Lawsuits against spammers

The battle against spam is not only fought in the inboxes and on webmail servers. Rather, it is also fought in the courts. Many watershed legal cases have appeared over the years, in Europe, the USA and elsewhere, and quite often spammers are found to be guilty of unsound practice.

In the United States, spam lawsuits started in earnest with the CAN SPAM Act of 2003, but before this came into force, some spammers had already been prosecuted, but mostly for technical issues, such as falsifying email headres and supplying fake return addresses. Some people who found themselves affected by these issues won lawsuits against spammers, usually at the state level, such as in Washington in 1998 when Adam Engst sued a California-based spam operation for sending them falsified mail.

But the actual act of spamming was slow to be prosecuted; when it was, it was often ISPs, not individuals, who fought the cases. In another watershed case early on, AOL defeated a spam company called Cyber Promotion in a lawsuit. Cyber Promotion claimed that their right to free speech trumped AOL’s right to restrict access to its network and its customers. The needs of web consumers prevailed, and AOL won. What muddied the waters somewhat was that AOL had “email bombed” Cyber Promotion, thus ending Cyber’s deals with two ISPs, but in the end, AOL was judged to have the right to protect its customers and its network. This lawsuit remains important today as the “free speech” argument is now completely discredited when it comes to spam in the USA.

Then the CAN-SPAM Act of 2003 arrived, and we saw a greatly increased number of lawsuits. An ISP, again, was the first to file a CAN SPAM lawsuit back in 2004, when Hypertouch sued BlueStream Media for the latter’s failure to include contact information in its unsolicited emails. The suit was eventually resolved without admission of guilt. Since then, it’s again mostly ISPs that have sought out spammers, and they have done so with a vengeance. Here’s just one example: Robert Alan Soloway’s lawsuit of 2007 is particularly significant, as he’s expected to be jailed long-term if found guilty. What is interesting is that many spam lawsuits, then, are combined with other charges: a CAN-SPAM abuse can become “aggravated” when combined with more traditional crimes such as fraud, and this is now a common route for strong prosecution against spammers in the USA.

Finally, class action suits are not unheard of. A pending case, filed by Utah-based Unspam Technologies, is filing a $1bn lawsuit, representing people from 100 companies worldwide, against those who have illegally harvested email addresses for spam purposes. While the eventual payout seems optimistic, it again shows that, in the USA, the actual act of spamming is not so much the target as is those who go about it illegally.

UK spam law is covered largely by EU spam law, and it is under this European law that some of the most important spam legal cases have been contested. In fact, a British individual became one of the the first European persons to single-handedly win a spam case against a spammer. In 2005, Nigel Roberts of the Channel Islands won £300 in damages against Media Logistics UK after the company was found guilty of bombarding him with spam emails. While the actual amount of money - just under $600 at June 2007 exchange rates - was hardly significant, what really mattered was that he’d won at all. Unlike in the US, the European Union has decided that “prior explicit consent” is required before spammers operating under EU jurisdiction send mass mail to potential customers. In this instance, Roberts had not given his consent to Media Logistics UK, and thus won the case. (For the full wording of the directive, see here: http://europa.eu.int/eur-lex/pri/en/oj/dat/2002/l_201/l_20120020731en00370047.pdf.)

Of course, this is extremely significant, as it shows that spamming is much more heavily restricted in Europe than in most other places. However, with only a small proportion of global spam emanating from the EU, it is perhaps unsurprising that such lawsuits are few and far between. In addition to European law, too, some EU member states have their own spam laws. Czech Republic spam laws are quite strict, placing fines on those who send unsolicited commercial email. It first enforced this law in 2005, with four fines ranging up to approx. $7,000 being issued after 656 complaints and four lawsuits in 2005. Similarly, in Germany, spam law is also quite strict, with the lawsuits generally favouring “opt-in” principles. This means that unsolicited email can be - and sometimes is - punished, and has been since the late 1990s. However, like in the USA, some lawsuits have led to limits on what unsolicited email really is. In 2001, a local court in Dachau sided with a spammer who sent a 2.5mb PDF file to a small software house, saying that this was not overly intrusive and was a valid mode of advertisement. This was a watershed law in that it seems to allow some “valid” forms of spam marketing to take place, but it also allows cease-and-desist orders from the prosecution in this instance.

It’s clear, then, that a pattern has been formed. Spam laws have increased year on year and, in many places in Europe, definitely are on the side of the individual consumer, although it’s ISPs who seem to suffer the most and thus initiate the most action. Some feel that the USA has some catching up to do.