Home / Blogs

Facebook Wins $800M Against Spammer. So What?

John Levine

In a widely reported court case, Facebook won an $800M default judgment and injunction against a Montreal man named Adam Guerbuez, who has a long and sordid history. But it probably won't make any difference.

The problem is that he's in Canada. The $800M is for violations of the CAN SPAM act, but Canada doesn't have any laws comparable to CAN SPAM. (Indeed, they have no laws against spam at all, other than the weakly enforced PIPEDA privacy law.) This means that should Facebook try to enforce the injunction in Quebec, he'd have a reasonable shot arguing that what he did wasn't against Canadian law, hence it's not collectible.

Facebook's original complaint also invoked Federal and state computer tampering laws, but the judgment doesn't refer to them. The judgment also enjoins Guerbuez from ever using Facebook again, so if he does, Facebook can go back to court, get him cited for contempt, and try to enforce that in Canada. They'd have a better chance doing that, but who knows how long it will take.

As has become increasingly apparent, the key to legal success against spammers is close international cooperation, since the various pieces of illegal spamming operations, botnet infections, botnet spamming, order collection, and making and delivering goods are often spread all over the world. You'd expect Canada and the US to work well together here, but for some reason, the coordination so far has been less than impressive.

By John Levine, Author, Consultant & Speaker. More blog posts from John Levine can also be read here.

Related topics: Cybercrime, Law, Spam


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


"he'd have a reasonable shot arguing that John Berryhill  –  Nov 25, 2008 10:59 AM PDT

"he'd have a reasonable shot arguing that what he did wasn't against Canadian law"

Enforcing US civil judgments in Canada, or vice versa, does not work that way.  A Canadian court is only going to be interested in whether the US court had proper jurisdiction over the matter, and afforded procedural due process.  In this instance, a Canadian court is not going to ignore that the activity underlying the claim was conducted in the US by the defendant, and properly subject to US jurisdiction.  Whether the substantive law is different in Canada is a non-issue.

But the defendant was in Montreal the John Levine  –  Nov 25, 2008 11:01 AM PDT

But the defendant was in Montreal the whole time.  How does a US court have jurisdiction over him?

A US court will find personal jurisdiction John Berryhill  –  Nov 25, 2008 11:17 AM PDT

A US court will find personal jurisdiction over anyone who conducts activities in the US leading to a legal claim.  Believe it or not, if for example, you are in Country X, and you enter into a contract (as any Facebook user does) having a situs in the US, then you can be sued in the US for conduct relating to that contract, and the judgment is enforceable through the relevant international agreements on enforcement of US judgments in Canada.

Try this

If I stand on one side of the Canadian border and lob rocks at you in the US, you certainly can sue me in the US for your injuries, and you can certainly collect that judgment against me through a Canadian court.  At that point, as long as I had proper notice of the US action, I will not be able to defend against the substantive claim in Canada.  My defenses will be limited to a very narrow set of mostly procedural challenges.

Foreign entities are sued all of the time for injuries caused in the US, under US law. That type of situation is the entire point of the Haguee Convention on International Service of Process, and other mechanisms for conducting litigation involving parties in different countries.

...and by "conducts activities in the US", John Berryhill  –  Nov 25, 2008 11:19 AM PDT

...and by "conducts activities in the US", I mean to be inclusive of activities which may be physically conducted outside of the US, but which incur injury in the US.

Oh, wait, Quebec is different John Levine  –  Nov 27, 2008 9:34 AM PDT

A friend who is familar with Canadian law points out that the defendant is in Quebec, where the rules are surprisingly different from the rest of Canada.

See my updated blog post.


To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper


DNS Security

Sponsored by Afilias
Afilias Mobile & Web Services

Mobile Internet

Sponsored by Afilias Mobile & Web Services


Sponsored by Verisign

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Industry Updates – Sponsored Posts

Why the Record Number of Reverse Domain Name Hijacking UDRP Filings in 2016?

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

i2Coalition to Host First Ever Smarter Internet Forum

US Court Grants DCA Trust's Motion for Preliminary Injunction on .Africa gTLD

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

2015 Trends: Multi-channel, Streaming Media and the Growth of Fraud

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Announcing Verisign IntelGraph: Unprecedented Context for Cybersecurity Intelligence

The Deep Web and the Darknet - The Nether Regions of the Internet

Introducing the Verisign DNS Firewall

Verisign iDefense 2015 Cyber-Threats and Trends