Congress set to enact opt-out spam law

News
Dec 1, 20034 mins

Congress last week reached an agreement on the first piece of federal legislation to curtail spam, marking a coup for e-mail dependent businesses that can continue sending messages until recipients tell them not to.

Known as the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act, the bill bounced back and forth between the Senate and the House of Representatives this fall before lawmakers reached an agreement last week. The bill requires one more procedural vote by the House – expected to take place later this month – before it is presented to President George Bush, who is widely expected to sign it.

The bill takes an opt-out approach, meaning businesses can send unsolicited commercial e-mail as long as each message includes a mechanism for recipients to request not to receive more. Proponents say that along with a number of other provisions in the bill, the opt-out feature will help cut down on spam because recipients will be able to remove themselves from e-mailing lists.

However, some say CAN-SPAM actually will open the spam floodgates even wider. By allowing opt-out unsolicited e-mail, some observers say the law will give businesses once hesitant to send commercial e-mail license to do so, as long as they include an opt-out component.

“Spammers have the opportunity to keep spamming, as long as they include an opt-out in the body of the e-mail,” says Chris Belthoff, senior security analyst with Sophos, which sells anti-virus and anti-spam software. “This law is not saying that [sending spam] is illegal or that they’re not allowed to do it.” Another issue with the bill will be tracking down those who don’t respect opt-out requests, he says.

CAN-SPAM will override state laws governing unsolicited e-mail, including California’s controversial Senate Bill 186, which is set to be enforced starting Jan. 1. That bill would force all businesses sending commercial e-mail to the state’s residents to have the recipients’ consent, aka opt-in.

Companies that rely on e-mail communication with customers will be relieved by the passage of CAN-SPAM, says Deborah Thoren-Peden, a partner with law firm Pillsbury Winthrop, because they won’t have to follow the stringent California law that would force them to obtain and retain any e-mail recipient’s permission before e-mailing them.

Even for our clients trying very hard to comply [with the California law], it was going to cause extreme difficulties for them,” she says. “I’m sure a number of businesses will be pleased to see that they now have a little bit of breathing room.”

The federal bill only will supersede state laws that specifically regulate the use of unsolicited commercial e-mail, Thoren-Peden says, meaning state laws that deal with e-mail fraud will remain in effect. CAN-SPAM will not supersede international laws regulating commercial e-mail, she adds, which tend to be as strict as the California law. 

Congress v. spam

The main provisions of the CAN- SPAM Act are:
Recipients have the right to opt out of receiving unwanted commercial e-mail.
Violators face fines of up to $2 million, tripled to $6 million if violations are considered intentional.
FTC can establish a “Do not spam” registry, although it is not mandated.
Sending fraudulent e-mail is criminalized, with penalty of up to five years in prison.
FTC and state attorneys general can prosecute offenders.
SOURCE: OFFICE OF THE HOUSE ENERGY AND COMMERCE COMMITTEE

Companies that send commercial e-mail on a national level also will be relieved that a federal law governing the practice is finally in place, one observer says.

“This is the first federal legislation, and I think everyone would prefer a national law over a patchwork quilt of state laws that make it very difficult for anybody to comply,” says Mark Rasch, senior vice president and chief security counsel at security service provider Solutionary and former head of the Department of Justice’s computer crime unit.

CAN-SPAM also gives the Federal Trade Commission the authority to create a “Do not spam” registry, much like that agency’s “Do not call” list that consumers can join to prevent calls from telemarketers.