Advertisment
Trends Watch

Can you legally fight spam?

author-image
PCQ Bureau
New Update

Under Indian law, what recourse does a citizen have against spam? In order to understand the legal position on spam, it is important to examine the implications of unsolicited commercial email.

Advertisment

The cultural position



Spam (multiple unsolicited copies of junk e-mail) has long been seen as a violation of netiquette. Where does the law step in at this stage? Early spam cases in the United States and Canada were tried under legal heads such as nuisance, trespass and privacy. There are solutions under Indian law which evolve from nuisance and trespass.

In CompuServe, Inc. vs Cyber Promotions, Inc, Civil Action No. C2-96-1070 , in the suit that CompuServe bought against Cyber Promotions, the court listed the possible ingredients of spam related violations as, trademark/service mark infringement, unfair competition, deceptive trade practices, conversion or trespass to personal property and nuisance, unjust enrichment, breach of contract and fraud.

CompuServe subscribers were charged for the amount of time spent online and subscribers found themselves wasting time accessing, reading and deleting unwanted mail.

Advertisment
The battle lines

Whether your mail server is in-campus or with an ISP, spam must stop right before or never reach it. Mail relays should never be left open. If they are, spam has an easy route to the Internet. Your ISP should take steps to prevent routing spam to you. The final defense is your

anti-spam solution on your mail server. Past this, the battle is lost and spam gets delivered. So don't plan on fighting spam at the user's mailbox. Before setting up your mail server, evaluate what server protection options are there.

The battle plan

  • Never publish your e-mail addresses on public websites. Use Web-based forms instead of 'mailto:' links to receive messages on your site.
  • Make sure acknowledgement and vacation messages are triggered after spam filtering has happened.
  • Do not automatically provide the new contact person to any mailer when a user leaves the organization.
  • Implement anti-spam technologies such as

    DomainKeys, Sender ID or FairUCE. You should also implement anti-spam solutions.
  • Periodically check spam and blacklist databases to see if your IP addresses are listed there and act accordingly to get them removed.
  • Server-side implementation of anti-spam measures is a must. 
  • Insist that your ISP implements robust anti-spam measures and follow up regularly with it on the issue.
  • Do not bounce spam. The sender id is usually forged.

Spam as trespass



In an action brought by an Internet service provider arising from bulk e-mail ads sent in violation of the provider's terms of use, a federal court found disputed issues of fact and denied summary judgment. America Online Inc. vs National Health Discount, Inc. (N.D. Iowa 2000) CCH Advertising Law Guide. 60,232, 121 F. Supp. 2d. 1255. The ISP, America Online, alleged that the transmission of the e-mail violated both the federal Computer Fraud and Abuse Act (CFAA) and the Virginia Computer Crimes Act (CCA), and constituted common law trespass. Several elements of a CFAA claim were met: the e-mailers accessed the ISP's computers by sending the messages; exceeded authorized access because the ISP's terms of service barred spam; and obtained information from the ISP's customers as a result of the spam from the ISP's computers. However, the ISP was denied summary judgment because it had not shown that it had sustained the damages required by statute (at least $5,000) to establish a claim.

With respect to the CCA claims, the e-mailers clearly violated the statute by

using a computer network without authority and with the intent of converting the property of another. The e-mailers' conduct also constituted trespass to chattels under the law of Virginia, where the ISP's computers were located. 

Advertisment

However, the ISP was denied summary judgment on these claims because it was disputed whether the e-mailers were acting under the defendant's control and were therefore its agents. The court held that the defendant could not be vicariously liable for the e-mailers' conduct if they were independent contractors.

The element of deception



Greater concern arises when mass e-mailers resort to disguising their identity using technology and often deliberately assume third party identity as in the case of spoofing. Now the element of deception has been introduced.



Once fraud or deception comes into the picture, the relevant provisions of the Indian Penal Code, 1860 can come to the aid of the besieged party.

www.spamhaus.org maintains a list of IP addresses that are generating spam. Some of them use Indian ISPs.



Can an Indian ISP terminate a customer for spamming? Particularly, can the customer be terminated for being listed in international spammer lists like www.
spamhaus.org?

Advertisment
Fighting

spam in court

Dan Balsam is a familiar name in the anti- spam

circles. This California resident has filed, and so far won twenty suits against

spammers. Here is what Dan told PCQuest about spam and the law.

“Good laws are important. The US Federal

CAN-SPAM Act is NOT a good law, for a variety of reasons that you can read on my

website, www.DanHates Spam.com. Enforcement is equally as important as the laws

themselves.

With my lawsuits, in small claims and superior

court, I name the spammers and the principals for whom they advertise.

Ultimately, the principals are responsible for the actions of their advertising

agents, and hopefully naming them in the lawsuits will make them 1) rethink

their advertising strategies and cut off the spammers, and 2) attempt to recoup

damages from the spammers, most of whom are violating their contracts with the

advertisers by sending unlawful spam”.

Yes. First, ideally provisions relating to spam and the unlawful invasion of privacy should be made part of the ISPs policy. It is, for instance, part of VSNL's policy. The ISP should reserve the right to remove any

person or entity sending unsolicited commercial e-mail.

In the US, spam is not included in the First Amendment , it is quite clear that while commercial speech is protected under the Constitution Article 19>, it will not include spam.

Advertisment

Also, if the ISP does not terminate links or services to the alleged spammer or conduct due diligence, it may be liable for contributory negligence.

What other action can the ISP take against the spammer?



It depends on the nature of the content being sent a spammed message and the

extent to which it violates a subscriber's privacy. For instance, if the owners of a cinema hall spam the general public with regard to discounts on movie tickets it may be serious but perhaps not as serious as the new hospital in town spamming patients on their new 'clinic' for the treatment of diabetes.

Spam law in many countries, such as the US is often used with other specific privacy laws such as the Gramm-Leach-Bliley Act .

Advertisment

What is the liability of an ISP who hosts a spammer?



Under the present scenario, an ISP who hosts a spammer knowingly can be prosecuted for contributing to the spamming activity and thus be liable for nuisance, trespass and the unlawful invasion of privacy. 

However, if the ISP has conducted due diligence and does not have knowledge of the spamming activity or if the existence of such activity has not been brought to his

attention then the ISP will not be liable.

What recourse does a citizen have against an ISP for knowingly hosting a

spammer?



An action under tort law for nuisance, trespass and the unlawful invasion of privacy. Interestingly, an ISP can also sue a spammer for using its services for spam under the same legal principles.

Rodney D Ryder leads Preconcept, a full service corporate law firm

Advertisment