Spam and the Spamming Spammers Who Spam Us

Nearly anyone who has used internet e-mail in the last four years is aware that unsolicited commercial e-mail (spam) is becoming a major problem for internet users. On average, each e-mail user in the US receives 30 spam messages per day, up from 14 per day last year. Fighting spam could cost companies as much as $1 billion this year and rise to $20 by 2007. Some individuals simply deal with the unwanted annoyance of spam and use their delete keys. Others work to keep technological filters up to date in order to ensure that they see as little spam as possible. Now, the lawyers are getting involved.
Stephen Kline, an Assistant Attorney General for the Internet Bureau in the Office of the New York Attorney General, spoke at the law school yesterday about fighting the e-mail spam problem. Kline is one of the four attorneys in the Internet Bureau who prosecute cybercrimes and online fraud. This post is based on my notes from Kline’s talk.
Cases
Interestingly, the two main cases that Kline discussed— one civil, one criminal— both originated in the Buffalo area. In a civil action, the Attorney General sued MonsterHut in and won an injunction, which prevents Monsterhut from “further engaging in any of the fraudulent, deceptive and illegal acts and practices pertaining to representations of ‘opt-in’, ‘opt-out’ or the ‘permission-based’ nature of their protocols or the collection and use of their email data.”
Howard Carmack, the Buffalo spammer, is the first person the Attorney General has prosecuted under New York’s new identity theft law (NY PL §190.78). Carmack was arrested and arraigned on felony criminal fraud charges, including Forgery in the Second Degree, Criminal Possession of a Forgery Device and two counts of Falsifying Business Records in the First Degree, in addition to misdemeanor identity theft.
Carmack is alleged to have sent spam from his home using a series of Earthlink 30-day free trial accounts. As soon as Earthlink found that Carmack was using an account to spam, they would shut it down and Carmack would open a new account. Enough spam email messages with forged headers were sent through Earthlink’s Buffalo-area mail servers so that legitimate customer mail sent through those servers was delayed for as much as 8 hours. Carmack allegedly obtained P.O. boxes, credit cards and telephone numbers using stolen identities, one of which was his institutionalized brother’s. A week before his arrest, Earthlink obtained a $16 million civil judgment against Carmack in a Federal court in Atlanta.
Investigating these spam cases can be difficult. Discovery can turn up thousands of emails. However, few of these spammers are as shrewd as the most sophisticated of criminals and most of them leave a traceable money trail.
Authority to combat spam
Unlike 38 other states, New York has no specific anti-spam legislation.1 Instead, the Attorney General uses existing consumer laws to go after spammers, since the Internet Bureau is part of the Consumer Complaints department. The statutory authority includes Gen. Bus. Law §349 (Consumer Protection from Deceptive Acts and Practices) and Exec. Law §63(12) (grants state Attorney general power to enjoin fraudulent or deceptive acts and practices) and PL § 190.77 (Criminal Identity Theft). The Attorney General has jurisdiction in any case where a business action has a negative effect on New York consumers and NY consumers have suffered direct harm. The key problem hampering anti-spam investigation is not a lack of jurisdiction, but resources. With only four attorneys, the Internet Bureau tries to litigate or prosecute only those cases that will have a broad or precedential impact.
Even with these limitations on resources, New York is one of only three states actively pursuing spam. Although 38 states have anti-spam laws, only 2 of those have active state anti-spam prosecution: California and Washington. At the Federal level, the FTC is working against spam under existing Federal general consumer protection laws, like New York’s Attorney General. A federal-state-local anti-spam task force started working this year, but its activities are limited since most states have yet to devote significant resources to fighting the spam problem.
Federal and state authorities have two ways to deal with spam: legislation, prosecution. Technical solutions are also needed to cut down on spam. Neither legislation nor prosecution alone will solve the problem, but a combination of both should curtail excessive and abusive spam.
One of the most contentious issues involved in drafting anti-spam legislation is defining spam. The DMA wants to limit the definition to only fraudulent or forged messages. Anti-spam activists prefer to define spam as any and all unsolicited commercial e-mail where the recipients have not specifically and explicitly opted in. Finding a good balance for the definition of spam that is neither too restrictive nor too lenient is crucial to actually curtailing the spam problem. Legitimate e-mail marketers will abide by regulations, while the more egregious spammers will likely flaunt any law. So legislation will only serve to regulate legitimate e-mail marketers, since the worst spam can already be dealt with using existing consumer protection and anti-fraud laws.
Some of the state statutes, including Utah’s, provide for a private right of action against spammers. While class action suits might seem like a good idea, because so many people are affected in the same way, there is really no point. None of these spammers are making enough money to make a class action suit worthwhile. The problem with spam is that one person with a cheap computer, a dial-up account can affect millions of consumers.
Not all of the consumers who are defrauded by spammers will file consumer complaints with the state or FTC. Even though there may be causes of action under consumer anti-fraud laws against some companies who advertise their products through spamming, prosecuting under these laws may be difficult. The consumer who purchased 5 bottles of penis enlargement pills and got a harmless herbal supplement is not likely to file a fraud complaint, since they’re probably not going to admit to buying those pills (or demonstrate proof that they were not effective.) The consumer who got slammed with fraudulent credit card charges after signing up for a porn site’s “free trial account” is also not likely to contest those charges.
These actions are a start in combating spam and hopefully represent part of a broader trend towards using the law to protect consumers and businesses from these parasites.

1A bill to expand the statewide “no call sales registry” to include unsolicited e-mails has passed in the Senate and is in committee in the Assembly.

1 thought on Spam and the Spamming Spammers Who Spam Us

  1. is there a new york no spam list like the do not call? please advise..thank you

Comments are closed