The CAN SPAM act has been in place for five and a half years. Compatible state laws have been in place nearly as long. Anti-spam laws in the EU, Australia, and New Zealand were enacted years ago. But the number of significant anti-spam lawsuits is so small that individual bloggers can easily keep track of them. Considering that several billion spams a day are sent to people's inboxes, where are all the anti-spam lawsuits?
There are a couple of reasons, but by far the largest one is that, unless the recipient is unusually lucky, anti-spam lawsuits are difficult to prosecute and win. The evidence in such suits is very technical — mail headers, WHOIS data, traceroutes, ASN numbers, affiliate codes and HTTP redirections that tie a sender to a particular message, or more likely, a thousand messages.
Judges tend to be reasonably smart, but few of them have a technical background. That means that before a judge can rule sensibly on a spam case, he or she needs to learn about the statutes and case law that apply, and also enough about e-mail technology to understand the evidence and evaluate the credibility of the lawyers' arguments on each side. Ideally (at least from the point of view of someone filing a suit), the judge would take a continuing legal education (CLE) course that covered the topic, and be well-informed and ready to go when the case starts. More commonly, it's up to the parties in the case and their lawyers and expert witnesses to do the education. This is expensive, since lawyers and experts don't work for free.
The quality of the on-the-job education is uneven, since each lawyer wants to educate in a way that supports his client's case, and although the experts are supposed to be unbiased, in practice the testimony from each expert supports the client paying him. (More than once I've told potential clients that I won't work for them, because what I'd to say wouldn't support their case.) Then the judge reads all the legal briefs and expert reports and tries to figure out who to believe.
This process can lead to unfortunate misunderstandings. For example, in the Gordon vs. Virtumundo case in Federal court in Seattle, Virtumundo had skilled lawyers who persuaded the judge that, roughly speaking, recipients have no case under CAN SPAM to complain about getting spam if they could have used filters to reject it. To anyone who understands the technology, this is a ridiculous argument, since the only reason we need filters is that spammers are sending us the junk that CAN SPAM is supposed to forbid, but this theory was written into the decision, and even worse, adopted by the Ninth Circuit when they upheld the decision on appeal. Some judges in California now appear to understand why this is wrong, but it'll take more rounds of cases and appeals to the Ninth Circuit and maybe the Supreme Court to fix it, again requiring significant time and money.
What this means is that the only cases that are likely to be filed are very easy ones, where the spammer didn't hide his identity or use affiliates, so the connection from the spam to the spammer is easy to show, or ones where the plaintiff has the legal skills to do a lot of the case work himself to keep the costs affordable, or unfortunate ones where the plaintiff is an anti-spam zealot with a poor case, leading to bad decisions like Gordon. Eventually as more judges handle spam cases, it'll be more likely that a new case will be assigned to a judge who's done one before, so the parties don't have to explain what an IP address is or how to follow an affiliate link, but until then it's tough sledding. Maybe I should set up some CLE courses and see if judges will come.
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Minds + Machines
Neustar DNS Services
Neustar DDoS Protection