It is entirely possible that at least some of the accused spammers are innocent. In fact, there is growing evidence that one of the U.K. cases targeted the wrong person, and that case may be dropped shortly. However, these spammers may find themselves spending their profits in courtrooms for years to come.
About 30 states have spam-related legislation. Penalties can be up to $500 per violation. In a few cases in Washington and California, most notably Ferguson vs. FriendFinder in California, lower court judges ruled that state anti-spam laws violated the interstate commerce clause of the U.S. Constitution. In both states, the higher courts reversed and remanded the cases for further proceedings. The thinking at the higher level was that a prohibition on fraud and deceit is not an undue burden on interstate commerce, especially since in-state commerce was faced with an equal burden. The fact that spammers are generally incapable of conducting business without engaging in fraud and deceit did not weigh heavily on the minds of the various state Supreme Court justices.
In New York, Attorney General Elliot Spitzer went after MonsterHut, a notorious and prolific spammer. In a case that ended in complete victory for the state earlier this year, MonsterHut and its principles were enjoined from engaging in a variety of anti-consumer practices. Justice Wilkins specifically barred MonsterHut and its chief executives, from "further engaging in any of the fraudulent, deceptive and illegal acts and practices." The final judgment also required MonsterHut executives to post a bond prior to engaging in any further business in the state of New York.
The Spam-fighting company Habeas conceived of the idea of including haiku, a style of poetry, in the headers of e-mail to certify that the e-mail was not spam. The haiku is copyrighted, and filtering software is trained to recognize it and pass the e-mails. Spam laws provide for penalties of a few hundred dollars in most cases. Copyright infringement could bring penalties under the DMCA upwards of $1 million.
Habeas filed two suits in April to enforce its copyrights and trademarks. The first suit was filed against online mortgage service Avalend and its parent company InterMark Media, alleging that the company infringed on Habeas' trademark by using Habeas' haiku in bulk e-mails to assure delivery without obtaining a valid license from Habeas. The second lawsuit, alleging breach of contract, was filed against two individuals, Dale Heller and Stan Stuchinski, alleging they conspired to send spam under Habeas' sender-warranted e-mail seal. ClickBank and its parent company Keynetics were named in the suit for running Stuchinski's affiliate program.
Both lawsuits were filed in the U.S. District Court in California. "The whole issue of spam and who is sending stuff is pretty murky," said Anne Mitchell, chief executive and president of Palo Alto, Calif.-based Habeas. "This is how these people are doing business on the Internet and getting away with it." In both cases, Habeas settled the suits favorably. Settlements included agreements by the companies sued that they work to cut off spammers trying to use their networks.
Hamidi and Intel
Kourosh Kenneth Hamidi, a former Intel employee, sent e-mails criticizing Intel's employment practices to as many as 35,000 current Intel employees.
Intel sued, alleging trespass to chattels, and won an injunction against Hamidi in California State Court. That injunction was recently overturned by the California Supreme Court in a 4-3 vote on the theory that Hamidi did not commit trespass because Hamidi did not damage the computers. With regard to the difference between Hamidi and other spammers, the court declared, "Nor does our holding affect the legal remedies of Internet service providers [ISPs] against senders of unsolicited commercial bulk e-mail [UCE], also known as 'spam.' (See Ferguson v. Friendfinders, Inc. (2002) 94 Cal.App.4th 1255, 1267.) A series of federal district court decisions, beginning with CompuServe, Inc. vs. Cyber Promotions, Inc. (S.D.Ohio 1997) 962 F.Supp. 1015, have approved the use of trespass to chattels as a theory of spammers' liability to ISPs, based upon evidence that the vast quantities of mail sent by spammers both overburdened the ISP's own computers and made the entire computer system harder to use for recipients, the ISP's customers (See id. at pp. 1022-1023)."
Interestingly, while the Court ruled that Hamidi could send the mails, the court did not enjoin Intel from using technical means to block the mail. Intel reportedly has chosen in the past not to use any filters to block incoming spam. Perhaps they now have the motivation to do so.
Hormel - the difference between SPAM(tm) and spam
Spam got its name from an old Monty Python script. Vikings in a diner started chanting "Spam, spam, spam," effectively drowning out the other diners who were trying to engage in meaningful conversation. Unsolicited commercial e-mail threatens to drown out meaningful communications on the Internet, so this is an apt parallel.
Hormel, the makers of SPAM(tm), are understandably somewhat annoyed that their product has become synonymous with a hated product on the Internet. Over the past few years, an uneasy compromise had been worked out. Anti-spam forces were careful to refer to the hated e-mails in lower case letters, and the meat product was referred to in capital letters. Anti-(e-mail) spam products such as SpamCop avoided trademark filings. But when SpamArrest attempted to file for trademark protection for its product, Hormel filed a complaint with the U.S. Office of Patents and Trademarks for trademark dilution.
However, it appears likely that Hormel will fail. As Robert Rosenberg described it so concisely on the SPAM-L discussion list:
"Trademark Rules protect a prior owner only when there is a potential of confusion due to the new trademark being for a similar product (when you get a trademark, it is only for one of 39 defined areas of commerce). SPAM(tm) (the meat product) falls into a different category than spam (Unsolicited Bulk E-mail [UBE]/Unsolicited Commercial E-mail [UCE] e-mail); there can be no confusion between the two and they can both be registered.
"This 'your trademark is issued for protection in a designated category' is a big bone of contention when two trademark owners fight over who can use or get a domain name (a system where all that matters is the spelling).
"If I were a drug company who made cocaine powder and I sold it under the trademark of Coke (its nickname) I could register the Coke name in the drug category and be the Coke Bottling Company since I package it in bottles with tops that allow pouring 'lines' for inhaling. The Coke trademark in the drink category would not preclude its name in the drug category."
Spammers Suing Blockers
There have been a few cases over the years of spammers suing those who were blocking their traffic. This started with Standord Wallace suing, and losing to, CompuServe. That case established the right of ISPs to block spam from their systems. More recently, Australian spammer Wayne Mansfield sued and lost after his domains were listed in various anti-spam blacklists. And currently, there is a case pending in federal court in the southern district of Florida in which the plaintiff claims that the SPEWS and Spamhaus blacklists damaged his business. Curiously, the damage that he claims occurred happened before his business was formed. There is also some doubt that the Internet provider addresses used by his organization have ever been blocked by any blacklist. The first indication of the judge's opinion of that case's likelihood of success came when the plaintiff's application for a Temporary Restraining Order (T.R.O.) while the case proceeded was denied.
I am aware of two exceptions to the pattern of judgments defending the rights of blacklist operators to express their opinions. One was a case overseas where the judge found that the operator had listed a domain for reasons that were inconsistent with his published listing criteria. The other case was Exactis vs. MAPS in federal court in Colorado, where a judge granted a T.R.O. to Exactis on the mysterious grounds that Exactis wasn't a spammer. MAPS then settled for financial reasons. That may have backfired, however, as the reaction to the suit seems to have been widespread listing of their addresses by numerous other administrators in reaction to the suit. One employee told me that well after the suit was over, she was still experiencing significant difficulty in getting her mail delivered anywhere.
There have been a number of suits against employers by employees who allege that failing to block pornography created a hostile work environment. In Minnesota, librarians sued over the absence of anti-porn Web filtering on library computers. One current case involves a woman suing her employer for failing to implement filters and permitting porn to reach her work station.
In April, Declan McCullough of ZD Net wrote, "Porn spam could begin to crop up in sexual harassment complaints from employees offended by the material. Even if companies aren't the source of such messages, they could be liable for hefty civil fines if managers know that porn spam is a problem and don't move to address it."
Eugene Volokh, a professor of law at UCLA, says that the origin of the e-mail doesn't matter. "Just as an employer has a duty to protect from patrons and other people - like the (delivery) guy who fondles a secretary - there's a good theory saying a company has a duty to filter (offensive e-mail) even if the employees are being harassed entirely from far outside the company walls," Volokh said. "If the employer is reasonably capable of filtering the material, and if it doesn't do that, it would be held liable."
Diana Johnson, an attorney with the Equal Employment Opportunity Commission, agreed that employers could be liable if they receive complaints from employees about porn spam and fail to act on them. Some experts have even raised the possibility that a supervisor receiving porn spam and hitting delete instead of complaining to the I.T. department could be sufficient to show that the company was guilty of creating a hostile work environment.
Similar concerns were raised in an article by Jennifer Beauprez in the December 22, 2002 Denver Post. Joyce Graff, a Gartner Group analyst, said in the article, "Companies risk litigation if such spam offends workers." A case in point is a $2.2 million Chevron settlement of a 1995 lawsuit filed by four workers. Graff is also aware of more recent threatened cases dealing with porn spam.
And the EEOC ruled in favor of the Minnesota librarians.
Charles Oriez has an MS-CIS from the University of Denver and writes and speaks on e-mail issues in the Denver area.