Home / Blogs

Why Aren't There More Spam Lawsuits?

John Levine

The CAN SPAM act has been in place for five and a half years. Compatible state laws have been in place nearly as long. Anti-spam laws in the EU, Australia, and New Zealand were enacted years ago. But the number of significant anti-spam lawsuits is so small that individual bloggers can easily keep track of them. Considering that several billion spams a day are sent to people's inboxes, where are all the anti-spam lawsuits?

There are a couple of reasons, but by far the largest one is that, unless the recipient is unusually lucky, anti-spam lawsuits are difficult to prosecute and win. The evidence in such suits is very technical — mail headers, WHOIS data, traceroutes, ASN numbers, affiliate codes and HTTP redirections that tie a sender to a particular message, or more likely, a thousand messages.

Judges tend to be reasonably smart, but few of them have a technical background. That means that before a judge can rule sensibly on a spam case, he or she needs to learn about the statutes and case law that apply, and also enough about e-mail technology to understand the evidence and evaluate the credibility of the lawyers' arguments on each side. Ideally (at least from the point of view of someone filing a suit), the judge would take a continuing legal education (CLE) course that covered the topic, and be well-informed and ready to go when the case starts. More commonly, it's up to the parties in the case and their lawyers and expert witnesses to do the education. This is expensive, since lawyers and experts don't work for free.

The quality of the on-the-job education is uneven, since each lawyer wants to educate in a way that supports his client's case, and although the experts are supposed to be unbiased, in practice the testimony from each expert supports the client paying him. (More than once I've told potential clients that I won't work for them, because what I'd to say wouldn't support their case.) Then the judge reads all the legal briefs and expert reports and tries to figure out who to believe.

This process can lead to unfortunate misunderstandings. For example, in the Gordon vs. Virtumundo case in Federal court in Seattle, Virtumundo had skilled lawyers who persuaded the judge that, roughly speaking, recipients have no case under CAN SPAM to complain about getting spam if they could have used filters to reject it. To anyone who understands the technology, this is a ridiculous argument, since the only reason we need filters is that spammers are sending us the junk that CAN SPAM is supposed to forbid, but this theory was written into the decision, and even worse, adopted by the Ninth Circuit when they upheld the decision on appeal. Some judges in California now appear to understand why this is wrong, but it'll take more rounds of cases and appeals to the Ninth Circuit and maybe the Supreme Court to fix it, again requiring significant time and money.

What this means is that the only cases that are likely to be filed are very easy ones, where the spammer didn't hide his identity or use affiliates, so the connection from the spam to the spammer is easy to show, or ones where the plaintiff has the legal skills to do a lot of the case work himself to keep the costs affordable, or unfortunate ones where the plaintiff is an anti-spam zealot with a poor case, leading to bad decisions like Gordon. Eventually as more judges handle spam cases, it'll be more likely that a new case will be assigned to a judge who's done one before, so the parties don't have to explain what an IP address is or how to follow an affiliate link, but until then it's tough sledding. Maybe I should set up some CLE courses and see if judges will come.

By John Levine, Author, Consultant & Speaker. More blog posts from John Levine can also be read here.

Related topics: Law, Spam

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Another reason Terry Zink  –  May 07, 2010 12:47 PM PST

Excerpt from my own blog post.

I would add another reason to the mixture and that it can be difficult to actually arrest and charge spammers, let alone prosecute.  I will speak of the case of Dmitry Golubov, now the leader of the Internet Party of Ukraine, a political party based in the Ukraine.  Golubov is the alleged kingpin (or at the very least, very high ranking officer) of the illegal group known as CarderPlanet.  CarderPlanet was a phishing and hacking operation that dealt in stolen financial information of westerners (among others, but mostly westerners).  Participants of Carder could buy and sell financial credentials with which to commit online fraud.  It was just like out of those bad movies where online criminals can do what they want.

Western authorities, including the FBI, had been chasing Golubov for years but couldn’t get officials in the country to take action.  Finally, in late 2004 and early 2005 saw regime change in the country and a pro-western government came to power.  For months, no action was taken but finally, Golubov was arrested and spent a few months in jail.  However, he was sprung out by two Ukrainian politicians and decided to form his own political party.  If elected, he is not liable for past crimes (that is, he doesn’t have to serve a prison sentence).  Pretty good deal if you’re a spammer.

Some of the worst criminals in spamming underworld are located in eastern Europe and Russia.  Many of them are known to the authorities but they are not pursued by legal authorities.  The thinking is that they have a degree of protection.  Yes, defrauding westerners is a bad thing, but these characters are handy to have around in case they need to launch a cyber-attack upon a rogue state like Estonia or Georgia.  Whether or not they are actively protected by governments, they are at least passively protected in that they are not being pursued.

The problem, then, is complex and again it is cultural.  Legal authorities in Russia can have, how do we say it, problems with corruption.  Some parts of Russia can be an expensive place to live and law enforcement doesn’t have the highest salary.  Their services are available to the highest bidders as well.  And when the government decides that spammers might be useful for a geopolitical purpose, there is low chance indeed that western officials will ever get their day in court.

To post comments, please login or create an account.

Related Blogs

Privacy, Risk and Revenue

Why OIRA Needs to Coordinate Federal Cyber Security Regulation

Where We're Going: Leviathan or Golem?

Does the Internet Need "Governance"?

ccTLDs Might Be Property

Related News

Topics

Industry Updates – Sponsored Posts

INTA 2013: Gearing Up for Dallas

Thomson Reuters to Acquire MarkMonitor

Nominum Launches Comprehensive Suite of DNS-Based Security Solutions for Russian Service Providers

Nominum Sets New Record for Network Speed and Efficiency

DNS on Defense, DNS on Offense

Managing Outbound Spam: A New DNS-based Approach For Stopping Abuse (Webinar)

MarkMonitor Fraud Intelligence Report, Q4 2011

Afilias Says "No" to SOPA

Minds + Machines to Announce New .brand gTLD Pricing at INTA

MarkMonitor Fraud Intelligence Report Released for Q2 2011

.CO Recognized Alongside Industry Giants in Trademark Industry Awards

Verisign and Coalition for ICANN Transparency, Inc. ("CFIT") Resolve Litigation

MarkMonitor to Co-Chair International Anti-Counterfeiting Coalition Spring Conference

The Botnet-Counterfeit Drugs Connection

Q4 2010 Fraud Intelligence Report

AusRegistry Int. and Crowell & Moring Join Forces to Support New Top-Level Domain Applicants

MarkMonitor Report: How Scammers Generate Significant Traffic Promoting Suspected Counterfeit Goods

Report Sheds Light on Scale and Complexity of Online Piracy and Counterfeiting Problem

Acquisition Extends Anti-Piracy Capabilities for Digital Content

How Targeting Luxury Brands Online Results in Significant Traffic for Online Scammers

Sponsored Topics

Afilias

DNSSEC

Sponsored by
Afilias
Verisign

Security

Sponsored by
Verisign
dotMobi

Mobile

Sponsored by
dotMobi
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines