By Leo Rydzewski (Washington, D.C.)
If you thought that the recent enactment of anti-spam laws would curtail the proliferation of junk e-mail, think again. Unsolicited commercial e-mail, or "spam," continues unabated, despite these protections. Spammers continue to stay one step ahead of the technology designed to prevent it. And at least one court recently held that a state law regulating spam is unconstitutional.
Spam presents a serious problem for many reasons. Spam can be fraudulent, offensive, and impose a significant burden on e-mail users and computer providers. Spam interrupts e-mail users, and causes them to waste time and energy reviewing and deleting messages. Internet service providers lose employee time, bandwidth, and disk space in their efforts to prevent spam from reaching end users and to store and delete spam that filters through the system.
Not surprisingly, a war on spam is being waged on many fronts. On the technology side, e-mail filtration devices are able to filter out some of the unwanted e-mails, but spammers find ways to circumvent the anti-spam software, and spam continues to get through. Skeptics believe that spammers always will be able to find a way to continue to defeat anti-spam technology.
The government also has enacted laws designed to deter spam. In 2003, Congress passed the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 or "CAN-SPAM Act" to restrict unsolicited e-mail. For many reasons, the CAN-SPAM Act, which took effect on January 1, 2004, has not been very effective at reducing the volume of spam. The CAN-SPAM Act preempts state anti-spam laws, but not "any statute, regulation, or rule [that] prohibits falsity or deception in any portion of a commercial or electronic mail message or information attached thereto." 15 U.S.C. § 7707(b)(1). In other words, Congress allowed states to create greater protections against deceptive or fraudulent spam.
Starting before the enactment of the CAN-SPAM Act, approximately 37 states, including Maryland, enacted laws penalizing those distributing unsolicited e-mail in their state. In 2002, Maryland enacted anti-spam legislation called the Commercial Electronic Mail Act (CEMA). CEMA makes it illegal to send commercial electronic mail (1) to an Internet domain name of third party without permission; (2) that contains false information about the origin path of the commercial e-mail; or (3) that has a false or misleading subject line. Md. Code. Ann., Com. Law § 14-3002(b)(2). The law applies if the message is sent from a computer within Maryland; if the sender knows or should have known that the recipient is a Maryland resident; or if the registrant of the domain name will confirm upon request that the recipient is a Maryland resident. Id. at §§ 14-3002(b)(1)&14-3002(c). CEMA thus applies to e-mail sent to or from Maryland residents, regardless of where a resident actually opens the e-mail. A company sending e-mail to a person living in Maryland falls within the Act’s scope even if the recipient receives the e-mail while on a business trip in New York.
Unlike the CAN-SPAM Act, CEMA allows private individuals to bring suit to recover civil damages. Maryland residents who receive e-mail that has false or misleading information about its transmission path or in its subject line can recover $500 per message or more, plus legal fees, if they can prove damages. Internet service providers may sue for $1,000 per message or more. CEMA allows those whose Internet domains were used without their permission to sue for $500 per instance. (Maryland also has a criminal statute targeting spammers called the Spam Deterrence Act, which authorizes fines of up to $25,000 and 10 years in prison.)
A trial court in Montgomery County, Maryland, recently held that CEMA unconstitutionally regulates conduct that occurs entirely outside the state’s boundaries. See MaryCLE v. First Choice Internet Inc., No. 248514 (Md. Cir. Ct., December 3, 2004). The suit was brought by Eric Menhart, a George Washington University law student, who set up a corporation, MaryCLE, LLC, to fight spam under CEMA, and NEIT Solutions, LLC, an Internet service provider whose servers are located in Denver, Colorado, against John Frevola, a New Yorker who operates a company called First Choice Internet, Inc. First Choice sent the e-mails from a mail service provider located in Virginia to MaryCLE, which maintains its primary place of business and office in Washington, D.C. The e-mails were routed through NEIT in Denver, Colorado.
Frevola and First Choice claimed that CEMA violates the "dormant" Commerce Clause of the United States Constitution by putting an unfair burden on out-of-state businesses and by creating inconsistent state law requirements. The Maryland court essentially agreed, finding the law unconstitutional because it attempts to regulate commerce that may never enter Maryland and thus impermissibly seeks to regulate commerce outside the state’s borders. According to the court, the defendants "had no way of knowing whether MaryCLE would receive its e-mail in Virginia, D.C., Maryland or any other state for that matter."
The Maryland decision may be contrasted with decisions in Washington and California courts, which have upheld their states’ anti-spam statutes. See State v. Heckel, 24 P.3d 404 (Wash. 2001); Ferguson v. Friendfinders, Inc., 94 Cal. App. 4th 1255, 115 Cal. Rptr. 258 (1st Dist. 2002). The Washington Supreme Court found that the state’s anti-spam statute was not discriminatory on its face because it applies evenhandedly to in-state and out-of-state spammers, and its local benefits outweighed any burden on interstate commerce. The California Court of Appeals found that the state’s anti-spam statute was not unconstitutional because it only applied to individuals and entities that (1) do business in California; (2) utilize equipment located in California; and (3) send unsolicited commercial e-mail to California residents.
In the Maryland case, unlike in the Washington and California decisions, the defendants had no contact with Maryland. Their e-mails were sent from New York, routed through Virginia and Colorado, and finally were received in Washington, D.C. In other words, the plaintiff was asking the court to apply Maryland law to events that never occurred in Maryland, thereby implicating the dormant Commerce Clause. Perhaps more importantly, the cases in Washington and California were decided before CAN-SPAM was enacted and Congress evidenced its intent to preempt state regulation of spam.
The court’s decision significantly limits the ability of Maryland – and other states – to regulate spam. The Maryland legislature could seek to amend CEMA so that recipients of fraudulent or deceptive e-mail in Maryland may bring claims against spammers without running afoul of the Constitution. But spam is a nationwide problem that has resisted statutes enacted on the state level. Some have suggested that the problem could be alleviated if CAN-SPAM were broadened to permit suits by individuals. Others believe that the problem cannot be solved by new laws alone, and that technological solutions are necessary. In the meantime, spammers continue to wiggle their way free of liability for burdening e-mail users and service providers with unsolicited commercial e-mail.
The content of this article does not constitute legal advice and should not be relied on in that way. Specific advice should be sought about your specific circumstances.