Spam Law - USC 2005

Company

LOGO

Internet Technologies

Spam – October 11, 2005

100

200

300

400

500

100

200

300

400

500

100

200

300

400

500

100

200

300

400

500

100

200

300

400

500

Arcane Minutia

Easy Questions

How to Get An A in This Class

USC Football

Internet Technologies

It is loved by Margaret Thatcher, Vikings and Herbal Viagra Users.

A-A1 Game Board

What is Spam?

Is this Spam?

Questions

What is spam?

Is spam intrinsically Good Bad or Neutral?

What Makes Spam Bad?

Intrinsic

Transfers Costs to Recipient

Server Load Cost of Filters

Clogs Inbox at Expense of Legitimate Email

Scares Consumers

Contextual

False From Lines or Routing Information

Pornography Phishing 419 Schemes Viruses

What Constitutes Consent?

DoubleOpt-In

Confirmed Opt-In

Opt-In

Confirmed Opt-Out

Opt-Out

Implied Consent

Online Advertising

Advertising Revenue 2005 ($BB)

$11.60

$130.40

Online Advertising

Offline Advertising

Email Marketing

Email Mkt Revenues ($BB)

$0.16

$2.10

$6.10

$0.00

$1.00

$2.00

$3.00

$4.00

$5.00

$6.00

$7.00

1999 2003 2008

Email Marketing 101

Advertiser Product or Service

MarketerMailing List &

Transmission Capability

Marketing NetworkAccess to Network of Marketers

Consumer Consumer

Email Registration

Registration Page

“Selected Advertisers and Affiliates”

Legitimate Email Marketing Response Rates

Spamenomics: Supply

Spamenomics: Demand

Top spammers send 15 million per day

Estimated Response Rate: 0.1 to 1.0 %

20 percent of U.S. residents report buying products from spammers

30 percent have responded to spam

Spamenomics: Return

Example 1

Spammer Marketing for Client

Delivery Rate: 5 MM/day

Payment: $1.75 CPA

Annual Revenue 0.1% Response: $3,062,500 1.0% Response: $30,625,000

Example 2Spammer Selling Product

Product: Eavesdropping Software @ $40

Delivery Rate: 10 Million per day

Response Rate: 0.000005 % or 50 per day

Annual Revenue: $700,000

Fighting Spam:Private Sector Responses

Blacklists

White Lists

Spam Filters

Challenge/Response Mechanisms

Sender ID

Email Statistics

ISP's block an estimated 90% of spam

14.5BSPAM/Day

60% of all E-mail = spam (not % of what’s in inboxes)

24BEmails/Day

It’s estimated that there are ~ 24B E-mail messages per day

1.5B

Spam Filters

Billion Dollar Market – will increase 75% over next 4 years

False Positives – cost businesses $3.5BB in 2003 (Ferris Research)

McAfee Spam Killer 5.0 22.3% false positives (Source PC World)

Triggers Image Links ALL CAPS text Key Words (Viagra) From” Address Does Not

Match Header Opt-Out Mechanism Volume Blacklists

Legislative Response

1995-2003USA: Approx 40 states pass Spam laws.EU: Adopts Data Protection Directive, implemented in UK as Data Protection Act of 1998. Where email addresses collected from a person, must be informed of the purposes at the time of collection. Unsolicited Commercial Email must be “identifiable clearly and unambiguously”.

2002EU: Adopts Directive 2002/58/EC on Privacy and Electronic Communications

September 2003USA: California passes SB 186 banning email unless express consent to receive email from advertiser.

EU: UK Regulations Implementing EU Directive effective 11 December 2003

December 2003CAN-SPAM Act of 2003 signed by President Bush (preempts State Spam laws) – effective 1 January 2004

CAN-SPAM Act

Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003

Does not “CAN Spam” – except for wireless spam No “Do Not Email Registry” No “ADV” Requirement

Anti-Fraud & Disclosure Statute

Applies to an email where the “primary purpose” is commercial advertisement or promotion of a product/service

No volume requirement Is sending a resume subject to CAN-SPAM?

CAN-SPAM Principal Requirements

From line must identify sender

Subject line must not be deceptive.

Adult Messages must provide notice.

Requires Working Opt-OutMechanism for Advertiser

Postal Address for Advertiser

Penalties

Federal:

Up to $10,000 per violation Criminal penalties for fraud and email abuse (address harvesting and

dictionary attacks)

State:

$250 per email/ $2 million cap

Treble damages if willful violation

ISP Enforcement

$25 per email/ $1 million cap

Treble damages if willful violation

Is CAN-SPAM a Failure?

YES

Overall Compliance Rate January 2004 – 0.54% December 2004 – 7% Source: MX Logic

Major Online Companies 33% Fully Compliant 98.2% Compliance on

honoring opt-outs Source: Ariel Software

NO

No, CAN-SPAM is not a ‘miserable failure," as was widely misreported – Rebecca Lieb (ClickZ News 1/14/05)

CAN-SPAM is a tool that is being used

Multiple actions by FTC, State AGs and ISPs

AOL – 75% drop in Spam complaints in November

CAN-SPAM At Work

State Spam Laws

CAN-SPAM Does Not Preempt

State laws that “are not specific to electric mail, including State trespass, contract or tort laws”; OR other State laws “to the extent that those laws relate to acts of fraud or computer crime”

California Chapter 571 (effective January 1, 2005)

Prohibits e-mail using third-party domain without permission; falsified or forged headers or deceptive subject lines.

Private right of action - damages of $1,000 per email up to $1MM “per incident”

Michigan & Utah Child Registry Laws

Foreign Spam Laws

No Spam Legislation Industry Canada Anti-Spam Task-

Force Report in Spring 2005

Prohibits Spam, address harvesting, deceptive emails

Prohibits Spam – except May send UCE to existing

customer Does not apply to B-B marketing

(i.e., corporate email address)

Prohibits Spam Requires Legislation By Member

Countries – Not All Have Complied

Thank You