The following material is provided merely for background and reference information, and should not be considered or substituted for legal advice. Please consult with your organization's legal counsel for more information. I'm not one to touch it in a can I'm not prone to read it at 9 a.m. I do not like e-mail called spam I do not like it, spam. I am... ... reluctantly, admittedly, both repulsed by, and impressed with, the staying power of huge volumes of unsolicited e-mail, and the potted spiced pork shoulder and ham meat product, both affectionately known as SPAM. Okay, so it's really Kenneth Daigneau's and Monty Python's fault. Back in 1937 the Hormel Meat Company of Austin, Minnesota had this product on its hands, in effect, a little spiced pork ham in a little tin can. The company's head, Jay C. Hormel, needed a name so sponsored a contest with a $100 prize. As luck would have it, he picked the name offered by Daigneau-- who happened to be the brother of one of Hormel's vice presidents-- and lo and behold-- SPAM entered the American lexicon for all posterior-ity, um, posterity. SPAM itself is so popular, that ever since 1991, an annual festival has been put on (the only one in the world officially sponsored and managed by Hormel Foods, in fact). It happens every year on July 4, and reportedly attracted over 20,000 people from 37 states and 5 countries, who both bought and feasted on SPAMburgers, SPAM Tacos, SPAM Rangoon, SPAM Tostados; SPAM Gyros, SPAM Corn Dogs, SPAM Fried Rice and SPAM Spring Rolls. SPAM is even credited with helping the Russian army through World War II. Thanks to their "Spam Song", the British comedy troupe Monty Python, however, is thought to be the means by which SPAM entered the realm of computer users. That is unless you credit the University of Southern California's computer lab for first noticing the similarities between this "mystery meat" and annoying e-mail that is unwanted, undesirable, yet enticing to a noticeable few, versus most who find it indigestible. What is Spam (the e-mail stuff)? "Spam" is a term loosely used to describe any piece of e-mail that is unsolicited, unwanted, and/or unexpected, especially if it involves a commercial solicitation, offensive/annoying/nuisance content, or multiple mailings of the same message. Spam is an issue for a number of reasons. First, it is something that aggravates people, requiring users to guess which messages are worth reading. Second, there are user concerns around privacy and security. Simply replying to a "junk e-mail" unsubscribe e-mail address or even opening a questionable message notifies e-mail abusers that your address is valid, adding your information to the rosters of potentially a legion of other abusers. Third, it costs Internet service providers and organizations time and money spent probing and filtering out offending mail sources that tie up networks and clog mail servers. There are a few sets of concerns that need to be addressed: Internet users who receive nuisance or offending e-mail messages the Internet service providers who have to put up with the huge volume of those messages that clog up their networks and mail servers. The reason why users should be concerned with the second set of concerns is because ISPs pass the costs of their inconvenience onto subscribers. Now you might say to yourself, "Self, this whole silly spam thing could be easily solved it people simply just refused to open anything that resembled spam, seemed suspicious, or came from an unfamiliar source." But consider, for a moment, the difference between, say: An old friend from college you lost track with has recently had a child and wants to share his good news. A co-worker sends out a bizarre joke to everyone in the office. A staffer from one of your coalition organization monitoring activity at the state legislature sends an action alert that, despite weeks of work, a crucial bill has just been voted down in committee. A company with which you placed an order for a $10 pint of ice cream (you'd be surprised) sends you a bonus e-mail coupon for your next order. You receive 16 messages warning of a virus alert Without pointing fingers (and *you* know who you are), chances are good that you have received some message similar to the ones above, if not something that elicits similar responses. In short, ask yourself what specific messages actually pour into your inbox on a daily basis that you have explicitly asked for, wanted, or expected in the first place. Wanting to receive messages assumes knowledge that a certain message will arrive to you, regardless of the source or format. Likewise, an expectation of a message assumes that you are literally hanging by a thread, monitoring your inbox for some specific words to appear, even if you are in the middle of something else. Also, when you elect to undertake an action that places you on an e-mail recipient list, you may not know in advance all of the types of messages you will receive. You do, generally, have a good idea of the source from which those messages come, or at least the forum through which they pass. There might be a difference among knowingly registering with one or more sources of information, and registering with a source that then shares your address with other sources. Let's flip it around and look at things from a sender's point of view. What if you are the person trying to get an action alert out to a group of advocates. Would you use the same approach for your staff as you would a group of people unfamiliar with you? What if you generate an action alert a day? Does that encourage more people to read and respond to your content than if you only put out one action alert a week? What if you are sending out a request for volunteers to a list of prospective e-mail addresses, culled from suggestions by members of your community group, who have not given either their consent or have been notified that they might be contacted by someone for this express purpose? Spam may be generated from a program that makes it seem more personalized, by including a recipients first name, or geographic location if the name was obtained from a public forum, like a chat room, newsgroup, etc. The subject line may feature obvious pitches for sex, financial transactions, or even personable greetings. There is a level of deception in truly offending spam, however, about who the actual sender is. Mail may look like it originates from a legitimate address, or a slightly familiar sounding company, when in fact it doesn't. So both spam and "legitimate" mail contains a request or sales pitch of some sort, or a short message with a link to a website. Where spam might stand out, however, is its reliance on obscuring the sender's identity, and not allowing people the means to stop receiving future mailings. Spam and the Courts Stefanie Olsen's 4/19/01 Cnet.News dispatch covered a New York state trial, in which the judge allowed a bulk e-mail company's request to force an ISP to allow it to send mass commercial messages over its higher-speed Internet network. Olsen's article also highlights the practice of "pink contracts" that ISPs are signing in increasing numbers. These are additions to an ISP's acceptable-use policies allowing mass e-mailers the ability to send "targeted" mass mailings to ISP's subscribers through, or establish spam-connected websites on, an ISPs network. The key here is that "targeted" assumes that users have elected to receive messages, either explicitly or tacitly. Last year, both AT&T and PSINet admitted, in hig profile disclosures, to signing pink contracts with spammers responsible for deluging subscribers with junk e-mail. In return, the mass mailers agree to pay higher subscriber fees to cover the risks to which ISPs might be exposed. There is also usually a cap on the number of anticipated complaints that come from sets of mailings; if there is an overage in the number of complaints, there might be additional charges, or a revoking of the contract altogether. Why do they do it? Because running an ISP is increasingly more expensive than it used to be, and customer willing to pay higher fees to employ questionable marketing tactics are not being turned away. The trial came about when the ISP (Pae Tec) considered the mailer (MonsterHut.com) an abuser, because it was sending unsolicited e-mail to its customers. MonsterHut.com then sought a restraining order against Pae Tec, which it got. Pae Tec, however, is also currently attempting to gather signed affidavits from its customers that they received unsolicited mail from MonsterHut. Compare this to the ruling from December 2000, issued against a web-hosting company at the request of an Internet domain registry service, that said its customers were being spammed, thanks to data lifted from its public customer contact database, part of a network known as "whois". The collection of online "whois" databases has constituted, in effect, the Internet's "phone book"/directory since the 1980s. It allows you to find the actual locations of Internet domains, including those in other countries. More interestingly, you can also find contact information for the entities behind any of over 24 million domain names and Web URLs in use. Companies that register Internet domains make their registries available to the public so folks can find out who already has claim to a domain name, or to snag potential "cybersquatters". Though the directories are public, their use is dictated along strict usage policies so as to prevent abuse. If you want to try this out, simply point your browser to Network Solutions, Inc.'s whois database, and enter in your organization's domain, or that of an organization or company that comes to mind. As Joanna Glasner pointed out in Wired.com's 12/11/00 coverage on the whois suit, the groundwork has been laid for legally-imposed limits on how personal information stored on publicly available websites can be used. In August 2000, Register.com filed a suit in the U.S. District Court in New York against web-hosting firm Verio. Register.com argued that Verio engaged in spam, at least since January 2000, by lifting the Register.com customer contact information, compiling a target list, and then aggressively marketing its services in the form of unsolicited phone and e-mail messages. Verio even went so far as to distinguish which registrants had just signed up their domains. In December 2000, the judge issued a preliminary injunction against Verio, telling the firm it had to stop using the Register.com whois contact information to market its services. The judge also signaled that Verio would be hard pressed to prove it did not engage in deceptive marketing and abused the usage policy for the whois database. Verio also was barred from using data agents and "bots" to cull data from any of Register.com's listings. An interesting footnote to keep in mind: Verio countered that, under an agreement it signed with the Internet Corporation for Assigned Names and Numbers (ICANN) to register Internet domains, Register.com permitted its whois database to be used for marketing by firms via direct mail and telephone. The judge, however, said that the ICANN agreement had no bearing on the issue of spamming via e-mail, and rejected Verio's claim. Anti-Spam Legislation There are general principles employed by the Federal Trade Commission in examining consumer complaints regarding unfair or deceptive marketing activities, that causes substantial financial damage, or emotional harm, but not messages that are simply annoying in their volume, or desire to steer readers to websites of questionable value. There is currently, however, no federal law on the books spelling out what spam is, or making its use illegal. If recent developments on the Hill last week are any indication, that may change this year, while raising, questions about what is the best legal course or legislative means to employ against a practice still seen as more of a nuisance than an illegality. What happened? The Judiciary Committee of the U.S. House of Representatives passed a modified version of the Unsolicited Commercial Electronic Mail Act of 2001, passed by the House Energy and Commerce Committee. The modified version features a provision-- written by Judiciary Chairman James Sensenbrenner, Jr. (R-Wisconsin) and Rep. John Conyers (D-Michigan), the committee's ranking member-- that would amend the federal criminal code to prohibit the purposeful transmission of at least 10 unsolicited commercial e-mails, to one or more protected computers (especially ISPs), with knowledge that the message headers contain false information about the actual sender. A first offense would yield a fine, and repeat offenses could lead to jail time of up to one year. The committee, however, took out the Commerce committee bill's provision that would have let recipients of junk e-mail bring lawsuits against firms that did not remove them from recipient lists. This had been pushed last year by Rep. Heather Wilson (R- New Mexico) in her attempt to get anti-spam legislation passed. Her bill last year stalled despite obtaining a full vote in the House with only one dissenting vote because of intense lobbying from industry groups. This year, Reps. Wilson and Gene Green (D-Texas) managed to get a similar bill through the Commerce committee that allows state attorneys general to bring suits for punitive damages against spam mailers. It defined spam as messages with false information in message headers that do not provide the means for recipients to "opt-out" of future mailings. But it would have allowed them to potentially obtain compensation far outweighing the cost of damages inflicted. It also would "deputize" ISPs, allowing them to enforce their own anti-spam rules with little intervention. It was also considered a potential barrier to legitimate e-commerce practices, namely soliciting new and potential customers for business. The Judiciary committee, however, also adopted an amendment by Rep. Melissa Hart (R-Pennsylvania) via voice vote (this is when all members vote "aye" or "nay" and a tally, but no record, is kept of individual votes). The Hart amendment would make any e-mail containing content related to sex a federal crime, regardless of whether the message was unsolicited or not. The amendment calls for the Attorney General to come up with a special disclaimer that would have to be inserted in all messages. Violators not including that language in mailings would receive a fine and/or one year in prison for sending messages containing language that describes"... in a predominantly sexual context, human genitalia, any act of natural or unnatural sexual intercourse, any act of sadism or masochism, or any other erotic subject." So, conceivably, an advisory from a children's advocacy organization warning of sex marketing to minors; an announcement from a health clinic regarding a survey of services delivered; an e-mail update from a men's or women's lifestyle e-newsletter; a joke of the day e-mail list; and a pitch from a pornography marketer might be treated the same, unless they are labeled as containing sexually explicit content. (One might argue that having such a label might actually ensure your message gets read, but that's another topic for another time)... Rep. Hart, according to Declan McCullagh's 5/24/01 Wired News item has stated that such a measure is needed to protect America's children while they are online. Rep. Hart added that this would merely be a consistent application of existing federal law prohibiting the distribution of sexually-explicit material through the U.S. postal system without appropriate disclaimers approved by the Postal Service. McCullagh, however, points out a complication with this view (though he doesn't explicitly cite it): the Supreme Court's 1983 ruling in Bolger v. Young Drug Products Corporation. The case was a challenge to a federal law that banned the distribution of unsolicited advertisements for contraceptives through the U.S. postal system. A contraceptive manufacturer wanted to mail both ads and informational material on venereal disease and family planning to the public. A federal district court found the statute violated the first amendment, and the Supreme Court agreed. The Court found the commercial speech was protected by the First Amendment, and that protected speech offensive to some does not make the case for its suppression. Practically, users could simply toss future mailings in the trash, and mailers would run the risk of losing money should their pitches not connect with either the public at large or its intended target audience. The Judiciary Committee bill will now go to the House Rules Committee, which will try to reconcile it with the Commerce Committee's bill, to craft something that can be presented for a floor vote by the full House. Senate legislation from Sens. Conrad Burns (R-Montana) and Ron Wyden (D-Oregon) closely resembles Rep. Wilson's bill, but would limit the ability of ISPs to crack down on violators with a cap of US$10 per offending spamming message, up to a maximum of US$500,000. There is also a bill by Rep. Rush Holt (D-New Jersey) which would amend the federal 1934 Communications Act to make the transmission of unsolicited ads through wireless networks illegal. At the state level, however, some 18 legislatures have enacted measures that force marketers to allow consumers legitimate means for opting-out of commercial solicitations. It gets messy, however, because of three particular provisions in the United States Constitution:

• the Interstate Commerce Clause (ICC) (Article 1, Section 8, Clause 3) states that, "[The Congress shall have Power]...[t]o regulate Commerce with foreign Nations, and among the several States, and with the Indian Tribes;"
• the Tenth Amendment holds that, "[t]he powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people."
• the Fourteenth Amendment, first section, states that, "...[n]o State shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States; nor shall any State deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws."

Why are these significant? Way back, even before the invention of SPAM, the U.S. Congress and courts basically assumed that the ICC gave Congress the ability to regulate commercial transactions between states, especially when existing state laws were not capable of addressing interstate commercial activity. The idea was to encourage as much interstate commerce, with as few barriers, as possible. The 14th Amendment was originally the means by which the former Confederate States of America, at the close of the Civil War, were told to give slaves the same rights as citizens upon reentering the Union. Since roughly the 1940s, however, the ICC has been interpreted to give Congress broad authority to address almost anything affecting commerce between the states. More significant, note that the Constitution does not explicitly use the phrase "right to privacy" at all. The Supreme Court, during a good chunk of the 20th century, used the 14th Amendment as a means to articulate or "establish" "basic" civil liberties and human rights, by expanding or reshaping the context of other amendments. Good examples include the Fourth Amendment (protections against search and seizure of property and persons), Fifth Amendment (due process of law), and Ninth Amendment (other rights not listed in the Constitution can't be violated just because they're not articulated). In other words, this gets messy. States will either have to continue to develop their own anti-spam legislation, or wait for Congress to do so. If each state passes a patchwork of incompatible laws for spam, the potential is heightened for one state to overstep its legislative authority, and dictate boundaries for commercial transactions originating or terminating in another state-- raising the specter of a constitutional challenge. Congress would, then, likely assert its authority to come up with a consistent national law. If Congress does so, based on its track record so far, it runs the risk of regulating commercial transactions based solely on content (including electronic communications), and not type of transaction (commercial, public, private)-- something the Supreme Court has to date said is a no-no. If the problem is left up to the Court to decide, it will not act until pressed to do so by Congress or happenings at the state level . This runs the risk of co-opting a vital deliberation from both the states and Congress (and presumably the public, since Supreme Court justices are not elected). This also raises questions about which interests can, or should, receive protection, including (but certainly not limited to):

• The privacy and security of harassed e-mail recipients
• The ability of organizations to mail information to prospective customers or supporters?
• The ability of businesses to operate without being pummeled by unwanted messaging clogging up their Internet connections?
• Shielding minors from objectionable content?
• Freedom of communicating ideas to the public without prior government approval, or without compromising one's identity if harmful repercussions are feared (especially for whistleblowers in public online forums)?

Canning Spam According to Farhad Manjoo in a 5/25/01 Wired.com story, there is a significant enough anti-spam sentiment that it merited its own conference called Spamcon. The upshot of the meeting, however, suggests that spam will never go away completely. Instead, it seems like the best one can hope for is either to slow down the volume growth or target the most egregious abusers. So what to do about spam in the meantime? Well, other than choosing not to eat it, there are some things you can try:

1. Assume that the minute you make your e-mail address available on a web page, public message board or newsgroup, or even e-mail list, you are making that address vulnerable to bots that troll the Internet for addresses. Consider obtaining a free e-mail address from any number of web services that you can use for online services, particularly discussions.
2. Encourage your friends and co-workers to not mailings to large groups of people using lengthy lists in the "Cc" or "carbon copy" field. When e-mail messages are forwarded to other lists, or reprinted on public web pages, all recipients are potentially compromised. Encourage the use of discussion list software, or simply listing the address in the "BCc" or "blind carbon copy" field, to suppress the list of recipients.
3. Most e-mail clients and online e-mail services have the ability to filter out e-mail from unwanted sources based either on the address or word patterns in subject line
4. Online services and ISPs are extremely interested in hearing from users about both outside abusers and subscribers who spam others. There are usually e-mail addresses to report spam, and those are added to a spam registry that can be used to block future instances. This usually requires you to open your messages such that the full mail header is displayed, and then to forward the message in full to the service provider
5. Check out services like BrightMail, which sets "spam traps" for mail servers that block incoming e-mail categorized by subscribers as spam
6. There are also a number of resources for folks interested in learning more about spam, and how to report and expose abusers. SPAM in the Can Now, since you know sometimes words have two meanings, here's a low down on SPAM (the foodstuff). If you've ever eaten it (and yes, we did, but we've tried to eliminate that entire episode from our childhood) you might be interested to know that some 5 billion cans have been sold (and presumably consumed) over the past 64 years, with 3 cans produced per second. Consumers can now choose from official SPAM-brand Oven Roasted Turkey, Smoke Flavored, Lite, and Less Sodium (the latter two for the health conscious?) Not content(!) enough to have concocted SPAM, Hormel also offer's its Potted Meat Food Product (PMFP), somewhat derisively described as the by-products of SPAM (among other things we won't reprint here). Even more awe-inspiring is the availability of PMFP offshoots, consisting mostly of some variation of artificially seasoned mechanically separated chicken, partially defatted pork and/or beef fatty tissue, beef tripe (stomach tissue), and salted with preservatives for good measure. You can choose among Armour Food's TREET and Potted Meat Food Product; Bryan Food's Potted Meat Food Product (for all of you from the South); Goya's (yes the rice and bean people) Potted Meat Food Product; Libby's Potted Meat Food Product, Pathmark's Potted Meat Food Product, and any number of generic PMFPs (trust us, we went to the store yesterday and saw them). Granted, they are not the classical SPAM, but they hold their own. Now about that corned beef and deviled ham stuff... Ryan Turner OMB Watch Resources Cited SPAMJam Festival Monty Python's "Spam Song" 4/19/01 CNet News Stefanie Olsen "whois" database collection whois database Network Solutions Inc. 12/11/00 Wired.com Joanna Glasner Unsolicited Commercial Electronic Mail Act of 2001 5/24/01 Wired.News Declan McCullagh Federal law prohibiting distribution of non-disclaimered sexually-explicit material through U.S. postal system Bolger v. Young Drug Products Corporation Burns-Wyden anti-spam legislation Holt wireless anti-spam bill U.S. Constitution "A Brief History of U.S. Constitutional Interpretation" Edward Hanigan Nevada Journal 5/25/01 Wired.com article on SpamCon Farhad Manjoo BrightMail Anti-Spam Resources alt.spam FAQ The Blacklist of Spam Center for Democracy and Technology reference Coalition Against Unsolicited Commercial Email The United States Federal Trade Commission Guerilla Marketing's anti-spam advice Quick Links Spam Law Updates Scambusters SpamAbuse.net