PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Spam

I’m coming a little late to the party, but the case of Omega World Travel, Inc. v. Mummagraphics, Inc., (4th Cir. Nov. 17, 2006) raises some interesting issues about the Controlling the Assault of Non Solicited Pornography and Marketing Act of 2003 (“CAN SPAM Act”), 15 U.S.C. §§ 7701 et seq.

Omega World Travel sent 11 emails to an email address owned by Mummagraphics, a web host company. The emails each advertised a travel “E deal.” Mark Mumma, head of Mummagraphics, called John Lawless, the general counsel of Omega and instructed him to stop sending email. Lawless said the emails would stop. They didn’t. Mumma then sent a letter threatening Omega with a suit under CAN SPAM and state anti-spam laws. The emails finally stopped.

Mumma demanded payment from Omega, which refused, so Mumma posted photos of Omega’s founders and accused them of being spammers. Omega and its founders sued for defamation and a variety of other claims. The district court granted summary judgment on all claims but the defamation claim, which is proceeding to trial.

Mummagraphics raised a few counterclaims, including a violation of the CAN SPAM Act. The district court granted summary judgment against the counterclaims.

CAN-SPAM Act

The 4th Circuit, in an opinion by Judge Wilkinson, affirmed, holding that there was no CAN SPAM Act violation. Why? Because the CAN SPAM Act really doesn’t stop spam. It stops only certain kinds of fraudulent spam. The Act basically allows for the sending of unsolicited commercial email so long as people are provided with a way to opt out. For this to work, the sender must provide valid contact information. Specifically, the Act provides: “It is unlawful for any person to initiate the transmission, to a protected computer, of a commercial electronic mail message … that contains, or is accompanied by, header information that is materially false or materially misleading.” 15 U.S.C. § 7704(a)(1).

According to the court, the emails sent by Omega had the following inaccuracies:

First, each message stated that the recipient had signed up for the Cruise.com mailing list, but Mummagraphics alleges that it had not asked that inbox@webguy.net receive the company’s offers. Second, while each message listed Cruise.com as the sending organization, each also included the address “FL Broadcast.net” in its header information, even though Mummagraphics alleges that “FL Broadcast.net” is not an Internet domain name linked to Cruise.com or the other appellees. In addition, the messages contained the “from” address cruisedeals @cruise.com, even though Cruise.com had apparently stopped using that address.

Nevertheless, the court concluded:

We agree with the district court that these inaccuracies do not make the headers “materially false or materially misleading.” Id. § 7704(a)(1). The e mails at issue were chock full of methods to “identify, locate, or respond to” the sender or to “investigate [an] alleged violation” of the CAN SPAM Act. Id. § 7704(a)(6). Each message contained a link on which the recipient could click in order to be removed from future mailings, in addition to a separate link to Cruise.com’s website. Each message prominently displayed a toll free number to call, and each also listed a Florida mailing address and local phone number for the company. Several places in each header referred to the Cruise.com domain name, including one line listing Cruise.com as the sending organization.

These references come as little surprise, because the “E deal” messages were sales pitches intended to induce recipients to contact Cruise.com to book the cruises that the messages advertised. Since the “E deal” messages and their headers were replete with accurate identifiers of the sender, the alleged inaccuracies in the headers could not have impaired the efforts of any recipient, law enforcement organization, or other party raising a CAN SPAM claim to find the company. If the alleged inaccuracies in a message containing so many valid identifiers could be described as “materially false or materially misleading,” we find it hard to imagine an inaccuracy that would not qualify as “materially false or materially misleading.” Congress’ materiality requirement would be rendered all but meaningless by such an interpretation.

The 4th Circuit holding makes the very narrow and ineffective CAN SPAM law even more narrow and ineffective. It is common knowledge that you shouldn’t click the opt out link on an unsolicited email because many spammers use that trick as a way to verify that people have read the spam and will then send people even more spam. Yet because CAN SPAM wants to protect businesses’ ability to send unsolicited commercial emails more than it wants to protect people from spam, it is based on an opt out system that can readily be abused by spammers.

And be careful who you call a “spammer” because the only claims left in this case are the defamation claims by the founders of Omega.

For further commentary about the case, see Eric Goldman (who will be visiting with us this month), Spam Notes Blog, and Time Magazine (which has a lengthy article about the case).

Originally Posted at Concurring Opinions

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.

Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum and International Privacy + Security Forum, annual events designed for seasoned professionals.

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
*
LinkedIn Influencer blog
*
Twitter
*
Newsletter

TeachPrivacy Ad Privacy Training Security Training 01