Home / Blogs

Why Aren’t There More Spam Lawsuits?

By John Levine Author, Consultant & Speaker

The CAN SPAM act has been in place for five and a half years. Compatible state laws have been in place nearly as long. Anti-spam laws in the EU, Australia, and New Zealand were enacted years ago. But the number of significant anti-spam lawsuits is so small that individual bloggers can easily keep track of them. Considering that several billion spams a day are sent to people’s inboxes, where are all the anti-spam lawsuits?

There are a couple of reasons, but by far the largest one is that, unless the recipient is unusually lucky, anti-spam lawsuits are difficult to prosecute and win. The evidence in such suits is very technical—mail headers, WHOIS data, traceroutes, ASN numbers, affiliate codes and HTTP redirections that tie a sender to a particular message, or more likely, a thousand messages.

Judges tend to be reasonably smart, but few of them have a technical background. That means that before a judge can rule sensibly on a spam case, he or she needs to learn about the statutes and case law that apply, and also enough about e-mail technology to understand the evidence and evaluate the credibility of the lawyers’ arguments on each side. Ideally (at least from the point of view of someone filing a suit), the judge would take a continuing legal education (CLE) course that covered the topic, and be well-informed and ready to go when the case starts. More commonly, it’s up to the parties in the case and their lawyers and expert witnesses to do the education. This is expensive, since lawyers and experts don’t work for free.

The quality of the on-the-job education is uneven, since each lawyer wants to educate in a way that supports his client’s case, and although the experts are supposed to be unbiased, in practice the testimony from each expert supports the client paying him. (More than once I’ve told potential clients that I won’t work for them, because what I’d to say wouldn’t support their case.) Then the judge reads all the legal briefs and expert reports and tries to figure out who to believe.

This process can lead to unfortunate misunderstandings. For example, in the Gordon vs. Virtumundo case in Federal court in Seattle, Virtumundo had skilled lawyers who persuaded the judge that, roughly speaking, recipients have no case under CAN SPAM to complain about getting spam if they could have used filters to reject it. To anyone who understands the technology, this is a ridiculous argument, since the only reason we need filters is that spammers are sending us the junk that CAN SPAM is supposed to forbid, but this theory was written into the decision, and even worse, adopted by the Ninth Circuit when they upheld the decision on appeal. Some judges in California now appear to understand why this is wrong, but it’ll take more rounds of cases and appeals to the Ninth Circuit and maybe the Supreme Court to fix it, again requiring significant time and money.

What this means is that the only cases that are likely to be filed are very easy ones, where the spammer didn’t hide his identity or use affiliates, so the connection from the spam to the spammer is easy to show, or ones where the plaintiff has the legal skills to do a lot of the case work himself to keep the costs affordable, or unfortunate ones where the plaintiff is an anti-spam zealot with a poor case, leading to bad decisions like Gordon. Eventually as more judges handle spam cases, it’ll be more likely that a new case will be assigned to a judge who’s done one before, so the parties don’t have to explain what an IP address is or how to follow an affiliate link, but until then it’s tough sledding. Maybe I should set up some CLE courses and see if judges will come.

By John Levine, Author, Consultant & Speaker

Filed Under

Comments

Another reason Terry Zink  –  May 7, 2010 8:47 PM

Excerpt from my own blog post.

I would add another reason to the mixture and that it can be difficult to actually arrest and charge spammers, let alone prosecute.  I will speak of the case of Dmitry Golubov, now the leader of the Internet Party of Ukraine, a political party based in the Ukraine.  Golubov is the alleged kingpin (or at the very least, very high ranking officer) of the illegal group known as CarderPlanet.  CarderPlanet was a phishing and hacking operation that dealt in stolen financial information of westerners (among others, but mostly westerners).  Participants of Carder could buy and sell financial credentials with which to commit online fraud.  It was just like out of those bad movies where online criminals can do what they want.

Western authorities, including the FBI, had been chasing Golubov for years but couldn’t get officials in the country to take action.  Finally, in late 2004 and early 2005 saw regime change in the country and a pro-western government came to power.  For months, no action was taken but finally, Golubov was arrested and spent a few months in jail.  However, he was sprung out by two Ukrainian politicians and decided to form his own political party.  If elected, he is not liable for past crimes (that is, he doesn’t have to serve a prison sentence).  Pretty good deal if you’re a spammer.

Some of the worst criminals in spamming underworld are located in eastern Europe and Russia.  Many of them are known to the authorities but they are not pursued by legal authorities.  The thinking is that they have a degree of protection.  Yes, defrauding westerners is a bad thing, but these characters are handy to have around in case they need to launch a cyber-attack upon a rogue state like Estonia or Georgia.  Whether or not they are actively protected by governments, they are at least passively protected in that they are not being pursued.

The problem, then, is complex and again it is cultural.  Legal authorities in Russia can have, how do we say it, problems with corruption.  Some parts of Russia can be an expensive place to live and law enforcement doesn’t have the highest salary.  Their services are available to the highest bidders as well.  And when the government decides that spammers might be useful for a geopolitical purpose, there is low chance indeed that western officials will ever get their day in court.

# 1 Reply  |  Link  |  Report Problems

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Cybersecurity

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

DNS

Sponsored byDNIB.com

View All Topics