The 2004 criminal spam case against large-scale spammer Jeremy Jaynes, which I've covered in several previous blog entries, appears to have come to an ignominious end with the state supreme court throwing out the law under which he was convicted. The Virginia anti-spam law was one of the first in the country with criminal provisions, but it failed due to the way that First Amendment cases are treated differently from all other cases.
The court's decision [PDF] is quite technical, dealing with issues of whether the prosecution and defense raised issues at appropriate times, and disposing of a bunch of other defense challenges that the lower courts also rejected. The court accepts that Jaynes did all the bad things the lower courts found that he did. (The expert witness they mention at the bottom of the third page of the decision was me, telling them that legitimate senders don't send mail like he did.)
Normally, an appeals court reviews the law "as applied", that is, in the context of the case in question. As applied, nobody found any problem with this case. But for the first amendment, there's a special overbreadth rule that asks whether the law might impermissibly contrstrain the speech of other people who did different things, in this case, sending non-commercial spam. The Virginia law forbade using fake IP addresses or domains, and didn't distinguish between commercial and other speech. The court noted that we have a long tradition of protecting anonymous political speech dating back to the Federalist papers, and decided that since that only way to send anonymous email is to use fake IP addresses and domains, the law was overbroad and threw it out.
I have some technical cavils with their analysis, but probably not enough to persuade a court otherwise. Forging IP addresses is a red herring: due to the way that TCP works you can't meaningfully forge them in e-mail. (You can put in headers with fake IPs, but the mail system will add more headers with the real IPs.) I'd also argue that there are a variety of ways to send mail without domain forgery, such as using throwaway free webmail accounts, or routing stuff through anonymizers such as Tor using domains that say it's OK for people to use them in anonymous mail.
The only place this can now be appealed is to the US Supreme Court, which the Virginia Attorney General reportedly plans to do. From the point of view of the SCOTUS, this case has an unpleasant mix of First Amendment issues (do they want to revisit the boundaries of commercial speech regulation?) and states rights (do they want to further limit the ability of state courts to interpret state laws?) so I'd be surprised if they accepted it.
For everyone except Jeremy Jaynes, this decision has little or no effect. Jaynes was tried for things he did in 2003, before CAN SPAM came into effect, and even his lawyer has said that if he did them now, CAN SPAM would catch him. All of the other state laws that I've looked at are CAN SPAM compliant, which means they only affect commercial spam. So I can't say I'm thrilled that Jaynes got off (after three years in house arrest), and less thrilled if he gets to keep the $20 million he reportedly made from spamming fake FedEx refund kits and the like, but it's not the end of the world.
Related Posts on Jeremy Jaynes' Case:
Jeremy Jaynes Gets One More Chance 3/5/2008
Virginia Supreme Court Narrowly Upholds Jaynes' Conviction 2/29/2008
Putting a Spammer in Jail 11/26/2004
Update 10/10/2008: Podcaster Speaking of Justice talked to me about the Virginia Supreme Court's reversal of the Jeremy Jaynes conviction. You can listen to it here.
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Minds + Machines
Neustar DNS Services
Neustar DDoS Protection